patoolkit: collection of traffic analysis plugins focused on security

PA Toolkit (Pentester Academy Wireshark Toolkit)

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

  • WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
  • HTTP (Listing all visited websites, downloaded files)
  • HTTPS (Listing all websites opened on HTTPS)
  • ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
  • DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)

The project is under active development and more plugins will be added in near future.

Installation

Steps:

git clone https://github.com/pentesteracademy/patoolkit.git

  1. Copy the “plugins” directory to Wireshark plugins directory.
  2. Start Wireshark. 🙂

One can get the location of Wireshark plugins directory by checking Help > About Wireshark > Folders

https://user-images.githubusercontent.com/743886/43845711-72426d36-9ae1-11e8-9945-0bbe8e078e2a.png

PA Toolkit after installation

https://user-images.githubusercontent.com/743886/44320933-e4772d80-a3f9-11e8-86c6-82b614221700.png

List of websites visited over HTTP

https://user-images.githubusercontent.com/743886/44320940-e8a34b00-a3f9-11e8-98e9-ab003107d15c.png

Search functionality

https://user-images.githubusercontent.com/743886/44320950-f48f0d00-a3f9-11e8-897a-d84d5e20e2e0.png

Domain to IP mappings

https://user-images.githubusercontent.com/743886/44320953-f8bb2a80-a3f9-11e8-8530-70d36b0a1bff.png

Tutorial

Tool featured at

Author:

Source: https://github.com/pentesteracademy/

Share