odedshimon / bruteshark Goto Github PK
View Code? Open in Web Editor NEWNetwork Analysis Tool
License: GNU General Public License v3.0
Network Analysis Tool
License: GNU General Public License v3.0
I used to process ~15GB pcap files with https://github.com/lgandx/PCredz and I believed it's slow and not optimal tool. But BruteShark comparing to it is extremely slow. Filtering 15GB pcap with wireshark for NTLMSSP packets takes less than a minute on my 16core, 32GB hardware, it results in 3MB file which is processed by BruteShark almost the same ammount of time - something is not optimal here. I've found it utilizes only 1 CPU core and use limited amount of RAM for processing, is there any prefered way to implement threads and caching here ? I can contribute
version 1909 build 18363.1379
i have wireshark and it works perfectly if that helps .
Hello,
i have install BruteShark on windows OS , but it not start after installation.
on Windows event i have found error message
Description: A .NET Core application failed.
Application: BruteSharkDesktop.exe
Path: C:\Program Files (x86)\BruteSharkDesktop\BruteSharkDesktop.exe
Message: A fatal error occurred. The required library hostfxr.dll could not be found.
If this is a self-contained application, that library should exist in [C:\Program Files (x86)\BruteSharkDesktop].
If this is a framework-dependent application, install the runtime in the global location [C:\Program Files\dotnet] or use the DOTNET_ROOT environment variable to specify the runtime location or register the runtime location in [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x64\InstallLocation].
just install .NET Core SDK and it work
i have found installer on this link
https://dotnet.microsoft.com/download/dotnet-core/thank-you/sdk-3.1.401-windows-x64-installer
best regards
gov.cn_SSL过滤.zip
in the pcap file,No.338 ,wireshark shows " Tcp out-of-order" and bruteshark can't recognize it.
If there is a problem with this data packet, please take a look at it.
test.zip
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
SharpPcap.PcapException: Error setting PcapDevice mode. : driver error: working mode not recognized
at SharpPcap.Npcap.NpcapDevice.set_Mode(CaptureMode value)
at PcapProcessor.Sniffer.StartSniffing(CancellationToken ct)
at BruteSharkDesktop.MainForm.<>c__DisplayClass35_0.b__0()
at System.Threading.Tasks.Task.InnerInvoke()
at System.Threading.Tasks.Task.<>c.<.cctor>b__274_0(Object obj)
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location where exception was thrown ---
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location where exception was thrown ---
at BruteSharkDesktop.MainForm.StartLiveCaptureAsync()
at System.Threading.Tasks.Task.<>c.b__139_0(Object state)
************** JIT Debugging **************
I installed the x64 .Net core via the link! Win32 Version: 4.700.21.36305???????
Support .pcapng file type.
Note: its better to start with checking if https://github.com/chmorgan/sharppcap is supporting pcapng.
If not, at least pop up a proper warning message (e.g. "Please convert file to pcap file type").
I have a question. I want to clear the results of the analysis, and then re-analyze the assignment. Now there is only NetworkMap, I don't know how to solve it. When I clear the data and analyze the allocation again, the NetworkMap is blank and will not be assigned again. how to solve this problem?
Hey @odedshimon i Wanna ask a simple Question what different between your project BruteShark
and Wireshark
?
And thank you !
Hi, For some reason, I'm not able to run the GUI in windows 10, But CLI works, Kindly let me know it supports Windows 10 and how to resolve as it doesn't start.
Edit BruteSharkInstaller project so it will enforce existence / installation of .NET Core SDK before installing BruteSharkDesktop.
NOTE: BruteSharkInstaller is a WiX Toolset project, if you are not familiar with this type projects it's worth to learn how to use WiX Toolset before working on this issue.
Hello :)
I just installed Brute Shark but nothing happens at launch. I have Wireshark, Npcap, .NET SDK and .NET Core SDK installed.
From Windows event viewer:
Description: A .NET Core application failed.
Application: BruteSharkDesktop.exe
Path: C:\Program Files (x86)\BruteSharkDesktop\BruteSharkDesktop.exe
Message: Error:
An assembly specified in the application dependencies manifest (BruteSharkDesktop.deps.json) was not found:
package: 'System.Text.Json', version: '5.0.0'
path: 'lib/netcoreapp3.0/System.Text.Json.dll'
That happens because the class ProcessingPrecentsPredicator
state is not re-initialize properly.
Can we add an option of adding more features to the JSON file. Right now i see the Source, Destination, Protocol, SrcPort, DestPort. Other options can be details about the packet itself (Time, Sequence Number, Flags etc..). I am trying to build a graph in neo4j.
I currently am able to create a graph with the code below
WITH "file:///home/xxx/dump/output.json" AS url
CALL apoc.load.json(url)
YIELD value AS NetworkTraffic
UNWIND NetworkTraffic AS items
MERGE (s:Packet{id: items.Source, protocol:items.Prtocol, Srcport:Items.SrcPort})
MERGE (d:Packet{id: items.Destination, Destport:Items.DestPort})
CREATE (s) -[r:connects]->(d)
RETURN s,d,r;
is there anyway this can be run on a mac ?
Thank you
For Windows for sure .
Use https://github.com/commandlineparser/commandline
to enable BruteSharkCli to get a single command from user instead of in app shell mode
Improve file extracting module by changing the algorithm a bit:
if file footer wasn't found - carve the file by max size configuration
installed the exe, cant even open the program, no errors, just nothing on the screen.
EDIT: got it working
However it do not show the hashes of kerberos.
When I pick a pcap with ipv6 tcp seesions, the program don't extract the password from the pcap.
there s something wrong when Reassembled TCP Segments
The app fails when export-hashes CLI option is called and no export-hashes directory is present in binary directory. After spending few hours on processing pcaps this may be quite frustrating - app should create the directory or at least ask the user. Probably writing to OS default temp directory and then moving to per OS default location like current directory or
谁有PcapAnalyzer的Modules例子,使用Packet.Net进行pcap 文件分析?
Reconstruct UDP Streams (Same way PcapProcessor reconstruct TCP Sessions)
Will you consider adding similar functions such as USB packet capture and SSL protocol analysis to the program in the future?
Hi, I have installed the tool on Linux, how can I import the json generated on neo4j to see the connection graph, like the image you entered in the tool homepage? Can you give me the commands please? Thank you!!
When the network topology map is painted repeatedly, it will become darker and darker. For example, when he finishes painting 1 session, I click 1 session, and then when 2 session is finished, I click again. The last selected state of 1 session does not disappear but continues to select this Analogy leads to getting darker and darker
.
Use SharpPcap live capture option
Improve BruteShark performance by refactor the BLL layer (aka PcapAnalyzer
project to use multi thread mechanism).
That includes:
Would it be possible to add additional packet flow fields for the show-networkmap / export-networkmap commands?
Specifically I'm looking for a way to add timestamp information (first packet, last packet), total number of packets and sum of data sent per flow.
Today a user needs to uninstall BruteShark using the control panel before installing a new version.
Using the WiX installer enable to upgrade the installation if the version is higher than the current version.
I get the following message when i try to export the networkmap
Error: Access to the path '/home/xxx/dump/NetworkMap/networkmap.json' is denied.
Command run is ./BruteSharkCli -m NetworkMap -i /home/xxx/dump/server.tcpdump -o /home/vbandaru/dump/
Result
[+] Started analyzing 1 files
File : server.tcpdump Processing Started
File : server.tcpdump Processing Finished
Error: Access to the path '/home/xxx/dump/NetworkMap/networkmap.json' is denied.
Migrate BruteSharkCli to .NET Core
The attached file contains Kerberos hashes, but for some reason it is not extracted.
From an initial inspection, it seems that the Kerberos payload is not a valid ASN1 serialized data.
Title says it all. Forgive me if its already there, I can't find it
Create internal logger.
Use it mainly to log exceptions at empty catch statements.
Implement a new module, end to end that will be responsible for extracting E-Mails data (aka MIME data - SMTP, POP3, IMAP).
That's include:
Create (or use an open source) class that can decode ASN.1 buffers.
That will be useful for parsing protocols like Kerberos.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.