Need help with Snorter?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

joanbono
138 Stars 35 Forks GNU General Public License v3.0 129 Commits 4 Opened issues

Description

Snort + Barnyard2 + Pulledpork → The easy way!

Services available

!
?

Need anything else?

Contributors list

# 203,134
Bash
iterm2
SQL
wordlis...
74 commits
# 646,841
Shell
5 commits
# 514,831
Shell
4 commits
# 295,956
pandas
SQLite
tsv
HTML
2 commits
# 725,568
Shell
1 commit
# 123,216
time-ma...
python3
unix
unifi
1 commit

Snorter

Snorter in action!

Version License: GPL v3

Tricky script which mades Snort installation simply as a script execution is. The script installs:

  • Snort: Open Source IDS.
  • Barnyard2: Interpreter for Snort unified2 binary output files.
  • PulledPork: Snort rule management.
  • WebSnort: Web Interface for PCAP analysis.

Successfully tested in:

  • Raspberry Pi + Raspbian Jessie
  • Kali Linux Rolling Release
  • Debian 9.0+
  • Ubuntu 18.04
  • Ubuntu 14.04 using the
    Snorter_Ubuntu-14.04.sh
    script.

Installation

Detailed install instructions.

Download

Simply run on your terminal:

git clone https://github.com/joanbono/Snorter.git
cd Snorter/src

Execution

Printing the USAGE:

bash Snorter.sh -h

OR

bash Snorter.sh --help

RECOMMENDED: Executing the script using an OINKCODE

bash Snorter.sh -o  -i 

Docker

Edit the Dockerfile

Dockerfile content. Use your personal OINKCODE.

#Kali docker with SNORT + BARNYARD2 + PULLEDPORK
#Version 0.1.0
From kalilinux/kali-linux-docker:latest
MAINTAINER Joan Bono 

ENV OINKCODE ENV INTERFACE

RUN apt-get update && apt-get upgrade -y && apt-get install -y git curl wget RUN git clone https://github.com/joanbono/Snorter.git /opt/Snorter RUN /opt/Snorter/src/Snorter.sh -o ${OINKCODE} -i ${INTERFACE} USER root WORKDIR /opt/Snorter

Run the dockerfile

Start the

docker
daemon.
  • With
    websnort
    :
cd Snorter/src/
docker build SnorterDock -p 80:80 -e OINKCODE= -e INTERFACE=
  • Without
    websnort
    :
cd Snorter/src/
docker build SnorterDock -e OINKCODE= -e INTERFACE=

WebSnort Usage

  • Submit a
    pcap
    using the web browser:

  • Watch the
    alerts
    on the web browser:

  • Submit a
    pcap
    using the
    API
    :
curl -i --form [email protected] http://ADDRESS/api/submit


Install Instructions


Stargazers over time

Stargazers over time


Special thanks to

  • @goffinet for the rule enabler and for solving solving the
    systemctl
    issue.
  • @rbshadow for the
    Snorter
    script adapted to
    Ubuntu 14.04
    .

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.