网络流量可配置嗅探,流量包解析,漏洞规则扫描,生成报告. ....搞网络安全这块,还凑合着用吧.
1、环境安装:
python2.7 django>1.9 mysql mongo
beautifulsoup4 (4.5.3)
bs4 (0.0.1)
certifi (2017.1.23)
chardet (2.3.0)
configparser (3.5.0)
djangorestframework (3.6.2)
futures (3.0.5)
Logbook (1.0.0)
lxml (3.7.3)
MySQL-python (1.2.5)
psutil (5.2.1)
pymongo (3.4.0)
pyshark (0.3.7.2)
pytz (2017.2)
scapy (2.3.3)
setuptools (1.4.2)
simplejson (3.10.0)
singledispatch (3.4.0.3)
six (1.10.0)
tornado (4.4.3)
trollius (1.0.4)
Werkzeug (0.12.1)
配置好settings中的DATABASES;
新建数据库;
运行python manage.py check无报错;
运行python manage.py makemigrate && python manage.py migrate 建立表结构
2、配置文件:app01_config
[example_bpf]#BPF规则示范
监听物理地址 = ether host 00:00:5e:00:53:00
监听ARP = ether proto 0x0806
滤出广播和多播 = not broadcast and not multicast
滤出ARP = not arp
只要IP4 = ip
IPv4地址 = host 192.0.2.1
只要IPv6 = ip6
IPv6地址 = host 2001:db8::1
只要TCP = tcp
只要UDP = udp
80端口 = port 80
TCP80端口 = tcp port 80
滤出ARP、DNS = not arp and port not 53
谷歌的非HTTP、SMTP包 = not port 80 and not port 25 and host www.google.org
[report]#文件下载url,按照自己的IP改
downloadurl = http://192.168.137.100:8000/
如果提示找不到tshark,运行yum install wireshark
3、配置嗅探项目
4、流量包管理
5、包详情查看
6、漏洞规则录入
7、扫描配置
8、扫描结果
9、选择性生成报告
10、报告下载
11、报告模板