A standalone Intrusion Detection System (IDS) and Scanner built with Python. This tool demonstrates proactive scanning and deep packet inspection to secure a network.
- Proactive Scanning: Automatically checks the target IP on port 1099 to identify a vulnerable Java RMI banner before any attack occurs.
- Deep Packet Inspection (Sniffing): Monitors network traffic in real-time, specifically checking packets destined for the target port for signatures indicating exploitation attempts (like 'java' or 'rmi' payloads typical in Metasploit attacks).
- Incident Logging: Logs all findings to a CSV database instantly.
- Live Interactive Dashboard: Includes a Streamlit UI that updates every second to display the status (
MONITORING,RISK, orCRITICAL) and logs.
pip install scapy pandas streamlitRun the two scripts in separate terminals:
-
Start the Scanner & Live Sniffer
python sentinel_logic.py
-
Start the Streamlit Monitoring Dashboard
streamlit run app.py
- The
sentinel_logic.pyscript starts scanning. If it detects an open and responsive Java RMI Registry, the dashboard changes state to report aRISK. - As the script silently monitors the network layer, if an incoming payload from Metasploit is detected matching the rules, it immediately logs a
CRITICALbreach. - The Streamlit dashboard updates automatically and sounds the alarm visually.
This tool is built for educational and defensive purposes to be tested against intentionally vulnerable machines like Metasploitable.