jenishs524/Malware-Traffic-Analysis-PCAP-to-Zeek-like-Logs-

GitHub: jenishs524/Malware-Traffic-Analysis-PCAP-to-Zeek-like-Logs-

一款基于 Python 的 PCAP 网络流量分析工具,通过提取连接、DNS 和 HTTP 信息并检测威胁指标来生成安全报告。

Stars: 0 | Forks: 0

📁 恶意软件流量分析(PCAP 转 Zeek 类日志) 描述 使用 Scapy 解析 PCAP 文件,提取连接、DNS 查询和 HTTP 请求。检测可疑端口、大型数据包、潜在的 DGA(域名生成算法)以及恶意 User-Agent。生成安全报告。 导航至项目文件夹。 创建虚拟环境(推荐): bash python3 -m venv venv source venv/bin/activate # 在 Windows 上: venv\Scripts\activate ``` Install dependencies – each project has its own requirements.txt or lists the required packages. Run the main script as described in the project’s section. Note: Some projects require system tools (e.g., nmap, subfinder, httpx, zeek). Installation instructions are provided per project. ``` 核心技术 ``` Scapy, jinja2 ``` 功能 ``` No external tools (pure Python) Connection extraction (IP/port/protocol) DNS query extraction HTTP request parsing Customisable indicators (ports, domains, user‑agents) HTML report with severity levels ``` 安装与设置 bash pip install scapy jinja2 用法 bash python pcap_analyzer.py capture.pcap 输出 ``` zeek_report.html – findings and summary. ```
标签:逆向工具