A Python-powered framework to simulate attacks targeting the TCP/IP protocol stack and analyze vulnerabilities programmatically. This repo includes attack simulation, packet capture hooks, reporting (HTML/PDF), SQLite logging, Docker/Kubernetes, and CI/CD.
The TCP/IP stack powers internet communication but can be abused through denial-of-service, reset injection, or session hijacking. This project provides a controlled framework to simulate these behaviors, analyze traces, and test mitigations.
-
Attack Simulation
- TCP SYN floods, reset injection, and session hijacking (simulated)
- Automated payload delivery stubs using Hping3 and raw sockets (optional, safe by default)
- A reverse shell exploitation simulator for open-port vulnerability testing
-
Packet Capture & Analysis
- Hooks for Wireshark/tshark CLI to capture short samples (optional stub)
- Parse/label outputs and summarize with Pandas
-
Reporting
- Automated HTML report generation (Jinja2)
- PDF report export (ReportLab)
-
Data Logging (SQL)
- Saves each run + events to local SQLite (
data.db) - Query helper to list runs and inspect events
- Saves each run + events to local SQLite (
-
Defensive Testing
- Space to test firewall rules, IDS tuning, rate-limiting strategies
-
Reusable Framework
- Packaged as a simple Python runner (
framework.py) usable across environments - GitHub Actions CI runs
flake8,pytest, and builds the Docker image - Kubernetes Job manifest for cluster execution
- Packaged as a simple Python runner (
Safety first: All attack logic defaults to simulation. External tools are disabled by default and invoked only when
--enable-externalis provided and the tools are installed.
TCP-IP_vulnerability-testing-framework/
├── framework.py
├── report.py
├── db.py
├── query_db.py
├── requirements.txt
├── Dockerfile
├── k8s/
│ └── job.yaml
├── tests/
│ ├── conftest.py
│ ├── test_framework.py
│ └── test_db.py
├── .flake8
└── .github/
└── workflows/ci.yml
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
# Run simulations
python framework.py --target 10.0.0.5 --outdir results
# Generate reports
python report.py --json results/latest.json --html results/report.html
python report.py --json results/latest.json --pdf results/report.pdf
# Explore the SQLite log
python query_db.py --list
python query_db.py --run 1docker build -t tcp-ip-framework:local .
docker run --rm -v $PWD/results:/app/results tcp-ip-framework:local --target 10.0.0.5 --outdir /app/resultskubectl apply -f k8s/job.yamlflake8 .
pytest -q- Extended lab runs with Hping3 (SYN floods, reset injections) and raw sockets
- Simulated reverse shell exploitation on open ports
- Captured and analyzed packets with Wireshark API + Pandas
- Benchmarked countermeasures (firewall rules, IDS tuning, rate-limiting) showing ~70% improved resilience