Dshell - Network Forensic Analysis Framework
Dshell is an extensible network forensic analysis framework.
It enables rapid development of plugins to support the dissection of network packet captures.
Key Features:
- Robust stream reassembly
- IPv4 and IPv6 support
- Custom output handlers
- Chainable decoders
Requirements:
Usage:
- Lists all available decoders alongside basic information about them
decode -l
- Shows generic command-line flags available to most decoders
decode -h
- Displays information about a decoder, including available command-line flags
decode -d
- Run the selected decoder on a pcap file
decode -d
Installation
Install all of the necessary Python modules listed above. Many of them are available via pip and/or apt-get. Pygeoip is not yet available as a package and must be installed with pip or manually.
sudo apt-get install python-crypto python-dpkt python-ipy python-pypcap
sudo pip install pygeoip
Configure pygeoip by moving the MaxMind data files (GeoIP.dat, GeoIPv6.dat, GeoIPASNum.dat, GeoIPASNumv6.dat) to /share/GeoIP/
Run make. This will build Dshell.
Run ./dshell. This is Dshell. If you get a Dshell> prompt, you're good to go!
You might also like:
- Knockpy - A Subdomain Scanner
- CoolNovo Password Decryptor - Tool For Recovering Stored Login Details From CoolNovo Browser
- Netcat - The TCP/IP Swiss Army Knife
- OWASP SwitchBlade - An Open-Source Denial of Service Attack Tool
- How Anonymous Hackers Changed the World (Documentary Film)
- Katana - A Portable Multi-Boot Security Distribution
- Volatility - An Open Source Memory Forensics Framework
- Qualys BrowserCheck - An Online Security Scanner
- DNSChef - An Advanced DNS Proxy
- PenTBox - An Open Source Security Suite
- Virtual Section Dumper - A Memory Dumping Tool
- Xenotix - XSS Vulnerability Detection and Exploitation Framework
- jSQL Injection - A Cross-Platform SQL Injection Tool
from Effect Hacking full article here