Created
October 6, 2015 14:14
-
-
Save noscripter/becb2a9e50b03424d69f to your computer and use it in GitHub Desktop.
Dead simple PoC of how scapy could be used to build a replacement Wireshark without C
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| try: | |
| import scapy.all as scapy | |
| except ImportError: | |
| import scapy | |
| if __name__ == "__main__": | |
| from argparse import ArgumentParser | |
| parser = ArgumentParser( | |
| prog=__file__, | |
| description="Proof of concept for wireshark replacement", | |
| version="%(prog)s v0.0.1 by Brian Wallace (@botnet_hunter)", | |
| epilog="%(prog)s v0.0.1 by Brian Wallace (@botnet_hunter)" | |
| ) | |
| parser.add_argument('path', metavar='path', type=str, nargs='*', default=None, help="Paths to files to parse") | |
| args = parser.parse_args() | |
| for p in args.path: | |
| pcap = scapy.rdpcap(p) | |
| for packet in pcap: | |
| print packet.show() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment