PA Toolkit – Pentest Wireshark Extension


Analyzing network traffic is one of the most complex tasks in modern network where we have many raw material and packet stream.Finding the useful information and data that require security attention is not straightforward. TCP IP stack has grown with thousands of new application, protocols and services. Some services are for authentication protocols, tunneling, network access and more that will generate various type of traffic which contain for sure meaningful information for pentester or incident handler. If you are going to conduct network penetration test you can check PA Toolkit.

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

  • WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
  • HTTP (Listing all visited websites, downloaded files)
  • HTTPS (Listing all websites opened on HTTPS)
  • ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
  • DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)
PA Toolkit - Pentest Wireshark Extension

PA Toolkit – Pentest Wireshark Extension

The project is under active development and more plugins will be added in near future. You can read more and download this plugin over here: