HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently this library provides three scripts:
capture-and-analyze.py
– Capture on an interface for some period of time, and upload capture for analysis.upload-and-analyze.py
– Upload and analyze multiple packet captures to PacketTotal.com.trigger-and-analyze.py
– Listen for unknown connections, and begin capturing when one is made. Captures are automatically uploaded and analyzed.Warning: Any packet capture uploaded to becomes publicly available upon completed analysis.
Limitations
Use Cases
Also Read – TwitWork : Monitor Twitter Stream 2020
Prerequisites
apt-get install tshark
Installation
pip install -r requirements.txt
python setup.py install
Usage
capture-and-analyze.py
usage: capture-and-analyze.py [-h] [–seconds SECONDS] [–interface INTERFACE]
[–analyze] [–list-interfaces] [–list-pcaps]
[–export-pcaps]
Capture, upload and analyze network traffic; powered by PacketTotal.com.
optional arguments:
-h, –help show this help message and exit
–seconds SECONDS The number of seconds to capture traffic for.
–interface INTERFACE
The name of the interface (–list-interfaces to show
available)
–analyze If included, capture will be uploaded for analysis to
PacketTotal.com.
–list-interfaces Lists the available interfaces.
–list-pcaps Lists pcaps submitted to PacketTotal.com for analysis.
–export-pcaps Writes pcaps submitted to PacketTotal.com for analysis to a csv file.
upload-and-analyze.py
usage: upload-and-analyze.py [-h] [–path PATH [PATH …]] [–analyze]
[–list-pcaps] [–export-pcaps]
Upload and analyze .pcap/.pcapng files in bulk; powered by PacketTotal.com.
optional arguments:
-h, –help show this help message and exit
–path PATH [PATH …]
One or more paths to pcap or directory of pcaps.
–analyze If included, capture will be uploaded for analysis to
PacketTotal.com.
–list-pcaps Lists pcaps submitted to PacketTotal.com for analysis.
–export-pcaps Writes pcaps submitted to PacketTotal.com for analysis to a csv file.
trigger-and-analyze.py
usage: trigger-and-analyze.py [-h] [–interface INTERFACE] [–learn LEARN]
[–listen] [–capture-seconds CAPTURE_SECONDS]
[–list-interfaces] [–list-pcaps]
[–export-pcaps]
Listen for unknown connections, and begin capturing when one is made. Captures are automatically uploaded and analyzed; powered by PacketTotal.com
optional arguments:
-h, –help show this help message and exit
–interface INTERFACE
The name of the interface (–list-interfaces to show
available)
–learn LEARN The number of seconds from which to build the known
connections whitelist. Connections in this whitelist
will be ignored.
–listen If included, we will begin listening for unknown
connections, and immediately starting a packet capture
and uploading to PacketTotal.com for analysis.
–capture-seconds CAPTURE_SECONDS
The number of seconds worth of network traffic to
capture and analyze after a trigger has fired.
–list-interfaces Lists the available interfaces.
–list-pcaps Lists pcaps submitted to PacketTotal.com for analysis.
–export-pcaps Writes pcaps submitted to PacketTotal.com for analysis to a csv file.
If you are new to Bash scripting or Linux shell scripting, one of the most…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…