Skip to content
/ snortRuleEventGenerator Public
forked from felixe/idsEventGenerator

Parses Snort rules from a rule file, puts conent in a struct and ev. prints it.

License

GPL-3.0 license
1 star 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

codecat007/snortRuleEventGenerator

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
snortRuleParser.cpp
snortRuleParser.cpp
 
 

Repository files navigation

snortRuleEventGenerator: Reads and parses Snort rules and generates and sends packets triggering Snort events related to these rules.

Reads Snort rules (as of Snort 2.9.9) from a rule file, puts rule content in a struct and ev. prints it. It than constructs http requests that are sent to the configured host (possibly a webserver) that trigger events related to the parsed rules.

For the moment it only converts hex characters in content patterns that are part of the first 128 readable ASCII characters. It only parses rules that use one of the following content modifiers: http_[method,uri,raw_uri,stat_msg,stat_code].
It ignores rules that are not triggering an alert or do not contain the 'content' keyword . Be aware that this is rather a READER than a parser as it does not in-depth structure checks!

Build it by executing "g++ -lcurl snortRuleParser.cpp"

Run it by executing "./a.out -f <snortRuleFile> -s <webserver>"

For more options run "./a.out -h"

About

Parses Snort rules from a rule file, puts conent in a struct and ev. prints it.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • C++ 100.0%