Python interface into mercury's network protocol fingerprinting and analysis functionality

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sfedynya from gravatar.com sfedynya

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Blake Anderson
  • Tags tls, fingerprinting, network, traffic, analysis
  • Requires: Python >=3.6.0
Classifiers

Project description

mercury-python

The goal of the mercury-python package is to expose mercury's network protocol analysis functionality via python. The cython interface is given in mercury.pyx.

Installation

Recommended Installation

pip install mercury-python

From Source

You will first need to build mercury and install cython and optionally wheel:

pip install cython
pip install wheel

Within mercury's src/cython/ directory, Makefile will build the package based on the makefile target:

make        # default build in-place
make wheel  # generates pip-installable wheel file

Usage

Initialization

import mercury

libmerc = mercury.Mercury()                                                            # initialization for packet parsing
libmerc = mercury.Mercury(do_analysis=True, resources=b'/<path>/<to>/<resources.tgz>') # initialization for analysis

Parsing packets

hex_packet = '5254001235020800273a230d08004500...'
libmerc.get_mercury_json(bytes.fromhex(hex_packet))

{
    "fingerprints": {
        "tls": "tls/(0303)(13011303...)((0000)...)"
    },
    "tls": {
        "client": {
            "version": "0303",
            "random": "0d4e266cf66416689ded443b58d2b12bb2f53e8a3207148e3c8f2be2476cbd24",
            "session_id": "67b5db473da1b71fbca9ed288052032ee0d5139dcfd6ea78b4436e509703c0e4",
            "cipher_suites": "130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035000a",
            "compression_methods": "00",
            "server_name": "content-signature-2.cdn.mozilla.net",
            "application_layer_protocol_negotiation": [
                "h2",
                "http/1.1"
            ],
            "session_ticket": ""
        }
    },
    "src_ip": "10.0.2.15",
    "dst_ip": "13.249.64.25",
    "protocol": 6,
    "src_port": 32972,
    "dst_port": 443,
}

Analysis

There are two methods to invoke mercury's analysis functionality. The first operates on the full hex packet:

libmerc.analyze_packet(bytes.fromhex(hex_packet))

{
    "tls": {
        "client": {
            "server_name": "content-signature-2.cdn.mozilla.net"
        }
    },
    "fingerprint_info": {
        "status": "labeled",
        "type": "tls",
        "str_repr": "tls/1/(0303)(13011303...)[(0000)...]"
    },
    "analysis": {
        "process": "firefox",
        "score": 0.9992411956652674,
        "malware": false,
        "p_malware": 8.626882751003134e-06
    }

The second method operates directly on the data features (network protocol fingerprint string and destination context):

libmerc.perform_analysis('tls/1/(0303)(13011303...)[(0000)...]', 'content-signature-2.cdn.mozilla.net', '13.249.64.25', 443)

{
    "fingerprint_info": {
        "status": "labeled"
    },
    "analysis": {
        "process": "firefox",
        "score": 0.9992158715704546,
        "malware": false,
        "p_malware": 8.745628825189023e-06
    }
}

Static functions

Parsing base64 representations of certificate data:

b64_cert = 'MIIJRDC...'
mercury.parse_cert(b64_cert)

output:

{
    "version": "02",
    "serial_number": "00eede6560cd35c0af02000000005971b7",
    "signature_identifier": {
        "algorithm": "sha256WithRSAEncryption"
    },
    "issuer": [
        {
            "country_name": "US"
        },
        {
            "organization_name": "Google Trust Services"
        },
        {
            "common_name": "GTS CA 1O1"
        }
    ],
    ...

Parsing base64 representations of DNS data:

b64_dns = '1e2BgAAB...'
mercury.parse_dns(b64_dns)

output:

{
    "response": {
        "question": [
            {
                "name": "live.github.com.",
                "type": "AAAA",
                "class": "IN"
            }
        ],
        ...

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sfedynya from gravatar.com sfedynya

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Blake Anderson
  • Tags tls, fingerprinting, network, traffic, analysis
  • Requires: Python >=3.6.0
Classifiers

Release history Release notifications | RSS feed

This version

0.1.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

mercury_python_test-0.1.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.13 manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.13 manylinux: glibc 2.17+ ARM64

mercury_python_test-0.1.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.12 manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.12 manylinux: glibc 2.17+ ARM64

mercury_python_test-0.1.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.11 manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.11 manylinux: glibc 2.17+ ARM64

mercury_python_test-0.1.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.10 manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.10 manylinux: glibc 2.17+ ARM64

mercury_python_test-0.1.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.9 manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.9 manylinux: glibc 2.17+ ARM64

mercury_python_test-0.1.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.8 manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.8 manylinux: glibc 2.17+ ARM64

mercury_python_test-0.1.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.7m manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.7m manylinux: glibc 2.17+ ARM64

mercury_python_test-0.1.2-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (9.4 MB view details)

Uploaded CPython 3.6m manylinux: glibc 2.17+ x86-64

mercury_python_test-0.1.2-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (9.1 MB view details)

Uploaded CPython 3.6m manylinux: glibc 2.17+ ARM64

File details

Details for the file mercury_python_test-0.1.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 105271089616eaabaa059ca3a826c8cacedfe3a2b57e03c60e4aefdbe651a9e6
MD5 2c2494f2684ce2e3f521642a1530d8b4
BLAKE2b-256 5f69c150865d1a960c2e0daff14a5c0b52affbd1f239c079ffc7295ad38fb487

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 9a4f799c398be4ae41f73f22b726bb516ddde129e23b719808c6e2941913e6ab
MD5 97856bf4a4966a820cf64c3024d6333f
BLAKE2b-256 4e74a2280fbb59a5cda03c44ea5b3beda0f7a3e314e9f4deab0fb59aac6e139d

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 3ff7b407184099d4d3fa494b367b12288bc81c2ee5b1b78bf02bc1d8457bc65e
MD5 b2448885e029c2db42385e5aed717aec
BLAKE2b-256 5b3c509df0915c5bc8cee7b2c3b91d2ac10142e0593835bbf5045b91e8dcfff8

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 b4ab364b76787cef263b13a17a2891f4c91ea565da1e60db406f2e740c5852ac
MD5 a4891038d61217706466bb06767b3bf7
BLAKE2b-256 2735d0d6dadc1dd2e4c2c7e61bd27e51f64c620bddaa35704bf09f20aad3d509

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 35a636ec393eccbcbf02e7351e75bbf41b290296e2b9efbf4355e9f755b05fe2
MD5 83d9b01c5768fc57f1e5ada3b794a8f6
BLAKE2b-256 9913a25d9984ec95e19181ec3dc5409204415313dc36e7abdf9520034799f475

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 98f5e083081c966d742a0cfe1b92bff7945f6c6e106282fab2cac1176d93c527
MD5 175ad2c8e128abebeab577dbeaffea22
BLAKE2b-256 39fa5b619489f869cb67706592d066827e49d472bf0bfc27e498078742e8b79e

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 d4d831bd2b589c5a405190b5ce4f992c6bee62f55b65c17369ce59878627da32
MD5 64cc227e38d7631b0c68d8db4e8a5a48
BLAKE2b-256 3d59da096e0a1e183f42f5ac31f145880c41b365e26e666a8a9d9b41d4849146

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 a6743bc8ae103768a5d1e1e010a0dd63d7b866752a33544e019dd6e1cdab0f9e
MD5 e7831e7154c1939ad9f96bbee58e4ef5
BLAKE2b-256 fe553ce9781288518d1be73150eb0710fef9e6f9d6d9b13960e9a2a6b527e5e4

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 d12477887fb279a83f67ba271e3b965c7523e0a8e91c1d114fb62b11d52bfc0e
MD5 be1e8200db42f59af7b396f9748faac5
BLAKE2b-256 0927e7a5484742b418981da2711759e195859940036a6b46e359c3301dedc630

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 a01926463716286f8385c6d63bc07dec46f009e7fdc4a6ea64bde4931e843807
MD5 216117110d7a3ddf43ec98ca7c5a75b5
BLAKE2b-256 73062fb55326b26e7595f5d930e19cb134a8d6de80443ae0776fa1b4922e29d0

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 b641612965350eccf0de311f1bdd1bd35ec225c806a128cab1d901d5d1a55e3a
MD5 5dca5ed6118d185c1412c771fcc5d496
BLAKE2b-256 5ad5708a5a8d12bcbcd5ff703c6e526e44b803d8a5a1b571427b38107c5b73a6

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 337882b125ab785c2585fc0a58bef4923496393d1714b02e360a1a6c855ed848
MD5 6ada46c4db0cd01d8608e48b6e5712a6
BLAKE2b-256 f065889449effe6f0c3cdacb1ef04c345a559c82155b34ba406c71e3ce625b36

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 ddef6eb7c9f72430f7da8b4eb41c4a01af7e55c3b9b61aea995cf4a7a8c18320
MD5 f13dc80ab60fddacc275582ada3a5527
BLAKE2b-256 a83fac4c765fd01aa018ca411009570a51cffd1452b4c75ce2ca459f6c0d616f

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 e81a476fd0038503cc74e64b156831cad92f7b2119307cecd1f2c19535bd7c0e
MD5 1561f8ecd3cc7566a31b1e3526fd0ecb
BLAKE2b-256 f021649759631362f0fa383b21a6b9568ae578df2f9cf0c2e9933e7777b16bc1

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 7ae57aad37e4ca4d20ff106947b18928cde3a7d713d78355713389f63a5191a5
MD5 b783fb8df42b799eeede56fc28c2458c
BLAKE2b-256 be67ff5261e0deb3c468fa5692caa7764e7e1771e8568fd1616c340dd73c5780

See more details on using hashes here.

File details

Details for the file mercury_python_test-0.1.2-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for mercury_python_test-0.1.2-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 b1909a3690e4de361b8c92b4afd973ce9885038a38519afafa204a8e9a10affc
MD5 a7960a019ff0730d35d93f98daf27c7e
BLAKE2b-256 bf590810bfb0537810cf3c2e1e4b22b45b8df1ce9c978e26fe7de11ca716447b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page