Giters

HamzaMhirsi / TLS-SSL_IOC

A python script extracts SSL/TLS IOC from malicious pcap files, the script will order the session one by one, make sure to filter the pcap and extract only malicious session before you use the script. You use this website to get a malicious pcap file https://www.malware-traffic-analysis.net.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TLS-SSL_IOC

A python script extracts SSL/TLS IOC from malicious pcap files, the script will order the session one by one, make sure to filter the pcap and extract only malicious session before you use the script. You use this website to get a malicious pcap file https://www.malware-traffic-analysis.net.

Walkthrough

In the script change your INPUT and OUTPUT file, you can edit the tshark command in order to extract more specific info in the pcap.

Advice

The same script structure can be used to extract other IOC from different protocols like HTTP, DNS a,d more others...

Malicious pcap

You can get malicious pcap files from that website https://www.malware-traffic-analysis.net.

More info

If you need more info don't hesitate to contact me on my LinkedIn profile https://www.linkedin.com/in/hamza-mhirsi/.a

About

A python script extracts SSL/TLS IOC from malicious pcap files, the script will order the session one by one, make sure to filter the pcap and extract only malicious session before you use the script. You use this website to get a malicious pcap file https://www.malware-traffic-analysis.net.

Languages

Language:Python 100.0%