Sniffglue - Secure Multithreaded Bundle Sniffer



sniffglue is a network sniffer written inward rust. Network packets are parsed concurrently using a thread puddle to utilize all cpu cores. Project goals are that you lot tin sack run sniffglue securely on untrusted networks as well as that it must non crash when processing packets. The output should live equally useful equally possible yesteryear default.

Usage
sniffglue enp0s25

Installation
There is an official packet available for archlinux:
pacman -S sniffglue
To construct from source, brand certain you lot accept libpcap as well as libseccomp installed, Debian/Ubuntu: libpcap-dev libseccomp-dev, Archlinux: libpcap libseccomp.
cargo install sniffglue

Protocols
  • ethernet
  • ipv4
  • ipv6
  • arp
  • tcp
  • udp
  • icmp
  • http
  • tls
  • dns
  • dhcp
  • cjdns eth beacons
  • ssdp
  • dropbox beacons
  • 802.11

Docker
You tin sack construct sniffglue equally a docker icon to debug container setups. The icon is currently close 11.1MB. It is recommended to force it to your ain registry.
docker construct -t sniffglue . docker run -it --init --rm --net=host sniffglue eth0

Security
To written report a safety resultant delight contact kpcyrd on ircs://irc.hackint.org.

Seccomp
To ensure a compromised procedure doesn't compromise the system, sniffglue uses seccomp to trammel the syscalls that tin sack live used afterward the procedure started. This is done inward 2 stages, foremost at the rattling commencement (directly afterward env_logger initialized) as well as in i lawsuit afterward the sniffer has been setup, but earlier packets are read from the network.

Hardening
During the instant stage, there's besides unopen to full general hardening that is applied earlier all unneeded syscalls are lastly disabled. Those are organisation specific, then a configuration file is read from /etc/sniffglue.conf. This config file specifies an empty directory for chroot as well as an unprivileged trouble concern human relationship inward user that is used to drib root privileges.

boxxy-rs
This projection includes a minor boxxy-rs based trounce that tin sack live used to explore the sandbox at diverse stages during as well as afterward initialization. This is besides used yesteryear travis to ensure the sandbox genuinely blocks syscalls.
cargo run --example boxxy

Reproducible builds
This projection is tested using reprotest. Currently the next variations are excluded:
  • -time - needed because the crates.io cert expires inward the future
  • -domain_host - requires root for unshare(2) as well as has been excluded
Don't forget to install the construct dependencies.
ci/reprotest.sh

Fuzzing
The packet processing of sniffglue tin sack live fuzzed using cargo-fuzz. Everything you lot should demand is provided inward the fuzz/ directory that is distributed along alongside its source code. Please banking concern complaint that this programme links to libpcap which is non included inward the electrical flow fuzzing configuration.
cargo fuzz run read_packet


Popular posts from this blog

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows

Image
H5N1 Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass ii Step Verification Bypass Av (Coming Soon) Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r requirements.txt python TeleKiller.py Dependency : python 2.7 pyHook pywin32 Video Tutorial Operating Systems Tested Windows 10 Windows 8.1 Windows 8 Windows 7 Contact WebSite Ultra Security Team: https://ultrasec.org Channel Telegram: https://t.me/UltraSecurity Thanks to Milad Ranjbar MrQadir Download TeleKiller
Read more

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Image
EfiGuard is a portable x64 UEFI bootkit that patches the Windows kicking manager, kicking loader too center at kicking fourth dimension inward club to disable PatchGuard too Driver Signature Enforcement (DSE). Features Currently supports all EFI-compatible versions of Windows x64 e'er released, from Vista SP1 to Server 2019. Easy to use: tin live on booted from a USB stick via a loader application that automatically finds too boots Windows. The driver tin also live on loaded too configured manually using either the UEFI rhythm out or the loader. Makes extensive utilization of the Zydis disassembler library for fast runtime pedagogy decoding to back upwardly to a greater extent than robust analysis than what is possible amongst signature matching, which oftentimes requires changes amongst novel OS updates. Works passively: the driver does non charge or start the Windows kicking manager. Instead it acts on a charge of bootmgfw.efi yesteryear the firmware kicking ...
Read more

Cameradar V2.1.0 - Hacks Its Mode Into Rtsp Videosurveillance Cameras

Image
   An RTSP flow access tool that comes alongside its library Cameradar allows you lot to Detect opened upward RTSP hosts on whatever accessible target host Detect which device model is streaming Launch automated dictionary attacks to larn their stream route (e.g.: /live.sdp ) Launch automated lexicon attacks to larn the username in addition to password of the cameras Retrieve a consummate in addition to user-friendly study of the results Docker Image for Cameradar Install docker on your machine, in addition to run the next command: docker run -t ullaakut/cameradar -t <target> <other command-line options> See command-line options . e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l volition scan the ports 554 in addition to 8554 of hosts on the 192.168.100.0/24 subnetwork in addition to laid on the discovered RTSP streams in addition to volition output debug logs. YOUR_TARGET tin hold out a subnet (e.g.: 172.16.100.0/24 )...
Read more