blackMORE Ops Learn one trick a day ….
This Python script utilises Wireshark or TCPdump to analyse network traffic stored in a specified .pcap or .pcapng file. The objective is to detect potential malicious activities and attacks. The script covers a range of suspicious network behaviors, including: 
- DNS Tunneling
- SSH Tunneling
- TCP Session Hijacking
- SMB Attack
- SMTP or DNS Attack
- IPv6 Fragmentation Attack
- TCP RST Attack
- SYN Flood Attack
- UDP Flood Attack
- Slowloris Attack
Additionally, the script attempts to identify packages containing specific suspicious keywords such as “password,” “login,” “admin,” etc. Detected activities and attacks are displayed in the console.
Usage Instructions:
1. Clone the repository:
git clone https://github.com/alperenugurlu/Network_Assessment.git
2. Install required dependencies:
pip3 install -r requirements.txt
3. Run the script:
python3 Network_Compromise_Assessment.py
4. Enter the path to the .pcap or .pcapng file when prompted.
Example:
Please enter the path to the .pcap or .pcapng file: /root/Desktop/TCP_RST_Attack.pcap
Script Structure:
get_user_input(): Retrieves the path of the .pcap file from the user.get_all_ip_addresses(capture): Returns a set containing all source and destination IP addresses.detect_*functions: Used to detect specific attacks and suspicious activities.main(): Executes the primary operations of the script. It prompts the user for the file path and then analyses the file to identify specified attacks and suspicious activities.
Feel free to explore and enhance the capabilities of the script for a more comprehensive network assessment.
Download Link: Network_Assessment
