Uncategorized
- brimdata/brim - Desktop application to efficiently search and analyze super-structured data - 1.2K star
- deepfence/PacketStreamer - Distributed tcpdump for cloud native environment
- didierstevens.com: Decrypting TLS Streams With Wireshark: Part 3 - 导出TLS Session key,然后用editcap --inject-secrets合并到pcap文件里,可以避免分发私钥
- gist: NTLM auth-string decoder
- hexene/LocalVPN - A packet interceptor for Android built on top of VpnService
- CylanceSPEAR/SMBTrap - Tools developed to test the Redirect to SMB issue
- troglobit/nemesis - A command-line network packet crafting and injection utility
- shramos/polymorph - Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols
- nospaceships/raw-socket-sniffer - Packet capture on Windows without a kernel driver - 使用raw socket抓包,支持写入pcap数据
- skydive-project/skydive - An open source real-time network topology and protocols analyzer
- cisco/mercury - network fingerprinting and packet metadata capture
Windows
Replay
Named pipe
- OmerYa/Named-Pipe-Sniffer - Tools for sniffing Windows Named Pipes communication
- Vatyx/NamedPipeCapture - A Windows tool that can be used to stream data from named pipe between two other process to Wireshark
- tomer8007/chromium-ipc-sniffer - A tool to capture communication between Chromium processes on Windows
Packet analysis
- iqiyi/qnsm - QNSM is network security monitoring framework based on DPDK
- certego/PcapMonkey - provide an easy way to analyze pcap using the latest version of Suricata and Zeek
- KasperskyLab/TinyCheck - allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them
- nfstream - a Flexible Network Data Analysis Framework - Python实现,性能应该很差
- gavz/net-recon - parsing internal network reconnaissance data from captured discovery and broadcast protocol packets
- DanMcInerney/net-creds - Sniffs sensitive data from interface or pcap
- NytroRST/NetRipper - Smart traffic sniffing for penetration testers
- lgandx/PCredz - extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface
- 0x4D31/fatt - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
- HatBoy/Pcap-Analyzer - Python编写的可视化的离线数据包分析器
- F-Stack/f-stack - F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API
- hsiafan/httpdump - Capture and parse http traffics - 实战价值不大,这个项目估计很快就会停更
- brimsec/brim - Desktop application to efficiently search large packet captures and Zeek logs
- nccgroup/readable-thrift - makes binary Thrift protocol messages easy to work with by converting them to and from a human-friendly format
- google/ssl_logger - Decrypts and logs a process's SSL traffic
- laf0rge/udtrace - UNIX domain socket tracing LD_PRELOAD wrapper
- cisagov/Malcolm - a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs
Scapy
Fiddler plugins