Project description

TLSfeatmark

What is Tlsfeatmark

Tlsfeatmark is a benchmark tool for TLS analytics using Joy and Zeek. It generates nice JSON output on several statistics for each pcap and all pcaps analyzed:

the number of TCP stream found
the number of TLS stream found
the number of certificates found
the elapsed time of analysis

Sample output

===== Summary =====
{
    "cpu": "11th Gen Intel(R) Core(TM) i7-11700K @ 3.60GHz",
    "os": "Linux 4.18.0-348.2.1.el8_5.x86_64",
    "time": "2022-06-27 13:43:03",
    "joy": {
        "job": {
            "tool": "joy",
            "pcap_path": "/home/dev/tlsfeatmark/pcaps/small_pcaps",
            "pcap_num": 5,
            "tls_total": 323,
            "cert_total": 294,
            "elapsed_total": 0.32
        },
        "task": [
            {
                "name": "2021-01-13-Emotet-epoch-2-infection-traffic-with-Trickbot-gtag-mor13-2.pcap",
                "tls_num": 46,
                "cert_num": 78,
                "elapsed": 0.06
            },
            {
                "name": "2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap",
                "tls_num": 10,
                "cert_num": 10,
                "elapsed": 0.04
            }
            ... # skip several other tasks
        ]
    },
    "zeek": {
        "job": {
            "tool": "zeek",
            "pcap_path": "/home/dev/tlsfeatmark/pcaps/small_pcaps",
            "pcap_num": 5,
            "tls_total": 323,
            "cert_total": 477,
            "elapsed_total": 1.06
        },
        "task": [
            {
                "name": "2021-01-13-Emotet-epoch-2-infection-traffic-with-Trickbot-gtag-mor13-2.pcap",
                "tls_num": 46,
                "cert_num": 84,
                "elapsed": 0.23
            },
            {
                "name": "2021-01-04-Emotet-infection-with-Trickbot-traffic.pcap",
                "tls_num": 10,
                "cert_num": 15,
                "elapsed": 0.17
            },
            ...        
            # skip several other tasks
        ]
    }
}

Environment

Tlsfeatmark relies on Joy and Zeek, and they work well on Linux and Mac OSX.

Linux: Centos8/Ubuntu20.04, tested
Mac: x86/M1, tested
Windows: untested

How to install

Install Joy

see Joy official documentation for installation.

Install Zeek

see Zeek official documentation for installation.

Install tlsfeatmark

pip install tlsfeatmark

How to use

Tlsfeatmark is easy to use once Joy and Zeek are installed.

Configure pcap_path in config.txt

pcap_path is the pcap file or dir containing pcaps to be analyzed.

pcap_path supports absolute and relative path. For relative path (relative to main.py), use ./ as prefix, for example, ./pcaps/small_pcaps.

Run main.py
View results in output folder.

License

Tlsfeatmark is under MIT license, see LICENSE for more information.

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.1

Jun 27, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tlsfeatmark-0.1.tar.gz (6.4 kB view hashes)

Uploaded Jun 27, 2022 Source

Built Distribution

tlsfeatmark-0.1-py3-none-any.whl (7.5 kB view hashes)

Uploaded Jun 27, 2022 Python 3

Hashes for tlsfeatmark-0.1.tar.gz

Hashes for tlsfeatmark-0.1.tar.gz
Algorithm	Hash digest
SHA256	`7f374e798c933a5d3dec0afec70580753b366c51366591bd6ace5e23d654f1a6`
MD5	`c6b498d86cd025a751c4916be2810a49`
BLAKE2b-256	`46188119dd8a50b46bae3cee06703914c0ba7d9a8ac6df5f55e6b9197e7e83bb`

Hashes for tlsfeatmark-0.1-py3-none-any.whl

Hashes for tlsfeatmark-0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`29608a4b3acccd091aa7307d7b329e99db59f9e4c67b3b95af274a872218ddc7`
MD5	`cc971ec1640130c222223602b073b965`
BLAKE2b-256	`97f12804e088a14a1585aa6f1b86573d7bfff6f36a03346d21bacaac0d70ef96`