National Cyber Warfare Foundation (NCWF) Forums


BruteShark: a Network Forensic Analysis Tool (NFAT)


0 user ratings
2020-12-04 10:32:32
blscott
Red Team Tools

BruteShark is a Network Forensic Analysis Tool (NFAT) that performs
deep processing and inspection of network traffic (mainly PCAP files).
It includes: password extracting, building a network map, reconstruct
TCP sessions, extract hashes of encrypted passwords, and even convert
them to a Hashcat format in order to perform an offline Brute Force
attack.


The main goal of the project is to provide a solution to security
researchers and network administrators with the task of network traffic
analysis while they try to identify weaknesses that can be used by a
potential attacker to gain access to critical points on the network.


Two BruteShark versions are available, A GUI-based application (Windows) and a Command Line Interface tool (Windows and Linux).

The various projects in the solution can also be used independently as infrastructure for analyzing network traffic on Linux or Windows machines. For further details see the Architecture section.


software architecture and analyzing network data.

  • Extracting and encoding usernames and passwords (HTTP, FTP, Telnet, IMAP, SMTP...)
  • Extract authentication hashes and crack them using Hashcat (Kerberos, NTLM, CRAM-MD5, HTTP-Digest...)
  • Build visual network diagram (Network nodes & users)
  • Reconstruct all TCP & UDP Sessions
  • File Carving



Comments
new comment
Nobody has commented yet. Will you be the first?
 
return to home



Copyright 2012 through 2021 - National Cyber Warfare Foundation - All rights reserved worldwide.