plotcap


Nameplotcap JSON
Version 0.4.0 PyPI version JSON
download
home_pagehttps://github.com/darknetehf/plotcap
SummaryPlotCap - a simple network visualization tool
upload_time2024-02-08 22:53:17
maintainerDarknet ehf
docs_urlNone
authorDarknet ehf
requires_python>=3.11,<4.0
licenseMIT
keywords packaging poetry
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            ==========
PlotCap
==========

PlotCap - a simple network visualization tool.

.. image:: preview.png
  :align: center
  :alt: Sample

.. contents:: Table of Contents

Introduction
============

PlotCap is a simple command line tool written in Python and based on PyVis, that parses network capture files (produced by tools such as tcpdump or Wireshark) to render a graph of the network topology in a web page.

PlotCap was designed for red team engagements, with the aim of quickly mapping out relationships between devices ("nodes") in a network.
Target groups are: network administrators, penetration testers and curious people.

Visualization can be performed at layer 2 (MAC addresses) and layer 3 (IP addresses).
Layer 2 is the default. The tool attempts to resolve MAC addresses unless directed otherwise.

Usage
=====

.. code-block:: bash

    plotcap  -f capture.cap

This is equivalent to:

.. code-block:: bash

    plotcap  -f capture.cap --layer2

or:

.. code-block:: bash

    plotcap  -f capture.cap --layer2 --resolve-oui

Do not resolve MAC addresses:

.. code-block:: bash

    plotcap  -f capture.cap --layer2 --no-resolve-oui

Show IP addresses:

.. code-block:: bash

    plotcap  -f capture.cap --layer3

API
===

A convenience API is available if you just want to parse the .pcap file and reuse the results, but don't want a graphical representation.

.. code-block:: python

   from plotcap.api import parse_file

   pcap_file = "/tmp/test.pcap"
   conversations = parse_file(pcap_file=pcap_file, layer=2)
   for conversation, packet_count in conversations.items():
      print(f"src: {conversation.src} - dst: {conversation.dst} - packets: {packet_count}")

Limitations
===========

- Although this is a command line tool, it requires a graphical environment and a web browser to render network maps. On headless systems we suggest using Xvfb to set up virtual sessions.
- PlotCap was tested on Linux only
- MAC addresses may not always be resolved to manufacturer names, especially if address randomization comes into play
- See the TODO file for more missing features

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/darknetehf/plotcap",
    "name": "plotcap",
    "maintainer": "Darknet ehf",
    "docs_url": null,
    "requires_python": ">=3.11,<4.0",
    "maintainer_email": "info@labs.darknet.com",
    "keywords": "packaging,poetry",
    "author": "Darknet ehf",
    "author_email": "info@labs.darknet.com",
    "download_url": "https://files.pythonhosted.org/packages/e0/f7/5b81033893677afc0842d4710b81b4386f81f2fc2971476da388784a5639/plotcap-0.4.0.tar.gz",
    "platform": null,
    "description": "==========\nPlotCap\n==========\n\nPlotCap - a simple network visualization tool.\n\n.. image:: preview.png\n  :align: center\n  :alt: Sample\n\n.. contents:: Table of Contents\n\nIntroduction\n============\n\nPlotCap is a simple command line tool written in Python and based on PyVis, that parses network capture files (produced by tools such as tcpdump or Wireshark) to render a graph of the network topology in a web page.\n\nPlotCap was designed for red team engagements, with the aim of quickly mapping out relationships between devices (\"nodes\") in a network.\nTarget groups are: network administrators, penetration testers and curious people.\n\nVisualization can be performed at layer 2 (MAC addresses) and layer 3 (IP addresses).\nLayer 2 is the default. The tool attempts to resolve MAC addresses unless directed otherwise.\n\nUsage\n=====\n\n.. code-block:: bash\n\n    plotcap  -f capture.cap\n\nThis is equivalent to:\n\n.. code-block:: bash\n\n    plotcap  -f capture.cap --layer2\n\nor:\n\n.. code-block:: bash\n\n    plotcap  -f capture.cap --layer2 --resolve-oui\n\nDo not resolve MAC addresses:\n\n.. code-block:: bash\n\n    plotcap  -f capture.cap --layer2 --no-resolve-oui\n\nShow IP addresses:\n\n.. code-block:: bash\n\n    plotcap  -f capture.cap --layer3\n\nAPI\n===\n\nA convenience API is available if you just want to parse the .pcap file and reuse the results, but don't want a graphical representation.\n\n.. code-block:: python\n\n   from plotcap.api import parse_file\n\n   pcap_file = \"/tmp/test.pcap\"\n   conversations = parse_file(pcap_file=pcap_file, layer=2)\n   for conversation, packet_count in conversations.items():\n      print(f\"src: {conversation.src} - dst: {conversation.dst} - packets: {packet_count}\")\n\nLimitations\n===========\n\n- Although this is a command line tool, it requires a graphical environment and a web browser to render network maps. On headless systems we suggest using Xvfb to set up virtual sessions.\n- PlotCap was tested on Linux only\n- MAC addresses may not always be resolved to manufacturer names, especially if address randomization comes into play\n- See the TODO file for more missing features\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "PlotCap - a simple network visualization tool",
    "version": "0.4.0",
    "project_urls": {
        "Homepage": "https://github.com/darknetehf/plotcap",
        "Repository": "https://github.com/darknetehf/plotcap"
    },
    "split_keywords": [
        "packaging",
        "poetry"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e86572d758e4dfbfb2bd5f4b9be225a2de7e70e6074c56bc7fe14acdd9841029",
                "md5": "49c49f9afc7e46998e3096ecc61366a9",
                "sha256": "7ad5b5305e0431fc1e555ab1529e08af8509e5c57ac1858a9d3d694c4b0229db"
            },
            "downloads": -1,
            "filename": "plotcap-0.4.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "49c49f9afc7e46998e3096ecc61366a9",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.11,<4.0",
            "size": 8392,
            "upload_time": "2024-02-08T22:53:15",
            "upload_time_iso_8601": "2024-02-08T22:53:15.423467Z",
            "url": "https://files.pythonhosted.org/packages/e8/65/72d758e4dfbfb2bd5f4b9be225a2de7e70e6074c56bc7fe14acdd9841029/plotcap-0.4.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e0f75b81033893677afc0842d4710b81b4386f81f2fc2971476da388784a5639",
                "md5": "91e079ef4efba6bc9746a2950bc5be4a",
                "sha256": "56c4e5d65ffd73f91fd33534202f2ea930d46b8914bd2ed878bf28232bbd2199"
            },
            "downloads": -1,
            "filename": "plotcap-0.4.0.tar.gz",
            "has_sig": false,
            "md5_digest": "91e079ef4efba6bc9746a2950bc5be4a",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.11,<4.0",
            "size": 6006,
            "upload_time": "2024-02-08T22:53:17",
            "upload_time_iso_8601": "2024-02-08T22:53:17.003180Z",
            "url": "https://files.pythonhosted.org/packages/e0/f7/5b81033893677afc0842d4710b81b4386f81f2fc2971476da388784a5639/plotcap-0.4.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-02-08 22:53:17",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "darknetehf",
    "github_project": "plotcap",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "plotcap"
}
Darknet ehf
Elapsed time: 0.17662s