About NetworkAssessment
NetworkAssessment is a powerful network security threat assessment and auditing tool designed to assist researchers in analyzing pcap files and detecting potential suspicious network traffic within a target network. With the help of this tool, network security auditors can more easily scan and identify anomalous activities within network traffic and search for suspicious keywords.
Feature Overview
1. DNS Tunnel Detection: Identify potential covert communication channels via DNS;
2. SSH Tunnel Detection: Detect traces of SSH sessions, which may be used to bypass network restrictions or conceal malicious activities;
3. TCP Session Hijack Identification: Monitor suspicious TCP sessions that might indicate unauthorized takeover activities;
4. Identification of Various Attack Characteristics: Recognize SYN flood, UDP flood, Slowloris, SMB attacks, etc.;
5. Suspicious Keyword Search: Proactively scan network traffic for user-defined keywords that may indicate malicious or sensitive data leaks;
6. Support for Protocol-Specific Scans: Allow users to specify protocols to monitor, ensuring focused and efficient analysis;
7. Output Logging: Support storing detailed analysis results in files for further review and research;
8. IPv6 Fragmentation Attack Detection: Identify potential behaviors exploiting IPv6 fragmentation mechanisms for malicious activities;
9. User-Friendly Interface: Color-coded output and progress indicators enhance data readability and user experience;
The tool is not limited to the above features. With contributions from a wide community of researchers, its detection capabilities can continuously develop and adapt to the latest threat landscapes.
Tool Requirements
- python 3.x
- scapy
- argparse
- pyshark
- colorama
Tool Installation
Since the tool is developed based on Python 3, we first need to install and configure the Python 3.x environment on the local device. Next, researchers can directly use the following command to clone the project source code to local:
git clone https://github.com/HalilDeniz/NetworkAssessment.gitThen switch to the project directory and use the pip tool and the provided requirements.txt file to install the additional dependencies needed by the tool:
cd NetworkAssessment
pip install -r requirements.txtTool Usage
Example Usage
python3 networkassessment.py [-h] -f FILE [-p {TCP,UDP,DNS,HTTP,SMTP,SMB} [{TCP,UDP,DNS,HTTP,SMTP,SMB} ...]]
[-o OUTPUT] [-n NUMBER_PACKET](Swipe right for more)
Parameter Explanation
-f, âfile: The path to the .pcap or .pcapng file to be analyzed, this is a mandatory parameter, and the toolâs security assessment is primarily based on the data within this file;
-p, âprotocols: Specify protocols to scan, supporting multiple protocols at the same time. Options include âTCPâ, âUDPâ, âDNSâ, âHTTPâ, âSMTPâ, and âSMBâ;
-o, âoutput: The output file path to store scan analysis results, this parameter is optional. If set, the scan results will be saved in the specified output file;
-n, ânumber-packet: The number of data packets to scan within the specified file, this parameter is optional. If not set, the tool will default to scanning all data packets in the target file;
In the above example, the tool will analyze the first 1000 data packets in the sample.pcap file, primarily focusing on TCP and UDP protocols, and save the analysis results to the output.txt file.
Tool Running Screenshot
License Agreement
This project is developed and released under the MIT open-source license agreement.
Project Address
NetworkAssessmentïŒ
https://github.com/HalilDeniz/NetworkAssessment
https://tryhackme.com/p/halilovic
https://github.com/alperenugurlu