PcapAnalysis
Pcap-analyzer to automate the process of finding malicious domains that interracted with a specific IP-Victim
Install / Use
/learn @connar/PcapAnalysisREADME
What is this script used for
This python script is useful when analyzing malware traffic pcaps. It's goal is to find all HTTP and HTTPS hosts that a victim IP interacted with. Once it runs through the pcap file and collects all hosts which interacted with the victim ip, it makes request to VirusTotal in order to distinguish the malicious ones with the rest. It saves the time that would take to manually search each one up but also helps the analyst in case he missed something.
Requirements
To use this script, you need to create a profile in virus total. This is because you need an apikey provided by virus total in order for the script to successfully make requests to the endpoint.
Usage
This script is run as :
python3 associatedHosts.py [VictimIP] [virustotal_api_key] [pcapFile]
Example [from the BURNINCANDLE malware traffic exercise]
After this script is run upon the burnincandle exercise pcap file, it outputs the following :
Related Skills
pestel-analysis
Analyze political, economic, social, technological, environmental, and legal forces
next
A beautifully designed, floating Pomodoro timer that respects your workspace.
product-manager-skills
45PM skill for Claude Code, Codex, Cursor, and Windsurf: diagnose SaaS metrics, critique PRDs, plan roadmaps, run discovery, and coach PM career transitions.
devplan-mcp-server
3MCP server for generating development plans, project roadmaps, and task breakdowns for Claude Code. Turn project ideas into paint-by-numbers implementation plans.
