INFORMATION GATHERING - IDS/IPS IDENTIFICATION
Updated: Jun 7, 2022
In this blog, I will cover one of the best tools of Kali Linux for Information Gathering - IDS/IPS identification.
Cyber Security Tools
fragroute
fragrouter
wafw00f
1) Fragroute
fragroute intercepts modify and rewrite egress traffic destined for a specified host. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, sourceroute, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behavior.
fragroute [-f file] <host>
Eg. fragroute 192.168.120..233
2) Fragrouter
Fragrouter is a network intrusion detection evasion Kali Linux toolkit.
To test your firewall(s) using fragrouter , you will need two systems in addition to your firewall/packet filter. This is because fragrouter cannot by design be run on the same system from which you're testing (according to the documentation, this is to prevent abuse).
How to install: sudo apt install fragrouter
USAGE fragrouter [options]
Eg. fragrouter -F1
3) Wafw00f
Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods:
Cookies: Some WAF products add their own cookie in the HTTP communication.
Server Cloaking: Altering URLs and Response Headers
Response Codes: Different error codes for hostile pages/parameters values
Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
Pre Built-In Rules: Each WAF has different negative security signatures
WafW00f is based on these assumptions to determine remote WAFs.
How to install: sudo apt install wafw00f
Eg. python wafw00f.py <url>
Eg. python wafw00f.py google.com