ENNAENNA

Dshell

๐ŸŒ Network Recon ยท Python

Dshell is a network forensic analysis framework developed by the US Army Research Laboratory. It provides a Python-based infrastructure for rapidly developing custom network packet decoders and analyzers. Dshell processes pcap files through a plugin chain, enabling analysts to extract specific protocols, identify suspicious traffic patterns, and reconstruct network sessions. Included plugins handle DNS, HTTP, SMTP, NetFlow, and other protocols. Its chainable decoder architecture allows complex analysis workflows to be built from simple reusable components.

5.5kstars
1.1kforks
4issues
Updated 1y ago
+I use this
View on GitHub

Installation

$ git clone https://github.com/USArmyResearchLab/Dshell.git && cd Dshell && python3 setup.py install

Use Cases

  • Network forensic analysis of pcap captures
  • Developing custom protocol decoders
  • Extracting files and credentials from network traffic
  • Incident response network analysis

Tags

network-forensicspcap-analysispacket-decodertraffic-analysismilitary

Details

Category
๐ŸŒ Network Recon
Language
Python
Platforms
๐Ÿงlinux๐ŸŽmacos

Links

GitHub Repository

github.com/USArmyResearchLab/Dshell

Releases

github.com/USArmyResearchLab/Dshell/releases

Issues

github.com/USArmyResearchLab/Dshell/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Wireshark

C/C++

The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.

Compare Dshell vs Wireshark

Scapy

Python

Interactive packet manipulation library. Craft, send, capture, and decode network packets with a powerful Python interface.

Compare Dshell vs Scapy

Zeek

C++

Network analysis framework (formerly Bro). Deep packet inspection, protocol analysis, and security monitoring at scale.

Compare Dshell vs Zeek

Arkime

JavaScript/C

Full packet capture and search system (formerly Moloch). Indexed network traffic with a web UI for hunting and forensics.

Compare Dshell vs Arkime

More in Network Recon

Nmap

C/C++

The gold standard network scanner. Host discovery, port scanning, service/version detection, OS fingerprinting.

port-scanservice-detectionos-fingerprint

Masscan

C

Internet-scale port scanner. Transmits 10 million packets per second. Asynchronous, stateless scanning.

port-scanhigh-speedinternet-scale

RustScan

Rust

Blazing fast port scanner that pipes into Nmap. Scans all 65k ports in 3 seconds flat.

port-scanfastnmap-integration

Shodan CLI

Python

Command-line interface for Shodan, the search engine for internet-connected devices.

iotsearch-engineinternet-scan

Wireshark

C/C++

The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.

packet-captureprotocol-analysisgui

Responder

Python

LLMNR/NBT-NS/mDNS poisoner and rogue authentication server. Captures NTLMv1/v2 hashes on the network.

ntlmpoisoncredential-capture