Parses NetFlow v9 and IPFIX records with Python netflow library to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing via statistical baselines.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
1. 安装依赖:`pip install netflow`
Parses NetFlow v9 and IPFIX records using Python netflow library to decode flows, build baselines, and detect anomalies like port scanning, data exfiltration, volumetric spikes, and C2 beaconing.
Parses NetFlow v9/IPFIX records with Python netflow library to detect port scanning, data exfiltration, C2 beaconing, and volumetric anomalies in network traffic.
Analyzes PCAPs, Zeek logs, and NetFlow data to detect C2 beacons, lateral movement, data exfiltration, and exploit attempts in security incidents using Wireshark and tcpdump.
Share bugs, ideas, or general feedback.
pip install netflowpython -m netflow.collector -p 9995netflow.parse_packet() 解析捕获的流数据。python scripts/agent.py --flow-file captured_flows.json --output netflow_report.json
import netflow
data, _ = netflow.parse_packet(raw_bytes, templates={})
for flow in data.flows:
print(flow.IPV4_SRC_ADDR, flow.IPV4_DST_ADDR, flow.IN_BYTES)