def extract_devices(self): """ Extract devices from the captured packets. Returns: pandas.DataFrame: Device parameters extracted from the captured packets. """ devs = pd.DataFrame( columns=["MAC", "Vendor", "Times", "Frame Subtypes"]) if (self.packets.empty): return devs macs = self.packets["MAC"].unique() ML = MacLookup() ML.update_vendors() for mac in macs: frames = self.packets.loc[self.packets["MAC"] == mac] if (mac[1] == "2" or mac[1] == "6" or mac[1] == "a" or mac[1] == "e" or mac[1] == "A" or mac[1] == "E"): vendor = "Randomized" else: try: vendor = ML.lookup(mac) except KeyError: vendor = "Unknown" mins = np.unique( np.array([(60 * tm.hour + tm.minute) for tm in frames["Time"]])) subtypes = frames["Frame Subtype"].unique() devs.loc[len(devs)] = [mac, vendor, mins, subtypes] return devs
def find_mac(mac_addr): mac_data = MacLookup() mac_data.update_vendors() try: return mac_data.lookup(mac_addr) except KeyError: return "Unknown"
class NmapMacScan(NmapBasic): def __init__(self, networks, unknown="unknown"): super().__init__(networks) self.unknown = unknown self.mac_search = MacLookup() def update_mac(self, ip): """ Update Mac info :param ip: IP address (ie: 192.168.1.1) :return: True if MAC is found, False otherwise """ mac = getmac.get_mac_address(ip=ip) if mac is None: return False else: self.scan_results[ip]["macaddress"] = mac return True def update_vendor(self, ip): """ Update MAC vendor if Mac is found :param ip: IP address (ie: 192.168.1.1) :return: None """ logging.debug("Updating MAC table") self.mac_search.update_vendors() vendor_fetch = self.mac_search.lookup( self.scan_results[ip]["macaddress"]) self.scan_results[ip]["vendor"] = vendor_fetch def correct_missing_mac(self, host): """ Correct description if macaddress is not found :param host: host key in scan_results :return: None """ if not self.scan_results[host]["macaddress"]: self.scan_results[host]["description"] = self.unknown self.scan_results[host].pop("macaddress") def scan(self): """ Scan defined networks and conditionally check for mac vendor :return: scan_results = list() """ for host, v in self.scan_results.items(): if v.get("macaddress") or self.update_mac(host): self.update_vendor(ip=host) self.correct_missing_mac(host) return self.scan_results def run(self): return self.scan()
class maclookup(): def __init__(self): self.async_mac = AsyncMacLookup() self.mac = MacLookup() def UpdateVendorList(self): print("Updating MAC address vendor list") self.mac.update_vendors() print("MAC address vendor list has been updated") def lookup(self, addr): try: loop = asyncio.get_event_loop() vendor = loop.run_until_complete(self._lookup(addr)) return vendor except Exception as e: print(e) print(addr) async def _lookup(self, mac_addr): return await self.async_mac.lookup(mac_addr)
#! /usr/bin/python3 from mac_vendor_lookup import MacLookup, BaseMacLookup mac = MacLookup() mac.update_vendors()
#!/usr/bin/env python3 import pandas as pd import pickle import dns.resolver, dns.reversename from mac_vendor_lookup import MacLookup from os import path import math macresolver = MacLookup() macresolver.update_vendors() router = '00:04:4b:e4:08:c5' result = {} def process(f, r): r[f] = {} df = pd.read_csv(f) for index, row in df.iterrows(): d = row.to_dict() #print(d) size = 0.0 if not math.isnan(float(d['UDP.Length'])): size = float(d['UDP.Length']) elif not math.isnan(float(d['Payload.Length'])): size = float(d['Payload.Length']) if d['Ethernet.SrcMAC'] == router: #download addr = 'IPv4.SrcIP' direction = 'dw' mac = d['Ethernet.DstMAC'] try: