tlsfeatmark

Release 0.1

a benchmark tool for Joy and Zeek

Homepage PyPI

License
MIT
Install
pip install tlsfeatmark==0.1

Documentation

TLSfeatmark

What is Tlsfeatmark

Tlsfeatmark is a benchmark tool for TLS analytics using Joy and Zeek. It generates nice JSON output on several statistics for each pcap and all pcaps analyzed:

  • the number of TCP stream found
  • the number of TLS stream found
  • the number of certificates found
  • the elapsed time of analysis

Sample output

===== Summary =====
{
    "cpu": "11th Gen Intel(R) Core(TM) i7-11700K @ 3.60GHz",
    "os": "Linux 4.18.0-348.2.1.el8_5.x86_64",
    "time": "2022-06-27 13:43:03",
    "joy": {
        "job": {
            "tool": "joy",
            "pcap_path": "/home/dev/tlsfeatmark/pcaps/small_pcaps",
            "pcap_num": 5,
            "tls_total": 323,
            "cert_total": 294,
            "elapsed_total": 0.32
        },
        "task": [
            {
                "name": "2021-01-13-Emotet-epoch-2-infection-traffic-with-Trickbot-gtag-mor13-2.pcap",
                "tls_num": 46,
                "cert_num": 78,
                "elapsed": 0.06
            },
            {
                "name": "2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap",
                "tls_num": 10,
                "cert_num": 10,
                "elapsed": 0.04
            }
            ... # skip several other tasks
        ]
    },
    "zeek": {
        "job": {
            "tool": "zeek",
            "pcap_path": "/home/dev/tlsfeatmark/pcaps/small_pcaps",
            "pcap_num": 5,
            "tls_total": 323,
            "cert_total": 477,
            "elapsed_total": 1.06
        },
        "task": [
            {
                "name": "2021-01-13-Emotet-epoch-2-infection-traffic-with-Trickbot-gtag-mor13-2.pcap",
                "tls_num": 46,
                "cert_num": 84,
                "elapsed": 0.23
            },
            {
                "name": "2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap",
                "tls_num": 10,
                "cert_num": 15,
                "elapsed": 0.17
            },
            ...        
            # skip several other tasks
        ]
    }
}

Environment

Tlsfeatmark relies on Joy and Zeek, and they work well on Linux and Mac OSX.

  • Linux: Centos8/Ubuntu20.04, tested
  • Mac: x86/M1, tested
  • Windows: untested

How to install

  1. Install Joy

see Joy official documentation for installation.

  1. Install Zeek

see Zeek official documentation for installation.

  1. Install tlsfeatmark

pip install tlsfeatmark

How to use

Tlsfeatmark is easy to use once Joy and Zeek are installed.

  1. Configure pcap_path in config.txt

pcap_path is the pcap file or dir containing pcaps to be analyzed.

pcap_path supports absolute and relative path. For relative path (relative to main.py), use ./ as prefix, for example, ./pcaps/small_pcaps.

  1. Run main.py

  2. View results in output folder.

License

Tlsfeatmark is under MIT license, see LICENSE for more information.

Stats

Dependencies
1
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
0
Forks
0
Watchers
1
Contributors
1
Repository size
23.3 MB
SourceRank
5

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1

Contributors

Zhi Liu


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-06-27 07:01:15 UTC

Login to resync this project