Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols. This tool allows to infer the message format (vocabulary) and the state machine (grammar) of a protocol through passive and active processes. Its objective is to bring state of art academic researches to the operational field, by leveraging bio-informatic and grammatical inferring algorithms in a semi-automatic manner.
Netzob is suitable for reversing network protocols, structured files and system and process flows (IPC and communication with drivers and devices). Once inferred, a protocol model can be used in our traffic generation engine, to allow simulation of realistic and controllable communication endpoints and flows.
Netzob handles different types of protocols: text protocols (like HTTP and IRC), delimiter-based protocols, fixed fields protocols (like IP and TCP) and variable-length fields protocols (like TLV-based protocols).
This version of Netzob must be used as a Python 3 library. It can either be imported in your scripts or in your favorite interactive shell (ipython?).
Once installed, we recommend the following statement to import Netzob:
from netzob.all import *
Netzob's source code is mostly made of Python (90%) with some specific extensions in C (6%).
| Website: | http://www.netzob.org |
|---|---|
| Email: | [email protected] |
| Mailing list: | Two lists are available, use the SYMPA web interface to register. |
| IRC: | You can hang-out with us on Freenode's IRC channel #netzob @ freenode.org. |
| Wiki: | Discuss strategy on Netzob's wiki |
| Twitter: | Follow Netzob's official accounts (@Netzob) |
First thing to do is to check the version of your python3 interpretor. Netzob requires python 3:
$ python3 --version Python 3.4.2
As a 'classic' python project, Netzob is provided with its
setup.py. This file defines what and how to install the project on a
python hosting OS.
This file depends on setuptools which like few other modules cannot be
automatically installed. The reason why, you have to manually install the
following bunch of prerequisites before initiating Netzob's install process.
- python3
- python3-dev
- python3-setuptools
- build-essential
We also highly recommend to install the following additional dependencies:
- python-sphinx (for the documentation)
Once the required dependencies are installed, you can build and install Netzob:
# python3 setup.py install
Or if you prefer a more developer-friendly install:
$ python3 setup.py develop --user
A docker build is offered from the docker registry repository. You can download it from command line with the following command:
$ docker pull netzob/netzob
Once installed, running Netzob is as simple as executing the provided script:
$ ./netzob
This script is in Python's path if you've installed Netzob, otherwise (in developer mode), it's located in the top distribution directory.
If you used the docker container, the following command will allow you to start
netzob with your current directory attached to /data into the container:
$ docker run --rm -it -v $(pwd):/data netzob/netzob
Environment variable `NETZOB_LOG_VERBOSITY` can be use to set the logging level. The numeric values of logging levels are given in the Python Documentation of the Logging Module. For example, the following command starts netzob in DEBUG mode:
$ NETZOB_LOG_LEVEL=10 ./netzob
Capturing data from network interfaces often requires admin privileges. Before we provide a cleaner and secure way (see issue 425 on the bugtracker for updated information - https://dev.netzob.org/issues/425), a possible HACK is to provide additional capabilities to the python binary:
$ sudo setcap cap_net_raw=ep /usr/bin/python3.XX
The following command must be triggered before collecting IPC exchanges with Netzob on Ubuntu (see https://www.kernel.org/doc/Documentation/security/Yama.txt):
$ sudo bash -c "echo 0 > /proc/sys/kernel/yama/ptrace_scope"
The folder doc/documentation contains all the documentation of Netzob.
The user manual can be generated based on RST sources located in folder
doc/documentation/source with the following commands:
$ sphinx-apidoc -T -e -f -o doc/documentation/source/developer_guide/API/ src/netzob/
$ find doc/documentation/source/developer_guide/API/ -type f -exec sed -i ':a;N;$!ba;s/Subpackages\n-----------\n\n.. toctree::\n/Subpackages\n-----------\n\n.. toctree::\n :maxdepth: 1\n /g' {} +
$ sphinx-build -b html doc/documentation/source/ doc/documentation/build/
An up-to-date version of the documentation is hosted on the Read The Docs platform.
There are multiple ways to help-us.
Help-us by reporting bugs and requesting features using the Bug Tracker.
To participate in the development, you need to get the latest version, modify it and submit your changes.
These operations are detailed on Netzob's wiki through the following pages:
You're interested in joining, please contact-us !
See the top distribution file AUTHORS.txt for the detailed and updated list
of authors, contributors and sponsors.
This software is provided under the GPLv3 License. See the COPYING.txt file
in the top distribution directory for the full license text.
The documentation is under the CC-BY-SA licence.
Zoby, the official mascot of Netzob.