Repository files navigation

See complete documentation here:https://netzob.github.io/netzob/

Netzob is an open source tool for reverse engineering,modelization, traffic generation and fuzzing of communicationprotocols.

Netzob is suitable for reversing network protocols, structured filesand system and process flows (IPC and communication with drivers anddevices). Netzob handles different types of protocols: text protocols(like HTTP and IRC), delimiter-based protocols, fixed fields protocols(like IP and TCP) and variable-length fields protocols (like TLV-basedprotocols).

Netzob can be used to infer the message format and the state machineof a protocol through passive and active processes. Its objective isto bring state of art academic researches to the operational field, byleveraging bio-informatic and grammatical inferring algorithms in asemi-automatic manner.

Once modeled or inferred, a protocol model can be used in our trafficgeneration engine, to allow simulation of realistic and controllablecommunication endpoints and flows.

The main features of Netzob are:

Protocol Modelization

Netzob includes a complete model to represent the message format (aka its vocabulary)and the state machine of a protocol (aka its grammar).

Protocol Inference

The vocabulary and grammar inferencecomponent provides both passive andactive reverse engineering of communication flows through automatedand manuals mechanisms.

Traffic Generation

Given vocabulary and grammar models previouslyinferred or modelized, Netzob can understand and generate communication trafficwith remote peers. It can thus act as either a client, a server orboth.

Protocol Fuzzing

Netzob helps security evaluators by simplifying the creation offuzzers for proprietary or undocumented protocols. Netzob considers the format message and state machine of theprotocol to generate optimized and specific test cases. Both mutation and generation are available for fuzzing.

Import Communication Traces

Data import is available in two ways: either byleveraging the channel-specific captors (currently network and IPC --Inter-Process Communication), or by using specific importers (such asPCAP files, structured files and OSpy files).

Export Protocol Models

This module permits to export an model ofa protocol in formats that are understandable by third party softwareor by a human. Current work focuses on export format compatible withmain traffic dissectors (Wireshark and Scapy) and fuzzers (Peach andSulley).

Netzob must be used as a Python 3 library. It can either be imported in your scriptsor in your favorite interactive shell (ipython?).

Netzob has been initiated by security auditors of AMOSSYS and theCIDre research team of CentraleSupélec to address the reverse engineering andfuzzing of communication protocols.

The documentation is available online at:https://netzob.github.io/netzob/

If you want to build the documentation, run the following command:

$ sphinx-build -b html doc/documentation/source/ doc/documentation/build/

First thing to do is to check the version of your python3 interpretor.Netzob requires at least Python 3.8:

$ python3 --versionPython 3.8.10

You have to install the following system dependencies:

$ apt-get install -y python3 python3-dev python3-setuptools virtualenv build-essential libpcap-dev libgraph-easy-perl libffi-dev

Then, create a virtualenv:

$ mkdir venv$ virtualenv venv$ source venv/bin/activate

You can install Netzob from PyPI (recommended choice):

(venv) $ pip3 install netzob

If you have retrieved Netzob sources, the installation procedure is:

(venv) $ pip3 install Cython==0.29.32  # Should be manually installed because of setup.py direct dependency(venv) $ pip3 install -e .

Once installed, we recommend to use the Netzob API inside scripts, with the following statement to import Netzob:

from netzob.all import *

Netzob also provides its own CLI, in order to play interactively with it:

(venv) $ netzob

There are multiple ways to help-us.

Help-us by reporting bugs and requesting features using theBug Tracker.

To participate in the development, you need to get the latest version,modify it and submit your changes.

You're interested in joining, please contact us!

See the top distribution fileAUTHORS.txt for the detailed and updated listof authors, contributors and sponsors.

This software is provided under the GPLv3 License. See theCOPYING.txt filein the top distribution directory for the full license text.

The documentation is under the CC-BY-SA licence.

Zoby, the official mascot of Netzob.