tcpxtract Logo

tcpxtract

0
Free
Visit Website

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called 'carving') is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. Driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and are commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG are that they only support three file types with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundaries. Tcpxtract features the following: Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file. With a quick conversion, you can use your old Foremost config file with tcpxtract. Custom written search algorithm is lightning fast and very scalable. Search algorithm searches across packet boundaries for total coverage and forensic quality. Uses libpcap, a popular, portable, and stable library.

FEATURES

ALTERNATIVES

A Profiling Method for SSH Clients and Servers.

PFQ v6.2 is a functional framework for Linux optimized for efficient packet capture/transmission and in-kernel processing.

A fast domain resolver and subdomain bruteforcing tool

A tool for discovering and enumerating external attack surfaces

Automate mass scanning of technologies used on websites

Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.

Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.

A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.

PINNED

ImmuniWeb® Discovery Logo

ImmuniWeb® Discovery

ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Attack Surface Management
InfoSecHired Logo

InfoSecHired

An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Resources
Mandos Brief Newsletter Logo

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Resources
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Check Point CloudGuard WAF Logo

Check Point CloudGuard WAF

A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
Wiz Logo

Wiz

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Cloud Security