flare-vm
flare-vm copied to clipboard
mandiant
Add NetworkMiner
https://www.netresec.com/?page=NetworkMiner
I'd be happy to help get NetworkMiner included in the "Networking" or "Forensic" category of FLARE VM.
The supported file transfer protocols in Wireshark’s “File, Export Objects” menu are HTTP, IMF, SMB and TFTP. NetworkMiner automatically extracts files from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3 and IMAP traffic when a capture file is loaded.
Many incident responders also like the “Hosts” tab in NetworkMiner, which provides a nice overview of the hosts that have communicated in the loaded PCAP file(s). The hosts view shows the results of NetworkMiner’s OS fingerprinting, which ports are open, JA3 hashes and a great deal of other meta data about each observed IP address.
You can find some screenshots of NetworkMiner’s Hosts tab in the NetworkMiner 2.5 release blog post.
Thank you for your feedback! We've been working on major updates to FLARE VM over the last year. The now revamped FLARE VM has just been released and will make the project more open and maintainable. Please check out our blog post at https://www.mandiant.com/resources/blog/flarevm-open-to-public and give the new installation a try.
If this problem still persists with the new installation, please report:
- new tools or tool-related issues at https://github.com/mandiant/VM-Packages/issues
- ideas and issues related to the installer script and configuration at https://github.com/mandiant/flare-vm/issues
Please note that we use this message to close all legacy issues in this repository. We look forward to your feedback and support for the next generation of FLARE VM.
