A command-line tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, credit card numbers sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
- nmap scans
- Protects against NULL, FYN, and XMAS stealth attacks
- Note: DOES NOT protect against non-stealthy scans, check server logs for possible scans
- Nikto scans
- Checks for packets signed by Nikto–it's a very noisy tool
- Shellshock (bashdoor)
- Scans packets attempting to exploit the shellshock vulnerability (CVE-2014-6271)
- Checks for common configurations of the shellshock attack in incoming packets
- Credentials sent in-the-clear
- Checks for known and popular username/password identifiers to check for possible credentials
- Decodes base64 encoded strings for monitoring
- Matches username and password in case sent/received across multiple packets
alarm.py [-h] [-i INTERFACE] [-r PCAPFILE]
Use -h for more info.
Check requirements.txt for required libraries.