Honeysnap – Pcap Packet Capture File Parsing Tool


Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time. Once you have identified data that interests you, you can then employ other tools for more in depth analysis, such as the Walleye user interface to the Honeywall. Honeysnap is also suitable for manual operation or automation via cron.

Example Functions

  • Packet and connection overview.
  • Flow extraction of ASCII based communications.
  • Protocol decode of the more common Internet communication protocols.
  • Binary file transfer extraction.
  • Flow summary of inbound and outbound connections.
  • Keystroke extraction of ver2 and ver 3 Sebek data.
  • Identification and analysis of IRC traffic, including keyword matching.

Version 1.0.6 now decodes the following protocols.

  • DNS
  • FTP
  • HTTP
  • IRC
  • Socks
  • Sebek

In addtion, the new 1.0.6 version includes

  • Socks proxy traffic stats
  • User definable filters for the counts
  • Improved DNS output
  • Fixed bug in file extraction
  • A big speed increase in gzip decoding
  • Print querying IP for DNS decodes
  • Auto-spotting of IRC traffic on any port
  • SOCKS decoding
  • Fix to the truncation of extracted files
  • Includes magicpy in the distribution to solve the problems caused by the original website going away.

You can download Honeysnap here:

honeysnap-1.0.6.14.tar.gz

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools

, ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.