INFORMATION GATHERING - IDS/IPS IDENTIFICATION

Updated: Jun 7

In this blog, I will cover one of the best tools of Kali Linux for Information Gathering - IDS/IPS identification.

Cyber Security Tools

  • fragroute

  • fragrouter

  • wafw00f



1) Fragroute


fragroute intercepts modify and rewrite egress traffic destined for a specified host. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, sourceroute, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behavior.



fragroute [-f file] <host>
Eg. fragroute 192.168.120..233

2) Fragrouter

Fragrouter is a network intrusion detection evasion Kali Linux toolkit.


To test your firewall(s) using fragrouter , you will need two systems in addition to your firewall/packet filter. This is because fragrouter cannot by design be run on the same system from which you're testing (according to the documentation, this is to prevent abuse).



How to install: sudo apt install fragrouter
USAGE fragrouter [options]
Eg.  fragrouter -F1

3) Wafw00f


Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:

  • Cookies: Some WAF products add their own cookie in the HTTP communication.

  • Server Cloaking: Altering URLs and Response Headers

  • Response Codes: Different error codes for hostile pages/parameters values

  • Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)

  • Pre Built-In Rules: Each WAF has different negative security signatures


WafW00f is based on these assumptions to determine remote WAFs.




How to install: sudo apt install wafw00f
Eg. python wafw00f.py <url>
Eg. python wafw00f.py google.com

196 views0 comments