Skip to main content

A simple Kismet data parsing tool for making sense of wireless recon data

Project description

PacketHuffer

PacketHuffer is a Kismet data parser that makes it easier for operators to turn warwalking data into actionable intelligence. It parses one or more .kismet databases into a unified output that identifies interesting networks based on a series of configurable rules (ex. flag all networks without encryption).

Checkout the SRA Labs Blogpost here.

PacketHuffer has both a CLI and a GUI, it can generate both JSON and XLSX output. The GUI allows for network data to be easily viewed and filtered by either preset rules, or custom queries.

Installation

PacketHuffer has only been tested on Python 3.12.3.

Use poetry, pipx, or a similar tool to install PacketHuffer:

poetry install

pipx install .

Copy the Streamlit config.toml — this step is optional, but will provide a dark theme and resolve issues with upload limits in Streamlit:

mkdir ~/.streamlit
cp ./.streamlit/config.toml ~/.streamlit/config.toml

Configuration

PacketHuffer can be configured using a .yaml file, see /packethuffer/config.yaml for the default configuration. The configuration file allows you to change the format of the XLSX output, or to modify the rules used to identify interesting networks.

Network identification rules are evaluated using the pandas df.query() and df.eval() functions, which use basic python expressions. Read more about the syntax here.

If you'd like to build a rule but the PacketHuffer dataframe lacks needed information, you may need to modify build_network_dataframe() within /packethuffer/utils.py to pull in additional data from the Kismet device information (this is a one-time modification, make a PR after).

Usage

To run PacketHuffer with the GUI in your web browser:

poetry run packethuffer-gui

# or

packethuffer-gui

To run PacketHuffer in the CLI:

poetry run packethuffer

# or

packethuffer

Basic usage (pipx):

# Help
packethuffer -h

# Process X kismet files
packethuffer ~/path/to/kismet/files/*.kismet

# Process kismet files and provide excel output, with verbose logging
packethuffer ~/path/to/kismet/files/*.kismet -i -v

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

packethuffer-0.2.0.tar.gz (144.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

packethuffer-0.2.0-py3-none-any.whl (146.6 kB view details)

Uploaded Python 3

File details

Details for the file packethuffer-0.2.0.tar.gz.

File metadata

  • Download URL: packethuffer-0.2.0.tar.gz
  • Upload date:
  • Size: 144.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for packethuffer-0.2.0.tar.gz
Algorithm Hash digest
SHA256 f8b5bd151947df130dfcc629ad224383da6e5d7053ccb8108e7e7c1f49b7cbef
MD5 36c8301f97b61eea025f009294c69492
BLAKE2b-256 83d6bbf2a4778d2dfff4c87a8808c4bde98c221b01bc433c9086c0959055157d

See more details on using hashes here.

Provenance

The following attestation bundles were made for packethuffer-0.2.0.tar.gz:

Publisher: pypi-publish.yaml on SecurityRiskAdvisors/packethuffer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file packethuffer-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: packethuffer-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 146.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for packethuffer-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 7f6d7f6e22e5c78e59dcc5e7634164a6e6874d5a53b25df2f1d432779b38f0b4
MD5 c1cf44c6ab776c3b2501251a854aea6d
BLAKE2b-256 f0832993a55fcddc3ff982fea83325a91f5fb2630c90c269d17448ce8932d74a

See more details on using hashes here.

Provenance

The following attestation bundles were made for packethuffer-0.2.0-py3-none-any.whl:

Publisher: pypi-publish.yaml on SecurityRiskAdvisors/packethuffer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page