A command-line tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, credit card numbers sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Protects against NULL, FYN, and XMAS stealth attacks
Note: DOES NOT protect against non-stealthy scans, check logs/SIEM/IDS/etc. for possible scans
Checks for packets signed by Nikto–it’s a very noisy tool
Scans packets attempting to exploit the shellshock vulnerability (CVE-2014-6271)
Checks for common configurations of the shellshock attack in incoming packets
Credentials sent in-the-clear
Checks for known and popular username/password identifiers to check for possible credentials
Decodes base64 encoded strings for monitoring
Matches username and password in case sent/received across multiple packets
Credit Card numbers sent in-the-clear
Using Regular Expressions, NetworkAlarm ensures any cases of in-the-clear credit card number transmissions can be identified
Checks for 11 popular credit providers:
All requirements are listed in the requirements.txt file. Use pip to install:
Simply run with python, no arguments necessary. NetworkAlarm will default to sniffing on the eth0 interface. Users can specify what interface or pcap to sniff on.
NetworkAlarm will print its findings to stdout as well as print it to a log file named after the current datetime (logs/YYYY-MM-DD_HH:MM:SS.log)