VENT or Visualization for Evil Network Traffic is a local web application built on Django that will allow network administrators to quickly view the status of their network and take action on any malicious activity they identify.
VENT will start by building a visualization of your network topology by passively listening in on the network's traffic. Then an intrusion detection system, Bro, will analyze the network for evil or malicious traffic. As it detects malicious traffic, the machine's color on the visualization of the network will turn from green to red. This will allow network administrators to determine the status of their network and if anything is being attacked at a quick glance.
Once the network administrator identifies malicious traffic, they can then choose to act on this traffic by performing network administrative actions such as black-holing, reconnaissance, and port scanning.
To get up and running:
- Download the project
- Install Django
- Run 'python manage.py runserver'
- Navigate to localhost:8000/topology/
- ??????
- Profit
- Add support to allow you to add multiple subnets and be able to navigate to different ones with ease.
- Add blackhole feature so you can quickly blackhole malicious hosts
- Add machine naming so you can identify what resources are being utilized on that server
- See a list of the top 5 attacker when you click on a machine
- Add filtering to machines and attacker so you can look for IPs, attacks, or dates
- Make a report commenting on the status of the network as a hole
- Add cool visualizations to machine, attacker, and index pages to represent attacks
- Overall prettier UI
- Make machines draggable with click of button so you can make meaningful placements
- Set configurations to define threat levels instead of hardcoded values.