netrunn3r / pytbull-ng Goto Github PK

[root@localhost ~]# docker run --rm -it efigo/pytbull-ng -m victim
standard_init_linux.go:219: exec user process caused: no such file or directory

Check which attacks are outdated and add new one

Check which attacks are outdated and add new one

Check which attacks are outdated and add new one

Attacks (single tests) sometimes hangs, probably due RST packet sent by IPS. Need to add timeouts for each attack to not block whole tests.

Add information about:

• Which attack is performed and how many of them are (eg. [023/321])
• How long attack is performing
• Estimate how long all attacks will be performed

Check which attacks are outdated and add new one

Add page which describe common problems, how to debug it and resolve

Check which attacks are outdated and add new one

Add debug mode in which some tests will be executed to help troubleshooting connectivity problems and allow to attack console by docker exec

Check which attacks are outdated and add new one

Add selectors to choose which groups of attacks performed

Based on issue #3 add functionality of generating reports

Add page which describe how to deploy and perform attacks with pytbull-ng

Detect that SSL/TLS interception occurred and add option to pass own CA file to check that interception is seamless

Add page which describe what are requirements to launch pytbull-ng

Install and configure snort in docker image, which will be detecting which attacks performed by attacker has been pass to victim. This will be input for report generation

Check which attacks are outdated and add new one

To guarantee that attack has been blocked by IPS, victim need to know that it happen, so:

1. attacker inform victim that it will perform attack
2. attacker perform attack
3. attacker inform victim, that attack has been performed
4. victim confirm that attack has been performed
5. if victim don't confirm, attacker repeat 1-3 three times

Victim check snort logs to detect that attack reach target (issue #1)

Add colors to pytbull-ng output to enhanced readability

Check which attacks are outdated and add new one

Check which attacks are outdated and add new one

Check which attacks are outdated and add new one

Check which attacks are outdated and add new one

Add module with web application attacks

Hi, i'm using pytbull-ng but i can't perform the attacks, i'm running pytbull on the victim and attacker sides, but i can't see the establishement of any session.
i'm performing a tcpdump in the "utm" device and i just see the syn from the attacker but i can't see any response of the victim, also the attacker side gets closed because the basic checks can't be performed.
i'm following the network topology that you share and the commands that you specify.
Can you help me please?
thank you so much

adminjmy@ubuntu-pytbull-attacker:~$ sudo docker run -it --rm -p 80:80 --name=pytbull-ng_attacker efigo/pytbull-ng -m attacker -t 192.168.0.222 -l 10.0.0.100
FTP user: :
Mode: attacker
Host IP: 10.0.0.100
Victim IP: 192.168.0.222
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29/httpd

                       __  __          ____
          ____  __  __/ /_/ /_  __  __/ / /     ____  ____ _
         / __ \/ / / / __/ __ \/ / / / / /_____/ __ \/ __ `/
        / /_/ / /_/ / /_/ /_/ / /_/ / / /_____/ / / / /_/ /
       / .___/\__, /\__/_.___/\__,_/_/_/     /_/ /_/\__, /
      /_/    /____/                                /____/
       creator of pytbull:    Sebastien Damaye, aldeid.com
       creator of pytbull-ng: Michal Chrobak,   efigo.pl

(standalone mode)
(offline)

+------------------------------------------------------------------------+
| pytbull will set off IDS/IPS alarms and/or other security devices |
| and security monitoring software. The user is aware that malicious |
| content will be downloaded and that the user should have been |
| authorized before running the tool. |
+------------------------------------------------------------------------+

BASIC CHECKS

Checking root privileges.........................................[ OK ]
Checking remote port 21/tcp (FTP)................................[ Failed ]

***ERROR: [Errno 110] Operation timed out
Port 21/tcp seems to be closed
Install FTP on the remote host: sudo apt-get install vsftpd
real 2m 11.14s
user 0m 1.09s
sys 0m 0.06s

Start: Sun May 30 21:25:35 UTC 2021
End: Sun May 30 21:29:57 UTC 2021

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s8, link-type EN10MB (Ethernet), capture size 262144 bytes
16:25:35.485594 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719866192 ecr 0,nop,wscale 7], length 0
16:25:36.497447 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719867204 ecr 0,nop,wscale 7], length 0
16:25:38.526652 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719869234 ecr 0,nop,wscale 7], length 0
16:25:42.606553 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719873316 ecr 0,nop,wscale 7], length 0
16:25:50.795168 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719881509 ecr 0,nop,wscale 7], length 0
16:26:06.915262 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719897637 ecr 0,nop,wscale 7], length 0
16:26:40.689411 IP 10.0.0.100.53020 > 192.168.0.222.http: Flags [S], seq 240687923, win 64240, options [mss 1460,sackOK,TS val 719931428 ecr 0,nop,wscale 7], length 0
16:27:47.285127 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 719998057 ecr 0,nop,wscale 7], length 0
16:27:48.303756 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 719999076 ecr 0,nop,wscale 7], length 0
16:27:50.319266 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720001093 ecr 0,nop,wscale 7], length 0
16:27:54.380615 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720005156 ecr 0,nop,wscale 7], length 0
16:28:02.568885 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720013349 ecr 0,nop,wscale 7], length 0
16:28:18.694681 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720029476 ecr 0,nop,wscale 7], length 0
16:28:51.718785 IP 10.0.0.100.48914 > 192.168.0.222.ftp: Flags [S], seq 613706125, win 64240, options [mss 1460,sackOK,TS val 720062500 ecr 0,nop,wscale 7], length 0