Blue team analyisis box is a tool for blue team security analyisis.
BTAB (Blue Team Analyisis Box) is a Blue team analyisis box,focusing on attack signature analysis。It can assist security operation personnel in scenarios such as traffic packet analysis and Trojan horse analysis in the harsh environment of the customer site (no network, no python environment). Currently, it has integrated traffic packet detection, SQL injection detection, Webshell detection, bash command execution detection, and Decoding serialization and other tools.
English - 简体中文
ahead for releases,Double-click to execute. Access the local port 8001 after startup: http://localhost:8001
Note: Some functions require java environment
dependencies.
The initial version mainly implements basic functions and overall process, mainly including the following three functions:
-
Threat Warehouse: A list for storing traffic packets, payload files, and webshell files;
-
Risk detection: Including traffic packet detection, HTTP deep analysis, SQLi detection, XSS detection and other detection items;
-
Auxiliary tools: Including jq, deserialization analysis, data encryption and decryption and other processing tools;
Need to have tshark dependency, note that you need to specify the tshark path in the config.yaml
file, as follows:
pcapAnalyseConfig:
# tsharkPath: tshark # unix env
tsharkPath: C:\Program Files\Wireshark\tshark.exe # win env
Requires java dependency.
Modules | Technology | Remarks |
---|---|---|
front-end framework | vue | |
Front-end UI framework | naive ui | |
backend language | golang | |
Backend API | gin | |
Traffic packet detection logic | python | go embed |
java class detection engine | java | embedding implementation using go embed |
What is the background of the development of this tool?
Since the author has been engaged in the security industry, he has been focusing on the field of traffic security analysis, and is also interested in software research and development. On the one hand, this project is to share the usual research results and promote exchanges and learning. On the other hand, there is too little communication with the blue team in China. Now there are more red teams. I hope this way can be used to form a blue team. communication group
Will this tool be open source?
At best, it can only partially open source. Because of the commercial issues involved, some core detection items within the company are not convenient to open source, but some non-sensitive functional modules can be open sourced as separate projects for learning reference.
You can join the group chat or add my Ali0th friend to enter the group chat.