Skip to content
/ TLS-SSL_IOC Public

A python script extracts SSL/TLS IOC from malicious pcap files, the script will order the session one by one, make sure to filter the pcap and extract only malicious session before you use the script. You use this website to get a malicious pcap file https://www.malware-traffic-analysis.net.

7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HamzaMhirsi/TLS-SSL_IOC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
script.py
script.py
 
 

Repository files navigation

TLS-SSL_IOC

A python script extracts SSL/TLS IOC from malicious pcap files, the script will order the session one by one, make sure to filter the pcap and extract only malicious session before you use the script. You use this website to get a malicious pcap file https://www.malware-traffic-analysis.net.

Walkthrough

In the script change your INPUT and OUTPUT file, you can edit the tshark command in order to extract more specific info in the pcap.

Advice

The same script structure can be used to extract other IOC from different protocols like HTTP, DNS a,d more others...

Malicious pcap

You can get malicious pcap files from that website https://www.malware-traffic-analysis.net.

More info

If you need more info don't hesitate to contact me on my LinkedIn profile https://www.linkedin.com/in/hamza-mhirsi/.a

About

A python script extracts SSL/TLS IOC from malicious pcap files, the script will order the session one by one, make sure to filter the pcap and extract only malicious session before you use the script. You use this website to get a malicious pcap file https://www.malware-traffic-analysis.net.

Resources

Readme
Activity

Stars

7 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages