Hackers of India

Rudra - The Destroyer of Evil

 Ankur Tyagi 

2015/08/05

Rudra provides a framework for automated inspection of network capture files. It extends upon another tool called flow inspect and adds subsequent file-format aware analytics to its feature set. It consumes network capture files as input and passes them through a file type-specific analysis chain. In this chain, the file is operated upon by individual modules like:

Each of these modules sends a report JSON that is then collated to provide a highly verbose summary of the capture file. The analyst has an option of requesting the report in any one of the supported formats (JSON, HTML, PDF).

The framework provides command-line based interactive interface that exposes a file analysis object. This object can be used to scan files and generate reports. This architecture also allows quick embedding within third-party tools and applications. Most of the analysis modules accept configuration options and as such provide a faster alternative to directly tweaking codebase.

With the above listed modules and features in place, the project is still under development. There are plan to extend its functionality beyond capture files to include binary and document formats with the first public release.