✨ Features

• Supports .pcap & .pcapng formats
• Regex-based pattern matching
• Auto-detection: URLs, JWTs, IPs, Emails
• HTTP headers, DNS queries, TCP stream reassembly
• Base64/Hex recursive decoding
• Source-aware artifact tagging (where it was found)
• Total hits summary with exact locations

📦 Installation

git clone https://github.com/Saketkesar/Stichtted.git
cd Stichtted
pip install -r requirements.txt

🧠 Command Usage

# Scan single file for HTB flags
python3 stichtted.py -f challenge.pcap -l "HTB{.*?}"

# Scan directory
python3 stichtted.py -d ./captures -l "SKT{.*?}"

# Search for URLs
python3 stichtted.py -f netlog.pcapng -l "https://[a-zA-Z0-9./?=_-]+"

# Match JWT tokens
python3 stichtted.py -f encoded.pcap -l "eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+"

🧪 Output Example

✅ Found: 3 matches
 ↪ 1: SKT{flag_1}  [Packet #7, DNS layer, Base64 decoded]
 ↪ 2: SKT{flag_2}  [Packet #21, HTTP payload]
 ↪ 3: SKT{flag_3}  [Packet #37, TCP stream]

⚙ Requirements

• Python 3.8+
• Scapy
• PyShark (requires tshark installed)

🌌 About

STICHTTED is a PCAP analyzer designed by S4k3t for raw packet lovers, CTF champions, and red teamers. Galaxy-themed, optimized for deep traffic dives and decoding chaos.