Metadata-Version: 2.1
Name: plotcap
Version: 0.3.0
Summary: PlotCap - a simple network visualization tool
Home-page: https://github.com/darknetehf/plotcap
License: MIT
Keywords: packaging,poetry
Author: Darknet ehf
Author-email: info@labs.darknet.com
Maintainer: Darknet ehf
Maintainer-email: info@labs.darknet.com
Requires-Python: >=3.11,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Scientific/Engineering :: Visualization
Classifier: Topic :: Security
Classifier: Topic :: System :: Networking
Classifier: Topic :: System :: Networking :: Monitoring
Requires-Dist: netaddr (>=0.10.1,<0.11.0)
Requires-Dist: pyvis (>=0.3.2,<0.4.0)
Requires-Dist: pyyaml (>=6.0.1,<7.0.0)
Requires-Dist: scapy (>=2.5.0,<3.0.0)
Project-URL: Repository, https://github.com/darknetehf/plotcap
Description-Content-Type: text/x-rst

==========
PlotCap
==========

PlotCap - a simple network visualization tool.

.. image:: preview.png
  :align: center
  :alt: Sample

.. contents:: Table of Contents

Introduction
============

PlotCap is a simple command line tool written in Python and based on PyVis, that parses network capture files (produced by tools such as tcpdump or Wireshark) to render a graph of the network topology in a web page.

PlotCap was designed for red team engagements, with the aim of quickly mapping out relationships between devices ("nodes") in a network.
Target groups are: network administrators, penetration testers and curious people.

Visualization can be performed at layer 2 (MAC addresses) and layer 3 (IP addresses).
Layer 2 is the default. The tool attempts to resolve MAC addresses unless directed otherwise.

Usage
=====

.. code-block:: bash

    plotcap  -f capture.cap

This is equivalent to:

.. code-block:: bash

    plotcap  -f capture.cap --layer2

or:

.. code-block:: bash

    plotcap  -f capture.cap --layer2 --resolve-oui

Do not resolve MAC addresses:

.. code-block:: bash

    plotcap  -f capture.cap --layer2 --no-resolve-oui

Show IP addresses:

.. code-block:: bash

    plotcap  -f capture.cap --layer3


Limitations
===========

- Although this is a command line tool, it requires a graphical environment and a web browser to render network maps. On headless systems we suggest using Xvfb to set up virtual sessions.
- PlotCap was tested on Linux only
- MAC addresses may not always be resolved to manufacturer names, especially if address randomization comes into play
- See the TODO file for more missing features
