jenishs524/Malware-Traffic-Analysis-PCAP-to-Zeek-like-Logs-
GitHub: jenishs524/Malware-Traffic-Analysis-PCAP-to-Zeek-like-Logs-
一款基于 Python 的 PCAP 网络流量分析工具,通过提取连接、DNS 和 HTTP 信息并检测威胁指标来生成安全报告。
Stars: 0 | Forks: 0
📁 恶意软件流量分析(PCAP 转 Zeek 类日志)
描述
使用 Scapy 解析 PCAP 文件,提取连接、DNS 查询和 HTTP 请求。检测可疑端口、大型数据包、潜在的 DGA(域名生成算法)以及恶意 User-Agent。生成安全报告。
导航至项目文件夹。
创建虚拟环境(推荐):
bash
python3 -m venv venv
source venv/bin/activate # 在 Windows 上: venv\Scripts\activate
```
Install dependencies – each project has its own requirements.txt or lists the required packages.
Run the main script as described in the project’s section.
Note: Some projects require system tools (e.g., nmap, subfinder, httpx, zeek). Installation instructions are provided per project.
```
核心技术
```
Scapy, jinja2
```
功能
```
No external tools (pure Python)
Connection extraction (IP/port/protocol)
DNS query extraction
HTTP request parsing
Customisable indicators (ports, domains, user‑agents)
HTML report with severity levels
```
安装与设置
bash
pip install scapy jinja2
用法
bash
python pcap_analyzer.py capture.pcap
输出
```
zeek_report.html – findings and summary.
```
标签:逆向工具