Nmap, Metasploit and other hacking tools

Hack3rcon · November 12, 2023, 7:28am

Hello,
Nowadays, tools like Nmap and Metasploit are very popular among people. Why doesn’t Suricata-IDS have any rules to block these tools?

Thank you.

Hack3rcon · November 15, 2023, 11:43am

Hello,
No idea?

Thank you.

IDSTower · November 16, 2023, 9:53am

Suricata Rules vendors (eg: Emerging threats) do have rules to detect the usage of those tools and block them if needed, with varying degrees of accuracy depending on how those tools are used, just try to download the ETOpen rules and search for metasploit in them to explore those.

Hack3rcon · November 16, 2023, 7:34pm

Hello,
Thank you so much for your reply.
Why does Emerging threats not have such important rules? Have you been able to block these tools?

IDSTower · November 16, 2023, 7:46pm

They do, the tricky part is that tools have multiple operations modes and subtools, some of those components can be more easily detectable than others.

Explore the ETOpen rules to see what is covered

Hack3rcon · November 16, 2023, 7:52pm

Thanks again.
When I download these rules, in which directory should I put them and how to activate them?

IDSTower · November 19, 2023, 2:25pm

Please follow the guidelines 2. Quickstart guide — Suricata 8.0.0-dev documentation

Topic		Replies	Views
Suricata-IDS and Nmap Rules community	8	9368	August 20, 2020
Fast.log entry/entries Help ips	3	780	February 17, 2021
Create rules on pfsense Rules ips , pfsense , suricata	2	733	September 2, 2022
Nmap Detection via Suricata Rules suricata	1	4120	May 2, 2022
Custom Rule to Allow only web browser traffic on port 80 Rules	6	1404	August 14, 2021

Nmap, Metasploit and other hacking tools

Related Topics