Skip to content
This repository has been archived by the owner on Feb 17, 2021. It is now read-only.

Cyberprotect/Ceres-Packet-Exploder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
cerespacketexploder
cerespacketexploder
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

Rémi ALLAIN [email protected]

Ceres Packet exploder

A python script for extracting observables from pcap.

Installation

git clone 'https://github.com/Cyberprotect/Ceres-Packet-Exploder.git'
cd Ceres-Packet-Exploder-master
python setup.py install

or

pip install cerespacketexploder

Usage

from cerespacketexploder.api import ceres

pcap = 'sample.pcap'

config = {
    'parser': {
        'http': {
            'chaosreader': '/usr/bin/chaosreader'
        }
    },
    'storage': './Storage/Ceres',
    'supported_pcap_types': [
        'application/vnd.tcpdump.pcap',
        'application/octet-stream'
    ]
}

c = ceres(pcap, config)

observables = c.run()
print(observables)

Result

[
    {
        "dataType": "service",
        "data": "http",
        "childs": [
            {
                "dataType": "session",
                "data": "0245",
                "childs": [
                    {
                        "dataType": "hash",
                        "data": "4477039d5decdf4706e32b57977b1d6b80cbf0feb929c2bcb43e44aa34cb85a5"
                    },
                    {
                        "dataType": "hash",
                        "data": "07bf52db2e9869573e613312083c4580"
                    },
                    {
                        "dataType": "filename",
                        "data": "invoice.pdf"
                    },
                    {
                        "dataType": "file",
                        "data": "./Storage/Ceres/fa1227c7-e849-4026-9d1c-7a391f892e03/http/sample.pcap.sessions/session_0245.part_01.pdf"
                    },
                    {
                        "dataType": "url",
                        "data": "http://intranet.company.net/download/invoice.pdf"
                    },
                    {
                        "dataType": "domain",
                        "data": "intranet.company.net"
                    },
                    {
                        "dataType": "ip",
                        "data": "192.168.1.1"
                    },
                    {
                        "dataType": "ip",
                        "data": "172.16.1.1"
                    },
                    {
                        "dataType": "date",
                        "data": "2018-01-01 10:00:00"
                    }
                ]
            }
        ]
    }
]

About

A python script for extracting observables from pcap.

Topics

python pcap observable pip network-analysis network-packets

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

3 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages