-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinvoke.sh
116 lines (46 loc) · 2.05 KB
/
invoke.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/bash
#Author: Kennashka
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
#INSTALL DOCKER ENGINE
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
# Test out docker
sudo docker run hello-world
docker ps
docker ps -a
# install snort
sudo docker pull linton/docker-snort
# Attach the snort in container to have full access to the network
docker run -it --rm --net=host --cap-add=NET_ADMIN linton/docker-snort /bin/bash
# vim /etc/snort/rules/local.rules
# snort -i eth0 -c /etc/snort/etc/snort.conf -A console
————————————————
# For testing add rule in the file at /etc/snort/rules/local.rules
# vim /etc/snort/rules/local.rules
# alert icmp any any -> any any (msg:"Pinging...";sid:1000004;)
# Running Snort and alerts output to the console (screen).
# snort -i eth0 -c /etc/snort/etc/snort.conf -A console
# Ping in the container then the alert message will show on the console
# ping 8.8.8.8
# Attacker Commands:
# Identify NMAP Ping Scan:
# nmap -sP 172.31.33.156--disable-arp-ping
# Identify NMAP TCP Scan:
# nmap -sT -p22 18.191.148.196
# Identify NMAP XMAS Scan:
# nmap -sX -p22 18.191.148.196
# Identify NMAP FIN Scan:
# nmap -sF -p22 18.191.148.196
# Identify NMAP NULL Scan:
# nmap -sN -p22 18.191.148.196
# Identify NMAP UDP Scan:
# nmap -sU -p68 18.191.148.196
# Alert for FTP traffic:
# telnet 18.191.148.196 21
# Alert for ‘terrorism’ in content outgoing from internal network:
# Implement rules to detect SQL injection and Cross Site Scripting (XSS) attacks: 18.191.148.196/sqli/Less-1/?id=1'