Showing posts with label Snort. Show all posts
Showing posts with label Snort. Show all posts

Sunday, January 13, 2019

GUI Based Snort Rule Creator / Maker - SNORPY

SNORPY:

                        A Simple GUI / Web Based Snort Rule Creator / Maker for Building Simple Snort Rules.

Snorpy is a simple Snort rule creator / builder / maker made originally with python but I made the most recent version with Node and jquery.




#Install
  1. Install nodejs
  2. Download repo
  3. Unzip the file name node_modules.zip
  4. cd /to/the/path/of/app.js
  5. run the following command: "node app.js"
Should be that easy.

Video Ref : https://vimeo.com/182794567

Download Link : https://github.com/chrisjd20/Snorpy

Online Play : http://snorpy.com/

Saturday, October 5, 2013

Open Source / Freeware Network Intrusion Prevention / Detection System (IDS/IPS)

Snort :

                 is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.



 Download Link : http://www.snort.org/snort-downloads

BASE ( Basic Analysis and Security Engine ) :

                       It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.




                       BASE is a web interface to perform analysis of intrusions that snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly.

Download Link : http://sourceforge.net/projects/secureideas/files/


OSSEC ( Open Source SECurity ) :

                                                       is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

                                                       It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.







                                                       Check out OSSEC features and how it works for more information about how OSSEC can help you solve your host-based security problem.

Download Link : http://www.ossec.net/?page_id=19


Suricata :

                 is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.






                       Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine. The OISF has formed a multi-national group of the leading software developers in the security industry. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires.

Download Link : http://suricata-ids.org/download/


Prelude-IDS :

                     is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless".




                             As well as being capable of recovering any type of log (system logs, syslog, flat files, etc.), Prelude benefits from a native support with a number of systems dedicated to enriching information even further (snort, samhain, ossec, auditd, etc.).


Download Link : https://www.prelude-ids.org/projects/prelude/files



Bro IDS :


                   is a powerful network analysis framework that is much different from the typical IDS you may know.









Download Link : http://www.bro.org/download/index.html


EasyIDS :


                   is an easy to install intrusion detection system based upon Snort. EasyIDS is designed for the network security beginner with minimal Linux experience. EasyIDS includes CentOS linux, Snort, Barnyard, mysql, BASE, ntop, arpwatch, and more.






                   open source Intrusion Detection System distribution based upon Snort, EasyIDS takes the pain and frustration out of deploying an Intrusion Detection Systems. Designed for the network security beginner with minimal Linux experience, EasyIDS can convert almost any industry standard x86 computer into a fully-functioning Intrusion Detection System in as little as 15 minutes. EasyIDS lowers deployment and maintenance costs for network security without compromising functionality or performance.


Download Link : http://sourceforge.net/projects/easyids/files/

Sentry tools :


                           provide host-level security services for the Unix platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against portscans, automate log file auditing, and detect suspicious login activity on a continuous basis.



Download Link : http://sourceforge.net/projects/sentrytools/files/latest/download





Smooth-Sec ( IDS/IPS Linux distribution ) :

                       is a lightweight and fully-ready IDS/IPS (Intrusion Detection/Prevention System) Linux distribution based on Debian 7 (wheezy), available for 32 and 64 bit architecture. The distribution includes the latest version of Snorby, Snort, Suricata, PulledPork and Pigsty. An easy setup process allows to deploy a complete IDS/IPS System within minutes, even for security beginners with minimal Linux experience. Join the community, share your experiences, tips and ideas.



Download Link : http://sourceforge.net/projects/smoothsec/files/latest/download

 Thanks,

RRN Technologies Team.

Thursday, May 2, 2013

IPv6 port scanner Tool - Topera

 Topera:
           is a brand new TCP port scanner under IPv6, with the particularity that these scans are not detected by Snort.

                        Snort is the most known IDS/IPS and is widely used in many different critical environments. Some commercial tools (Juniper or Checkpoint ones) use it as detection engine also.


Mocking snort detection capabilities could suppose a high risk in some cases.
   
                          We keep researching on the security implications that the "new" IPv6 protocol will have in different environments.

                      Get local IPv6 address - Get local ethernet interface - sniffer packet counter - Some minor fixes. You can see an example of execution of Topera in demo videos below,


Latest Video :


 Sample Snapshot :

                                   In next pictures you can see some executions screenshots:











Topera in TCP port scanner mode:

Run with default options:

# python topera.py -M topera_tcp_scan -t fe80:b100:::c408
 
Run specifing: ports to scan, delay between connections, and number os extensions headers:

# python topera.py -M topera_tcp_scan -t fe80:b100:::c408 \
-p 21,22,23,80,8080 --scan-delay 0 --headers-num 0 -vvv
 

Download Link : Topera

Mirror Download Link 1 : Topera
Mirror Download Link 2 : Topera