PA Toolkit (Pentester Academy Wireshark Toolkit)
PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:
- WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
- HTTP (Listing all visited websites, downloaded files)
- HTTPS (Listing all websites opened on HTTPS)
- ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
- DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)
The project is under active development and more plugins will be added in near future.
This material was created while working on "Traffic Analysis: TSHARK Unleashed" course. Those interested can check the course here: https://www.pentesteracademy.com/course?id=42
Terms of Use
- This is licensed under GPL just as Wireshark.
Installation
Steps:
- Copy the "plugins" directory to Wireshark plugins directory.
- Start wireshark. :)
One can get the location of wireshark plugins directory by checking Help > About Wireshark > Folders
Tool featured at
- Blackhat Arsenal 2018 <https://www.blackhat.com/us-18/arsenal/schedule/index.html#pa-toolkit-wireshark-plugins-for-pentesters-12035>
- DEF CON 26 Demolabs <https://defcon.org/html/defcon-26/dc-26-demolabs.html>
Author
- Nishant Sharma, Technical Manager, Pentester Academy <nishant@binarysecuritysolutions.com>
- Jeswin Mathai, Security Researcher, Pentester Academy <jeswin@binarysecuritysolutions.com>
Under the guidance of Mr. Vivek Ramachandran, CEO, Pentester Academy
Documentation
For more details refer to the "PA-Toolkit.pdf" PDF file. This file contains the slide deck used for presentations.
Screenshots
PA Toolkit after installation
List of websites visited over HTTP
Search functionality
Domain to IP mappings
License
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License v2 as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
'old > Network' 카테고리의 다른 글
| [자료] TCP dump (0) | 2018.08.22 |
|---|---|
| [자료] Capture a Network Trace without installing anything (0) | 2018.06.06 |
| [자료] TCP dump (0) | 2018.06.02 |
| [자료] NSE (0) | 2018.04.21 |
| [자료] SSL 패킷 디크립트 (0) | 2017.04.20 |
