Skip to content

siemens/sparring

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits

applications

applications

 
 

design

design

 
 

docs

docs

 
 

lib

lib

 
 

scripts

scripts

 
 

transports

transports

 
 

utils

utils

 
 

.gitignore

.gitignore

 
 

LICENSE.rst

LICENSE.rst

 
 

README.md

README.md

 
 

TODO

TODO

 
 

setup.py

setup.py

 
 

sparring.py

sparring.py

 
 

Repository files navigation

sparring

Network simulation for malware analysis. sparring is supposed to assist with the analysis of network traffic generated by possibly malicious software. This is achieved by automating the logging of known protocols and extracting sent or received payloads where applicable. Support for integration with the automated malware analysis framework cuckoo (http://cuckoosandbox.org) is on its way.

Network setup

sparring can be run in three different modes of operation. They are:

  • full mode
    No communication may leave the analysing host. Supported and activated protocols are processed by sparring.
  • half mode
    Data sent by the (malware) sample is intercepted, possibly modified and either passed to its destination host or discarded.
  • transparent mode
    While working transparently, sparring will not alter any transmitted data and only log connections and try to extract interesting data for supported protocols.

The scripts/ directory contains shell scripts to assist you in getting the somewhat tricky network setup required for analysis right.

About

Network simulation for malware analysis.

Resources

Readme

License

GPL-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

13 stars

Watchers

16 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages