Skip to content

WhiteHatCyberus/SNORT-GUI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

363 Commits
References
References
 
 
simulation
simulation
 
 
snort
snort
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

SNORT GUI Python-tkinter

Warning: This application is Completed as of May 2023, further updates to the application are discontinued and bears no warranty in the future. As of now , May, 2023, the application runs optimally, keeping in mind the security and complexity of the current real world network scenario. Usage of this application for commercial or educational use requires scrutiny of network administrative personnel. Any loss in data, damage to configuration should be under user discretion.

About

A actively developed blue team application for SNORT, a popular Intrusion Detection/Prevention System intended for forensic, incident handling and analysis of network abnormalities.

Table of Contents

  1. Research Architecture
  2. SNORT GUI v3
  3. Connect with Me
  4. Credits

Research Architecture

Research Architecture

SNORT GUI v3

STATUS: ✔️

The SNORT GUI main program consists of:

  • SNORT Rule Generator: Open, Write, Save .rules files - Pre-incident/Preparation
  • Open Configuration Files: Manually Open .conf and .rules files - Pre-incident/Preparation
  • Alert Log Analyzer: Analyze SNORT alerts and distinguishing them by protocols and ports for ease of documentation for cyberforensics - Post-incident/Forenisc Analysis
  • Run SNORT: Runs the SNORT application in Intrusion Detection System Mode.
snort -A console -A fast -q -i <network_interface> -c <configuration_file> -l <log_folderpath>

‼️ Help: covers snort-gui documentation and usage, simulation guides, walkthroughs, snort rule formulation, basic attack and mitigation walkthroughs.

Pre-requisite

  1. A Linux distro that has snort installed (preferably Ubuntu).

Download

  1. Download the latest snortgui-ENTERPRISE.zip release (tag: v3) available in the "Releases" tab.
  2. Alternatively, download via Git, and navigate to "snort/snortgui/" for application files.

Note: If you opt for method 2, rename the resources folder to .resources.

Installation

  1. For first-time installation, run:
sudo python3 installer.py

Terms and Condition

Figure 1.1: Terms and Conditions

Installing resources

Figure 1.2: Installing resources

  1. After installation, you can launch the application by running:
sudo python3 snortgui.py

SNORT GUI main menu

Figure 2.1: SNORT GUI main menu

Rule Generator GUI

Figure 2.2: Rule Generator GUI

Log Analyzer

Figure 2.3: Log Analyzer Tool

  1. Run SNORT IDS:

Run SNORT

Figure 3.1: Configuring SNORT

SNORT running

Figure 3.2: Running SNORT

Note: SNORT GUI v3 features security patches and bug fixes with a help and support centre to explain snort-gui usage. Make sure you download the latest stable release of snortgui-ENTERPRISE.zip(tag: v3) to run the application hassle free.

Connect with me

Credits

Thank you ChrisJD20 for your preliminary contribution to the snort rule generator.

About

SNORT GUI: Your very own trusted blueteam forensic companion for SNORT IDS.

whitehatcyberus.github.io/SNORT-GUI/

Topics

computer-science gui pcap python3 cybersecurity wireshark convolutional-neural-networks intrusion-prevention network-analysis network-security snort intrusion-detection-system

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

22 stars

Watchers

1 watching

Forks

10 forks
Report repository

Releases 4

SNORT-GUI v3 Latest
May 10, 2023
+ 3 releases

Contributors 3

  •  
  •  
  •  

Languages