netrunn3r / pytbull-ng Goto Github PK
View Code? Open in Web Editor NEWNext generation of pytbull, IDS/IPS testing framework
License: GNU General Public License v3.0
Next generation of pytbull, IDS/IPS testing framework
License: GNU General Public License v3.0
[root@localhost ~]# docker run --rm -it efigo/pytbull-ng -m victim
standard_init_linux.go:219: exec user process caused: no such file or directory
Check which attacks are outdated and add new one
Check which attacks are outdated and add new one
Check which attacks are outdated and add new one
Attacks (single tests) sometimes hangs, probably due RST packet sent by IPS. Need to add timeouts for each attack to not block whole tests.
Add information about:
Check which attacks are outdated and add new one
Add page which describe common problems, how to debug it and resolve
Check which attacks are outdated and add new one
Add debug mode in which some tests will be executed to help troubleshooting connectivity problems and allow to attack console by docker exec
Check which attacks are outdated and add new one
Add selectors to choose which groups of attacks performed
Based on issue #3 add functionality of generating reports
Add page which describe how to deploy and perform attacks with pytbull-ng
Detect that SSL/TLS interception occurred and add option to pass own CA file to check that interception is seamless
Add page which describe what are requirements to launch pytbull-ng
Install and configure snort in docker image, which will be detecting which attacks performed by attacker has been pass to victim. This will be input for report generation
Check which attacks are outdated and add new one
To guarantee that attack has been blocked by IPS, victim need to know that it happen, so:
Victim check snort logs to detect that attack reach target (issue #1)
Add colors to pytbull-ng output to enhanced readability
Check which attacks are outdated and add new one
Check which attacks are outdated and add new one
Check which attacks are outdated and add new one
Check which attacks are outdated and add new one
Add module with web application attacks
Hi, i'm using pytbull-ng but i can't perform the attacks, i'm running pytbull on the victim and attacker sides, but i can't see the establishement of any session.
i'm performing a tcpdump in the "utm" device and i just see the syn from the attacker but i can't see any response of the victim, also the attacker side gets closed because the basic checks can't be performed.
i'm following the network topology that you share and the commands that you specify.
Can you help me please?
thank you so much
adminjmy@ubuntu-pytbull-attacker:~$ sudo docker run -it --rm -p 80:80 --name=pytbull-ng_attacker efigo/pytbull-ng -m attacker -t 192.168.0.222 -l 10.0.0.100
FTP user: :
Mode: attacker
Host IP: 10.0.0.100
Victim IP: 192.168.0.222
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29/httpd
__ __ ____
____ __ __/ /_/ /_ __ __/ / / ____ ____ _
/ __ \/ / / / __/ __ \/ / / / / /_____/ __ \/ __ `/
/ /_/ / /_/ / /_/ /_/ / /_/ / / /_____/ / / / /_/ /
/ .___/\__, /\__/_.___/\__,_/_/_/ /_/ /_/\__, /
/_/ /____/ /____/
creator of pytbull: Sebastien Damaye, aldeid.com
creator of pytbull-ng: Michal Chrobak, efigo.pl
(standalone mode)
(offline)
+------------------------------------------------------------------------+
| pytbull will set off IDS/IPS alarms and/or other security devices |
| and security monitoring software. The user is aware that malicious |
| content will be downloaded and that the user should have been |
| authorized before running the tool. |
+------------------------------------------------------------------------+
Checking root privileges.........................................[ OK ]
Checking remote port 21/tcp (FTP)................................[ Failed ]
***ERROR: [Errno 110] Operation timed out
Port 21/tcp seems to be closed
Install FTP on the remote host: sudo apt-get install vsftpd
real 2m 11.14s
user 0m 1.09s
sys 0m 0.06s
Start: Sun May 30 21:25:35 UTC 2021
End: Sun May 30 21:29:57 UTC 2021
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s8, link-type EN10MB (Ethernet), capture size 262144 bytes
16:25:35.485594 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719866192 ecr 0,nop,wscale 7], length 0
16:25:36.497447 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719867204 ecr 0,nop,wscale 7], length 0
16:25:38.526652 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719869234 ecr 0,nop,wscale 7], length 0
16:25:42.606553 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719873316 ecr 0,nop,wscale 7], length 0
16:25:50.795168 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719881509 ecr 0,nop,wscale 7], length 0
16:26:06.915262 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719897637 ecr 0,nop,wscale 7], length 0
16:26:40.689411 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719931428 ecr 0,nop,wscale 7], length 0
16:27:47.285127 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 719998057 ecr 0,nop,wscale 7], length 0
16:27:48.303756 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 719999076 ecr 0,nop,wscale 7], length 0
16:27:50.319266 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720001093 ecr 0,nop,wscale 7], length 0
16:27:54.380615 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720005156 ecr 0,nop,wscale 7], length 0
16:28:02.568885 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720013349 ecr 0,nop,wscale 7], length 0
16:28:18.694681 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720029476 ecr 0,nop,wscale 7], length 0
16:28:51.718785 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720062500 ecr 0,nop,wscale 7], length 0
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.