{"id":40943304,"url":"https://github.com/stratosphereips/hexa_payload_decoder","last_synced_at":"2026-01-22T04:37:30.279Z","repository":{"id":43752084,"uuid":"207321889","full_name":"stratosphereips/Hexa_Payload_Decoder","owner":"stratosphereips","description":"A tool to automatically decode and translate any TCP hexa payload data form any language to english.","archived":false,"fork":false,"pushed_at":"2022-04-23T09:23:35.000Z","size":387,"stargazers_count":17,"open_issues_count":0,"forks_count":7,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-09-05T01:34:21.314Z","etag":null,"topics":["cybersecurity","iot","iot-malware","malware-analysis","security-tools","traffic-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stratosphereips.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-09T13:56:16.000Z","updated_at":"2025-03-22T10:27:13.000Z","dependencies_parsed_at":"2022-08-22T10:20:46.660Z","dependency_job_id":null,"html_url":"https://github.com/stratosphereips/Hexa_Payload_Decoder","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/stratosphereips/Hexa_Payload_Decoder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stratosphereips%2FHexa_Payload_Decoder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stratosphereips%2FHexa_Payload_Decoder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stratosphereips%2FHexa_Payload_Decoder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stratosphereips%2FHexa_Payload_Decoder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stratosphereips","download_url":"https://codeload.github.com/stratosphereips/Hexa_Payload_Decoder/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stratosphereips%2FHexa_Payload_Decoder/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28654886,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","iot","iot-malware","malware-analysis","security-tools","traffic-analysis"],"created_at":"2026-01-22T04:37:30.208Z","updated_at":"2026-01-22T04:37:30.268Z","avatar_url":"https://github.com/stratosphereips.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"left\"\u003e\n     \u003cimg src=\"https://i.imgur.com/hbsbZnt.png\" width=\"80\" /\u003e\n\u003c/p\u003e\n\n\n# Hexa Payload Decoder \n\n[![Docker Image CI](https://github.com/stratosphereips/Hexa_Payload_Decoder/actions/workflows/docker-image.yml/badge.svg)](https://github.com/stratosphereips/Hexa_Payload_Decoder/actions/workflows/docker-image.yml)\n![GitHub last commit (branch)](https://img.shields.io/github/last-commit/stratosphereips/Hexa_Payload_Decoder/master)\n![Docker Pulls](https://img.shields.io/docker/pulls/stratosphereips/hexapayloaddecoder?color=green)\n\n\n## Problem Statement\nWhen analyzing malware traffic on the network sometimes we find ourselves spending several minutes decoding the data from the hexadecimal streams. In the best case scenario we can use some tools (like Wireshark) to see these  streams already decoded, but sometimes the decoded characters are not supported by most of the networking analyzers.\n\n## The Solution\nThe idea is to develop a tool aimed to extract the TCP hexadecimal data from netwrok captures filtering by a specific port provided by the user, decode it from hexadecimal and translate it from any language to english.\n\nThe workflow of the tool is the following:\n  - User runs the bash script with two parameters, the pcap file to analyze and some port.\n  - The bash script extracts the hexadecimal data from the TCP flows filtering by the user provided port using Tshark command.\n  - The extracted hexadecimal data are decoded as UTF-8 using the Python standard library.\n  - The decoded data is finally passed to Libre Translate Python library which automatically detects the language and translates it to English.\n  - The decoded and translated data is written to an output file to see the results.\n  - This flow repeats for every TCP flow found in the pcap.\n  \n## Hexadecimal decoder and translator for network analysis\n\nThe hexadecimal decoder and translator for network analysis runs using Python 3, and currently supports the following options:\n\n```\nusage:  python3 hexa_payload_decoder.py [-h] [-d DECODE | -c] [-r READ] [-p PORT] [-l LENGTH]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -d DECODE, --decode DECODE\n                        Decode and translate the given string.\n  -c, --clean           Clean the contents of the log file.\n\nAnalysis:\n  -r READ, --read READ  Name of the pcap file that is analyzed.\n  -p PORT, --port PORT  Analyze traffic for a specific port only.\n  -l LENGTH, --length LENGTH\n                        Analyze data streams longer than the given length.\n```\n\n\n---\n\nHere is the tool working with a packet capture from Mirai IoT malware:\n\n![Suspicious_payload_example](images/hexa_decode.png)\n\n---\n\n## Requirements\n\n- Libre Translate Python Library https://github.com/argosopentech/LibreTranslate-py\n- Tshark https://www.wireshark.org/docs/man-pages/tshark.html\n\n## Docker Image\n\nThe Hexa Payload Decoder currently has a public docker image:\n\n```\ndocker run --rm -it stratosphereips/hexapayloaddecoder:latest /bin/bash\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstratosphereips%2Fhexa_payload_decoder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstratosphereips%2Fhexa_payload_decoder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstratosphereips%2Fhexa_payload_decoder/lists"}