Advanced log analyzer for network stealth operations - detects TLS fingerprint issues, proxy indicators, and security red flags
Project description
NetStealth Analyzer
Advanced log analyzer for network stealth operations - detects TLS fingerprint issues, proxy indicators, and security red flags that could compromise stealth operations.
Overview
The NetStealth Analyzer is a comprehensive library designed to analyze logs from stealth operations and detect potential issues that could reveal proxy usage, automation, or other indicators that might compromise stealth activities. It's specifically designed as a complement to network stealth libraries.
Features
๐ Comprehensive Log Analysis
- Multi-format support: mitmproxy, HAR files, browser console logs, execution logs
- Real-time parsing: Process logs from active stealth sessions
- Pattern recognition: Advanced regex and heuristic-based detection
๐ก๏ธ Security Issue Detection
- TLS Fingerprint Analysis: Detect inconsistent TLS configurations
- Proxy Header Exposure: Find proxy indicators in HTTP headers
- Browser Configuration Issues: Identify automation signatures
- Network Anomalies: Spot unusual traffic patterns
๐ Advanced Reporting
- Risk Assessment: Score-based evaluation of stealth effectiveness
- Network Trace Mapping: Visualize complete proxy chains
- Performance Metrics: Analyze response times and success rates
- Auto-remediation: Generate fix suggestions for detected issues
๐ง Flexible Configuration
- Custom Detection Rules: Define your own detection patterns
- Output Formats: JSON, YAML, text, and HTML reports
- Integration Ready: Easy integration with existing workflows
Installation
Basic Installation
pip install netstealth-analyzer
With Full Analysis Features
pip install netstealth-analyzer[full]
Development Installation
pip install netstealth-analyzer[dev]
Quick Start
from netstealth_analyzer import NetStealthAnalyzer
# Initialize analyzer
analyzer = NetStealthAnalyzer()
# Analyze single log file
result = analyzer.analyze_single_file('logs/mitmproxy.log')
# Print summary
print(f"Analysis Score: {result.summary.overall_score}/100")
print(f"Issues Found: {result.summary.total_issues_count}")
# Analyze multiple sources
config = {
'auto_remediation': True,
'fingerprint_comparison': True
}
analyzer = NetStealthAnalyzer(config=config)
result = analyzer.analyze([
'logs/mitmproxy.log',
'logs/browser_console.log',
'logs/execution.log'
])
Analysis Results
The analyzer provides comprehensive results including:
Network Trace Example
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโ
โ Hop โ Actor โ Incoming IP โ Outgoing IP โ Actor Name โ TLS Info โ Detection Risk โ
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโค
โ 1 โ Client โ [local] โ 127.0.0.1 โ Browser โ TLS 1.3 โ โ
Safe โ
โ 2 โ Local Proxy โ 127.0.0.1 โ 10.0.0.1 โ mitmproxy โ TLS 1.2 โ โ ๏ธ Medium โ
โ 3 โ Proxy Chain โ 10.0.0.1 โ 203.45.x.x โ GeoProxy โ Standard โ โ ๏ธ Medium โ
โ 4 โ Exit Node โ 186.84.x.x โ External โ Colombia โ Standard โ โ
Safe โ
โ 5 โ Target โ External โ - โ Target API โ Standard โ - โ
โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโ
Issue Detection Example
- TLS Fingerprint Mismatch: Detected inconsistent cipher suite usage
- Proxy Headers Exposed: X-Forwarded-For headers visible in 3 requests
- Automation Signatures: Selenium WebDriver patterns detected
- Geographic Inconsistency: IP geolocation doesn't match expected region
Integration with Network Stealth Libraries
The analyzer can optionally integrate with network stealth libraries:
from netstealth import NetworkStealthSession
from netstealth_analyzer import NetStealthAnalyzer
# Optional analysis after stealth session
session = NetworkStealthSession(enable_analyzer=True)
# ... perform stealth operations ...
# Analyze session logs
analyzer = NetStealthAnalyzer()
result = analyzer.analyze(session.get_log_files())
Command Line Usage
# Analyze single file
netstealth-analyze logs/mitmproxy_debug.log
# Multiple sources with output
netstealth-analyze logs/ --output analysis_report.json --format json
# Custom configuration
netstealth-analyze logs/ --config custom_config.yaml --verbose
Configuration
# analysis_config.yaml
fingerprint_comparison: true
session_timeline: true
auto_remediation: true
output_format: "json"
max_issues_per_category: 15
detection_rules:
- id: "custom_proxy_header"
category: "proxy_detection"
pattern: "X-Custom-Proxy"
severity: "HIGH"
description: "Custom proxy header detected"
Supported Log Formats
| Format | Description | Auto-Detection |
|---|---|---|
| mitmproxy | mitmproxy debug and access logs | โ |
| HAR | HTTP Archive files (.har) | โ |
| Browser Console | Chrome/Firefox console logs | โ |
| Execution Logs | Custom POC execution logs | โ |
Advanced Features
Custom Detection Rules
from netstealth_analyzer import DetectionRule, IssueCategory, SeverityLevel
custom_rule = DetectionRule(
id="custom_detection",
category=IssueCategory.PROXY_DETECTION,
pattern=r"your-custom-pattern",
severity=SeverityLevel.HIGH,
description="Custom detection rule",
recommendation="How to fix this issue"
)
config = AnalysisConfig(detection_rules=[custom_rule])
analyzer = NetStealthAnalyzer(config=config)
Export Options
# Export detailed JSON report
analyzer.export_results(result, 'detailed_report.json', format_type='json')
# Export readable text summary
analyzer.export_results(result, 'summary.txt', format_type='text')
Development
git clone https://github.com/netstealth/netstealth-analyzer.git
cd netstealth-analyzer
pip install -e .[dev]
# Run tests
pytest
# Run with coverage
pytest --cov=netstealth-analyzer
Contributing
We welcome contributions! Please see our Contributing Guidelines for details.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Support
- ๐ Documentation
- ๐ Issue Tracker
- ๐ฌ Discussions
Part of the NetStealth ecosystem - Enhancing stealth operations through comprehensive log analysis and issue detection.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
netstealth_analyzer-0.1.0.tar.gz
(37.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file netstealth_analyzer-0.1.0.tar.gz.
File metadata
- Download URL: netstealth_analyzer-0.1.0.tar.gz
- Upload date:
- Size: 37.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f774232b675f55b6cdcfa25a34bcb0491ff8a2760bdc4ea32bfac5f4e41b44da
|
|
| MD5 |
9e8ed7b3e0b96d41ffa43df8beb0579c
|
|
| BLAKE2b-256 |
03c91292bb8e2b09368f4aa9cf4aee18c262735d3dcdd405411b76959781255f
|
File details
Details for the file netstealth_analyzer-0.1.0-py3-none-any.whl.
File metadata
- Download URL: netstealth_analyzer-0.1.0-py3-none-any.whl
- Upload date:
- Size: 43.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
776d15482e824f9c378a52bf71594eb37af939229a0dae7bdbf63529f76e18c4
|
|
| MD5 |
9ec808b29a3c3371fa07513389fc54a8
|
|
| BLAKE2b-256 |
94e6164cbe0ee051bfb5c78fb2cbda8225c581c87ce323610547dfd4b9935c66
|
