# Attacker Simulation Notebook

This notebook simulates various cyber attacks in a controlled environment. 
All actions are logged to `network_logs.csv` which represents the network traffic capture.

**Attacks Simulated:**
1. Network Scanning (Port Scan)
2. Brute Force Attack
3. Denial of Service (DoS)

In [None]:
import random
import time
import csv
from datetime import datetime

# Configuration
LOG_FILE = 'network_logs.csv'
TARGET_IP = '192.168.1.100'
ATTACKER_IP = '192.168.1.50'

def log_traffic(source_ip, dest_ip, port, action, details):
    """Logs the simulated network traffic to a CSV file."""
    timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
    with open(LOG_FILE, 'a', newline='') as f:
        writer = csv.writer(f)
        writer.writerow([timestamp, source_ip, dest_ip, port, action, details])
    # print(f"[+] Logged: {action} on {dest_ip}:{port}")

# Initialize Log File
with open(LOG_FILE, 'w', newline='') as f:
    writer = csv.writer(f)
    writer.writerow(['timestamp', 'source_ip', 'dest_ip', 'port', 'action', 'details'])
print("Initialized network_logs.csv")

## 1. Port Scanning Simulation
Simulates scanning a range of ports on the target.

In [None]:
def simulate_port_scan(target_ip, start_port=20, end_port=100):
    print(f"Starting Port Scan on {target_ip}...")
    open_ports = [22, 80, 443]
    
    for port in range(start_port, end_port + 1):
        status = 'OPEN' if port in open_ports else 'CLOSED'
        # Simulate network delay
        time.sleep(0.01) 
        
        log_traffic(ATTACKER_IP, target_ip, port, 'SCAN_SYN', f'Port {status}')
        
    print("Port Scan Completed.")

# Run the simulation
simulate_port_scan(TARGET_IP, 20, 50)

## 2. Brute Force Simulation (SSH)
Simulates guessing passwords for the SSH service (Port 22).

In [None]:
def simulate_brute_force(target_ip, port=22, attempts=20):
    print(f"Starting Brute Force on {target_ip}:{port}...")
    usernames = ['admin', 'root', 'user', 'guest']
    passwords = ['123456', 'password', 'admin123', 'root123', 'qwerty']
    
    for i in range(attempts):
        user = random.choice(usernames)
        pwd = random.choice(passwords)
        
        # Simulate attempt
        time.sleep(0.1)
        log_traffic(ATTACKER_IP, target_ip, port, 'LOGIN_ATTEMPT', f'Failed login {user}:{pwd}')
        
    # Simulate a successful login at the end (optional)
    log_traffic(ATTACKER_IP, target_ip, port, 'LOGIN_SUCCESS', 'admin:password')
    print("Brute Force Simulation Completed.")

# Run the simulation
simulate_brute_force(TARGET_IP)

## 3. Denial of Service (DoS) Simulation
Simulates a flood of requests to the Web Server (Port 80).

In [None]:
def simulate_dos(target_ip, port=80, count=500):
    print(f"Starting DoS Flood on {target_ip}:{port}...")
    
    for i in range(count):
        # Minimal delay to simulate high traffic
        # In real life, this would be 0 or threaded
        if i % 100 == 0:
            time.sleep(0.1)
            
        log_traffic(ATTACKER_IP, target_ip, port, 'HTTP_REQUEST', 'GET / HTTP/1.1')
        
    print("DoS Simulation Completed.")

# Run the simulation
simulate_dos(TARGET_IP, count=1000)