Introducing PASTA, another SSH trafic analyser
I am glad to share with you PASTA, a student project that I co-authored with Haradwaith and M. Blue in Spring 2012.
As per its recursive acronym name, PASTA is a forensics tool to extract meaningful informations out of a traffic dump. This includes:
- trivial informations such as adresses (supports both IPv4 and IPv6), ports, duration
- client and server SSH versions and algorithms used
- idle time
- connection type (e.g. ssh, scp, tunnel)
- stepping stones detection and correlations between different connections
So if you have a traffic capture on a server which was used as a stepping stone, PASTA should identify the two connections used in the chain, and also evaluate the number of stepping stones remaining before getting to the last server of the chain.
The program works thanks to tshark and Python 2.7, and is highly modular: you can easily create your own plugin to extends the feature set.
If you want to give it a try, feel free to download or octogitpus it on GitHub!