Coder Social home page Coder Social logo

athna / flower Goto Github PK

View Code? Open in Web Editor NEW

This project forked from secgroup/flower

0.0 1.0 0.0 7.09 MB

TCP flow analyzer with sugar for A/D CTF

License: GNU General Public License v3.0

HTML 2.75% Shell 6.97% Python 19.55% CSS 3.60% JavaScript 67.11%

flower's Introduction

Flower 🌸

Automatic packet analyzer made by Ca' Foscari team (unive) for CyberChallenge attack/defense CTF of 27/06/2018.

This tool was written in less than ten days. Every pull request is welcome!

Presentation of Flower (from min 7:30), and general introduction to CTF at ESC2K18 in italian:

tools presentation

Run with docker

Just run docker-compose up, and after a while you will find flower at http://localhost:3000.

For the flag regex, modify REACT_APP_FLAG_REGEX in docker-compose.yml.

The build will automatically import the test pcap.

To enter in the service to import other pcaps, run docker exec -it flower_flower-python_1 /bin/bash (if flower is in a folder with a different name, modify the prefix after -it). The container share the /shared folder with the host. Put the pcap files inside this folder and use python services/importer.py /shared/pcap_file_here from the container to import pcaps to flower.

Manual installation

git clone https://github.com/secgroup/flower
cd flower
npm install 
pip install -r services/requirements.txt

Setup

Env var to set:

  • REACT_APP_FLOWER_MONGO ip of the host that will have flower db active (mongodb)
  • REACT_APP_FLOWER_SERVICES ip of the host that will have services active
  • REACT_APP_FLAG_REGEX regex that match flags. Mongodb is required on the same machine that run the services. To start it: sudo mongod --dbpath /path/to/mongodb/db --bind_ip 0.0.0.0

Run

Start flower

./run.sh

Start flower services

cd services
./run_ws.sh

Once everything has been started, flower should be accessible at the address of the machine that started it on port 3000.

Pcap import

You must first install pynids from here. The pip version is outdated! Good luck with the installation. Then, you can import pcaps into mongodb by executing the provided script importer.py as follows:

cd services
./importer.py pcap_file.pcap

You can find a test_pcap in services/test_pcap. For a quick demo, run ./importer.py test_pcap/dump-2018-06-27_13:25:31.pcap

Security tips

If you are going to use flower in a CTF, remember to set up the firewall in the most appropriate way, as the current implementation does not use other security techniques.

Features

  • Only one command needed to make it run, thanks to docker.
  • Flow list
  • Vim like navigation ( k and j to navigate the list)
  • Regex filtering with highlight
  • Highlight in red flow with flags
  • Favourite management
  • Time filter
  • Service filter
  • Colored hexdump
  • Automatic export GET/POST request directly in python format
  • Automatic export to pwntools

Credits

With the support of c00kies@venice

flower's People

Contributors

badlamb avatar eciavatta avatar lavish avatar nicomazz avatar simone36050 avatar wert310 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.