https://github.com/jaromarko/nfextractor

This Python code is useful for analyzing net flow exported data. It merges all .time files, resolves IPs, removes duplicates, and exports all data into a CSV file which can then be analyzed in forensics.
https://github.com/jaromarko/nfextractor

cybersecurity forensics netflow-analyzer netflow-v5 python3

Last synced: 11 months ago
JSON representation

This Python code is useful for analyzing net flow exported data. It merges all .time files, resolves IPs, removes duplicates, and exports all data into a CSV file which can then be analyzed in forensics.

• Host: GitHub
• URL: https://github.com/jaromarko/nfextractor
• Owner: JaroMarko
• Created: 2025-03-13T23:43:40.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-03-13T23:58:03.000Z (over 1 year ago)
• Last Synced: 2025-03-14T00:32:19.011Z (over 1 year ago)
• Topics: cybersecurity, forensics, netflow-analyzer, netflow-v5, python3
• Language: Python
• Homepage:
• Size: 0 Bytes
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Netflow Data Analysis Tools

This Python code is useful for analyzing net flow exported data. It merges all `.time` files, resolves IPs, removes duplicates, and exports all data into a CSV file which can then be analyzed in forensics.

## Functionality

### `extract.py`

- **Description**: Extracts net flow data from a specified file or directory.

- **Features**:

  - Load data from a single file or merge data from multiple files in a directory.

  - Optionally trim duplicate records.

  - Optionally resolve IP addresses using `ipinfo.io`.

  - Export the processed data into a CSV file.

### `resolve.py`

- **Description**: Resolves IP addresses to additional information using `ipinfo.io`.

- **Features**:

  - Fetch hostname, city, country, and organization information for each IP address.

  - Integrate the resolved information into the net flow data.

  - Export the enriched data into a CSV file.

### `merge.py`

- **Description**: Merges multiple net flow data files into a single DataFrame.

- **Features**:

  - Load and merge data from multiple `.time` files in a specified directory.

  - Sort and concatenate the data into a single DataFrame.

  - Export the merged data into a CSV file.

## Usage

1. **Extract Data**:

   ```bash

   python extract.py

   ```

2. **Resolve IPs**:

   ```bash

   python resolve.py

   ```

3. **Merge Data**:

   ```bash

   python merge.py

   ```

## Output

The processed data is exported into a CSV file, which can be further analyzed for forensic purposes.

## TODO

- nfExtractor.py which will connect all the scripts