HoneyBot: Capture, upload and analyze network traffic
HoneyBot
Cloud-based PCAP analysis; powered by PacketTotal.com
HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently, this library provides three scripts:
- capture-and-analyze.py – Capture on an interface for some period of time, and upload capture for analysis.
- upload-and-analyze.py – Upload and analyze multiple packets captures to PacketTotal.com.
- trigger-and-analyze.py – Listen for unknown connections, and begin capturing when one is made. Captures are automatically uploaded and analyzed.
Use Cases
- Set your honeypot up to stream network traffic directly to PacketTotal.com for analysis.
- Analyze a personal repository of malicious PCAPs.
- Determine the benignity of hundreds of packet captures.
- Automate analyzing (and sharing) honeypot packet captures.
- Automate preliminary malware analysis/triage.
Install & Use
Copyright (c) 2018 PacketTotal
