A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files (pcap) or live network traffic. The main use-case is for monitoring honeypots, but you can also use it for other use cases such as network forensic analysis. fatt works on Linux, macOS and Windows. Note that fatt uses pyshark (a python wrapper for tshark) and therefore the performance is not great! But that's not a big issue as obviously this is not a tool you use in production. You can use other network analysis tools such as Bro/Zeek, Suricata or Netcap for more serious use cases. Joy is another great tool you can use for capturing and analyzing network flow data. Other than that, I'm working on a go based version of fatt which is faster, and you can use its libraries in your gopacket based tools such as packetbeat. I released the initial version of its gQUIC library (QUICk). Features Protocol support: SSL/TLS, SSH, RDP, HTTP, gQUIC. To be added soon: IETF QUIC, MySQL, MSSQL, etc.
FEATURES
SIMILAR TOOLS
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
Object scanning system with scalable and flexible architecture for intrusion detection.
A network recon framework including tools for passive and active recon
An OpenFlow honeypot that detects unused IP addresses and simulates network traffic to attract and analyze potential threats
An HTTP proxy, monitor, and reverse proxy tool for viewing HTTP and SSL/HTTPS traffic.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.