A Python package to analyze SMB2 packets from pcap files
Project description
Sniperpy: SMB2 Packet Analyzer
sniperpy
is a Python package designed to extract and analyze SMB2 packets from PCAP files. It helps security engineers quickly retrieve relevant SMB2 data like Create and Close requests/responses from packet captures.
Features
- Extract SMB2 Create and Close requests/responses from PCAP files.
- Parse and analyze metadata (source/destination IPs, ports).
- Save extracted metadata as a JSON file.
Installation
You can install sniperpy
using pip
:
pip install sniperpy
Usage
After installing the package, you can import it and use the functions provided to work with SMB2 packets in your PCAP files.
Example Code
from sniperpy import extract_smb_packets, parse_smb_packets, save_extracted_files, SMBExtractorError
# Specify the path to your pcap file
pcap_file = "path_to_your_pcap_file.pcap"
try:
# Extract SMB packets from the PCAP
smb_packets = extract_smb_packets(pcap_file)
# Parse SMB packet metadata
metadata = parse_smb_packets(smb_packets)
# Optionally, save the metadata to a JSON file
save_extracted_files(metadata, output_dir="output_directory")
# Print metadata to the console
for entry in metadata:
print(entry)
except SMBExtractorError as e:
print(f"An error occurred: {e}")
Example output
{
"Packet Type": "SMB2 Create Request",
"Source IP": "192.168.1.100",
"Source Port": 445,
"Destination IP": "192.168.1.101",
"Destination Port": 139
}
Functions Overview
extract_smb_packets(pcap_file)
: Extracts SMB2 packets from the provided pcap file.parse_smb_packets(smb_packets)
: Parses SMB2 packets to extract metadata (IP addresses, ports, etc.).save_extracted_files(metadata, output_dir)
: Saves the parsed metadata as a JSON file in the specified output directory.SMBExtractorError
: Custom exception to handle errors related to SMB packet extraction and parsing.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sniperpy-1.0.1.tar.gz
(3.1 kB
view hashes)