Deploys and queries Arkime for full packet capture network traffic analysis via API v3. Searches sessions by IP/port/protocol, downloads PCAPs, detects beaconing/C2, suspicious traffic, DNS tunneling, TLS anomalies.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
1. 安装依赖:`pip install requests`
Deploys and queries Arkime via API v3 for packet capture analysis: search sessions, download PCAPs, detect beaconing, DNS tunneling, and TLS anomalies.
Deploys and queries Arkime via API v3 for packet capture analysis: search sessions by IP/port/protocol, download PCAPs, detect C2 beaconing, monitor DNS/HTTP/TLS anomalies.
Analyzes PCAPs, Zeek logs, and NetFlow data to detect C2 beacons, lateral movement, data exfiltration, and exploit attempts in security incidents using Wireshark and tcpdump.
Share bugs, ideas, or general feedback.
pip install requestspython scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json
源:10.1.2.50 -> 185.220.101.34:443
会话数:288(24 小时内)
平均间隔:300s,抖动率:4.2%
判定:高置信度 C2 信标行为(抖动率 < 5%)