Autor Thema: NetworkMiner  (Gelesen 1099 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner
« am: 30 Mai, 2010, 12:15 »
Anwendung zur Analyse von Netzwerken, um Schwachstellen zu identifizieren; gibt Informationen über offene Ports und Verwundbarkeiten eines einzelnen Rechners sowie über den Datenverkehr innerhalb eines Netzwerks.

http://www.netresec.com/?page=NetworkMiner

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 1.00
« Antwort #1 am: 26 Juli, 2011, 17:33 »
NetworkMiner 1.00 2011-02-5 Erik Hjelmvik

* FileStreamAssembler.cs: Implemented support to avoid reserved file and folder
names such as COM2, LPT1 and CON for files extracted to disk.

* SmtpPacket.cs: Extended the protocol parser to handle multiple requests and
responses in a single SMTP packet.

* TlsRecordPacketHandler.cs: Improved parsing of SSL/TLS traffic to use the
underlying TCP stream properly in order to handle TLS record breakes on
non-even TCP packet boundaries.

* TcpPortProtocolFinder.cs: Added more default TCP service ports: 8021=FTP,
5223+8170+8443+9001+9030=SSL

* Converted Visual Studio project to Visual C# 2010 format, .NET framework
is still let back in 2.0 so that NetworkMiner will be able to run on as
many machines as possible.

* Improved TCP reassembly to support out-of-order TCP segments that are
paritally overlapping.

* NetworkTcpSession.cs: Modiefied FinPacketReceived to require a FIN in each
direction in order for the session to be closed.

* FtpPacketHandler.cs: File sizes are extracted from the FTP control session
and stored to the file stream assembler object for better file size precision.

* PacketFactory.cs: Added support for Per-Packet Information header
(WTAP_ENCAP_PPI) as used by Kismet and sometimes Wireshark WiFi sniffing.

* PacketHandler.cs: Added extraction of Facebook as well as Twitter messages
into the message tab. Added support to extract emails sent with Microsoft
Hotmail (I.e. Windows Live) into Messages tab.

* NetworkCredential.cs:
- Added extraction of twitter passwords from when settings are changed.
Facebook user account names are also extracted (but not Facebook
passwords).
- Added extraction of gmailchat parameter from cookies in order to
identify users through their Google account logins.

* MacCollection.cs: Fixed bug with incorrect NIC vendor extraction. Also
added support for the original IEEE OUI file format as used in:
http://standards.ieee.org/regauth/oui/oui.txt

* SyslogPacket.cs: Added protocol parser for Syslog. Syslog messages are
displayed on the Parameter tab.

http://sourceforge.net/projects/networkminer/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 1.6.1
« Antwort #2 am: 25 Oktober, 2015, 12:03 »
Changelog
ReceivePcapOverTcpForm.cs: Removed call to Application.DoEvents() to make
   PCAP-over-IP feature more reliable.

   * NetworkMinerForm.cs: Removed calls to Application.DoEvents().

NetworkMiner 1.6   2014-06-16

   * DnsPacket.cs: Added error handling of recursive DNS Name Labels that
   contains a forever-loop pointer. Thanks to Dan Eriksson (of FM CERT fame)
   for notifying us about this bug!

   * NetworkMinerForm.cs: Removed sniffing capability from GUI when running
   NetworkMiner under Mono (in Linux for example). Users should instead use the
   PCAP-over-IP feature to perform live sniffing in Linux, OSX etc.

   * NetworkMienrForm.cs: Files and images can now be drag-and-dropped to any
   desired application or location directly from the "Files" and "Images" tabs
   in the GUI.

   * SmtpPacketHandler.cs: Improved extraction of SMTP e-mails and attachments

   * Rfc2047Parser.cs: Added simple parser for RFC 2047 encoding in order to
   properly parse strings in SMTP headers, such as subject lines and attachment
   filenames.

   * PcapFileWriter.cs: Increased file buffer size to 8MB for improved performance

   * PacketHandler.cs: Increase packet queue size to 16000 packets for live
   sniffing

   * NetworkHost.cs: Fixed OS fingerprinting mixup where Apple iOS was
   confused with Cisco IOS.

   * DnsPacket.cs: Added DNS response error messages like NXDOMAIN and
   SERVFAIL to DNS tab. Thanks to Lenny Hansson for the idea!

   * PcapOverIP: Moved PCAP-over-IP implementation from the Professional
   edition of NetworkMiner into the Free Open Source version.

   * PcapStreamReader.cs: Improved performance of backgroundStreamReader by
   making sleep durations adaptive. This has significant impact on computers
   and VM's with limited CPU resources.

NetworkMiner 1.5   2013-09-10   Erik Hjelmvik

   * ErfFrame.cs: Added support to parse pcap files containing Extensible
   Record Format (ERF) frames.

   * PointToPointOverEthernetPacket.cs: Added PPPoE protocol parser.

   * PointToPointPacket.cs: Improved PPP parser to support non-HDLC type PPP
   packets. Example: "AOLTraffic_00000_20071029163901.pcap" from pcapr.net

   * NetworkMinerForm.cs: Added feature to load keywords from text file.
   
   * FileStreamAssembler.cs: Fixed directory traversal vulnerability. Thanks
   to Alyssa Milburn for discovering and notifying us regarding this vulnerability!

   * FileStreamAssembler.cs: Improved exception handling, especially for SMTP
   Thanks to Jonas Lejon for supplying captured packets that triggered the
   exception!

   * NetworkWrapper.Utils.Security.cs: Added detection of DLL Injection.
   Thanks to Ucha Gobejishvili for reporting this vulnerability!

   * NetworkMinerForm.cs: Fixed NullReferenceException when masking credentials
   with null values. Thanks to Claus Valca for finding this bug.

   * UdpPortProtocolFinder.cs: Added parsing of LLMNR DNS queries over UDP 5355

NetworkMiner 1.4.1   2012-08-29   Erik Hjelmvik
   
   * PacketHandler.cs: Now allowing large "virtual" frames for reassembled
   TCP streams.

   * IEC-104_PacketHandler.cs: Fixed confusion about what TCP endpoint a command
   is sent from when server and client have the same IP.

NetworkMiner 1.4   2012-08-12   Erik Hjelmvik

   * DhcpPacketHandler.cs: DHCP option data is now extracted to the parameters
   tab. Thanks to Paul Cockayne for the idea.

   * IPv4Packet.cs: Fragmented IPv4 packets are now properly reassembled to
   full IP packets with payload.

   * IEC_60870-5-104Packet.cs: Implemented the SCADA protocol IEC 60870-5-104.
   Thanks to Aivar Liimets from Martem for his great support on this one!

   * PacketHandler.cs: Added proper timestamps to detected anomaly events and
   improved ARP poisoning reporting to anomalies tab.

   * NetworkMinerForm.cs: Verification of file extention is completely removed.
   Files with any extention can now be loaded, as long as they are valid
   libpcap files.

   * NetworkMinerForm.cs: Added "Clear GUI" button to Tools menu.

   * NetworkMinerForm.cs: Added option to show/hide cookies, NTLM challenge-
   responses as well as the ability to mask passwords in credentials tab.
   
NetworkMiner 1.3   2012-04-12   Erik Hjelmvik

   * NullLoopbackPacket.cs: Added support for the Null / Loopback link layer
   packets used when sniffing localhost on BSD operating systems.

   * NetworkTcpSession.cs: Modified getter for FinPacketReceived to solve the
   bug found by TCB13.

   * HttpPacket.cs: Added extraction of usernames from Digest Authorization
   such as those found in web_recon.pcap in:
   http://uscc.cyberquests.org/february2012.php

   * HttpPacketHandler.cs: Added HTTP headers to Parameters tab.

   * HttpPacketHandler.cs: Added HTTP X headers, such as x-up-calling-line-id
   and HTTP_X_UP_CALLING_LINE_ID, to host details under ExtraDetails.

   * NetworkMinerForm.cs: Added support to load .raw files as pcap files, such
   as those generated from Sguil. Thanks to Doug Burks for the idea!

   * NetworkMinerForm.cs: Disabled nag-dialogue-box about WinPcap not being
   installed on startup since NetworkMiner is primarily designed to be a pcap
   parser rather than a sniffer.

   * StringManglerUtil.cs: Added support to handle null strings in
   GetExtension function.

   * MultiPart.cs: Added exception handler to ReadHeaderAttributes function
   to avoid exceptions from negative length Substring calls.

   * NetworkMinerForm.cs: Added the option of selecting a different cleartext
   database file in the "Cleartext" tab. This feature can be used in order to
   for example look for text in a specific language.
   
   * IPv4Packet.cs: Error handling of IP packets with fragment offset > 0.
   Thanks to Aivar Liimets for finding this bug.

NetworkMiner 1.2   2011-11-19   Erik Hjelmvik

   * Updated directory separators to be platform independent. This means that
   NetworkMiner can now be run on Linux, Mac etc. with Mono:
   http://www.mono-project.com/
   
   * PcapStreamReader.cs: Updated exception handling to cope more nicely with
   end-of-stream issues, such as PCAP files cut in the middle of a frame.
   Thanks to James Lay for identifying this bug.

   * SmtpPacketHandler.cs: Added exception handler to fileData.AddRange() call

   * PartBuilder.cs: Added support for extracting data from non-multipart data

   * HttpPacketHandler.cs: Added support for extracting emails from AOL webmail
   as in here: http://forensicscontest.com/2011/10/11/puzzle-10-the-l33t-pill

   * GrePacket.cs: Added GRE protocol implementation.

   * PacketHandler.cs: Added code to extract messages from unencrypted
   SquirrelMail webmail, comments on Wordpress and comments on Blogspot.

   * NetworkCredential.cs: Unencrypted login credentials to SquirrelMail
   webmail are now extracted to the credentials tab.

   * HttpPacketHandler.cs: Updated "Details" column in "Files" tab to display
   [http.host][http.request.uri] insted of just [http.request.uri].

NetworkMiner 1.1   2011-09-15   Erik Hjelmvik

   * NetworkMinerForm.cs: Fixed so that one or multiple pcap files can be
   loaded on startup by drag-n-droping them onto NetworkMiner.exe. Same thing
   goes for when providing pcap files as command line arguments.

   * PacketHandler.cs:
      - Fixed concurrency issues by locking the correct queue object. Thanks to
        psteier for being first to find and solve this bug!
      - Added new PacketHandler for NetBiosSessionService

   * PointToPointPacket.cs: Added support for PPP frames in pcap files, such
   as this one: http://www.pcapr.net/view/tyson.key/2009/8/2/13/Social_Networks_and_RSS_00005_20090929212859.html

   * SmbCommandPacketHander.cs: Added FileID to assembler's ExtendedFileId in
   order to support multiple simultaneous SMB file transfers over the same TCP
   session. Thanks to I S for reporting this bug!

   * NetBiosSessionService.cs: Implemented interface ISessionPacket and added
   support for the NetBios Session Service session keep-alive message

   * WinPCapNative.cs: Changed CallingConvention to Cdecl

   * PcapFileReader.cs: Added a more generic base class "PcapStreamReader" that
   PcapFileReader extends to parse a FileStream rather than an IO-stream.

   * HttpPacketHandler.cs: Added support to extract data submitted to Google
   Analytics into "Host Details". This includes attributes like:
    - Screen resolution
    - Color depth
    - Browser language
    - Flash version

[close]

http://sourceforge.net/projects/networkminer/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 2.0
« Antwort #3 am: 11 Februar, 2016, 12:28 »
Changelog

SMB/CIFS parser now supports file extraction from SMB write operations.
Added parser for SMB2 protocol (read and write).
Additional IEC-104 commands implemented.
Added Modbus/TCP parser (as requested by attendees at 4SICS 2014).
Improved SMTP parser.
Improved FTP parser.
Improved DNS parser.
GUI flickering is heavily reduced when loading PCAP files or doing live sniffing.
Extraction of web server favicon images (shown in Hosts tab).
Added "Keyword filter" to several tabs (see more details below).

[close]

http://www.netresec.com/?page=Networkminer

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 2.1.1
« Antwort #5 am: 29 April, 2017, 19:00 »
Whats new:>>

Improved HTTP parser

http://www.netresec.com/?page=NetworkMiner

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 2.2.0.0
« Antwort #6 am: 29 Oktober, 2017, 10:00 »
Whats new:>>

Improved HTTP parser

http://www.netresec.com/?page=NetworkMiner

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 2.5.0.0
« Antwort #7 am: 22 November, 2019, 13:29 »
Whats new:>>

    Improving Passive TLS Analysis with JA3
    HTTP/2 and DoH Support
    Extracting Kerberos Hashes from PCAP
    Even more NetBIOS and CIFS Artifacts
    Mono 5 Required for Linux and MacOS

http://www.netresec.com/?page=NetworkMiner

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 2.7.0.0
« Antwort #8 am: 16 Juni, 2021, 22:00 »
Whats new:>>

    Extracts print files from LPR,
    parses DNS TXT and SRV records,
    computes JA3S hashes etc.

http://www.netresec.com/?page=NetworkMiner

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 2.7.2.0
« Antwort #9 am: 15 November, 2021, 23:00 »
Whats new:>>

The ETL support is not the only new feature in NetworkMiner 2.7.2 though. We have also added support for the ERSPAN protocol. The FTP parser has also been improved to support additional commands, such as AUTH (RFC2228).
We've also added a useful little feature to the context menu of the Parameter's tab, which allows users to send extracted parameters to CyberChef (on gchq.github.io) for decoding.

https://www.netresec.com/index.ashx?page=NetworkMiner

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
NetworkMiner 2.7.3.0
« Antwort #10 am: 04 April, 2022, 19:00 »
Changelog


    Extraction of Meterpreter Payloads:

    NetworkMiner 2.7.3 supports extraction of meterpreter DLL payloads from reverse shell TCP sessions deployed with Metasploit. The free version of NetworkMiner will try to extract the meterpreter DLL from TCP sessions going to "poker-hand ports" commonly used for meterpreter sessions, such as 3333, 4444, 5555, etc. The port-independent protocol detection feature available in NetworkMiner Professional additionally enables extraction of meterpreter DLLs regardless which LPORT the attacker specifies when deploying the reverse shell.

    Packet Carving in NetworkMiner Professional:

    If you try to open anything other than a PCAP, PcapNG or ETL file in NetworkMiner Professional, then you'll be presented with an option to carve packets from the opened file as of this release.
    The packet carver can extract packets from any structured or unstructured data, such as memory dumps and proprietary packet capture formats. NetworkMiner Pro's carver is a simplified version of the packet carving feature in CapLoader.

    Offline Matching of JA3 and X.509 hashes:

    NetworkMiner 2.7.3 comes with a local copy of the SSL Certificate and JA3 Fingerprint Blacklists from the awesome abuse.ch project. JA3 hashes and extracted X.509 certificates are matched against these lists in order to see if they are associated with any piece of malware or botnet.
    The port-independent protocol detection feature in NetworkMiner Professional additionally enables X.509 certificates to be extracted even from non-standard TLS ports, such as this certificate, which is identified as "BitRAT" with help of the abuse.ch certificate block-list.

    DBSBL Lookup Detection:

    DNSBL services are used by servers handling incoming email to verify that the sender's IP address isn't a known SPAM sender and that it isn't from a network that shouldn't be sending emails.
    But DNSBL services can also be used by malware and botnets, such as TrickBot and Emotet, to verify that the public IP of a victim is allowed to send emails and that it hasn't already been blacklisted for sending SPAM. We have therefore decided to add DNSBL lookups to the Host Details section in NetworkMiner 2.7.3.
    DNSBL lookups are also logged to the "Parameters" tab of NetworkMiner.

    Additional Features and Updates:

    We'd also like to mention some additional new features, bug fixes and improvements that have been included in this new release.
    Support for HTTP CONNECT request method to extract artifacts like X.509 certificates and JA3 hashes from HTTPS traffic passing through a web proxy.
    Traffic to TCP ports 3000 and 8000 are now configured to be parsed as HTTP by default in order to handle WEBrick traffic.
    Improved extraction of SMTP credentials.
    JA3 hashes were previously incorrect for clients that supported more than one EC point format (RFC 8422). This has now been fixed.
    Support for SLL2 (Linux cooked capture v2) frames.
    Improved handling of concurrent GUI events, for example when poking around in the "Hosts" tab while loading a PCAP file or doing live sniffing.
    NetworkMiner's GUI no longer reloads between each PCAP file when multiple files are loaded at once.

    New Features in NetworkMiner Professional:

    We have also added a few new features exclusively to NetworkMiner Professional, which is the commercial version of NetworkMiner. Apart from the packet carver feature, mentioned earlier in this blog post, we've also updated the collection of OSINT lookup services available in the GUI. One of the newly added services is Ryan Benson's unfurl, which picks apart URLs to reveal data that might have been encoded into a complex URL. The unfurl lookup can be found by right-clicking an URL in NetworkMiner Professional's "Browsers" tab and selecting the "Lookup URL" sub menu.
    Other OSINT services that we've added are FileScan.IO and JoeSandbox lookups of extracted files. These lookups can be performed by right clicking a file in the "Files" tab and opening the sub-menu called "Lookup Hash".
    The command-line version of NetworkMiner Professional, NetworkMinerCLI, has also been updated to allow extracted information to be printed directly on standard output instead of logging everything to files.

[close]

https://www.netresec.com/index.ashx?page=NetworkMiner

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )