{"id":13482191,"url":"https://github.com/alphasoc/flightsim","last_synced_at":"2025-04-08T11:12:14.195Z","repository":{"id":40313318,"uuid":"116955127","full_name":"alphasoc/flightsim","owner":"alphasoc","description":"A utility to safely generate malicious network traffic patterns and evaluate controls.","archived":false,"fork":false,"pushed_at":"2024-04-04T11:25:53.000Z","size":4761,"stargazers_count":1296,"open_issues_count":25,"forks_count":142,"subscribers_count":34,"default_branch":"master","last_synced_at":"2025-03-23T12:51:24.389Z","etag":null,"topics":["intrusion-detection","monitoring","security","testing-tools"],"latest_commit_sha":null,"homepage":"https://alphasoc.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alphasoc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-10T12:31:31.000Z","updated_at":"2025-03-17T08:20:48.000Z","dependencies_parsed_at":"2024-06-19T17:21:39.419Z","dependency_job_id":"1e75f3a6-29fa-46f3-9dff-e133f36e6001","html_url":"https://github.com/alphasoc/flightsim","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fflightsim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fflightsim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fflightsim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fflightsim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alphasoc","download_url":"https://codeload.github.com/alphasoc/flightsim/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247829511,"owners_count":21002997,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["intrusion-detection","monitoring","security","testing-tools"],"created_at":"2024-07-31T17:00:59.804Z","updated_at":"2025-04-08T11:12:14.171Z","avatar_url":"https://github.com/alphasoc.png","language":"Go","readme":"# Network Flight Simulator\n\n**flightsim** is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns.\n\n## Installation\n\nDownload the latest flightsim binary for your OS from the [GitHub Releases](https://github.com/alphasoc/flightsim/releases) page. Alternatively, the utility can be built using [Golang](https://golang.org/doc/install) in any environment (e.g. Linux, MacOS, Windows), as follows:\n\n```\ngo install github.com/alphasoc/flightsim/v2@latest\n```\n\n## Running Network Flight Simulator\n\nUpon installation, test flightsim as follows:\n\n```\n$ flightsim --help\n\nAlphaSOC Network Flight Simulator™ (https://github.com/alphasoc/flightsim)\n\nflightsim is an application which generates malicious network traffic for security\nteams to evaluate security controls (e.g. firewalls) and ensure that monitoring tools\nare able to detect malicious traffic.\n\nUsage:\n    flightsim \u003ccommand\u003e [arguments]\n\nAvailable commands:\n    get         Get a list of elements (ie. families) of a certain category (ie. c2)\n    run         Run all modules, or a particular module\n    version     Prints the version number\n\nCheatsheet:\n    flightsim run                   Run all the modules\n    flightsim run c2                Simulate C2 traffic\n    flightsim run c2:trickbot       Simulate C2 traffic for the TrickBot family\n    flightsim run ssh-transfer:1GB  Simulate a 1GB SSH/SFTP file transfer\n\n    flightsim get families:c2       Get a list of all c2 families\n```\n\nThe utility runs individual modules to generate malicious traffic. To perform all available tests, simply use `flightsim run` which will generate traffic using the first available non-loopback network interface. **Note:** when running many modules, flightsim will gather destination addresses from the AlphaSOC API, so requires egress Internet access.\n\nTo list the available modules, use `flightsim run --help`. To execute a particular test, use `flightsim run \u003cmodule\u003e`, as below.\n\n```\n$ flightsim run --help\nusage: flightsim run [flags] [modules]\n\nTo run all available modules, call:\n\n    flightsim run\n\n To run a specific module:\n\n    flightsim run c2\n\nAvailable modules:\n\n        c2, dga, imposter, miner, scan, sink, spambot, ssh-exfil, ssh-transfer, tunnel-dns, tunnel-icmp\n\nAvailable flags:\n  -dry\n        print actions without performing any network activity\n  -fast\n        reduce sleep intervals between simulation events\n  -iface string\n        network interface or local IP address to use\n  -size int\n        number of hosts generated for each simulator\n\n$ flightsim run dga\n\nAlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)\nThe address of the network interface for IP traffic is 192.168.220.38\nThe address of the network interface for DNS queries is 192.168.220.38\nThe current time is 26-Oct-21 17:28:51\n\n17:28:51 [dga] Generating a list of DGA domains\n17:28:51 [dga] Resolving 6kauziij.com\n17:28:52 [dga] Resolving paxeo0jk.biz\n17:28:53 [dga] Resolving iuuub8al.biz\n17:28:54 [dga] Resolving bxsei3nj.com\n17:28:55 [dga] Resolving zbwltf1h.space\n17:28:56 [dga] Resolving yoze7avi.com\n17:28:57 [dga] Resolving ijax8aqw.space\n17:28:58 [dga] Resolving wwrjyj4l.space\n17:28:59 [dga] Resolving uioc5hky.com\n17:29:00 [dga] Resolving lcwdji5t.biz\n17:29:01 [dga] Resolving zluwcb4h.biz\n17:29:02 [dga] Resolving 8jodcvhj.space\n17:29:03 [dga] Resolving ju5haxur.com\n17:29:04 [dga] Resolving ivthu2dl.biz\n17:29:05 [dga] Resolving ha0bsxft.com\n17:29:05 [dga] Done (15/15)\n\nAll done! Check your SIEM for alerts using the timestamps and details above.\n```\n\nThe utility also has a `get` command which can be used to query information that can later be used with the simulation modules. At present, a list of C2 families can be obtained to be used with the C2 module. To see how to use the `get` command, run `flightsim get -h` as below.\n\n```\n$ flightsim get -h\n\nAlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)\nThe current time is 26-Oct-21 17:42:23\n\nusage: flightsim get [flags] element:category\n\nAvailable elements:\n\n        families\n\nAvailable categories:\n\n        c2\n\nAvailable flags:\n```\n\nTo get a list of C2 families, run:\n\n```\n$ flightsim get families:c2\n\nAlphaSOC Network Flight Simulator™  (https://github.com/alphasoc/flightsim)\nThe current time is 16-Nov-21 11:16:51\n\n11:16:51 [families:c2] Fetching c2 families\n11:16:55 [families:c2] Adwind, Agent Tesla, Amadey, AsyncRAT, AZORult, BASHLITE, BazarBackdoor, BlackNET RAT, Cobalt Strike, Collector Stealer, CryptBot, DarkComet, DiamondFox, Dridex, Emotet, Gozi, IcedID, Kimsuky, KPOT Stealer, LokiBot, Mirai, NanoCore RAT, njRAT, Oski Stealer, Pony, Predator the Thief, Quakbot, RedLine, RedLine Stealer, Remcos RAT, Smoke Loader, Taurus, TrickBot, XtremeRAT, Zloader\n11:16:55 [families:c2] Fetched 35 c2 families\n\nAll done!\n```\n\n## Description of Modules\n\nThe modules packaged with the utility are listed in the table below.\n\n| Module        | Description                                                                      |\n| ------------- | -------------------------------------------------------------------------------- |\n| `c2`          | Generates both DNS and IP traffic to a random list of known C2 destinations      |\n| `cleartext`   | Generates random cleartext traffic to an Internet service operated by AlphaSOC   |\n| `dga`         | Simulates DGA traffic using random labels and top-level domains                  |\n| `imposter`    | Generates DNS traffic to a list of imposter domains                              |\n| `irc`         | Connects to a random list of public IRC servers                                  |\n| `miner`       | Generates Stratum mining protocol traffic to known cryptomining pools            |\n| `oast`        | Simulates out-of-band application security testing (OAST) traffic                |\n| `scan`        | Performs a port scan of random RFC 5737 addresses using common TCP ports         |\n| `sink`        | Connects to known sinkholed destinations run by security researchers             |\n| `spambot`     | Resolves and connects to random Internet SMTP servers to simulate a spam bot     |\n| `ssh-exfil`   | Simulates an SSH file transfer to a service running on a non-standard SSH port   |\n| `ssh-transfer`| Simulates an SSH file transfer to a service running on an SSH port               |\n| `telegram-bot`| Generates Telegram Bot API traffic using a random or provided token              |\n| `tunnel-dns`  | Generates DNS tunneling requests to \\*.sandbox.alphasoc.xyz                      |\n| `tunnel-icmp` | Generates ICMP tunneling traffic to an Internet service operated by AlphaSOC     |\n\n","funding_links":[],"categories":["IR Tools Collection","Go","\u003ca id=\"79499aeece9a2a9f64af6f61ee18cbea\"\u003e\u003c/a\u003e浏览嗅探\u0026\u0026流量拦截\u0026\u0026流量分析\u0026\u0026中间人","IR tools Collection","\u003ca id=\"eec238a1a2657b70f7bbbe68a4421249\"\u003e\u003c/a\u003e其他","Threat Simulation","security","Network Scanners","Uncategorized","攻防演练","Preparedness training and wargaming"],"sub_categories":["Adversary Emulation","\u003ca id=\"99398a5a8aaf99228829dadff48fb6a7\"\u003e\u003c/a\u003e未分类-Network","\u003ca id=\"b239f12aca7aa942b45836032cbef99a\"\u003e\u003c/a\u003e转换","Tools","Uncategorized","网络钓鱼意识和报告","Firewall appliances or distributions"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphasoc%2Fflightsim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falphasoc%2Fflightsim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphasoc%2Fflightsim/lists"}