Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It can be used to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be used to simulate realistic and controllable trafic.
The main features of Netzob are:
- Protocol Vocabulary Modeling and Inference
- Netzob includes a complete model to represents the message format of a protocol (aka its vocabulary). Using specific algorithms, it allows to learn it from provided traces.
- Protocol Grammar Modeling and Inference
- The state machine of a protocol (aka its grammar) defines the valid sequences of exchanged messages. Netzob allows to learn it semi-automaticaly using specific algorithms.
- Protocol Simulation
- To support the inferring process, a dynamic analysis is perfomed based on simulated actors. These can initiate and take part in a complex communication following the infered protocol.
|Mailing list:||Users, developers and announces lists are available, use the SYMPA web interface to register.|
|IRC:||You can hang-out with us on Freenode’s IRC channel #netzob @ freenode.org.|
|Wiki:||Discuss strategy on Netzob’s wiki|
|Twitter:||Follow Netzob’s official accounts (@Netzob)|
Netzob has been initiated by security auditors of AMOSSYS and the CIDre research team of Supélec to address the reverse engineering of communication protocols. A detailed overview of the project is available here.
- Get started with Netzob
- The goal of this tutorial is to present the usage of each main component of Netzob (inference of message format, construction of the state machine and generation of traffic) through an undocumented protocol.
- Modeling your Protocol with Netzob
- This tutorial details the main features of Netzob’s protocol modeling aspects. It shows how your protocol fields can be described with Netzob’s language.
- Auto-generation of Peach pit files/fuzzers
- This tutorial shows how to take advantage of the Peach exporter plugin provided in Netzob to automatically generate Peach pit configuration files, thus allowing to do smart fuzzing on undocumented protocols.
- Auto-generation of Wireshark dissectors
- This tutorial shows how to leverage Netzob’ format message inference in order to automatically generate Wireshark dissectors for proprietary or undocumented protocols.
Read the Netzob User Guide.
Read the Developer Guide.
See how you can contribute to Netzob