Saturday, November 14, 2015

Satori rewrite

Ok, for years I've been planning on rewriting Satori in python (or something else) and never have gotten around to it.  Well 2 weeks ago I started playing with pyshark while working with SMB packets for FOR572 class.  More on that project in the future, but it got me thinking, why go to all of the headache of writing new code to parse all those packets, instead use the power of tshark, via pyshark.

So with that said, I really do plan on Satori 2.0 (or would it be 1.0 since I never made it out of the 0.7x arena).  The future releases of Satori will be pyshark/python based with tshark on the backend to do the heavy lifting.  I plan on just coding enough to pull the needed info and query the underlying .xml files for fingerprint data.  This will get it off the ground again, though may not make it as fast as it could be, but trade offs, it is that or I probably never get back to it :)

I'm not sure I can do everything I was doing with Satori before, but I can easily do dhcp, http agent string, and some of the smb stuff I was doing.

I'm thinking about adding some SSL fingerprinting to it also.

All of this to say, evidently Satori isn't dead from my end!  Just taken a bit of a break.

2 comments:

carlos.sezahouses said...
This comment has been removed by the author.
xnih said...

nothing like "hi" on a very old thread! And no progress has been made on this.