Python interface into mercury's network protocol fingerprinting and analysis functionality
Project description
mercury-python
The goal of the mercury-python
package is to expose mercury's network protocol analysis functionality via python. The cython interface is given in mercury.pyx
.
Installation
Recommended Installation
pip install mercury-python
From Source
You will first need to build mercury and install cython and optionally wheel:
pip install cython
pip install wheel
Within mercury's src/cython/
directory, Makefile
will build the package based on the makefile target:
make # default build in-place
make wheel # generates pip-installable wheel file
Usage
Initialization
import mercury
libmerc = mercury.Mercury() # initialization for packet parsing
libmerc = mercury.Mercury(do_analysis=True, resources=b'/<path>/<to>/<resources.tgz>') # initialization for analysis
Parsing packets
hex_packet = '5254001235020800273a230d08004500...'
libmerc.get_mercury_json(bytes.fromhex(hex_packet))
{
"fingerprints": {
"tls": "tls/(0303)(13011303...)((0000)...)"
},
"tls": {
"client": {
"version": "0303",
"random": "0d4e266cf66416689ded443b58d2b12bb2f53e8a3207148e3c8f2be2476cbd24",
"session_id": "67b5db473da1b71fbca9ed288052032ee0d5139dcfd6ea78b4436e509703c0e4",
"cipher_suites": "130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035000a",
"compression_methods": "00",
"server_name": "content-signature-2.cdn.mozilla.net",
"application_layer_protocol_negotiation": [
"h2",
"http/1.1"
],
"session_ticket": ""
}
},
"src_ip": "10.0.2.15",
"dst_ip": "13.249.64.25",
"protocol": 6,
"src_port": 32972,
"dst_port": 443,
}
Analysis
There are two methods to invoke mercury's analysis functionality. The first operates on the full hex packet:
libmerc.analyze_packet(bytes.fromhex(hex_packet))
{
"tls": {
"client": {
"server_name": "content-signature-2.cdn.mozilla.net"
}
},
"fingerprint_info": {
"status": "labeled",
"type": "tls",
"str_repr": "tls/1/(0303)(13011303...)[(0000)...]"
},
"analysis": {
"process": "firefox",
"score": 0.9992411956652674,
"malware": false,
"p_malware": 8.626882751003134e-06
}
The second method operates directly on the data features (network protocol fingerprint string and destination context):
libmerc.perform_analysis('tls/1/(0303)(13011303...)[(0000)...]', 'content-signature-2.cdn.mozilla.net', '13.249.64.25', 443)
{
"fingerprint_info": {
"status": "labeled"
},
"analysis": {
"process": "firefox",
"score": 0.9992158715704546,
"malware": false,
"p_malware": 8.745628825189023e-06
}
}
Static functions
Parsing base64 representations of certificate data:
b64_cert = 'MIIJRDC...'
mercury.parse_cert(b64_cert)
output:
{
"version": "02",
"serial_number": "00eede6560cd35c0af02000000005971b7",
"signature_identifier": {
"algorithm": "sha256WithRSAEncryption"
},
"issuer": [
{
"country_name": "US"
},
{
"organization_name": "Google Trust Services"
},
{
"common_name": "GTS CA 1O1"
}
],
...
Parsing base64 representations of DNS data:
b64_dns = '1e2BgAAB...'
mercury.parse_dns(b64_dns)
output:
{
"response": {
"question": [
{
"name": "live.github.com.",
"type": "AAAA",
"class": "IN"
}
],
...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Hashes for mercury_python-0.1.1-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a1ef6792763bcb6747ac9561a8b4024a9005511bda836123fb6bde3cfbd4d3d5 |
|
MD5 | 259366338e658560b9e514acad0fc007 |
|
BLAKE2b-256 | b8651e4e278849ceced546e19c599d6fada297855ddfb3f66fa207dc50e4e50f |
Hashes for mercury_python-0.1.1-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 974413f3841a8ae38557bbb77015a46a54ef7c28d22027ab8a5a859a4da1872e |
|
MD5 | f112e8b0a748874e80f00703f9158b9d |
|
BLAKE2b-256 | b81d44c6c0c3ac950eead087e71954c199a643e46301122d4178c3532bc12e56 |
Hashes for mercury_python-0.1.1-pp37-pypy37_pp73-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | db4bc366e4ee119da3c0499512ad69c200e393959147d8dd83566a98523dfb4f |
|
MD5 | e81fe4028a0c6075555f889d114e70e6 |
|
BLAKE2b-256 | 706086e6e45768d4d1431a1f982e2129f7890550a5b72ad97df3a6c7ef9198bd |
Hashes for mercury_python-0.1.1-cp311-cp311-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4a51499caa61e08ecba0c1f40c6c2c00e2130963ecaab3f1b9856915f6021d37 |
|
MD5 | deb6ec046d65610a68c27284001c5e3b |
|
BLAKE2b-256 | 10061fe68c02d58a7b1afc502a02f4ef724177f2c21bdc409e55a3c09b90d8de |
Hashes for mercury_python-0.1.1-cp310-cp310-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9130de0fa8f9b6741a6cdbd33bad19651e60968d9aa4ff3cc0bb4a8df89c7bbf |
|
MD5 | 8b14e05d53e1c7214d753d34d48908b8 |
|
BLAKE2b-256 | 9fc6834170681faf17860a264e7f5af071c1817ab7a5889e6a285d9211ea72e6 |
Hashes for mercury_python-0.1.1-cp39-cp39-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 344128af86f678b950691ed23dc1c80647f474678f5c2cf3b3fda9c96da028a4 |
|
MD5 | 4b012684c0476a68097bca77ce32ee77 |
|
BLAKE2b-256 | 64c8228aa215630d4d8a1c3ab7730b37af7d677c4a25d1c7d3c48e09a96ebf3e |
Hashes for mercury_python-0.1.1-cp38-cp38-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | efed3ca6b0d2987f1d90c411cac9448ba02a3842775d3b97af637f0b02fb2a69 |
|
MD5 | d3c57e9695f9906ea2fa41e2e7120a00 |
|
BLAKE2b-256 | dfcfb0903297a3c14266181196591d4dcf08509a052a084298f757d110470b5a |
Hashes for mercury_python-0.1.1-cp37-cp37m-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a0ca32f732331ad143234eb2779e774d5a9732c58d13bd237f0590cf787fb08e |
|
MD5 | 28081b37117e0106267ead2561182511 |
|
BLAKE2b-256 | 5fe0850817f7507fd215c4cbe2611af66e26005ae4a3dbffb1730ecaaeda210f |
Hashes for mercury_python-0.1.1-cp36-cp36m-manylinux_2_28_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a92975461e094e63af07b28740a2cfa723f668365bbf1c04af53287a37a680af |
|
MD5 | b34b170c96dbafb2b6096435eb180c36 |
|
BLAKE2b-256 | 441ed0936b9d14ce28b2d8ce699a5da836a60cd1faa1aa05fe9ebf0f0dc7527e |