ehabfahmi / caronte Public

forked from eciavatta/caronte

Notifications You must be signed in to change notification settings
Fork 0
Star 0

A tool to analyze the network flow during attack/defence capture the flag competitions

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.gitignore		.gitignore
.travis.yml		.travis.yml
Dockerfile		Dockerfile
Dockerfile.env		Dockerfile.env
README.md		README.md
caronte.go		caronte.go
docker-compose.testing.yml		docker-compose.testing.yml
go.mod		go.mod
go.sum		go.sum
pcap_importer.go		pcap_importer.go
storage.go		storage.go
storage_test.go		storage_test.go
stream_factory.go		stream_factory.go
stream_handler.go		stream_handler.go
travis_tests.sh		travis_tests.sh
utils.go		utils.go

Repository files navigation

[WIP] Caronte

Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence. It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns. The patterns can be defined as regex or using protocol specific rules. The connection flows are saved into a database and can be visualized with the web application. REST API are also provided.

Packets can be captured locally on the same machine or can be imported remotely. The streams of bytes extracted from the TCP payload of packets are processed by Hyperscan, an high-performance regular expression matching library. // TODO