patoolkit: collection of traffic analysis plugins focused on security

PA Toolkit (Pentester Academy Wireshark Toolkit)

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

• WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
• HTTP (Listing all visited websites, downloaded files)
• HTTPS (Listing all websites opened on HTTPS)
• ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
• DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)

The project is under active development and more plugins will be added in near future.

Installation

Steps:

git clone https://github.com/pentesteracademy/patoolkit.git

1. Copy the “plugins” directory to Wireshark plugins directory.
2. Start Wireshark. 🙂

One can get the location of Wireshark plugins directory by checking Help > About Wireshark > Folders

PA Toolkit after installation

List of websites visited over HTTP

Search functionality

Domain to IP mappings

Tutorial

Tool featured at

• Blackhat Arsenal 2018
• DEF CON 26 Demolabs

Author:

• Nishant Sharma, Technical Manager, Pentester Academy <nishant@binarysecuritysolutions.com>
• Jeswin Mathai, Security Researcher, Pentester Academy <jeswin@binarysecuritysolutions.com>

Source: https://github.com/pentesteracademy/