tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called 'carving') is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. Driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and are commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG are that they only support three file types with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundaries. Tcpxtract features the following: Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file. With a quick conversion, you can use your old Foremost config file with tcpxtract. Custom written search algorithm is lightning fast and very scalable. Search algorithm searches across packet boundaries for total coverage and forensic quality. Uses libpcap, a popular, portable, and stable library.
FEATURES
SIMILAR TOOLS
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
A free, open-source network protocol analyzer for capturing and displaying packet-level data.
WireGuard is a fast, simple, and secure VPN that uses cutting-edge cryptography, designed for ease of use and performance.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
NBD is a user-space network protocol for sharing block devices over a network, allowing clients to access block devices on a server as if they were local.
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.