A Python package for extracting indicators of compromise (IOCs) from PCAP files.

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

These details have not been verified by PyPI

Project description

IOC Detector

IOC Detector is a security tool designed to analyze packet capture files (pcap) for indicators of compromise (IOCs). It helps security professionals quickly identify suspicious activity within network traffic.

Features

Analyze existing pcap files for IOCs
Capture live network traffic for analysis
Output results in JSON format
Usable as both a command-line tool and a Python library

Installation

Currently, IOC Detector is available on TestPyPI. To install, run:

pip install -i https://test.pypi.org/simple/ \
    --extra-index-url https://pypi.org/simple \
    parse_pcap==0.1.5

Note: The package will be available on PyPI soon.

Usage

Command-Line Interface

Analyze an existing pcap file:

parse_pcap analyze -p /path/to/packet_capture.pcap -o /path/to/results.json

Capture live network traffic:

parse_pcap capture -o /path/to/capture.pcapng -i capture_interface -t 2

Python Library

You can also use IOC Detector as a Python library:

from parse_pcap.utils import load_pcap, analyze

cap = load_pcap(in_file)
results = analyze(cap, out_file=out_file)

Refer to the documentation for more advanced usage and options.

Project details

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

jtbb

These details have not been verified by PyPI

Release history Release notifications | RSS feed

0.2.0

Sep 28, 2025

This version

0.1.5

Sep 28, 2025

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

parse_pcap-0.1.5.tar.gz (21.2 kB view details)

Uploaded Sep 28, 2025 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

parse_pcap-0.1.5-py3-none-any.whl (19.8 kB view details)

Uploaded Sep 28, 2025 Python 3

File details

Details for the file parse_pcap-0.1.5.tar.gz.

File metadata

Download URL: parse_pcap-0.1.5.tar.gz
Upload date: Sep 28, 2025
Size: 21.2 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for parse_pcap-0.1.5.tar.gz
Algorithm	Hash digest
SHA256	`ca9de9b42d0d63c4d658d825572bd6435ceafb33539910339ba8457a643d3224`
MD5	`1c5422b33f0b9196bf02c578c3d6f8e7`
BLAKE2b-256	`51324d9108b1fd9b7732304f3a6d5c9b0f76f43ba413b8592a05b08cce96e142`

See more details on using hashes here.

Provenance

The following attestation bundles were made for parse_pcap-0.1.5.tar.gz:

Publisher: python-publish.yml on josh-bone/Network-Threat-Detection

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: parse_pcap-0.1.5.tar.gz
- Subject digest: ca9de9b42d0d63c4d658d825572bd6435ceafb33539910339ba8457a643d3224
- Sigstore transparency entry: 566783459
- Sigstore integration time: Sep 28, 2025
Source repository:
- Permalink: josh-bone/Network-Threat-Detection@fe57bd416e0a13eaae14f4683502ff6f1bcc58d8
- Branch / Tag: refs/tags/v0.1.5-alpha
- Owner: https://github.com/josh-bone
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: python-publish.yml@fe57bd416e0a13eaae14f4683502ff6f1bcc58d8
- Trigger Event: release

File details

Details for the file parse_pcap-0.1.5-py3-none-any.whl.

File metadata

Download URL: parse_pcap-0.1.5-py3-none-any.whl
Upload date: Sep 28, 2025
Size: 19.8 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for parse_pcap-0.1.5-py3-none-any.whl
Algorithm	Hash digest
SHA256	`4f4b1a435cd5f0ce24e139065218272246b14cdce7ee2edb49ac06e050a61be1`
MD5	`cc0772cbd8867db73a6dcbfc418b9705`
BLAKE2b-256	`71019a543a02d573c4efccffeae6c071b6edd6ad08d052e282d61ac794a165d0`

See more details on using hashes here.

Provenance

The following attestation bundles were made for parse_pcap-0.1.5-py3-none-any.whl:

Publisher: python-publish.yml on josh-bone/Network-Threat-Detection

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: parse_pcap-0.1.5-py3-none-any.whl
- Subject digest: 4f4b1a435cd5f0ce24e139065218272246b14cdce7ee2edb49ac06e050a61be1
- Sigstore transparency entry: 566783471
- Sigstore integration time: Sep 28, 2025
Source repository:
- Permalink: josh-bone/Network-Threat-Detection@fe57bd416e0a13eaae14f4683502ff6f1bcc58d8
- Branch / Tag: refs/tags/v0.1.5-alpha
- Owner: https://github.com/josh-bone
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: python-publish.yml@fe57bd416e0a13eaae14f4683502ff6f1bcc58d8
- Trigger Event: release

parse-pcap 0.1.5

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Project description

IOC Detector

Features

Installation

Usage

Command-Line Interface

Python Library

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance