def pcap_module(self):
print ''
cprint('Pcap file module', 'green')
print '=======================\n'
print ' read <filename> Reads a pcap file into narith from given filename'
print ' count provides the number of packets in read pcap file'
print ' interface provides the used interface in the on recorded session'
def domain_module(self):
print ''
cprint('Domains module', 'green')
print '=======================\n'
print ' www prints out all remote hostnames'
print ' all prints all occurances of all hostnames during session'
print ' search <infix> reads a substring and searches for domains that match'
def __init__(self, filename=None, binary=None):
self.__records = []
self.__packets = []
if filename and (type(filename) is str) and (len(filename) < 256):
self.__packet_count = 0
self.__interface = 0
try:
self.__file = IOManager(filename, 'r')
except:
cprint('[!] File %s does not exist' % filename, 'red')
return
try:
self.__global_header = self.GlobalHeader(self.__file.read(24))
(self.__packet_headers, self.__packets) = \
self._parseFromFile(self.__global_header.parse)
except:
cprint('[!] Invalid pcap file format', 'red')
return
elif binary and (type(binary) is str):
self.__binary = binary
self.__global_header = self.GlobalHeader(binary[:24])
(self.__packet_headers, self.__packets) = \
self._parseFromBin(binary[24:], self.__global_header.parse)
else:
raise ValueError, "Invalid filename length or binary data type"
def core(self):
print ''
cprint('List of core modules', 'red')
print '====================='
print ' pcap Specialized in extracting data from pcap'
print ' local Specialized in extracting data about local user'
print ' domain Specialized in extracting data about domain names'
def session_module(self):
print ''
cprint('Session information module', 'green')
print '=======================\n'
print ' all Lists all sessions information'
print ' search <infix> Searches for sessions with hosts which contain the infix'
print ' www Lists all sessions with www domain name'
print ' protocol Lists sessions which uses certain protocol'
def read(self, files):
p = []
for f in files:
pp = Pcap(f)
p.append(pp)
if pp.length:
cprint(('[*] file %s read' % f),'green')
self.__pcap = p
def local_module(self):
print ''
cprint('Local information module', 'green')
print '=======================\n'
print ' info Lists all information obtained about local host'
print ' host Prints both the local ip and hostname if exists'
print ' dns-servers Prints all dns servers used by local host'
print ' mac-addr Prints the local host mac address'
def interface(self, files):
for p in self.__pcap:
try:
cprint(
'[*] file %s: %s' %
(p.file, self.__interfaces[p.interface]), 'green')
except:
cprint('[!] Invalid file', 'red')
def all(self, commands):
count = 0
for host, session in self.__se.sessions.iteritems():
cprint("Host:\t\t" + session.hostname, 'green')
cprint("Packets no.:\t" + str(session.count), 'green')
cprint("Date:\t\t" + session.start + " ~ " + session.end, 'green')
cprint("Bytes:\t\t" + str(session.bytes), 'green')
print ""
count += 1
cprint("Total sessions: " + str(count), 'magenta')
def www(self, commands):
count = 0
for session in self.__se.prefix("www"):
cprint("Host:\t\t" + session.hostname, 'green')
cprint("Packets no.:\t" + str(session.count), 'green')
cprint("Date:\t\t" + session.start + " ~ " + session.end, 'green')
cprint("Bytes:\t\t" + str(session.bytes), 'green')
print ""
count += 1
cprint("Total sessions: " + str(count), 'magenta')
def www(self, commands):
count = 0
for session in self.__se.prefix("www"):
cprint ("Host:\t\t"+session.hostname,'green')
cprint ("Packets no.:\t"+str(session.count),'green')
cprint ("Date:\t\t"+session.start+" ~ "+session.end,'green')
cprint ("Bytes:\t\t"+str(session.bytes),'green')
print ""
count +=1
cprint("Total sessions: "+str(count),'magenta')
def all(self, commands):
count = 0
for host,session in self.__se.sessions.iteritems():
cprint ("Host:\t\t"+session.hostname,'green')
cprint ("Packets no.:\t"+str(session.count),'green')
cprint ("Date:\t\t"+session.start+" ~ "+session.end,'green')
cprint ("Bytes:\t\t"+str(session.bytes),'green')
print ""
count +=1
cprint("Total sessions: "+str(count),'magenta')
def requestSelect(self, commands):
import time
# print commands
host = commands[0]
# print host
for i, j in self.__http.requests.iteritems():
if j['index'] == int(host):
key = i
break
try:
key
except:
cprint('Invalid host index', 'red')
return
cprint(
'[+] %s request(s) to %s' %
(self.__http.requests[key]['times'], key), 'blue')
nonVerbalKeys = ['times', 'index']
h = '[+] '
for v in self.__http.requests[key]:
if v in nonVerbalKeys:
continue
# h += ' | '
h += v + ': ' + str(self.__http.requests[key][v])
h += ' | '
cprint(h, 'green')
def __init__(self, filename=None,binary=None):
self.__packet_headers = []
self.__packets = []
if filename and ( type(filename) is str ) and ( len(filename) < 256):
self.__packet_count = 0
self.__interface = 0
try:
self.__file = IOManager(filename,'r')
except:
cprint ('[!] File %s does not exist' %filename,'red')
return
try:
self.__global_header = self.GlobalHeader(self.__file.read(24))
(self.__packet_headers, self.__packets) = \
self._parseFromFile(self.__global_header.parse)
except:
cprint('[!] Invalid pcap file format','red')
return
elif binary and (type(binary) is str):
self.__binary = binary
try:
self.__global_header = self.GlobalHeader(binary[:24])
(self.__packet_headers, self.__packets) = \
self._parseFromBin(binary[24:], self.__global_header.parse)
except:
cprint('[!] Invalid pcap file format','red')
return
else:
raise ValueError,"Invalid filename length or binary data type"
def requests(self, c):
import time
cprint(
'[+] Found %s requests to %s hosts...' %
(str(sum(x['times'] for x in self.__http.requests.values())),
str(len(self.__http.requests.keys()))), 'blue')
time.sleep(1)
# r = 0
for i, j in self.__http.requests.iteritems():
# r += 1
# self.__http.requests[i]['index'] = r
cprint('[%s]' % j['index'] + i, 'green')
h = ' %s request(s)' % str(j['times'])
nonVerbalKeys = ['times', 'index']
for v in j:
if v in nonVerbalKeys:
continue
h += ' | '
h += v + ': ' + str(j[v])
cprint(h, 'yellow')
def www(self, commands):
for domain,ip in self.__de.wwwExtract():
cprint("[*] " + domain + " -> " + ip,'green')
def executer(self, commands):
if commands[0] not in self.__commands:
cprint("[!] Command not found", 'red')
return
self.__commands[commands[0]](commands[1:])
def executer(self, commands):
if commands[0] not in self.__commands:
cprint("[!] Command not found",'red')
return
self.__commands[commands[0]](commands[1:])
def mac(self, commands):
cprint('[*] Mac address: %s' % self.__li.mac_address, 'green')
def base(self):
print ''
cprint('List of base modules', 'red')
print '=========================='
print ' NOT YET No low level modules yet defined'
def host(self, commands):
cprint('[*] Host: %s' % self.__li.host, 'green')
def dns(self, commands):
cprint('[*] DNS Servers:','green')
for server in self.__li.dns_servers:
cprint('\tServer: %s' % server, 'green')
def search(self, commands):
for domain,ip in self.__de.domains(commands[0]):
cprint("[*] " + domain + " -> " + ip, 'green')
def all(self, commands):
for domain,ip in self.__de.domains(''):
cprint("[*] " + domain + " -> " + ip,'green')
def interface(self, files):
for p in self.__pcap:
try:
cprint('[*] file %s: %s' %(p.file, self.__interfaces[p.interface]),'green')
except:
cprint('[!] Invalid file','red')
def high(self):
print ''
cprint('List of high modules', 'red')
print '==========================='
print ' NOT YET No High level modules yet defined'
def count(self, files):
for p in self.__pcap:
if p.file and p.length:
cprint('[*] file %s: %d packets' % (p.file,p.length),'green')
else:
cprint('[!] Invalid file','red')
