forked from creafrog/PASTA
PASTA is a SSH traffic analyser in Python
License
Cloudxtreme/PASTA
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
____ _ ____ _____ _ | _ \ / \ / ___|_ _|/ \ | |_) / _ \ \___ \ | | / _ \ | __/ ___ \ ___) || |/ ___ \ |_| /_/ \_\____/ |_/_/ \_\ PASTA is another SSH traffic analyser AUTHORS The PASTA team (or Spaghetteam): César 'Mr. Blue' Burini Pierre 'Rogdham' Pavlidès Romain 'Haradwaith' Pomier REQUIREMENTS Stand alone programs: python 2.7 (mandatory) tshark (mandatory) Python 2.7 libraries: yapsy (recommanded) colorama (optional) texttable (optional) REQUIREMENTS INSTALLATION To install python2.7 and tshark, use the package manager of your system if any, or go to - http://www.python.org/getit/releases/2.7/ for python2.7 - http://www.wireshark.org/download.html for thsark To install the python libraries, you may use pip: pip install -r requirements.txt Please note that this command may need extra-privileges. DESCRIPTION PASTA is another ssh traffic analyser. As such, it analyses ssh connection in a capture file. Based on the traffic patterns, information such as idle time or connection type are estimated. See the DETAILED DESCRIPTION to get more precise information. KNOWN BUGS A bug in some modified versions of argparse are making the -s and -S options non-exclusive. In that case, if they are used together, it would be as if -s was not used. Same thing with -t and --csv. USAGE Launch pasta.py without any arguments, or with the -h or --help flag to see the usage and description of the options. DETAILED DESCRIPTION All the fields given by Pasta about the ssh connections are: - the client address. - the server address. - the start date. - the duration. - the protocol used by the client. - the protocol used by the server. - the number of datagrams sent by the client, and the number of bytes. - the number of datagrams sent by the server, and the number of bytes. Also, different plugins can detect: - the type of connection (ssh, scp, etc) - the idle time - stepping stones - ... Fore more information about the plugins, look at the .plugin files. WARNING If the beginning of a connection is missing, the program will not be able to determine if the connection is a ssh one. Hence, use the -a option. HOW TO WRITE A NEW PLUGIN You need to add two files in the plugins folder. Let say that your plugin is called bolognese: - bolognese.py: should inherit and implement the required methods of one of the two classes defined plugins/__init__.py (more informations in this file) - bolognese.plugin: metadatas of the plugin: at least something like [Core] Name = Bolognese Module = bolognese ; name of the .py file [Documentation] Author = PastaLover Version = 1 Description = Add some sauce to PASTA
About
PASTA is a SSH traffic analyser in Python
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- Python 100.0%