Xplico
xplico.orgOpen Source Network Forensic Analysis Tool (NFAT)
Securitynetwork-forensicsopen-sourcepacket-analysisdigital-forensicspenetration-testingprotocol-analysisnfat
About
Xplico is an open-source network forensic analysis tool (NFAT) that extracts and reconstructs application-layer data from captured network traffic. It supports a wide range of protocols including HTTP, SIP, IMAP, POP, SMTP, and more, and provides a web-based interface backed by SQLite, MySQL, or PostgreSQL. It is included in major digital forensics and penetration testing distributions such as Kali Linux, DEFT, and Security Onion.
Problem
Extracting and reconstructing application-layer content from captured network traffic for forensic analysis is complex and time-consuming.
For
digital forensics investigators, penetration testers, and security researchers
How it works
Xplico decodes captured network packets using a Decoder Manager and IP decoder, then reconstructs application-layer data which is viewable through a multi-user web interface.
Business model
open-source
Status
launched