Contents

Maltrail Malicious Traffic Detection System

  

Maltrail is a Malicious Traffic Detection System that utilizes publicly available blacklists (and other trails from various AV reports and user-defined lists) to help discover unknown threats by monitoring traffic against those lists. Maltrail is run from the command line but does include a handy (and optional) web interface.

If you take the security of your servers and computers really seriously, then you know how important it is to be constantly alert to malicious behavior. This can be a 24/7/365 job, and if you have a lot of equipment, this task is almost impossible. Fortunately, there are a number of useful tools available that reduce this burden considerably. Such a tool is Maltrail.

 

Maltrail

 

Maltrail is made up of three components

1. The **Sensor** which monitors traffic for threats 
2. **Server** which provides logging for the event details of the detected malicious traffic.
The **Client** that provides visualization and reporting of the event details.


Maltrail is made up of three components

 

Install and Configure

With this install, I will use a Debian based Operating System.
For other Linux distros search for the required Package Management Systems.

 

Package Lists

 

Update Package Lists

 

Update and upgrade your system

1
sudo apt update && sudo apt full-upgrade

 

Install the required dependencies

Maltrail requires the python pcap packages. Hence, to install pcap and other necessary dependencies, run the command below. In this command, we do this all in one because this is always the easiest way.

1
sudo apt install python-setuptools python-pcapy git

 

Install Maltrail

The following set of commands should get your Maltrail Sensor up and running (out of the box with default settings and monitoring interface “any”)

1
git clone https://github.com/stamparm/maltrail.git
1
cd maltrail

 

Start Maltrail Sensor

To run the Sensor, execute the command below to run the Maltrail sensor in the background.

1
sudo python sensor.py

 

Start Server

To start the Server on same machine, open a new terminal and execute the following:

1
python server.py

Access the interface by visiting http://127.0.0.1:8338 from your web browser.

Default credentials:
Username: admin
Password: changeme!

Testing Maltrail

A while ago I wrote an article about: How to use Nmap NSE Scripts to find Vulnerabilities In this article you can find a lot of information about Nmap NSE. In the video below, I show a nmap vuln scan.


 

Nmap NSE script

To find the Nmap NSE scripts

1
cd /usr/share/nmap/scripts

 

1
ls -la

nmap NSE Scripts path
nse nmap

 

Video Maltrail

In this video, I show you how to set up this awesome tool. Because I use a Vulnerable server and will use the Nmap NSE script “Vuls” to get some action.


 

 


Become a member on LBRY
Plus earning LBRY for watching videos ♥️
Here an invitation link, so that we both benefit.
In this way, you also support my work.

https://lbry.tv/$/invite/@hackingpassion:9

Follow me on YouTube


For more information you can visit the GitHub page:
Maltrail and Download the tool here.
They have made enormous much info about this tool.

Maltrail and Download the tool here

 

IMPORTANT THINGS TO REMEMBER

✓ This Video and Article are made for educational purposes and pentest only.

* You will not misuse the information to gain unauthorized access.

✓ This information shall only be used to expand knowledge and not for causing malicious or damaging attacks…!


Read also the Disclaimer

All the techniques provided in the tutorials on the hackingpassion.com, YouTube channel and on the website hackingpassion.com are meant for educational purposes only.

If you are using any of those techniques for illegal purposes, hackingpassion.com can’t be held responsible for possible lawful consequences.

My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.


 

Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do so. Using the below comment form.


 

 

By Bulls Eye

Jolanda de koff • email donate

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner, and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ...

I ♥ open-source and Linux