Skip to main content

A simple Kismet data parsing tool for making sense of wireless recon data

Project description

PacketHuffer

PacketHuffer is a Kismet data parser that makes it easier for operators to turn warwalking data into actionable intelligence. It parses one or more .kismet databases into a unified output that identifies interesting networks based on a series of configurable rules (ex. flag all networks without encryption).

PacketHuffer has both a CLI and a GUI, it can generate both JSON and XLSX output. The GUI allows for network data to be easily viewed and filtered by either preset rules, or custom queries.

Installation

PacketHuffer has only been tested on Python 3.12.3.

Use poetry, pipx, or a similar tool to install PacketHuffer:

poetry install

pipx install .

Copy the Streamlit config.toml — this step is optional, but will provide a dark theme and resolve issues with upload limits in Streamlit:

mkdir ~/.streamlit
cp ./.streamlit/config.toml ~/.streamlit/config.toml

Configuration

PacketHuffer can be configured using a .yaml file, see /packethuffer/config.yaml for the default configuration. The configuration file allows you to change the format of the XLSX output, or to modify the rules used to identify interesting networks.

Network identification rules are evaluated using the pandas df.query() and df.eval() functions, which use basic python expressions. Read more about the syntax here.

If you'd like to build a rule but the PacketHuffer dataframe lacks needed information, you may need to modify build_network_dataframe() within /packethuffer/utils.py to pull in additional data from the Kismet device information (this is a one-time modification, make a PR after).

Usage

To run PacketHuffer with the GUI in your web browser:

poetry run packethuffer-gui

# or

packethuffer-gui

To run PacketHuffer in the CLI:

poetry run packethuffer

# or

packethuffer

Basic usage (pipx):

# Help
packethuffer -h

# Process X kismet files
packethuffer ~/path/to/kismet/files/*.kismet

# Process kismet files and provide excel output, with verbose logging
packethuffer ~/path/to/kismet/files/*.kismet -i -v

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

packethuffer-0.1.0.tar.gz (143.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

packethuffer-0.1.0-py3-none-any.whl (145.2 kB view details)

Uploaded Python 3

File details

Details for the file packethuffer-0.1.0.tar.gz.

File metadata

  • Download URL: packethuffer-0.1.0.tar.gz
  • Upload date:
  • Size: 143.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for packethuffer-0.1.0.tar.gz
Algorithm Hash digest
SHA256 5cbad0fc41424a3e61fefd5d5c1094c0b834b9a54cb303850fd42c5f3f707539
MD5 cc5c1e9a6c2a5d929ee32718df149f2f
BLAKE2b-256 98c6840ed1dc5fe6a5a03cb24da2ff8c8fe3b7254691d887bc793abc70f2b491

See more details on using hashes here.

Provenance

The following attestation bundles were made for packethuffer-0.1.0.tar.gz:

Publisher: pypi-publish.yaml on SecurityRiskAdvisors/packethuffer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file packethuffer-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: packethuffer-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 145.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for packethuffer-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2e86baf9a9a5d3c8f0e669ef864f69e51a55cdc7c8622587a655bcf947d4eeee
MD5 93890c1a73b084d8821de7017da1e61c
BLAKE2b-256 b72c8e521ad17675c23e0c2d140bbf4d4ea060beeba176c489c54eee332a79c3

See more details on using hashes here.

Provenance

The following attestation bundles were made for packethuffer-0.1.0-py3-none-any.whl:

Publisher: pypi-publish.yaml on SecurityRiskAdvisors/packethuffer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page