def getresult(path): rs=[] f=lib_rule.searchtidrules(path) if not f: return None print f grs=lib_rule.getinfo4rule(f,1) for tid,value in grs.items(): try: tids.index(tid) if os.path.isfile(path+'/tid/'+tid+'.pcap'): rs.append(tid+'\t'+'\t'.join(value)+'\t'+path+'/tid/'+tid+'.pcap') else: print tid,value[0] rs.append(tid+'\t'+'\t'.join(value)) tids.remove(tid) except Exception: pass return rs
if len(sys.argv)<3: print "rn4tid.py grule ips" print "grule,path of grule file" print "ips,path of ips rule file" exit(1) p1=sys.argv[1] #grule p2=sys.argv[2] #ips rule path,f=os.path.split(p1) os.chdir(path) try: os.mkdir('tid') os.mkdir('msg') except Exception: pass grules=lib_rule.getinfo4grule(p1) ipsrules=lib_rule.getinfo4rule(p2) for grule in grules: msg=grule['msg'] #if msg[-1].isdigit(): # msg=msg+"\xe6\x94\xbb\xe5\x87\xbb" ename=wincorrect(grule['ename']) tid=gettid(msg) if not tid: print ename continue msg=msg.decode('utf8') shutil.copy(ename+"/5.pcap","tid/"+tid+".pcap") shutil.copy(ename+"/5.pcap","msg/"+msg+".pcap")
exit() if args['-p']=='': args['-p']=os.getcwd() if not os.path.exists(args['-p']): print "the path is not exists" exit(1) if not os.path.isdir(args['-p']): print "the path must be a dir" exit(1) os.chdir(args['-p']) if args['-r']!='': if not os.path.isfile(args['-r']): print "%s is not exist,please input real path for rule file" %args['-r'] exit(1) grs=lib_rule.getinfo4rule(args['-r'],2) print "load numbers of rule:",len(grs) if len(grs): lib_pickle.dump2file(args['-p']+"/rule.pkl",grs) if args['-rpk']!='': if os.path.isfile("rule.pkl"): grs=lib_pickle.get4file("rule.pkl") print "load numbers of rule:",len(grs) else: print "rule.pkl is not exist,please input real path for rule file" exit(1) if not len(grs): print "load rules error,again" exit(1)
import os import sys import lib_rule if len(sys.argv)<3: print "USE: rule tid" print "tid: tid file or tid dir" exit(1) if os.path.isdir(sys.argv[2]): tids=lib_rule.gettid4dir(sys.argv[2]) elif os.path.isfile(sys.argv[2]): tids=lib_rule.gettid4file(sys.argv[2]) grs=lib_rule.getinfo4rule(sys.argv[1],1) print "load tid: %d" %len(tids) print "load rule: %d" %len(grs) print "=====================================================" for tid in tids: try: print grs[tid][1] except Exception: print "#have no rules for tid %s" %tid
try: if len(grs[sid]) < 2: grs[sid].append(set([cwdpcap])) else: grs[sid][1].add(cwdpcap) except Exception: grs[sid] = [msg, set([cwdpcap])] if len(sys.argv) < 4: print "use: logfile rulesfile outfile" exit(1) log = sys.argv[1] rule = sys.argv[2] out = sys.argv[3] grs = lib_rule.getinfo4rule(rule) cwdpcap = None print "load numbers of rule:", len(grs) analysis(log) outf = open(out, "w") for sid, info in grs.items(): if len(info) < 2: print sid + "\t" + info[0] continue outf.write(sid + "\t" + info[0] + "\t") for pcap in list(info[1]): outf.write(pcap + "\t") outf.write("\n") outf.close()