Python interface into mercury's network protocol fingerprinting and analysis functionality

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for banderson84 from gravatar.com banderson84

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: Blake Anderson

Tags tls, fingerprinting, network, traffic, analysis

Requires: Python >=3.6.0

Classifiers

Project description

mercury-python

The goal of the mercury-python package is to expose mercury's network protocol analysis functionality via python. The cython interface is given in mercury.pyx.

Installation

Recommended Installation

pip install mercury-python

From Source

You will first need to build mercury and install cython and optionally wheel:

pip install cython
pip install wheel

Within mercury's src/cython/ directory, Makefile will build the package based on the makefile target:

make        # default build in-place
make wheel  # generates pip-installable wheel file

Usage

Initialization

import mercury

libmerc = mercury.Mercury()                                                            # initialization for packet parsing
libmerc = mercury.Mercury(do_analysis=True, resources=b'/<path>/<to>/<resources.tgz>') # initialization for analysis

Parsing packets

hex_packet = '5254001235020800273a230d08004500...'
libmerc.get_mercury_json(bytes.fromhex(hex_packet))

{
    "fingerprints": {
        "tls": "tls/(0303)(13011303...)((0000)...)"
    },
    "tls": {
        "client": {
            "version": "0303",
            "random": "0d4e266cf66416689ded443b58d2b12bb2f53e8a3207148e3c8f2be2476cbd24",
            "session_id": "67b5db473da1b71fbca9ed288052032ee0d5139dcfd6ea78b4436e509703c0e4",
            "cipher_suites": "130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035000a",
            "compression_methods": "00",
            "server_name": "content-signature-2.cdn.mozilla.net",
            "application_layer_protocol_negotiation": [
                "h2",
                "http/1.1"
            ],
            "session_ticket": ""
        }
    },
    "src_ip": "10.0.2.15",
    "dst_ip": "13.249.64.25",
    "protocol": 6,
    "src_port": 32972,
    "dst_port": 443,
}

Analysis

There are two methods to invoke mercury's analysis functionality. The first operates on the full hex packet:

libmerc.analyze_packet(bytes.fromhex(hex_packet))

{
    "tls": {
        "client": {
            "server_name": "content-signature-2.cdn.mozilla.net"
        }
    },
    "fingerprint_info": {
        "status": "labeled",
        "type": "tls",
        "str_repr": "tls/1/(0303)(13011303...)[(0000)...]"
    },
    "analysis": {
        "process": "firefox",
        "score": 0.9992411956652674,
        "malware": false,
        "p_malware": 8.626882751003134e-06
    }

The second method operates directly on the data features (network protocol fingerprint string and destination context):

libmerc.perform_analysis('tls/1/(0303)(13011303...)[(0000)...]', 'content-signature-2.cdn.mozilla.net', '13.249.64.25', 443)

{
    "fingerprint_info": {
        "status": "labeled"
    },
    "analysis": {
        "process": "firefox",
        "score": 0.9992158715704546,
        "malware": false,
        "p_malware": 8.745628825189023e-06
    }
}

Static functions

Parsing base64 representations of certificate data:

b64_cert = 'MIIJRDC...'
mercury.parse_cert(b64_cert)

output:

{
    "version": "02",
    "serial_number": "00eede6560cd35c0af02000000005971b7",
    "signature_identifier": {
        "algorithm": "sha256WithRSAEncryption"
    },
    "issuer": [
        {
            "country_name": "US"
        },
        {
            "organization_name": "Google Trust Services"
        },
        {
            "common_name": "GTS CA 1O1"
        }
    ],
    ...

Parsing base64 representations of DNS data:

b64_dns = '1e2BgAAB...'
mercury.parse_dns(b64_dns)

output:

{
    "response": {
        "question": [
            {
                "name": "live.github.com.",
                "type": "AAAA",
                "class": "IN"
            }
        ],
        ...

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for banderson84 from gravatar.com banderson84

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: Blake Anderson

Tags tls, fingerprinting, network, traffic, analysis

Requires: Python >=3.6.0

Classifiers

Release history Release notifications | RSS feed

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

mercury_python-0.1.2-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl (1.9 MB view hashes)

Uploaded PyPy manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.8 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (1.5 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl (1.9 MB view hashes)

Uploaded PyPy manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl (1.9 MB view hashes)

Uploaded PyPy manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.8 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (1.5 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl (1.9 MB view hashes)

Uploaded PyPy manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-pp38-pypy38_pp73-manylinux_2_28_aarch64.whl (1.9 MB view hashes)

Uploaded PyPy manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.8 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-pp38-pypy38_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (1.5 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-pp37-pypy37_pp73-manylinux_2_28_x86_64.whl (1.9 MB view hashes)

Uploaded PyPy manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-pp37-pypy37_pp73-manylinux_2_28_aarch64.whl (1.9 MB view hashes)

Uploaded PyPy manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.8 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-pp37-pypy37_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (1.5 MB view hashes)

Uploaded PyPy manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-cp312-cp312-manylinux_2_28_aarch64.whl (9.3 MB view hashes)

Uploaded CPython 3.12 manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.5 MB view hashes)

Uploaded CPython 3.12 manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.3 MB view hashes)

Uploaded CPython 3.12 manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-cp311-cp311-manylinux_2_28_x86_64.whl (9.3 MB view hashes)

Uploaded CPython 3.11 manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-cp311-cp311-manylinux_2_28_aarch64.whl (9.3 MB view hashes)

Uploaded CPython 3.11 manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.6 MB view hashes)

Uploaded CPython 3.11 manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view hashes)

Uploaded CPython 3.11 manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-cp310-cp310-manylinux_2_28_x86_64.whl (9.3 MB view hashes)

Uploaded CPython 3.10 manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-cp310-cp310-manylinux_2_28_aarch64.whl (9.2 MB view hashes)

Uploaded CPython 3.10 manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.5 MB view hashes)

Uploaded CPython 3.10 manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view hashes)

Uploaded CPython 3.10 manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-cp39-cp39-manylinux_2_28_x86_64.whl (9.3 MB view hashes)

Uploaded CPython 3.9 manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-cp39-cp39-manylinux_2_28_aarch64.whl (9.3 MB view hashes)

Uploaded CPython 3.9 manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.6 MB view hashes)

Uploaded CPython 3.9 manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view hashes)

Uploaded CPython 3.9 manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-cp38-cp38-manylinux_2_28_x86_64.whl (9.3 MB view hashes)

Uploaded CPython 3.8 manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-cp38-cp38-manylinux_2_28_aarch64.whl (9.3 MB view hashes)

Uploaded CPython 3.8 manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.6 MB view hashes)

Uploaded CPython 3.8 manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view hashes)

Uploaded CPython 3.8 manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-cp37-cp37m-manylinux_2_28_x86_64.whl (9.3 MB view hashes)

Uploaded CPython 3.7m manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-cp37-cp37m-manylinux_2_28_aarch64.whl (9.2 MB view hashes)

Uploaded CPython 3.7m manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.5 MB view hashes)

Uploaded CPython 3.7m manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view hashes)

Uploaded CPython 3.7m manylinux: glibc 2.17+ ARM64

mercury_python-0.1.2-cp36-cp36m-manylinux_2_28_x86_64.whl (9.3 MB view hashes)

Uploaded CPython 3.6m manylinux: glibc 2.28+ x86-64

mercury_python-0.1.2-cp36-cp36m-manylinux_2_28_aarch64.whl (9.3 MB view hashes)

Uploaded CPython 3.6m manylinux: glibc 2.28+ ARM64

mercury_python-0.1.2-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.6 MB view hashes)

Uploaded CPython 3.6m manylinux: glibc 2.17+ x86-64

mercury_python-0.1.2-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view hashes)

Uploaded CPython 3.6m manylinux: glibc 2.17+ ARM64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page