Deduplicate findings, add network summary, parallelize analysis#13
Open
moscowchill wants to merge 6 commits into
Open
Deduplicate findings, add network summary, parallelize analysis#13moscowchill wants to merge 6 commits into
moscowchill wants to merge 6 commits into
Conversation
- Deduplicate protocol detections across all 27 protocol blocks using per-protocol composite keys so each unique finding prints only once - Add network intelligence summary printed at end of analysis: discovered hosts with MAC/vendor/protocols, VLANs, queried hostnames (LLMNR/NBT-NS), protocol detection counts, and subnet grouping - Parallelize pcap analysis across 3 worker processes using multiprocessing with fork-inherited shared packets (zero-copy) and merged results - Replace per-finding console spam with progress bars for both loading (byte-level via PcapReader) and analysis phases, with rate/ETA stats - Fix --input --output: output file was never written due to early return - Suppress scapy BGP/runtime warnings by setting log level before imports
Writes a multi-sheet Excel workbook with: unique findings (protocol, details, attack impact, tools, mitigation), discovered hosts, protocol stats, VLANs, queried hostnames, and subnets. Uses openpyxl with lazy import so it's only required when --excel is used.
- Replace slow PcapReader Python loop with rdpcap (C-optimized) run in a background thread, showing a spinner while loading - Strip ANSI color codes when stdout is not a TTY (file redirect) via colorama init(strip=True) - Skip progress bars entirely when output is redirected to a file
Catches real bugs (undefined names, unused imports, dead code) while ignoring upstream code patterns (bare except for scapy parsing, nested if for haslayer guards, long lines in protocol blocks).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reviewed and tested against real-world BYOD WiFi pcaps.
Problem
Running Above against a 259MB pcap produces 3.4MB / 9,238 detections, mostly duplicates (5,869 mDNS, 1,066 LLMNR). The output is unusable for actual security assessments.
Changes
--excel reportflag to export findings to a multi-sheet xlsx for pentest reporting--input --output(output pcap was never written due to early return)Testing
--outputsaves all matched packets (not just unique)--excelproduces valid xlsx with 6 sheets--interface) still prints findings in real-timeruff check above/passes clean