Snorter
Tricky script which mades Snort installation simply as a script execution is. The script installs:
- Snort: Open Source IDS.
- Barnyard2: Interpreter for Snort unified2 binary output files.
- PulledPork: Snort rule management.
- WebSnort: Web Interface for PCAP analysis.
Successfully tested in:
- Raspberry Pi + Raspbian Jessie
- Kali Linux Rolling Release
- Debian 9.0+
- Ubuntu 18.04
- Ubuntu 14.04 using the
Snorter_Ubuntu-14.04.sh
script.
Installation
Detailed install instructions.
Download
Simply run on your terminal:
git clone https://github.com/joanbono/Snorter.git
cd Snorter/src
Execution
Printing the USAGE:
bash Snorter.sh -h
OR
bash Snorter.sh --help
RECOMMENDED: Executing the script using an OINKCODE
bash Snorter.sh -o <oinkcode> -i <interface>
Docker
Edit the Dockerfile
Dockerfile content. Use your personal OINKCODE.
#Kali docker with SNORT + BARNYARD2 + PULLEDPORK
#Version 0.1.0
From kalilinux/kali-linux-docker:latest
MAINTAINER Joan Bono <@joan_bono>
ENV OINKCODE
ENV INTERFACE
RUN apt-get update && apt-get upgrade -y && apt-get install -y git curl wget
RUN git clone https://github.com/joanbono/Snorter.git /opt/Snorter
RUN /opt/Snorter/src/Snorter.sh -o ${OINKCODE} -i ${INTERFACE}
USER root
WORKDIR /opt/Snorter
Run the dockerfile
Start the docker
daemon.
- With
websnort
:
cd Snorter/src/
docker build SnorterDock -p 80:80 -e OINKCODE=<oinkcode> -e INTERFACE=<interface>
- Without
websnort
:
cd Snorter/src/
docker build SnorterDock -e OINKCODE=<oinkcode> -e INTERFACE=<interface>
WebSnort Usage
- Submit a
pcap
using the web browser:
- Watch the
alerts
on the web browser:
- Submit a
pcap
using theAPI
:
curl -i --form file=@test.pcap http://ADDRESS/api/submit