Skip to content
/ patoolkit Public
forked from pentesteracademy/patoolkit

PA Toolkit is a collection of traffic analysis plugins focused on security

0 stars 88 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tmatejicek/patoolkit

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Sample PCAPs
Sample PCAPs
 
 
plugins
plugins
 
 
PA-Toolkit.pdf
PA-Toolkit.pdf
 
 
README.rst
README.rst
 
 

Repository files navigation

https://user-images.githubusercontent.com/743886/43845704-6dbd2558-9ae1-11e8-9f77-239210fe7b6a.png

PA Toolkit (Pentester Academy Wireshark Toolkit)

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

  • WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
  • HTTP (Listing all visited websites, downloaded files)
  • HTTPS (Listing all websites opened on HTTPS)
  • ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
  • DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)

The project is under active development and more plugins will be added in near future.

This material was created while working on "Traffic Analysis: TSHARK Unleashed" course. Those interested can check the course here: https://www.pentesteracademy.com/course?id=42

Terms of Use

  • This is licensed under GPL just as Wireshark.

Installation

Steps:

  1. Copy the "plugins" directory to Wireshark plugins directory.
  2. Start wireshark. :)

One can get the location of wireshark plugins directory by checking Help > About Wireshark > Folders

https://user-images.githubusercontent.com/743886/43845711-72426d36-9ae1-11e8-9945-0bbe8e078e2a.png

Please opt for Personal Plugins directory instead of Global Plugins directory. Also, please don't paste the plugins directory in both directories otherwise you might see repeated entries for each plugin.

Special note for Macbook users: Paste the plugins in Personal Lua plugins and not in Personal Plugins.

Tool featured at

Author

Under the guidance of Mr. Vivek Ramachandran, CEO, Pentester Academy

Documentation

For more details refer to the "PA-Toolkit.pdf" PDF file. This file contains the slide deck used for presentations.

Screenshots

PA Toolkit after installation

https://user-images.githubusercontent.com/743886/44320933-e4772d80-a3f9-11e8-86c6-82b614221700.png

List of websites visited over HTTP

https://user-images.githubusercontent.com/743886/44320940-e8a34b00-a3f9-11e8-98e9-ab003107d15c.png

Search functionality

https://user-images.githubusercontent.com/743886/44320950-f48f0d00-a3f9-11e8-897a-d84d5e20e2e0.png

Domain to IP mappings

https://user-images.githubusercontent.com/743886/44320953-f8bb2a80-a3f9-11e8-8530-70d36b0a1bff.png

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License v2 as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

About

PA Toolkit is a collection of traffic analysis plugins focused on security

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Lua 100.0%