View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001938||Kali Linux||[All Projects] New Tool Requests||public||2014-12-01 21:25||2020-02-11 11:54|
|Priority||normal||Severity||feature||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Description||AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.|
AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
The main functionalities of AIEngine are:
- Support for interact with the user while the engine is running.
- Support for PCRE JIT for regex matching.
- Support for regex graphs.
- Support five types of NetworkStacks (lan,mobile,ipv6,virtual and oflow).
- Support Sets and Bloom filters for IP searches.
- Support Linux and FreeBSD operating systems.
- Support for HTTP,DNS and SSL Domains matching.
- Support for banned domains and hosts for HTTP, DNS and SSL.
- Frequency analysis for unknown traffic and auto-regex generation.
- Easy integration with databases (MySQL, Redis, etc...) for data correlation.
- Easy integration with other packet engines (Netfilter).
- Support memory clean caches for refresh stored memory information.
- Support for detect DDoS at network/application layer.
On the other hand, AIEngine supports five types of Network stacks depending on the network topology.
- StackLan (lan) Local Area Network based on IPv4.
- StackLanIPv6 (lan6) Local Area Network with IPv6 support.
- StackMobile (mobile) Network Mobile (Gn interface) for IPv4.
- StackVirtual (virtual) Stack for virtual/cloud environments with VxLan and GRE Transparent.
- StackOpenFlow (oflow) Stack for openflow environments.
||Thanks for this suggestion. What is the use-case for this tool in a penetration testing environment?|
||The use case is generate signatures of unknown attacks for use them later on NIDS, such as snort, bro or aiengine. Also the system could be plugin in different network topologies such as cloud environments. All the functions and use cases are on the description, let me know if you need more information.|
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?
|2014-12-01 21:25||camp0||New Issue|
|2014-12-02 11:37||muts||Note Added: 0002841|
|2015-03-18 16:19||camp0||Note Added: 0003174|
||Issue cloned: 0002800|
|2018-01-26 11:21||g0tmi1k||Relationship added||has duplicate 0004388|
|2018-01-29 14:26||g0tmi1k||Note Added: 0008346|
|2019-12-09 13:30||g0tmi1k||Severity||minor => feature|
|2020-02-11 11:54||g0tmi1k||Note Added: 0012210|