Python library extracting potential IOCs from a pcap file

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tekkk from gravatar.com tekkk

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Tek
  • Tags threat-intel
Classifiers
Report project as malware

Project description

pcap-ioc

Python tool to extract potential IOCs from a pcap file using pyshark

List of IOCs extracted :

  • IP addresses from IP packets
  • Domains and IP addresses from DNS requests
  • Domains, url and user-agents from HTTP requests
  • Domains from HTTPs X509 certificates

To install it, you can just do pip install pcap_ioc or install it from this repository with pip install ..

Usage

As a library

from pcap_ioc import Pcap

p = Pcap('FILE.pcap')
for i in p.indicators:
    print(i)

CLI tool

$ pcap_ioc
usage: pcap_ioc [-h] {ioc,misp,shell} ...

Process some pcaps.

positional arguments:
  {ioc,misp,shell}  Subcommand
    ioc             Extract IOCs
    misp            Extract IOCs and search in MISP
    shell           Open a shell with pyshark

optional arguments:
  -h, --help        show this help message and exit

To query MISP servers, you need to create a file ~/.misp with one entry for every MISP server for instance :

[server1]
url: https://misp1.example.org/
key: KEYHERE
default: true

[server2]
url: https://misp2.example.org/
key: KEYHERE

Then you can query one of these server with pcap_ioc misp -s misp2 file.pcap

License

This software is released under the MIT license.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tekkk from gravatar.com tekkk

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Tek
  • Tags threat-intel
Classifiers

Release history Release notifications | RSS feed

This version

0.1.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pcap_ioc-0.1.2.tar.gz (3.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pcap_ioc-0.1.2-py3-none-any.whl (5.3 kB view details)

Uploaded Python 3

File details

Details for the file pcap_ioc-0.1.2.tar.gz.

File metadata

  • Download URL: pcap_ioc-0.1.2.tar.gz
  • Upload date:
  • Size: 3.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.6.3 requests-toolbelt/0.8.0 tqdm/4.25.0 CPython/3.7.2rc1

File hashes

Hashes for pcap_ioc-0.1.2.tar.gz
Algorithm Hash digest
SHA256 d477acf1d4db634bc176a75a86deef97eaf7136a36a549ed88ad71b08eae0185
MD5 defb483c40ce7a2179d844780a8cd612
BLAKE2b-256 8abcfddec4889bb2ed8fdfaced509351e949f5ffeb17d62f0061ac3cf3292230

See more details on using hashes here.

File details

Details for the file pcap_ioc-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: pcap_ioc-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 5.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.6.3 requests-toolbelt/0.8.0 tqdm/4.25.0 CPython/3.7.2rc1

File hashes

Hashes for pcap_ioc-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 0bd8c794daaa31b51b847357f36ac5ffc9a0039403c18df9877e7d1f08ceb918
MD5 f0cde65b57d78b321c29fb5f8a530130
BLAKE2b-256 236788a200017191ea3f742794f18cd9da29355e4b009568f6f9c6fd5bb45904

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page