-
Notifications
You must be signed in to change notification settings - Fork 8
Ironbee QA tool
License
ironbee/ironbee-qa
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
# This Tool requires: # PyNIDS: http://jon.oberheide.org/pynids/ # and # Scapy: http://www.secdev.org/projects/scapy/ # This QA tool probably needs some QA love, the http parser is far from perfect # #If using scapy you have to sudo #Ivan's Evasion test sudo python ./ironbee_test.py --file-glob="/home/coz/evasion/path-33-u-fullwidth-mapping.t" --host="172.18.100.105" --port=80 --file-format="iristic_evasion" #IronBee audit log format sudo python ./ironbee_test.py --file-glob="ironbee-audit.log.sample" --host="172.18.100.105" --port=80 --file-format="ironbee_audit_log" #PCAP format python ./ironbee_test.py --file-glob="/home/coz/sandnet.pcap" --host="172.18.100.105" --port=80 --file-format="pcap" --pcap-bpf="tcp and port 80" #PCAP format using tshark python ./ironbee_test.py --file-glob="/home/coz/sandnet.pcap" --host="172.18.100.105" --port=80 --file-format="tshark" #Nikto DB format python ./ironbee_test.py --file-glob="/home/coz/db_tests" --host="172.18.100.105" --port=80 --file-format="nikto2_db" --nikto2-vars-file="/home/coz/db_variables" #One Shot python ./ironbee_test.py --one-shot="GET / HTTP/1.1\r\nHost: foo\r\n\r\n" --host="172.18.100.105" --port=80 #One Shot with local apache server ./ironbee_test.py --local-apache-httpd --one-shot="GET /index.html HTTP/1.1\r\nHost: foo\r\n\r\n" #One Shot test of apache without IronBee ./ironbee_test.py --local-apache-httpd --apache-httpd-vars="@APACHE_HTTPD_CONF_TEMPLATE@:@CWD@/apache_httpd_server_root/conf/httpd.noironbee.conf.in" --one-shot="GET / HTTP/1.0\r\n\r\n" #IronBee JSON test file format ./ironbee_test.py --console-log-level="error" --local-apache-httpd --file-glob="tests/*.json" --file-format="ironbee_test_file" #Read PCAP and convert to raw requests using LibNIDS. Output format is input_filename-stream_num-src-sport-dst-dport.(request|response|merged).(request|response) number in stream.raw ./ironbee_test.py --file-glob=/home/coz/sqlmap.pcap --console-log-level=error --file-format=pcap2raw --no-normalize #Read PCAP and convert to raw requests using Tshark/PDML. Output format is input_filename-stream_num-src-sport-dst-dport.(request|response|merged).(request|response) number in stream.raw #Note: Will also split out traffic into PDML, PCAP format using the same naming convention. ./ironbee_test.py --file-glob=/home/coz/sqlmap.pcap --console-log-level=error --file-format=tshark2raw --no-normalize #Read PCAP and convert to raw requests using LibNIDS. Proccess requests one at a time with the IronBee CLI tool. ./ironbee_test.py --file-glob=netsparkercommunity.pcap --console-log-level=error --file-format=pcap2ibcli --no-normalize --ibcli-bin=/usr/local/ironbee/bin/ibcli --ibcli-conf=/usr/local/ironbee/conf/ironbee.conf.example #Read PCAP and convert to Modsecurity audit log format. ./ironbee_test.py --console-log-level=error --file-glob="openfpc*" --file-format=pcap2modsecsa --no-normalize #Judy Evasions sudo ./ironbee_test.py --one-shot="GET / HTTP/1.1\r\nHost: smart.people.on.ice\r\n\r\n" --host="172.18.101.100" --port=80 --send-mode="jnovak_send_rst_bad_chksum"
About
Ironbee QA tool
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published