The harimau script is used to parse through a pcap file and query the harimau watchlist to check to see if the IP address exists in common botnet/malware databases. The script is included in Hex LiveCD.

Here's a screenshot of harimau in action:


Download the standalone harimau.rb script.

The script requires Scholar's pcapparser.rb script in order to read the pcap file.


Usage: ./harimau.rb <pcapfile>