a benchmark tool for Joy and Zeek
Project description
TLSfeatmark
What is Tlsfeatmark
Tlsfeatmark is a benchmark tool for TLS analytics using Joy and Zeek. It generates
nice JSON output on several statistics for each pcap and all pcaps analyzed:
- the number of TCP stream found
- the number of TLS stream found
- the number of certificates found
- the elapsed time of analysis
Sample output
===== Summary =====
{
"cpu": "11th Gen Intel(R) Core(TM) i7-11700K @ 3.60GHz",
"os": "Linux 4.18.0-348.2.1.el8_5.x86_64",
"time": "2022-06-27 13:43:03",
"joy": {
"job": {
"tool": "joy",
"pcap_path": "/home/dev/tlsfeatmark/pcaps/small_pcaps",
"pcap_num": 5,
"tls_total": 323,
"cert_total": 294,
"elapsed_total": 0.32
},
"task": [
{
"name": "2021-01-13-Emotet-epoch-2-infection-traffic-with-Trickbot-gtag-mor13-2.pcap",
"tls_num": 46,
"cert_num": 78,
"elapsed": 0.06
},
{
"name": "2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap",
"tls_num": 10,
"cert_num": 10,
"elapsed": 0.04
}
... # skip several other tasks
]
},
"zeek": {
"job": {
"tool": "zeek",
"pcap_path": "/home/dev/tlsfeatmark/pcaps/small_pcaps",
"pcap_num": 5,
"tls_total": 323,
"cert_total": 477,
"elapsed_total": 1.06
},
"task": [
{
"name": "2021-01-13-Emotet-epoch-2-infection-traffic-with-Trickbot-gtag-mor13-2.pcap",
"tls_num": 46,
"cert_num": 84,
"elapsed": 0.23
},
{
"name": "2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap",
"tls_num": 10,
"cert_num": 15,
"elapsed": 0.17
},
...
# skip several other tasks
]
}
}
Environment
Tlsfeatmark relies on Joy and Zeek, and they work well on Linux and Mac OSX.
- Linux: Centos8/Ubuntu20.04, tested
- Mac: x86/M1, tested
- Windows: untested
How to install
- Install Joy
see Joy official documentation for installation.
- Install Zeek
see Zeek official documentation for installation.
- Install tlsfeatmark
pip install tlsfeatmark
How to use
Tlsfeatmark is easy to use once Joy and Zeek are installed.
- Configure
pcap_pathinconfig.txt
pcap_path is the pcap file or dir containing pcaps to be analyzed.
pcap_path supports absolute and relative path. For relative path (relative to main.py), use ./ as prefix, for example, ./pcaps/small_pcaps.
-
Run
main.py -
View results in
outputfolder.
License
Tlsfeatmark is under MIT license, see LICENSE for more information.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file tlsfeatmark-0.1.tar.gz.
File metadata
- Download URL: tlsfeatmark-0.1.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.8.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7f374e798c933a5d3dec0afec70580753b366c51366591bd6ace5e23d654f1a6 |
|
| MD5 | c6b498d86cd025a751c4916be2810a49 |
|
| BLAKE2b-256 | 46188119dd8a50b46bae3cee06703914c0ba7d9a8ac6df5f55e6b9197e7e83bb |
File details
Details for the file tlsfeatmark-0.1-py3-none-any.whl.
File metadata
- Download URL: tlsfeatmark-0.1-py3-none-any.whl
- Upload date:
- Size: 7.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.8.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 29608a4b3acccd091aa7307d7b329e99db59f9e4c67b3b95af274a872218ddc7 |
|
| MD5 | cc971ec1640130c222223602b073b965 |
|
| BLAKE2b-256 | 97f12804e088a14a1585aa6f1b86573d7bfff6f36a03346d21bacaac0d70ef96 |
