International Journal of Science, Engineering and TechnologyAuthors: Professor Dr.A. Neelamadheswari, Assistant Professor Mr.K.S.Arun, M.E. Ph.D Aloysius Rosario K, Aasif Ahameed S, Arunkumar M
Abstract: In the current digital landscape, real-time monitoring and assessment of network domain safety are essential for proactive cybersecurity defense. This project introduces a Python-based live domain safety monitoring tool that leverages network packet analysis to evaluate and visualize the security posture of domains accessed within a network. The tool integrates the power of tshark, the command-line interface of Wireshark, to capture live DNS, HTTP, and SSL/TLS traffic, extracting relevant protocol and domain information for immediate analysis. At the core of the system is a dynamic scoring mechanism that assigns and adjusts safety scores to each detected domain. Domains are initially assigned a neutral score, which is then modified based on a set of heuristic rules. For instance, domains with suspicious characteristics—such as those starting with "malware" or containing the substring "phish"—are penalized, reflecting their higher likelihood of being malicious. The tool also evaluates the security of the communication protocol: traffic over HTTP results in score deductions due to its inherent insecurity, while HTTPS and SSH connections are rewarded for their stronger security guarantees. This flexible scoring approach allows the system to adapt to evolving threat patterns and user behavior. To further enhance situational awareness, the tool incorporates a Man-in-the-Middle (MITM) risk assessment for each domain. By considering both the protocol in use and the domain’s current safety score, the system categorizes MITM risk as High, Medium, or Low. Domains accessed via insecure protocols, those with low safety scores, or those containing phishing indicators are flagged as high risk, enabling rapid identification of potential attack vectors. Visualization is a key feature of the tool, achieved through the rich Python library. The console interface displays a continuously updating table of observed domains, their protocols, safety scores, and MITM risks, all color-coded for quick interpretation. This real-time feedback loop empowers network administrators and security analysts to take immediate action in response to emerging threats, such as isolating compromised hosts or blocking access to dangerous domains.
DOI: http://doi.org/10.61463/ijset.vol.13.issue3.183
