An application to deal with lots of pcaps by running lots of tsharks
Install Python3, the one true Python...
pip install python-dateutil pandas
Recursively process multiple PCAP files including those in subdirectories.
Wrapper around editcap (Wireshark Tool) that will let the user break PCAP files into smaller pieces.
Automatically grab all handshakes save as a pcap and also hashcat file for processing.
Wrapper around tshark that will let the user filter pcap files for handshakes and output as pcap.
Gathers standard wireless info and puts it into a CSV
Run PCAPFix on the dataset to repair damaged or cutshort PCAPs.
./pcapinator.py --in [directory or file] --pcapfix --pcapfix_dir [directory for original pcaps before fix] --debug
Gather all of the typical wireless information from a pcap and output a single CSV. This will split the PCAP files and procees them based on the number of CPU cores you have.
./pcapinator.py --in [directory or file] --wifi_csv --split --debug
Run a custom tshark query and output the fields you specify. In this case its searching for anything email related and ouputting related interesting fields.
./pcapinator.py --in [directory or file] --query "tcp.port == 143 || tcp.port == 110 || tcp.port == 25 || tcp.port == 26 || pop || imap || smtp" --fields "-e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e text -e tcp.payload" --split --debug
A custom query to get HTTP data.
./pcapinator.py --in [directory or file] --query "http" --fields "-e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e text -e tcp.payload" --split --debug
A custom query to get SSIDs that contain the letters TEST, change TEST to your partial search parameter.
./pcapinator.py --in [directory or file] --query "wlan.ssid contains TEST" --fields "-e frame.time -e frame.time_epoch -e wlan.sa -e wlan.ta -e wlan.ta_resolved -e wlan.ra -e wlan.da -e wlan.bssid -e wlan.ssid -e wps.manufacturer -e wps.device_name -e wps.model_name -e wps.model_number -e wps.uuid_e -e wlan.fc.type_subtype -e frame.len -e wlan_radio.signal_dbm" --split --debug
Get a CSV file with DNS info.
./pcapinator.py --in [directory or file] --dnsSimple --split --debug
Automatic import into Postgres database from a PCAP file.
Automatic import into Elastic Stack.
Automatic push into Graphistry
Generalized use around editcap to support other options supported by the tool.
Generalized use around tshark to support other options supported by the tool.
Tool to strip all unencrypted data from pcap files and put the results into new pcap files.
Tool to anonymize traffic datas but maintain context.