Sploit

Description

Sploit is an exploit execution and mutation framework designed to test and evaluate misuse detection models in the case of network-based intrusion detection systems.

Sploit is based on an engine that can apply one or more transformation techniques to an exploit script. Using Sploit, it is possible to automatically generate an high number of different attack mutations that can then be executed against a real target to test the detection capabilities of network intrusion detection systems.

Sploit also represents the perfect environment to design, implement, and try new mutation and evasion techniques.

For a more detailed description of Sploit please refer to the project documentation.

Download

Sploit 0.2.4 alpha

Documentation (html)
sploit-0.2.4a-2.tar.gz (sources + documentation)

Publications

G. Vigna, W. Robertson, and D. Balzarotti, "Testing Network-based Intrusion Detection Signatures Using Mutant Exploits", in Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS), pp. 21-30, Washington, DC, October 2004. [PDF, BibTeX]
D. Balzarotti, "Testing Intrusion Detection Systems", Ph.D. Dissertation, Politecnico di Milano, Italy, 2006. [PDF, BibTeX]

People

Davide Balzarotti, Post-doc Researcher.
Will Robertson, Graduate Student.
Giovanni Vigna, Associate Professor (UCSB).
Chris Kruegel, Assistant Professor (TU Vienna).

Acknowledgments

This research was supported by the Army Research Office, under agreement DAAD19-01-1-0484 and by the National Science Foundation under grants CCR-0209065 and CCR-0238492.