Skip to main content
Somnium provides a comprehensive suite of test modules designed to validate your network security controls, firewall rules, and intrusion detection systems. Each module simulates real-world threat scenarios using live threat intelligence feeds.

Available Test Modules

Malicious IPs

Test connections to known malicious IP addresses from threat intelligence feeds

Phishing URLs

Validate detection of active phishing campaigns from OpenPhish feed

TOR Exit Nodes

Test connections to TOR network exit nodes for anonymity detection

Malware Distribution

Test live malware distribution URLs from URLhaus database

Cryptomining Domains

Detect connections to known cryptocurrency mining pools and domains

DGA Domains

Generate and test Domain Generation Algorithm (DGA) patterns

Remote Desktop Tools

Test connections to unsanctioned remote desktop management tools

Bad User Agents

Simulate traffic using known malicious user agent strings

DNS over HTTPS

Generate DNS queries using DoH to test unmanaged encrypted DNS

Test Results

Each test module generates a dedicated results file containing timestamped entries of all test activities:
  • IP_Results.txt - Malicious IP connection tests
  • URL_Results.txt - Phishing URL connection tests
  • TOR_Results.txt - TOR exit node connection tests
  • Malware_Results.txt - Malware distribution URL tests
  • Mining_Results.txt - Cryptomining domain tests
  • DGA_Results.txt - DGA domain connection tests
  • RAT_Results.txt - Remote desktop tool connection tests
  • Agent_Results.txt - Bad user agent simulation tests
  • DoH_Results.txt - DNS over HTTPS query tests
All test modules use live threat intelligence feeds and real malicious infrastructure. Results are appended to files, allowing you to track test history over time.

Use Cases

Verify that your firewall properly blocks connections to known malicious IPs, TOR nodes, and malware distribution sites.
Validate that your intrusion detection and prevention systems trigger alerts for phishing URLs, DGA domains, and malicious user agents.
Test DNS filtering capabilities and detect unmanaged DNS over HTTPS usage that bypasses security controls.
Verify endpoint security solutions detect connections to cryptomining pools and unsanctioned remote desktop tools.
These tests generate connections to real malicious infrastructure. Always run Somnium in a controlled environment with proper security monitoring in place.

Build docs developers (and LLMs) love

Get started for freeTalk to us