Name: flightsim
Author: alphasoc

Primary Use Case

This tool is primarily used by security teams, including red teams and network defenders, to simulate various types of malicious network activities such as DNS tunneling, DGA traffic, and C2 communications. It enables organizations to test the effectiveness of their firewalls, intrusion detection systems, and SIEM alerts by generating realistic attack traffic in a controlled and safe manner.

Key Features

Simulates diverse malicious network traffic patterns including DNS tunneling, DGA, and C2 communications

Supports running individual or all simulation modules

Fetches real-time destination addresses from AlphaSOC API for accurate simulation

Cross-platform support with pre-built binaries and Go-based build

Provides a dry-run mode to preview actions without generating traffic

Allows customization of network interface, speed, and simulation size

Includes commands to query available C2 families and other elements

Lightweight CLI tool designed for easy integration into security testing workflows

Insights & Recommendations

Running multiple modules requires egress Internet access to fetch destination addresses from the AlphaSOC API. Use the -dry flag to preview actions without generating actual network traffic. Choose the correct network interface with the -iface flag to ensure traffic is sent through the intended network adapter. This tool is intended for safe testing in controlled environments and should not be used on production networks without proper authorization.

Download the latest flightsim binary for your OS from the GitHub Releases page Alternatively, install using Go by running: go install github.com/alphasoc/flightsim/v2@latest Ensure Go environment is set up if building from source (Linux, MacOS, Windows supported)

Usage

flightsim --help

Displays general help and usage information for flightsim

flightsim run

Runs all available simulation modules generating malicious network traffic

flightsim run c2

Simulates command and control (C2) traffic

flightsim run c2:trickbot

Simulates C2 traffic specific to the TrickBot malware family

flightsim run ssh-transfer:1GB

Simulates a 1GB SSH/SFTP file transfer to mimic data exfiltration

flightsim get families:c2

Retrieves a list of all known C2 malware families for use in simulations

flightsim run dga

Generates and resolves a list of domain generation algorithm (DGA) domains

flightsim run --help

Lists all available simulation modules and flags for the run command

Smart Usage Notes

Integrate flightsim into continuous security validation pipelines to automate detection capability testing.Use flightsim to benchmark and tune IDS/IPS and SIEM alerting thresholds for reducing false positives.Leverage dry-run mode for training blue teams on recognizing malicious traffic patterns without network impact.Combine flightsim with threat intelligence feeds to simulate emerging attacker C2 infrastructures realistically.Employ flightsim in purple team exercises to foster collaboration by simulating attacks and validating detection simultaneously.

OpenSec Atlas

flightsim

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like