Releases: odedshimon/BruteShark
Network Map Supports Domain Users And Data Transferred Amounts
This version contains few improvements and features:
First, the network map had upgraded by adding additional fields that enables to get insights about domain users and the amount of data transferred from each point in the network:
- Sent data - The amount of data (bytes) sent by the host.
- Received data - The amount of data received (bytes) by the host.
- Domains - the domains that the host is a member of.
- Domain users - domain users that logged into the host.
This fields will also appear at the "BruteShark Network Nodes Data.json" file that holds all the nodes details.
Secondly, the BruteSharkDesktop installer file was upgraded:
- Allow to upgrade existing version of BruteSharkDesktop without the need to manually remove the old version.
- Set the license also at the installer prompt.
This version of BruteSharkDesktop also includes a feature of notifying about new versions released.
Display and Export Network Node Details
This version contains an implantation of new network model.
That data structure role is to store the current network state including all the extracted items.
Apart from the fact that this refactor improves the readability and structure of the code, thanks to this data structure different display components can share information while maintaining unconsciousness from each other (e.g the Network Map user control can now access DNS records if there are any).
Main Features:
- Network Map user control now have a control describes the node details: open ports, DNS records, sessions count.
- The exported files including a new file named "BruteShark Network Nodes Data.json" that holds all the nodes details (following issue #77).
- Better performance.
Add "Clear Results" button & Bug fix
Improved Kerberos Hashes Parsing
- Fix a bug that cause Kerberos hashes over TCP hashes was not extracted due to lack of proper parsing of "Record mark" section parsing (See issue: #90 )
- Implement Kerberos TGS-REP Etype 17 and 18 hashes parsing include Hashcat export.
- Upgrade all projects NuGets.
- Add a link to download BruteSharkCli for windows.
New module: Extract Voip Calls
Both versions of BruteShark (BruteSharkDesktop & BruteSharkCli) is now capable to extract Voip calls.
- Voip calls can be exported to raw-audio files
- Example PCAP files where added to the repo.
Live Capture
Both versions of BruteShark is now capable of live capturing and analyzing network data directly from a network interface!
This version featuring all required features for operating the live capture option easily and smoothly:
- List all available network interfaces names.
- Enable configure BPF filters.
- Enable using promiscuous mode.
Improve Exporting Of BruteSharkCli
Add exporting of extracted files to BruteSharkCli.
Fix a bug while exporting network map to JSON.
Cli Single Command Mode
BruteSharkCli now has two modes: single command and shell mode. The single command mode works by geting all the relevant parameters for the processing and then printing the results to stdout or files. The shell mode allows to perform each step individually.
Example Video: https://youtu.be/GjGV5vwIGi8
Please see the 'Usage' section for detailed documentation and examples.
PCAPNG File Format Support
BruteShark can now handle pcapng files (as well as the old pcap file format).
PCAPNG example files where added to the repo at, so you can check it by yourself : https://github.com/odedshimon/BruteShark/tree/master/Pcap_Examples/Pcap_Examples_PCAPNG
New Module: Parsing DNS Data
New Module Release: DNS Module.
The module Enables to parse DNS queries.
DNS data also shown in the Network Map user window.
Thanks to @BrendanGrant for implementing this module!
