This tutorial will provide you with the details required to install configure and run pytbull on Back Track 5.
In our example we will be using pytbull with Back Track 5 in gateway mode.
Back Track 5 requirements and configuration:
- Install BT5 rather than run the live version, you should do this anyway
- Install libopts25 so that tcpreplay will work in BT5
- In our example BT5 will have ip address of 172.16.16.43
Configuration Steps:
Install libopts25
#apt-get install libopts25
Download and install pytbull, refer to the pytbull website documentation section:
http://pytbull.sourceforge.net/?page=documentation#installation
Edit the config.cfg file for specific settings and paths in BT5. Change the IP to your IP and the interface to your networked interface, in our example the client ip is 172.16.16.43 on eth0.
The sections we are interested in are as follows:
[CLIENT] ipaddr = <yourbt5ipadd> iface = eth0 [ENV] sudo = /usr/bin/sudo nmap = /usr/local/bin/nmap nikto = /pentest/web/nikto/nikto.pl niktoconf = /pentest/web/nikto/nikto.conf hping3 = /usr/sbin/hping3 tcpreplay = /pentest/sniffers/tcpreplay/tcpreplay localhost = 127.0.0.1 [CREDENTIALS] ftpuser = fred ftppasswd = derf
We are now ready to run the pytbull tests and watch our IDS/IPS systems!
Be sure to include the gateway mode switch:
#./pytbull -t <target ip address> --mode=gateway
You should now see all the tests running and your IDS/IPS should be going crazy!