chopshop - Protocols Analysis/Decoder Framework.

chopshop – Protocols Analysis/Decoder Framework.

ChopShop is a MITRE developed framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft.
Note that ChopShop is still in perpetual beta and is dependent on libnids/pynids for the majority of its underlying functionality.

The chopshop program is a Python script designed to be run on the command line. It requires Python 2.6+ and pynids to be installed. It also requires “modules” to be created that do the processing of network data. ChopShop, by itself, does not do any processing of pcap data – it provides the facilities for the modules to do so.

chopshop

Dependencies:
+ python 2.6 or higher
+ pynids
+ libnet and libpcap

Usage:

Source: https://github.com/MITRECND