/gallimaufry

Command Line Parsing Library for USB PCAP Files

Primary LanguagePython

Documentation Status Build Status

Overview

Gallimaufry is a python framework for parsing and working with packet capture files (PCAPs) of USB traffic. It utilizes tshark in the backend to perform the initial translation of the packet capture into python. The goal of this framework is to make it easy to parse out information from USB pcaps as well as easy to extend the framework for more USB traffic types.

For a quick understanding of how it works, check out the examples in the documentation.

Docs

http://gallimaufry.readthedocs.io/en/latest/index.html

Quick Start

Once installed, you can load up a pcap and analyze it:

In [1]: from Gallimaufry.USB import USB

In [2]: usb = USB("./task.pcap")

In [3]: usb
Out[3]: <USB packets=835>

In [4]: usb.devices
Out[4]: [<Apple, Inc. Aluminum Keyboard (ISO) v0.6.9 USB2.0.0 bus_id=1 address=3>]

Requires

  • python 3.5+
  • tshark

Install

Pip

Install using pip:

$ pip install .

Docker

There is an auto-build Docker container that has everything set up already. Download it with the following:

$ sudo docker pull bannsec/Gallimaufry

Run it:

$ sudo docker run -it --rm -v $PWD:/my_mount bannsec/Gallimaufry