HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently this library provides three scripts:
capture-and-analyze.py
– Capture on an interface for some period of time, and upload capture for analysis.upload-and-analyze.py
– Upload and analyze multiple packet captures to PacketTotal.com.trigger-and-analyze.py
– Listen for unknown connections, and begin capturing when one is made. Captures are automatically uploaded and analyzed.Warning: Any packet capture uploaded to becomes publicly available upon completed analysis.
Limitations
Use Cases
Also Read – TwitWork : Monitor Twitter Stream 2020
Prerequisites
apt-get install tshark
Installation
pip install -r requirements.txt
python setup.py install
Usage
capture-and-analyze.py
usage: capture-and-analyze.py [-h] [–seconds SECONDS] [–interface INTERFACE]
[–analyze] [–list-interfaces] [–list-pcaps]
[–export-pcaps]
Capture, upload and analyze network traffic; powered by PacketTotal.com.
optional arguments:
-h, –help show this help message and exit
–seconds SECONDS The number of seconds to capture traffic for.
–interface INTERFACE
The name of the interface (–list-interfaces to show
available)
–analyze If included, capture will be uploaded for analysis to
PacketTotal.com.
–list-interfaces Lists the available interfaces.
–list-pcaps Lists pcaps submitted to PacketTotal.com for analysis.
–export-pcaps Writes pcaps submitted to PacketTotal.com for analysis to a csv file.
upload-and-analyze.py
usage: upload-and-analyze.py [-h] [–path PATH [PATH …]] [–analyze]
[–list-pcaps] [–export-pcaps]
Upload and analyze .pcap/.pcapng files in bulk; powered by PacketTotal.com.
optional arguments:
-h, –help show this help message and exit
–path PATH [PATH …]
One or more paths to pcap or directory of pcaps.
–analyze If included, capture will be uploaded for analysis to
PacketTotal.com.
–list-pcaps Lists pcaps submitted to PacketTotal.com for analysis.
–export-pcaps Writes pcaps submitted to PacketTotal.com for analysis to a csv file.
trigger-and-analyze.py
usage: trigger-and-analyze.py [-h] [–interface INTERFACE] [–learn LEARN]
[–listen] [–capture-seconds CAPTURE_SECONDS]
[–list-interfaces] [–list-pcaps]
[–export-pcaps]
Listen for unknown connections, and begin capturing when one is made. Captures are automatically uploaded and analyzed; powered by PacketTotal.com
optional arguments:
-h, –help show this help message and exit
–interface INTERFACE
The name of the interface (–list-interfaces to show
available)
–learn LEARN The number of seconds from which to build the known
connections whitelist. Connections in this whitelist
will be ignored.
–listen If included, we will begin listening for unknown
connections, and immediately starting a packet capture
and uploading to PacketTotal.com for analysis.
–capture-seconds CAPTURE_SECONDS
The number of seconds worth of network traffic to
capture and analyze after a trigger has fired.
–list-interfaces Lists the available interfaces.
–list-pcaps Lists pcaps submitted to PacketTotal.com for analysis.
–export-pcaps Writes pcaps submitted to PacketTotal.com for analysis to a csv file.
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…