Use?
Setup
We just had a network of a few computers and virtual machines to run attacks on. You can do this however you want. Log traffic to pcap
files.
You don’t even need a network. All you need is some pcap
files to parse on the server.
Running the server
-
Install the requirements in
requirements.txt
. Perhapspip install -r requirements.txt
will work. -
Once this is done, go to the
pig_web
directory.manage.py
contains all of the usual Django commands (e.g.syncdb
,runserver
, etc.) as well as a few of our own.start_analyzer
will start all of our attack analyzers on the database specified in the settings file.parse_pcap
will parse apcap
-file into the database.traffic_report
generates the data for our graph.parse_arp
will parse the output of thearp
command and load ARP records into the database. This is necessary for detecting Man in the Middle Attacks.
-
Want to run it in production? Deploy as you would any other Django application. Personally, I recommend Gunicorn and Supervisor. Our configuration is in
conf/supervisord.conf
if you’re looking for inspiration.