A simple Kismet data parsing tool for making sense of wireless recon data
Project description
PacketHuffer
PacketHuffer is a Kismet data parser that makes it easier for operators to turn warwalking data into actionable intelligence. It parses one or more .kismet databases into a unified output that identifies interesting networks based on a series of configurable rules (ex. flag all networks without encryption).
Checkout the SRA Labs Blogpost here.
PacketHuffer has both a CLI and a GUI, it can generate both JSON and XLSX output. The GUI allows for network data to be easily viewed and filtered by either preset rules, or custom queries.
Installation
PacketHuffer has only been tested on Python 3.12.3.
Use poetry, pipx, or a similar tool to install PacketHuffer:
poetry install
pipx install .
Copy the Streamlit config.toml — this step is optional, but will provide a dark theme and resolve issues with upload limits in Streamlit:
mkdir ~/.streamlit
cp ./.streamlit/config.toml ~/.streamlit/config.toml
Configuration
PacketHuffer can be configured using a .yaml file, see /packethuffer/config.yaml for the default configuration. The configuration file allows you to change the format of the XLSX output, or to modify the rules used to identify interesting networks.
Network identification rules are evaluated using the pandas df.query() and df.eval() functions, which use basic python expressions. Read more about the syntax here.
If you'd like to build a rule but the PacketHuffer dataframe lacks needed information, you may need to modify build_network_dataframe() within /packethuffer/utils.py to pull in additional data from the Kismet device information (this is a one-time modification, make a PR after).
Usage
To run PacketHuffer with the GUI in your web browser:
poetry run packethuffer-gui
# or
packethuffer-gui
To run PacketHuffer in the CLI:
poetry run packethuffer
# or
packethuffer
Basic usage (pipx):
# Help
packethuffer -h
# Process X kismet files
packethuffer ~/path/to/kismet/files/*.kismet
# Process kismet files and provide excel output, with verbose logging
packethuffer ~/path/to/kismet/files/*.kismet -i -v
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file packethuffer-0.2.0.tar.gz.
File metadata
- Download URL: packethuffer-0.2.0.tar.gz
- Upload date:
- Size: 144.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f8b5bd151947df130dfcc629ad224383da6e5d7053ccb8108e7e7c1f49b7cbef
|
|
| MD5 |
36c8301f97b61eea025f009294c69492
|
|
| BLAKE2b-256 |
83d6bbf2a4778d2dfff4c87a8808c4bde98c221b01bc433c9086c0959055157d
|
Provenance
The following attestation bundles were made for packethuffer-0.2.0.tar.gz:
Publisher:
pypi-publish.yaml on SecurityRiskAdvisors/packethuffer
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
packethuffer-0.2.0.tar.gz -
Subject digest:
f8b5bd151947df130dfcc629ad224383da6e5d7053ccb8108e7e7c1f49b7cbef - Sigstore transparency entry: 1723125131
- Sigstore integration time:
-
Permalink:
SecurityRiskAdvisors/packethuffer@60980d9296b04ae3bf2144daed051f5d5d1df628 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/SecurityRiskAdvisors
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yaml@60980d9296b04ae3bf2144daed051f5d5d1df628 -
Trigger Event:
release
-
Statement type:
File details
Details for the file packethuffer-0.2.0-py3-none-any.whl.
File metadata
- Download URL: packethuffer-0.2.0-py3-none-any.whl
- Upload date:
- Size: 146.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7f6d7f6e22e5c78e59dcc5e7634164a6e6874d5a53b25df2f1d432779b38f0b4
|
|
| MD5 |
c1cf44c6ab776c3b2501251a854aea6d
|
|
| BLAKE2b-256 |
f0832993a55fcddc3ff982fea83325a91f5fb2630c90c269d17448ce8932d74a
|
Provenance
The following attestation bundles were made for packethuffer-0.2.0-py3-none-any.whl:
Publisher:
pypi-publish.yaml on SecurityRiskAdvisors/packethuffer
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
packethuffer-0.2.0-py3-none-any.whl -
Subject digest:
7f6d7f6e22e5c78e59dcc5e7634164a6e6874d5a53b25df2f1d432779b38f0b4 - Sigstore transparency entry: 1723125255
- Sigstore integration time:
-
Permalink:
SecurityRiskAdvisors/packethuffer@60980d9296b04ae3bf2144daed051f5d5d1df628 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/SecurityRiskAdvisors
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yaml@60980d9296b04ae3bf2144daed051f5d5d1df628 -
Trigger Event:
release
-
Statement type: