Thank you for your interest in contributing. DicomGhost is a security research tool focused on medical device network analysis — contributions that improve detection accuracy, add new protocol support, or improve usability are very welcome.
- All contributions must be for legitimate security research purposes only
- Do not submit contributions that add active attack capabilities
- Do not include real patient data, real PCAP files from live hospital networks, or any PHI in your contribution
Open a GitHub Issue and include:
- Your OS and Python version
- The command you ran
- What you expected vs what happened
- Any error output (redact any sensitive data)
Open a GitHub Issue and include:
- The protocol or attack scenario you want covered
- Why it's relevant to medical device security
- Any references (RFCs, vendor docs, CVEs)
- Fork the repo
- Create a branch:
git checkout -b feat/your-feature-name - Make your changes
- Add or update tests in
tests/ - Run the test suite:
pytest tests/ - Commit with a clear message:
git commit -m "feat: add HL7 v3 CDA detection" - Push and open a PR against
main
- Python 3.8+ compatible
- Follow PEP 8
- Type hints where practical
- Docstrings on all public classes and methods
- Keep modules focused — one protocol or concern per file
- Create
dicomghost/parsers/yourprotocol.py - Implement a class with
__init__(self, packets, flows)andanalyze() -> List[Finding] - Import and register it in
dicomghost/engine.py - Add tests in
tests/test_parser_yourprotocol.py - Document it in
docs/protocols.md
feat: add MDAP protocol parser
fix: correct HL7 PID-5 name extraction regex
docs: update DICOM detection documentation
test: add FHIR Bearer token test case
refactor: simplify flow reassembly logic
Open a Discussion on GitHub or reach out via the contact in the README.