{"id":13826454,"url":"https://github.com/hatboy/pcap-analyzer","last_synced_at":"2026-02-07T07:13:54.564Z","repository":{"id":41280897,"uuid":"65401905","full_name":"HatBoy/Pcap-Analyzer","owner":"HatBoy","description":" Python编写的可视化的离线数据包分析器","archived":false,"fork":false,"pushed_at":"2021-02-06T07:42:04.000Z","size":85276,"stargazers_count":1007,"open_issues_count":5,"forks_count":369,"subscribers_count":52,"default_branch":"master","last_synced_at":"2024-10-26T11:33:11.709Z","etag":null,"topics":["pcap","pcap-analyzer","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HatBoy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-08-10T17:15:33.000Z","updated_at":"2024-10-23T03:00:46.000Z","dependencies_parsed_at":"2022-09-21T00:41:02.093Z","dependency_job_id":null,"html_url":"https://github.com/HatBoy/Pcap-Analyzer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HatBoy%2FPcap-Analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HatBoy%2FPcap-Analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HatBoy%2FPcap-Analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HatBoy%2FPcap-Analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HatBoy","download_url":"https://codeload.github.com/HatBoy/Pcap-Analyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225476383,"owners_count":17480215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pcap","pcap-analyzer","python"],"created_at":"2024-08-04T09:01:37.993Z","updated_at":"2026-02-07T07:13:54.455Z","avatar_url":"https://github.com/HatBoy.png","language":"Python","readme":"# Pcap-Analyzer\r\n\r\n## 更新说明\r\n+ 将项目从Python2.X移植到Python3.X\r\n+ 修复了多个Bug\r\n\r\n## 主要功能\r\n+ 1.展示数据包基本信息\r\n+ 2.分析数据包协议\r\n+ 3.分析数据包流量\r\n+ 4.绘制出访问IP经纬度地图\r\n+ 5.提取数据包中特定协议的会话连接（WEB，FTP，Telnet）\r\n+ 6.提取会话中的敏感数据（密码）\r\n+ 7.简单的分析数据包中的安全风险（WEB攻击，暴力破解）\r\n+ 8.提取数据报中的特定协议的传输文件或者所有的二进制文件\r\n\r\n## 效果展示\r\n### 首页:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/index.png)\r\n\r\n### 基本数据展示:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/basedata.png)\r\n\r\n### 协议分析:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/protoanalyxer.png)\r\n\r\n### 流量分析:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/flowanalyzer.png)\r\n\r\n### 访问IP经纬度地图:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/ipmap.png)\r\n\r\n### 会话提取:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/getdata.png)\r\n\r\n### 攻击信息警告:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/attackinfo.png)\r\n\r\n### 文件提取:\r\n![Alt Text](https://github.com/HatBoy/Pcap-Analyzer/blob/master/images/getfiles.png)\r\n\r\n## 安装部署过程:\r\n\r\n+ 运行环境：Python 3.5.X\r\n+ 操作系统：Linux (以Ubuntu 15.10为例)\r\n\r\n### 1.Python相关环境配置（Ubuntu默认安装Python2.7不需要额外安装Python）\r\nPython包管理器安装：sudo apt-get install python-setuptools python-pip\r\n\r\n### 2.相关第三方依赖库安装：\r\n+ sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx\r\n+ sudo pip3 install Flask\r\n+ sudo pip3 install Flask-WTF\r\n+ sudo pip3 install geoip2\r\n+ sudo pip3 install pyx\r\n+ sudo pip3 install requests\r\n+ scapy的安装请参见官方文档，scapy的版本为2.4.0，2.4.0之后版本有较大的变化，可能导致不兼容\r\n\r\n### 3.修改配置文件\r\n注意修改config.py配置文件中的目录位置\r\n+ UPLOAD_FOLDER = '/home/dj/PCAP/'     上传的PCAP文件保存的位置\r\n+ FILE_FOLDER = '/home/dj/Files/'      提取文件时保存的位置，下面必须要有All、FTP、Mail、Web子目录，用于存放提取不同协议的文件\r\n+ PDF_FOLDER = '/home/dj/Files/PDF/'   PCAP保存为PDF时保存的位置\r\n\r\n### 4.服务器安装\r\n+ Gunicorn服务器：pip3 install gunicorn\r\n+ Nginx服务器：sudo apt-get install nginx\r\n+ Nginx配置：修改/etc/nginx/nginx.conf文件，在http{}中添加下面代码：\r\n```\r\nserver { \r\nlisten 81; \r\nserver_name localhost; \r\naccess_log /var/log/nginx/access.log; \r\nerror_log /var/log/nginx/error.log;\r\n\r\n     location / {\r\n        #root   html;\r\n        #index  index.html index.htm;\r\n         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n         proxy_set_header Host $http_host;\r\n         proxy_pass http://127.0.0.1:8000;\r\n    }\r\n\r\n    error_page   500 502 503 504  /50x.html;\r\n    location = /50x.html {\r\n        root   html;\r\n    }\r\n```\r\n\r\n### 5.启动系统：\r\n+ 进入系统所在目录：../pcap-analyzer\r\n+ 通过Gunicorn服务器服务器启动系统，运行命令：gunicorn -c deploy_config.py run:app\r\n+ 此时只能本地访问系统，地址：http://127.0.0.1:8000\r\n+ 启动Nginx服务器：sudo service nginx start\r\n+ 此时其他主机也可访问该系统，地址：http://服务器IP:81\r\n\r\n\r\n## 分析优化\r\n### 对数据包的分析结果的准确率可通过修改配置文件来提高，修正\r\n+ 替换./app/utils/GeoIP/GeoLite2-City.mmdb的IP地址经纬度数据库文件能提高IP经纬度地图的准确率\r\n+ 修改./app/utils/protocol/目录中的各个TCP/IP协议栈的表示号和对应的协议名称可修正协议分析结果\r\n+ 修改./app/utils/waring/HTTP_ATTACK文件可提高数据包中HTTP协议攻击的准确率\r\n","funding_links":[],"categories":["\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"07701b342951b5d7bfa839db7752f9dd\"\u003e\u003c/a\u003eXx分析"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhatboy%2Fpcap-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhatboy%2Fpcap-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhatboy%2Fpcap-analyzer/lists"}