GithubHelp home page GithubHelp logo

titaniumorca's Introduction

Titanium Orca

A DDoS and port scan analysis tool

Prerequisites

  • scapy_python3==0.23
  • dpkt==1.9.1
  • scapy==2.4.0rc4
  • tabulate==0.8.2

Installing

First install all prerequisites

sudo pip3 install -r requirements.txt

Running

python3 analyser.py [PARAMETERS]...

PARAMETERS:
    /path/to/*.pcap/file
	
	The common pacaps for evaluation:
		- pcap/namp/nmap_standard_scan
		- pcap/syn_attack.pcap
	
	Other PCAPS included are:
    pcap
    ├── Attack.pcap #Sample TCP-HALF-OPEN attack
    ├── hping_syn.pcap # Hping small output
    ├── nmap # NMAP Ouptut files [SEE README.txt]
    │   ├── nmap_ACK_scan_on_port_80
    │   ├── nmap_ACK_scan_on_port_80_2
    │   ├── nmap_OS_scan
    │   ├── nmap_OS_scan_succesful
    │   ├── nmap_standard_scan # Standard Portscan
    │   └── README.txt
    ├── portscan.pcap 
    ├── Sample.pcap
    └── syn_attack.pcap #Real Life DOS attack on a commercial server

 
EXAMPLE: python3 analyser.py pcap/namp/nmap_standard_scan # RUN THIS FOR EVALUATAION

Sample Input/Output

$ python3 analyser.py pcap/portscan.pcap

Parsing....
Malicious IP Addresses with their SYN Packet Counts:
╒══════════════╤═════════╕
│ IP Adress    │   Count │
╞══════════════╪═════════╡
│ 10.100.25.14 │      29 │
╘══════════════╧═════════╛
Do you wish to see the ports attacked/scanned? (y/n) : y
╒══════════════╤════════╕
│ IP Adress    │   Port │
╞══════════════╪════════╡
│ 10.100.25.14 │    139 │
├──────────────┼────────┤
│ 10.100.25.14 │    135 │
├──────────────┼────────┤
│ 10.100.25.14 │    445 │
├──────────────┼────────┤
│ 10.100.25.14 │     80 │
├──────────────┼────────┤
│ 10.100.25.14 │     22 │
├──────────────┼────────┤
│ 10.100.25.14 │    515 │
├──────────────┼────────┤
│ 10.100.25.14 │     23 │
├──────────────┼────────┤
│ 10.100.25.14 │     21 │
├──────────────┼────────┤
│ 10.100.25.14 │   6000 │
├──────────────┼────────┤
│ 10.100.25.14 │   1025 │
├──────────────┼────────┤
│ 10.100.25.14 │     25 │
├──────────────┼────────┤
│ 10.100.25.14 │    111 │
├──────────────┼────────┤
│ 10.100.25.14 │   1028 │
├──────────────┼────────┤
│ 10.100.25.14 │   9100 │
├──────────────┼────────┤
│ 10.100.25.14 │   1029 │
├──────────────┼────────┤
│ 10.100.25.14 │     79 │
├──────────────┼────────┤
│ 10.100.25.14 │    497 │
├──────────────┼────────┤
│ 10.100.25.14 │    548 │
├──────────────┼────────┤
│ 10.100.25.14 │   5000 │
├──────────────┼────────┤
│ 10.100.25.14 │   1917 │
├──────────────┼────────┤
│ 10.100.25.14 │     53 │
├──────────────┼────────┤
│ 10.100.25.14 │    161 │
├──────────────┼────────┤
│ 10.100.25.14 │   9001 │
├──────────────┼────────┤
│ 10.100.25.14 │  65535 │
├──────────────┼────────┤
│ 10.100.25.14 │    443 │
├──────────────┼────────┤
│ 10.100.25.14 │    113 │
├──────────────┼────────┤
│ 10.100.25.14 │    993 │
├──────────────┼────────┤
│ 10.100.25.14 │   8080 │
├──────────────┼────────┤
│ 10.100.25.14 │   2869 │
╘══════════════╧════════╛
Do you wish to see if it was a port scan? (y/n): y
IP:  10.100.25.14  : True

Tools

  • Python - Main Platform
  • DPKT - Main Packet Analyzer
  • scapy - Main Packet Manipulator

Authors

Acknowledgments

  • This is developed as an assignment for Computer Networks Security Course
  • Reason for name: "Wave-hunting" Orca whales spy-hop to locate prey on ice floes, and then swim in groups and attack together in parallel to create waves that wash over the floe. Similar to port scans and DDos.

titaniumorca's People

Contributors

dependabot[bot] avatar ganesh-k13 avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

mohammed-salamuddin keoy7am

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.