Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

pcapgen

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pcapgen

Module to generate PCAPs from any input file. This is a modified version of PGT tool which wasdeveloped earlier by, Andrewg Felinemenace.

pipPyPI
Version
0.8
Maintainers
1

Pcapgen PCAP Generation Suite

pgtlib

pgtlib is a wrapper built on top of Scapy/Kamene to provide additional flexibility to create custom TCP client<->server packet captures. This module would also provide functionality to prefix 3-way TCP Handshake and close established connections gracefully.

Usage

Let's say over TCP/5555, you would want to send "----> hey from client\n" from client and server echoes back with a response message saying, "<---- ACK\n". Let's construct a packet based on this:

from pcapgen.pgtlib import *

fHandle = PCAP('/tmp/tcp.pcap')             # PCAP Output Filename
conn = fHandle.tcp_conn_to_server(5555)     # Assign dest port as TCP/5555
conn.to_server('----> From Client\r\n')     # Client message to server
conn.to_client('<---- From Server\r\n')     # Server message to client
conn.finish()                               # Construct FIN
fHandle.close()                             # Close file handle
print('[*]Done.')

pft

PCAP Fix Tool (pft, in short) is a wrapper on top of scapy/kamene. This utility helps in resolving broken TCP communications, changing endpoint directions and ports etc. This tool takes the C Arrays input of any TCP stream, appends the missing TCP 3-Way handshakes along with adding the necessary FIN TCP flags to terminate the established TCP communication gracefully.

Usage

  • Open faulty pcap and navigate to the faulty TCP stream index that you want to correct.
  • View data as 'C Arrays' and export the output to any flat file e.g. /tmp/raw
  • $python pft.py -p 1337 -w /tmp/raw
  • This would geneate raw.pcap (currently supports PCAP format only) which would have TCP/1337 as destination port along with the end-to-end PDU data intact.

pgt

PCAP Genation Tool (pgt) is wrapper built on top of scapy/kamene again which generates simulated HTTP,FTP and Email (SMTP/IMAP) protocols data along with several encoding types i.e. base64, deflate, gzip etc.

Usage

$python pgt.py ~/Desktop/sample.docx # Generates HTTP(GET/POST), FTP(active and passive), SMTP and IMAP PCAPs.

External dependencies

  • kamene [pip3 install kamene]
  • python-magic [pip3 install python-magic]

Credits

  • Major credit goes to Andrewg Felinemenace for developing this excellent utility. Those scripts can be found here
  • Mine is just an add-on with some minor fixes on top of it. :)

Keywords

pcapgen pcap wireshark pgt http imap smtp ftp protocol

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Research

/

Security News

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

By Kush Pandya  -  Nov 06, 2025