Overview
PacketSnitch is a network packet analysis tool consisting of a Python backend for extracting payloads and rich metadata from .pcap files, and an Electron-based frontend for browsing, filtering, visualizing, and post-processing the results. Recent frontend additions include the Internet Heatmap worldmap view, the PGP workspace, expanded Settings and bridge controls, saved-filter library workflows, context-menu manual Conv file import, and frontend-driven LLM workflows.
Documentation
- Backend Documentation — Python backend (
snitch.py) plus the Electron bridge HTTP service mode: usage, arguments, output structure, transport modes, and searchable attributes. - Frontend Documentation — Electron frontend: UI workspaces, worldmap/heatmap, PGP tooling, settings, LLM flows, and bridge controls.
- Themes Documentation — Theme engine reference: theme JSON schema, custom logos, color variables, and opacity controls.
- Context Menu Reference — Right-click context menu: copy, convert, filter, keystore, notes, and export options.
- Filter Reference — Complete guide to the filter bar: all filter keys, search syntax, operators, boolean combinators, and examples.
Demo
Quick Start
Download – grab the latest prod release:
The latest release can be found on the releases page.
OR…
Build – build it from source code:
- Clone the repository, this can be done via:
git clone https://github.com/oxasploits/PacketSnitch.git. - Move into the PacketSnitch direcotry:
cd PacketSnitch. - Use NPM to install build dependancies:
npm install. - If on Linux (specifically Fedora) run:
npm run patch-rpm-build. - Build the project, this compiles the backend and frontend:
npm run make. - You can now launch the dev version using:
npm start! - Note: The installer is also packaged at:
./out/make/*
Install – install the package:
Linux:
sudo dnf install ./out/make/*/packetsnitch-*.rpm # redhat/centos/fedora
sudo apt install ./out/make/*/packetsnitch-*.deb # debian/kali/ubuntu
Windows:
Click: PacketSnitchInstaller.exe
Launch — launch the desktop app:
packetsnitch # Linux
packetsnitch.exe (or click) # Windows
Samples
Load a capture and start analyzing!
In the samples folder there are some sample captures for you to play with. PacketSnitch is compatible with both pcap and pcapng style captures.
Note: Some of the samples folder captures are for internal testing purposes, and their protocols have varying coverage as far as compatibility goes inside PacketSnitch. Some may even crash PacketSnitch or any number of other things! You have been warned!
Some captures you can test the code with:
- HTTP with compression
- HTTP with images to carve
- FTP with some tranferred files and creds
- Some BGP packets
- Some ATM packets from an DSL modem
- An exploit working against HUSTOJ
If you want to test anything else, a great resource is the Wireshark Sample Captures Page, I would get started there.
Have fun!
License
Contact Resources
Project Head: Marshall Whittaker marshall@oxasploits.com
Thanks / Contibutions
- Marshall Whittaker (project design, primary frontend/backend dev)
- Vesteria (backend tor node detection code)
- blissfulboy (frontend design suggestions and feedback)
- kusanagi (frontend feedback and some sponsorship stuff)
- Martin Ollivere (Rat on wheel spinning gif)
- tiamo64 (Performance optimizations)
- aestetix (inspiration on how this documentation page should be formatted)
- Everyone else who has tested or contributed in some way, big or small, thank you!
Sponsors
If you sponsor PacketSnitch, your name and a link of your choice will be added here!
