tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called 'carving') is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. Driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and are commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG are that they only support three file types with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundaries. Tcpxtract features the following: Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file. With a quick conversion, you can use your old Foremost config file with tcpxtract. Custom written search algorithm is lightning fast and very scalable. Search algorithm searches across packet boundaries for total coverage and forensic quality. Uses libpcap, a popular, portable, and stable library.
FEATURES
ALTERNATIVES
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
A set of interrelated detection rules for improving detection and hunting visibility and context
A featured networking utility for reading and writing data across network connections with advanced capabilities.
Passively maps and visually displays ICS/SCADA network topology for network security
Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.
A collection of PCAPs for ICS/SCADA utilities and protocols with the option for users to contribute.
Load-balancing solution by Microsoft Azure with global infrastructure and financial guidance.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.