def extract_devices(self):
"""
Extract devices from the captured packets.
Returns:
pandas.DataFrame:
Device parameters extracted from the captured packets.
"""
devs = pd.DataFrame(
columns=["MAC", "Vendor", "Times", "Frame Subtypes"])
if (self.packets.empty):
return devs
macs = self.packets["MAC"].unique()
ML = MacLookup()
ML.update_vendors()
for mac in macs:
frames = self.packets.loc[self.packets["MAC"] == mac]
if (mac[1] == "2" or mac[1] == "6" or mac[1] == "a"
or mac[1] == "e" or mac[1] == "A" or mac[1] == "E"):
vendor = "Randomized"
else:
try:
vendor = ML.lookup(mac)
except KeyError:
vendor = "Unknown"
mins = np.unique(
np.array([(60 * tm.hour + tm.minute)
for tm in frames["Time"]]))
subtypes = frames["Frame Subtype"].unique()
devs.loc[len(devs)] = [mac, vendor, mins, subtypes]
return devs
def find_mac(mac_addr):
mac_data = MacLookup()
mac_data.update_vendors()
try:
return mac_data.lookup(mac_addr)
except KeyError:
return "Unknown"
class NmapMacScan(NmapBasic):
def __init__(self, networks, unknown="unknown"):
super().__init__(networks)
self.unknown = unknown
self.mac_search = MacLookup()
def update_mac(self, ip):
"""
Update Mac info
:param ip: IP address (ie: 192.168.1.1)
:return: True if MAC is found, False otherwise
"""
mac = getmac.get_mac_address(ip=ip)
if mac is None:
return False
else:
self.scan_results[ip]["macaddress"] = mac
return True
def update_vendor(self, ip):
"""
Update MAC vendor if Mac is found
:param ip: IP address (ie: 192.168.1.1)
:return: None
"""
logging.debug("Updating MAC table")
self.mac_search.update_vendors()
vendor_fetch = self.mac_search.lookup(
self.scan_results[ip]["macaddress"])
self.scan_results[ip]["vendor"] = vendor_fetch
def correct_missing_mac(self, host):
"""
Correct description if macaddress is not found
:param host: host key in scan_results
:return: None
"""
if not self.scan_results[host]["macaddress"]:
self.scan_results[host]["description"] = self.unknown
self.scan_results[host].pop("macaddress")
def scan(self):
"""
Scan defined networks and conditionally check for mac vendor
:return: scan_results = list()
"""
for host, v in self.scan_results.items():
if v.get("macaddress") or self.update_mac(host):
self.update_vendor(ip=host)
self.correct_missing_mac(host)
return self.scan_results
def run(self):
return self.scan()
class maclookup():
def __init__(self):
self.async_mac = AsyncMacLookup()
self.mac = MacLookup()
def UpdateVendorList(self):
print("Updating MAC address vendor list")
self.mac.update_vendors()
print("MAC address vendor list has been updated")
def lookup(self, addr):
try:
loop = asyncio.get_event_loop()
vendor = loop.run_until_complete(self._lookup(addr))
return vendor
except Exception as e:
print(e)
print(addr)
async def _lookup(self, mac_addr):
return await self.async_mac.lookup(mac_addr)
#! /usr/bin/python3 from mac_vendor_lookup import MacLookup, BaseMacLookup mac = MacLookup() mac.update_vendors()
#!/usr/bin/env python3
import pandas as pd
import pickle
import dns.resolver, dns.reversename
from mac_vendor_lookup import MacLookup
from os import path
import math
macresolver = MacLookup()
macresolver.update_vendors()
router = '00:04:4b:e4:08:c5'
result = {}
def process(f, r):
r[f] = {}
df = pd.read_csv(f)
for index, row in df.iterrows():
d = row.to_dict()
#print(d)
size = 0.0
if not math.isnan(float(d['UDP.Length'])):
size = float(d['UDP.Length'])
elif not math.isnan(float(d['Payload.Length'])):
size = float(d['Payload.Length'])
if d['Ethernet.SrcMAC'] == router: #download
addr = 'IPv4.SrcIP'
direction = 'dw'
mac = d['Ethernet.DstMAC']
try:
