cerespacketexploder

Release 2.0.0

Python library for extracting observables from pcap.

Homepage PyPI Python

Keywords
network-analysis, network-packets, observable, pcap, pip, python
License
Apache-2.0
Install
pip install cerespacketexploder==2.0.0

Documentation

Rémi ALLAIN rallain@cyberprotect.fr

Ceres Packet exploder

A python script for extracting observables from pcap.

Installation

git clone 'https://github.com/Cyberprotect/Ceres-Packet-Exploder.git'
cd Ceres-Packet-Exploder-master
python setup.py install

or

pip install cerespacketexploder

Usage

from cerespacketexploder.api import ceres

pcap = 'sample.pcap'

config = {
    'parser': {
        'http': {
            'chaosreader': '/usr/bin/chaosreader'
        }
    },
    'storage': './Storage/Ceres',
    'supported_pcap_types': [
        'application/vnd.tcpdump.pcap',
        'application/octet-stream'
    ]
}

c = ceres(pcap, config)

observables = c.run()
print(observables)

Result

[
    {
        "dataType": "service",
        "data": "http",
        "childs": [
            {
                "dataType": "session",
                "data": "0245",
                "childs": [
                    {
                        "dataType": "hash",
                        "data": "4477039d5decdf4706e32b57977b1d6b80cbf0feb929c2bcb43e44aa34cb85a5"
                    },
                    {
                        "dataType": "hash",
                        "data": "07bf52db2e9869573e613312083c4580"
                    },
                    {
                        "dataType": "filename",
                        "data": "invoice.pdf"
                    },
                    {
                        "dataType": "file",
                        "data": "./Storage/Ceres/fa1227c7-e849-4026-9d1c-7a391f892e03/http/sample.pcap.sessions/session_0245.part_01.pdf"
                    },
                    {
                        "dataType": "url",
                        "data": "http://intranet.company.net/download/invoice.pdf"
                    },
                    {
                        "dataType": "domain",
                        "data": "intranet.company.net"
                    },
                    {
                        "dataType": "ip",
                        "data": "192.168.1.1"
                    },
                    {
                        "dataType": "ip",
                        "data": "172.16.1.1"
                    },
                    {
                        "dataType": "date",
                        "data": "2018-01-01 10:00:00"
                    }
                ]
            }
        ]
    }
]

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
0
Forks
0
Watchers
0
Contributors
1
Repository size
9.77 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.0.0

Contributors

Rémi ALLAIN


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-13 03:33:22 UTC

Login to resync this project