creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-16 07:53:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit - 611 cybersecurity skills across all subdomains

Browse Source
This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/performing-network-packet-capture-analysis/scripts/process.py
+37
View File
@@ -0,0 +1,37 @@
#!/usr/bin/env python3
"""PCAP Forensic Analyzer - Analyzes packet captures for forensic investigation."""
import json, os, sys
from collections import defaultdict, Counter
from datetime import datetime
try:
from scapy.all import rdpcap, IP, TCP, UDP, DNS, DNSQR
except ImportError:
print("Install scapy: pip install scapy"); sys.exit(1)
def analyze_pcap(pcap_path: str, output_dir: str) -> str:
os.makedirs(output_dir, exist_ok=True)
packets = rdpcap(pcap_path)
convos = defaultdict(lambda: {"pkts": 0, "bytes": 0})
dns_queries = []
protocols = Counter()
for pkt in packets:
if IP in pkt:
key = tuple(sorted([pkt[IP].src, pkt[IP].dst]))
convos[key]["pkts"] += 1; convos[key]["bytes"] += len(pkt)
if TCP in pkt: protocols[f"TCP/{pkt[TCP].dport}"] += 1
elif UDP in pkt: protocols[f"UDP/{pkt[UDP].dport}"] += 1
if DNS in pkt and pkt[DNS].qr == 0 and DNSQR in pkt:
dns_queries.append({"query": pkt[DNSQR].qname.decode(errors="replace").rstrip("."),
"src": pkt[IP].src if IP in pkt else ""})
top_convos = sorted([{"src": k[0], "dst": k[1], **v} for k, v in convos.items()],
key=lambda x: x["bytes"], reverse=True)[:50]
report = {"total_packets": len(packets), "conversations": top_convos,
"dns_queries": dns_queries[:200], "protocols": dict(protocols.most_common(30))}
out = os.path.join(output_dir, "pcap_analysis.json")
with open(out, "w") as f: json.dump(report, f, indent=2)
print(f"[*] Packets:{len(packets)} Convos:{len(convos)} DNS:{len(dns_queries)}")
return out
if __name__ == "__main__":
if len(sys.argv) < 3: print("Usage: process.py <pcap> <output>"); sys.exit(1)
analyze_pcap(sys.argv[1], sys.argv[2])