-
Notifications
You must be signed in to change notification settings - Fork 3
/
launch_test.sh
203 lines (174 loc) · 5.81 KB
/
launch_test.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#!/bin/bash
source ./config.sh
ATTACK_VECTOR=
VICTIM_IP=
ATTACK_TYPE=
GREEN='\033[0;32m' # Green Color
YELLOW='\033[0;33m'
RED='\033[0;31m' # RED Color
NC='\033[0m' # No Color
__POSSIBLE_ATTACK_VECTOR=("ntp" "dns" "cldap" "memcached-stat" "memcached-get" "openvpn"
"flood-syn" "flood-ack" "flood-rst" "flood-udp" "flood-all"
"ssdp" "slowloris" "slowread")
print_help() {
#
# Help message
#
echo -e "${GREEN}Usage: launch_test.sh [-a attack-vector] [-t attack-type] [-d victim-ip] [-l loops]"
echo " Options are:"
echo " -a, --attack-vector: ntp, dns, openvpn, cldap, memcached-stat, memcached-get, flood-syn,"
echo " flood-ack, flood-rst, flood-udp, flood-all, ssdp, slowloris, slowread."
echo ""
echo " -d, --victim-ip: IPv4 address of a victim."
echo ""
echo " -l, --loops: Number of replays that script peforms (default 1),"
echo " This option is for OpenVPN, CLDAP, SSDP."
echo ""
echo " -s, --time: Number of seconds that script performs the attack (default 10),"
echo " This option is for DNS, Memcached-stat, slowloris, slowread and"
echo " all type of flood atatcks."
echo ""
echo " -p, --packets: Number of packets to be sent (default 10),"
echo " This option is for NTP and Memcached-get"
echo ""
echo " -t, --attack-type: Required option for AMPLIFICATION ATTACK,"
echo " can be either 'query' or 'response',"
echo " specify if the attack should generate queries to the vulnurable,"
echo " server or responses from server."
echo " AMPLIFICATION ATTACKS: ntp, dns, cldap, openvpn, ssdp, memcached-stat."
echo -e " Note: for memcached-get this is not supported, it works as response only.${NC}"
}
check_arguments() {
#
# Check arguments
#
while [[ $# -gt 0 ]]
do
case "$1" in
-a|--attack-vector)
if [[ ! " ${__POSSIBLE_ATTACK_VECTOR[@]} " =~ " ${2} " ]]; then
echo -e "${RED}Invalid attack vector argument: '$2'!${NC}"
print_help
exit 1
fi
ATTACK_VECTOR="$2"
shift 2 # shift argument
;;
-t|--attack-type)
ATTACK_TYPE="$2"
shift 2
;;
-d|--victim-ip)
VICTIM_IP="$2"
shift 2
;;
-l|--loops)
LOOPS="$2"
shift 2
;;
-p|--packets)
PKTS="$2"
shift 2
;;
-s|--time)
TIME="$2"
shift 2
;;
-h|--help)
print_help
exit 0
;;
*) # unknown option
echo -e "${RED} Wrong arguments!${NC}"
print_help
exit 1
;;
esac
done
}
restart_suricata() {
#
# Restart suricata service
#
ssh -l "$SURICATA_USR" "$SURICATA_IP" \
"systemctl restart suricata && echo 'Suricata restarted...'"
}
cp_active_rule_to_suricata() {
local rule_file
case $ATTACK_VECTOR in
flood-all|flood-ack|flood-syn|flood-rst|flood-udp)
rule_file="floods.rules" ;;
memcached*)
rule_file="memcached.rules" ;;
*)
rule_file="$ATTACK_VECTOR.rules" ;;
esac
echo "Copying $rule_file to Suricta /etc/suricata/my-rules ..."
scp rules/$rule_file "$SURICATA_USR"@"$SURICATA_IP":/etc/suricata/my-rules/active.rules
echo "Copying config files to Suricata /etc/sruicata ..."
scp suricata/suricata.yaml suricata/threshold.config "$SURICATA_USR"@"$SURICATA_IP":/etc/suricata
echo "Done!"
}
get_suricata_stats() {
#
# Get statistics from suricata
#
/bin/bash suricata/stats_suricata.sh
}
do_attack() {
#
# Connect to the attacker and do the attack
#
ssh -l "$ATTACKER_USR" "$ATTACKER_IP" \
VICTIM_IP="$VICTIM_IP" \
LOOPS="$LOOPS" \
TIME="$TIME"\
PKTS="$PKTS" \
VICTIM_NETWORK=$VICTIM_NETWORK \
SURICATA_IP=$SURICATA_IP \
AMP_SERVER_IP=$AMP_SERVER_IP \
ATTACK_VECTOR="$ATTACK_VECTOR" \
ATTACK_TYPE="$ATTACK_TYPE" \
/bin/bash < "attacker/attacker_steps.sh"
}
start_http_server() {
#
# Connect to the Vicitm IP and starts HTTP Server there on port 80
#
echo 'Creating new http server listening on port 80...'
ssh -l "$VICTIM_USR" "$VICTIM_IP" \
"pushd $VICTIM_HOME_PATH; \
tmux new-session -s my_http_server -d 'python -m ComplexHTTPServer 80 >/var/log/my_http_server.out'; \
sleep 2; tmux has-session -t my_http_server"
test $? -eq 1 && { echo "Failed to create server, exiting!"; exit 1; }
echo "Server successfully created!"
}
stop_http_server() {
#
# Stop HTTP server
#
echo 'Stopping http server on port 80...'
ssh -l "$VICTIM_USR" "$VICTIM_IP" \
"tmux kill-session -t my_http_server"
test $? -eq 0 && echo "Server stopped successfully!"
}
##### MAIN
check_arguments $@
test -z $ATTACK_VECTOR && { echo -e "${RED}Attack vector not specified!${NC}"; exit 1; }
test -z $VICTIM_IP && { echo -e "${RED}Victim IP address not specified!${NC}"; exit 1; }
case "$ATTACK_VECTOR" in
slowloris|slowread)
start_http_server
cp_active_rule_to_suricata
restart_suricata
do_attack
get_suricata_stats
stop_http_server
;;
*)
cp_active_rule_to_suricata
restart_suricata
do_attack
get_suricata_stats
;;
esac