Python interface into mercury's network protocol fingerprinting and analysis functionality
Project description
mercury-python
The goal of the mercury-python
package is to expose mercury's network protocol analysis functionality via python. The cython interface is given in mercury.pyx
.
Installation
Recommended Installation
pip install mercury-python
From Source
You will first need to build mercury and install cython and optionally wheel:
pip install cython
pip install wheel
Within mercury's src/cython/
directory, Makefile
will build the package based on the makefile target:
make # default build in-place
make wheel # generates pip-installable wheel file
Usage
Initialization
import mercury
libmerc = mercury.Mercury() # initialization for packet parsing
libmerc = mercury.Mercury(do_analysis=True, resources=b'/<path>/<to>/<resources.tgz>') # initialization for analysis
Parsing packets
hex_packet = '5254001235020800273a230d08004500...'
libmerc.get_mercury_json(bytes.fromhex(hex_packet))
{
"fingerprints": {
"tls": "tls/(0303)(13011303...)((0000)...)"
},
"tls": {
"client": {
"version": "0303",
"random": "0d4e266cf66416689ded443b58d2b12bb2f53e8a3207148e3c8f2be2476cbd24",
"session_id": "67b5db473da1b71fbca9ed288052032ee0d5139dcfd6ea78b4436e509703c0e4",
"cipher_suites": "130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035000a",
"compression_methods": "00",
"server_name": "content-signature-2.cdn.mozilla.net",
"application_layer_protocol_negotiation": [
"h2",
"http/1.1"
],
"session_ticket": ""
}
},
"src_ip": "10.0.2.15",
"dst_ip": "13.249.64.25",
"protocol": 6,
"src_port": 32972,
"dst_port": 443,
}
Analysis
There are two methods to invoke mercury's analysis functionality. The first operates on the full hex packet:
libmerc.analyze_packet(bytes.fromhex(hex_packet))
{
"tls": {
"client": {
"server_name": "content-signature-2.cdn.mozilla.net"
}
},
"fingerprint_info": {
"status": "labeled",
"type": "tls",
"str_repr": "tls/1/(0303)(13011303...)[(0000)...]"
},
"analysis": {
"process": "firefox",
"score": 0.9992411956652674,
"malware": false,
"p_malware": 8.626882751003134e-06
}
The second method operates directly on the data features (network protocol fingerprint string and destination context):
libmerc.perform_analysis('tls/1/(0303)(13011303...)[(0000)...]', 'content-signature-2.cdn.mozilla.net', '13.249.64.25', 443)
{
"fingerprint_info": {
"status": "labeled"
},
"analysis": {
"process": "firefox",
"score": 0.9992158715704546,
"malware": false,
"p_malware": 8.745628825189023e-06
}
}
Static functions
Parsing base64 representations of certificate data:
b64_cert = 'MIIJRDC...'
mercury.parse_cert(b64_cert)
output:
{
"version": "02",
"serial_number": "00eede6560cd35c0af02000000005971b7",
"signature_identifier": {
"algorithm": "sha256WithRSAEncryption"
},
"issuer": [
{
"country_name": "US"
},
{
"organization_name": "Google Trust Services"
},
{
"common_name": "GTS CA 1O1"
}
],
...
Parsing base64 representations of DNS data:
b64_dns = '1e2BgAAB...'
mercury.parse_dns(b64_dns)
output:
{
"response": {
"question": [
{
"name": "live.github.com.",
"type": "AAAA",
"class": "IN"
}
],
...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Hashes for mercury_python-0.1.0-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f40c193dc10c25f787f2892e1c4135d07e9403891615dff10ec45c41f380f9b4 |
|
MD5 | 01337a578a4223e31d211d3a25779265 |
|
BLAKE2b-256 | 495f59cb58a6354806f5937a018359c89b6d9b39c4a6736bab98fc4c970c5e52 |
Hashes for mercury_python-0.1.0-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1f606f330429eb1c9990e518ca7f0652013666a43f5148d7932f76fa504f7a5f |
|
MD5 | 2d8d74b089ad2968ef33e97166de8df2 |
|
BLAKE2b-256 | 6cd2811054692df0c2ca478b8115e7f52245073ff8b10382dc4e693da71a1e7d |
Hashes for mercury_python-0.1.0-pp37-pypy37_pp73-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1d3d171c710074fa8823fe858228044db3aee5dacf7946f8225bb6f5338f33d0 |
|
MD5 | 4e540a8269d40bb1a107f9301f826ca0 |
|
BLAKE2b-256 | c47b013aefc972cac5b2dd79ef1e56f230d09bdae1bf1324f1145572432a2485 |
Hashes for mercury_python-0.1.0-cp311-cp311-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b48386db442c90232440012ca5eb5ab48876fa770901136215e28c7ea8f10b11 |
|
MD5 | 45d87fe33826a5b8ec6caacb2b354030 |
|
BLAKE2b-256 | e5ced8ff0ffe816da824ad8f372c1f3ab351cc4110e76b28c993dc0ad592ec8c |
Hashes for mercury_python-0.1.0-cp310-cp310-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 35fbad18fb8c1afbaaeac5334ca8077d46d946965df4c54d1eb46743ef32556f |
|
MD5 | 80eda43db760dcd4b81fdd8fcfe06bac |
|
BLAKE2b-256 | 4a00a98381b4013e88dd5bfb18f3b80a7b3ad9fd1f6fa9552973cff6e8938d0e |
Hashes for mercury_python-0.1.0-cp39-cp39-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4d164967142f629a858b065d612a28a666f1855418e03de50a6d330b015f77f9 |
|
MD5 | f2ff64b5ee90a572d25690b1f29afeac |
|
BLAKE2b-256 | 7d0b85a139d6a2c924b27cd1b0b686ccd00794cf123f6dbc4f4f67cce376c28f |
Hashes for mercury_python-0.1.0-cp38-cp38-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b916ef109673bf020ce479b3524c6a494691f489d8650ea3bbc2c8b245718853 |
|
MD5 | 04bbe04951ed14395635a7dcc99e84e5 |
|
BLAKE2b-256 | 900e33785783005186b1c7d7850dd19da12c7440637c501745180dada783ac25 |
Hashes for mercury_python-0.1.0-cp37-cp37m-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a1ec7cc9b48ae01bfb1859f4884fe5e3c1f9e4f436b7a05a3fec0d428516314a |
|
MD5 | 6244bbf8ea8fb75dd3218c37f86e8b6c |
|
BLAKE2b-256 | e63b379902cb963475900818000357020a3f1c7dab07d11b6861f5bae40acf76 |
Hashes for mercury_python-0.1.0-cp36-cp36m-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a7eb929debe58d63e95ca7a94dc87ca891f007db87fa3f48437e51fdff6ea208 |
|
MD5 | 471e11dd2c9eba07674df45f1fa5f2b4 |
|
BLAKE2b-256 | 5b59067a8f41547c3ca2a5712efe6b77d6f76477db4c67132737a495476c32a6 |