oguzy / ovizart Goto Github PK

View Code? Open in Web Editor NEW

46.0 46.0 15.0 7.77 MB

License: GNU General Public License v3.0

Python 13.15% Shell 0.10% JavaScript 86.75%

ovizart's People

Contributors

Stargazers

Watchers

Forkers

chiehwen zqzas ferhatelmas hyades vpereira govindsmenokee lucifer-fxy huzichunjohn zclfly gopaljeegupta1 jazmingp skilincer sts0mrg0

ovizart's Issues

mark the SMTP traffic with attachments one

Mark the SMTP traffic that has attachments at the timeline

add an about me page

Tell something about the project
contact details, email list, twitter account, what is supported, TODO list where to go to add feature request

Explain the visualizations

demopage is down

the demopage linked at https://www.honeynet.org/node/920 is down

the timeline should display the start and end of an each flow

Each flow has packets and separate timestamps. [15:05:11 EEST] nicolas.collery: so it would be nice to show for each stream what type it is when it started, when it ended and represent a "line" between the 2

header explanations should be fixed by removng \r

The flow details have hardly readable header parts. They should be humanitized.

all circles are the same size at the timeline

The sizes are calculated according to their timestamp, because they are all close, their sizes are also nearly same. But the difference should be made more explicit

payload of packets should be displayed

While saving the packets, addition to their ip and port numbers, payload should be saved for being displayed.

summary site is working slow

It may be better to make the site faster

Display the file types for the attachments

At the flow details, the saved binaries should be displayed with their types also

user login should be implemented

The uploaded data is saved according to the user_id, better to define a user and a login screen

check django-userena

It handles many things about user integration to the system

irc can be implemented

IRC can be a good addition to handled protocols, as a malware source

change the default page to a page like malwr.com

The page will display all the uploaded pcaps one per line with a line based summary like the one at malwr.com site. Clicking on the md5sum will open pcap details page

mark the unknown traffic

[15:14:09 EEST] nicolas.collery: what is important though is classify as unknown, what you detect and cannot parse
[15:14:41 EEST] nicolas.collery: and since you mentioned last time about colors, i think unknown should stand clearly.

[15:15:09 EEST] nicolas.collery: so we can also internally later log all the unknown and try to create parsers

scatter plot display shoud be more readable

It is not readable and meaningful a lot. I should make it better.

from nicolas: "ok, well, 1 page summary that can contain the scatter plot but mostly a line with basic info for each pcap submitted, then each line is clickable, by md5, date or file name or description, whichever
[14:29:53 EEST] nicolas.collery: for each pcap, then you should have a page with various info and graphs"

design the pcap details page

This page will give information about the pcap at the top like File Details section at http://malwr.com/analysis/778ab45b3f5393e0fc3262261aeaff54/

It will have attachment details, created sub flow pcaps, their downloads

One tab for Summary View. The current summary view will be removed so as to display the per pcap display. The work process and the page for the summary view will be the same.

One tab for Visualization, that will have parallel coordinates

One tab for Flow Details, like the ones http://ow.comu.edu.tr/pcap/visualize/http/size/ or the count one, with links to packet IDs