mr-tz
commented
1 year ago Hey @erik4711, thanks for the addition. Once we get a second pair of eyes on the PR #147 this will be added!
Closed erik4711 closed 1 year ago
mr-tz
commented
1 year ago Hey @erik4711, thanks for the addition. Once we get a second pair of eyes on the PR #147 this will be added!
MalwareMechanic
commented
1 year ago Merged! 🥳 Thanks @erik4711!
erik4711
commented
1 year ago Thank you @mr-tz and @MalwareMechanic, that was quick!
mr-tz
commented
1 year ago 🙏 shines a light on the improvements we made with regards to openness and automation!
Package Name
networkminer
Tool Name
NetworkMiner
Package type
ZIP_EXE
Tool's version number
2.7.3
Category
Networking
Tool's authors
Netresec
Tool's description
NetworkMiner is an open source Network Forensic Analysis Tool for Windows, but also works in Linux or Mac OS X. NetworkMiner can be used as a passive network sniffer in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to reassemble transmitted files and certificates from PCAP files.
Download URL
https://www.netresec.com/?download=NetworkMiner
Download SHA256 Hash
cf477b651c3bcc70d6f5d50f9bdcb6d8cf2dd85b7018109ff474b9df3c7a0f7e
Why is this tool a good addition?
NetworkMiner is great at extracting artifacts to disk from PCAP files. NetworkMiner can extract files from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3, IMAP and LPR traffic. Extracted artifacts specifically related to malware analysis and incident response are malware downloads by droppers, X.509 certificates from C2 traffic that uses TLS or HTTPS, victim data exfiltrated through HTTP POST, JA3 and JA3S signatures of malware C2 traffic, domain names of C2 servers etc. NetworkMiner's presentation of host inventory from PCAP also provides a good overview of the devices communicating on a network.
NetworkMiner is also often used by penetration testers in order to extract kerberos hashes from captured network traffic as well as to fingerprint operating systems and applications communicating on a network. NetworkMiner also extracts credentials that have been transferred in clear text using protocol like FTP, HTTP, SMTP, POP3, IMAP and a few others.