Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) testing framework for Snort and Suricata. We all know the greatness of these two projects. Even though it concentrates on Snort and Suricata, it can possibly be used to test the detection and blocking capabilities of other IDS/IPS also. You can also use it to compare IDS/IPS, or compare their configuration modifications or to simply check/validate configurations. The framework is well equipped with about 300 tests grouped in 8 testing modules, such as:You've just set up your Intrusion Detection/Prevention System (IDS/IPS) and feel "Now I'm secure". But how can you be so sure? And how much do you trust your IDS/IPS?
The only way to ensure your IDS/IPS detects and blocks unwanted traffic is to test it with specific payloads and tools, but this job can take hours or even days...
Why all this pain? Here is where pytbull comes in!
Pytbull is a python based flexible IDS/IPS testing framework shipped with more than 300 tests, grouped in 9 modules, covering a large scope of attacks (clientSideAttacks, testRules, badTraffic, fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes, denialOfService, pcapReplay)
0 comments :
Post a Comment