Project description

RATCatcher

ratcatcher

Ratcatcher is a tool designed for monitoring and collecting suspicious socket connections, intended for use during the dyanmic analysis of malware. Optionally, it can also capture any packets exchanged during monitoring and output them to a PCAP file, for more a in-depth analysis in Wireshark.

omniserver

WIP. Omniserver is a script for replicating various types of backdoor traffic. Currently it just listens and beacons, possible updates in the future.

Basic Usage

Ratcatcher

usage: ratcatcher [-h] [-f SECONDS] [-b CYCLES] [--capture FILENAME]
                  [{inet,inet4,inet6,tcp,tcp4,tcp6,udp,udp4,udp6,unix,all}]
                  
positional arguments:
  {inet,inet4,inet6,tcp,tcp4,tcp6,udp,udp4,udp6,unix,all}
                        Type of traffic to monitor (Default: all)
                        
options:
  -h, --help            show this help message and exit
  -f SECONDS, --frequency SECONDS
                        Frequency, in seconds, to check for active connections (Default: 1.0)
  -b CYCLES, --baseline CYCLES
                        Collect a baseline of traffic, to help filter out normal processes (Total time =
                        frequency*CYCLES)
  --capture FILENAME    Capture packets during monitoring and output to PCAP file
  
Examples:
    ratcatcher (Monitor all traffic types)
    ratcatcher --baseline 10 -f .5 --capture mypackets
    ratcatcher inet6

Omniserver

usage: omniserver [-h] [-b IPADDR] [-f SECONDS] [-t SECONDS] [-d] [-u] [--msg MSG] [port]

positional arguments:
  port                  Port to listen on/connect to (Default: RHP for listen/beacon, 53 for DNS)
  
options:
  -h, --help            show this help message and exit
  -b IPADDR, --beacon IPADDR
                        Beacon to remote IP
  -f SECONDS, --frequency SECONDS
                        Frequency, in seconds, to beacon remote IP
  -t SECONDS, --timeout SECONDS
                        Timeout duration, in seconds, for beacon sockets
  -d, --dns             Send DNS requests
  -u, --udp             Use UDP protocol (Default: TCP)
  --msg MSG             Message to send upon successful connection
  
Examples:
    omniserver (Listen on TCP random high port)
    omniserver -b 10.10.10.1 -f 30 -u 7896
    omniserver --msg 'TCP Server Test Message'

Installation

Install from PyPI

pip install ratcatcher

Known Issues & TODO

Ratcatcher is completely unaware of outgoing UDP packets. However they're still caught in the PCAP
Add DNS tunneling to omniserver

Project details

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 5 - Production/Stable
Intended Audience
- Developers
- Information Technology
License
- OSI Approved :: Apache Software License
Natural Language
- English
Operating System
- OS Independent
Programming Language
- Python :: 3
Topic
- Security
- Utilities

Release history Release notifications | RSS feed

This version

1.0.0

Oct 28, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ratcatcher-1.0.0.tar.gz (10.7 kB view hashes)

Uploaded Oct 28, 2022 Source

Built Distribution

ratcatcher-1.0.0-py3-none-any.whl (11.9 kB view hashes)

Uploaded Oct 28, 2022 Python 3

Hashes for ratcatcher-1.0.0.tar.gz

Hashes for ratcatcher-1.0.0.tar.gz
Algorithm	Hash digest
SHA256	`d1b9cf054e34cba23127c85380bf37d157879cc9e6da55ca013fdfedd4d706bf`
MD5	`b29d09d038f2099ff8480219a8e31d4b`
BLAKE2b-256	`0316c42fea56ccfaca704f7b3f1a98d4138f2100ac30fce32e9090d8e61322cb`

Hashes for ratcatcher-1.0.0-py3-none-any.whl

Hashes for ratcatcher-1.0.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`063cb72d6d2b15ad130b7c2e8cb16bd9445e213b77efb652d4553fd170f1a1f7`
MD5	`bf70f6bf408bc8a30c3cc9e4d13a8ec6`
BLAKE2b-256	`f44ec6b79de2579810a89ee872c56e4bc524c7fa2933422668e2f1e78ccb88b5`