mspicer/pcapinator mspicer/pcapinator

  • Stars
    star
    154
  • Rank 242,095 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created over 5 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mspicer/pcapinator
github

mspicer

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool for processing a lot of pcaps using tshark

pcapinator

An application to deal with lots of pcaps by running lots of tsharks

Setup

Install Python3, the one true Python...

pip install python-dateutil pandas

Features

Recursively process multiple PCAP files including those in subdirectories.

Wrapper around editcap (Wireshark Tool) that will let the user break PCAP files into smaller pieces.

Automatically grab all handshakes save as a pcap and also hashcat file for processing.

Wrapper around tshark that will let the user filter pcap files for handshakes and output as pcap.

Gathers standard wireless info and puts it into a CSV

USAGE Examples:

Run PCAPFix on the dataset to repair damaged or cutshort PCAPs.

./pcapinator.py --in [directory or file] --pcapfix --pcapfix_dir [directory for original pcaps before fix] --debug

Gather all of the typical wireless information from a pcap and output a single CSV. This will split the PCAP files and procees them based on the number of CPU cores you have.

./pcapinator.py --in [directory or file] --wifi_csv --split --debug

Run a custom tshark query and output the fields you specify. In this case its searching for anything email related and ouputting related interesting fields.

./pcapinator.py --in [directory or file] --query "tcp.port == 143 || tcp.port == 110 || tcp.port == 25 || tcp.port == 26 || pop || imap || smtp" --fields "-e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e text -e tcp.payload" --split --debug

A custom query to get HTTP data.

./pcapinator.py --in [directory or file] --query "http" --fields "-e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e text -e tcp.payload" --split --debug

A custom query to get SSIDs that contain the letters TEST, change TEST to your partial search parameter.

./pcapinator.py --in [directory or file] --query "wlan.ssid contains TEST" --fields "-e frame.time -e frame.time_epoch -e wlan.sa -e wlan.ta -e wlan.ta_resolved -e wlan.ra -e wlan.da -e wlan.bssid -e wlan.ssid -e wps.manufacturer -e wps.device_name -e wps.model_name -e wps.model_number -e wps.uuid_e -e wlan.fc.type_subtype -e frame.len -e wlan_radio.signal_dbm" --split --debug

Get a CSV file with DNS info.

./pcapinator.py --in [directory or file] --dnsSimple --split --debug

Future Features

Automatic import into Postgres database from a PCAP file.

Automatic import into Elastic Stack.

Automatic push into Graphistry

Generalized use around editcap to support other options supported by the tool.

Generalized use around tshark to support other options supported by the tool.

Tool to strip all unencrypted data from pcap files and put the results into new pcap files.

Tool to anonymize traffic datas but maintain context.

More Repositories

1

GenericWebScraper

A project that will scrape websites including sites that have dynamically loaded content.
Python
3
star
2

vimrc

My vmrc, mostly copied from other people with more awesome
Vim Script
3
star
3

defcoin-ng.org

Defcoin-ng.org Website
CSS
2
star
4

codecamp2013

such code, only fail, wow
JavaScript
1
star
5

chia-mining-is-pointless

Script to demonstrate how pointless it is to try an mine chia due to exponential growth in storage network.
Python
1
star