def main(): oParser = optparse.OptionParser(usage='usage: %prog [options]\n' + __description__, version='%prog ' + __version__) oParser.add_option('-f', '--file', type='string', help='input PCAP file for processing') oParser.add_option('-v', '--verbose', action="store_true", default=False, help='verbose logging on performed actions') (options, args) = oParser.parse_args() if options.file: miner = pcap_miner(options.file) print "== DNS Queries and Domains ==\n" for dns in miner.get_dns_request_data(): print(dns['type'] + " - " + dns['request'] + " - " + dns['response']) print "\n== Destination Addresses ==\n" for ip in miner.get_destination_ip_details(): print(ip['ip_address'] + " - " + ip['owner'] + " - " + ip['asn'] + " - " + ip['block']) print "\n== Request Dump ==\n" for info in miner.get_http_request_data(): for key, value in info.items(): print(key + " - " + value) print("\n") print "\n== Flows ==\n" for info in miner.get_flows(): print(info) else: oParser.print_help() return
def generate(infile, outfile): miner = pcap_miner(infile) #file 1 - DNS queries and domains returned f = open(outfile + "dns_queries.txt", "w") for dns in miner.get_dns_request_data(): f.write(dns['type'] + " - " + dns['request'] + " - " + dns['response'] + "\n") f.close() #file 2 - IPS of attackers without whois f = open(outfile + "attacker_ips.txt", "w") for ip in miner.get_destination_ips(): f.write(ip + "\n") f.close() #file 3 - IPs of attackers with whois f = open(outfile + "attacker_ips_whois.txt", "w") for ip in miner.get_destination_ip_details(): f.write(ip['ip_address'] + " - " + ip['owner'] + " - " + ip['asn'] + " - " + ip['block'] + "\n") f.close() #file 4 - what you called HTTPrequests but it can be other port just the requests back forh part f = open(outfile + "http_requests.txt", "w") for info in miner.get_http_request_data(): if 'user-agent' not in info: info['user-agent'] = " " f.write(info['source_ip'] + " - " + info['destination_ip'] + " - " + info['method'] + " - " + info['user-agent'] + " - " + info['uri'] + "\n") f.close() #file 5 - whatever can be dumped from the request f = open(outfile + "full_http_requests.txt", "w") for info in miner.get_http_request_data(): for key, value in info.items(): f.write(key + " - " + value + "\n") f.write("\n") f.close() #file 6 - dump flows f = open(outfile + "flows.txt", "w") for info in miner.get_flows(): f.write(info + "\n") f.close() #TTL distribution f = open(outfile + "ttl_distribution.txt", "w") for i in xrange(0, 255): f.write(str(i) + ",") f.write("\n" + str(','.join(map(str, miner.get_ttl_distribution())))) f.close()
def main(): oParser = optparse.OptionParser(usage='usage: %prog [options]\n' + __description__, version='%prog ' + __version__) oParser.add_option('-f', '--file', type='string', help='input PCAP file for processing') oParser.add_option('-v', '--verbose', action="store_true", default=False, help='verbose logging on performed actions') (options, args) = oParser.parse_args() if options.file: miner = pcap_miner(options.file) print miner.summary2json() else: oParser.print_help() return
def generate(infile, outfile): miner = pcap_miner(infile) #file 1 - DNS queries and domains returned f = open(outfile + "dns_queries.txt","w") for dns in miner.get_dns_request_data(): f.write(dns['type'] + " - " + dns['request'] + " - " + dns['response'] + "\n") f.close() #file 2 - IPS of attackers without whois f = open(outfile + "attacker_ips.txt","w") for ip in miner.get_destination_ips(): f.write(ip + "\n") f.close() #file 3 - IPs of attackers with whois f = open(outfile + "attacker_ips_whois.txt","w") for ip in miner.get_destination_ip_details(): f.write(ip['ip_address'] + " - " + ip['owner'] + " - " + ip['asn'] + " - " + ip['block'] + "\n") f.close() #file 4 - what you called HTTPrequests but it can be other port just the requests back forh part f = open(outfile + "http_requests.txt","w") for info in miner.get_http_request_data(): if 'user-agent' not in info: info['user-agent'] = " " f.write(info['source_ip'] + " - " + info['destination_ip'] + " - " + info['method'] + " - " + info['user-agent'] + " - " + info['uri'] + "\n") f.close() #file 5 - whatever can be dumped from the request f = open(outfile + "full_http_requests.txt","w") for info in miner.get_http_request_data(): for key, value in info.items(): f.write(key + " - " + value + "\n") f.write("\n") f.close() #file 6 - dump flows f = open(outfile + "flows.txt","w") for info in miner.get_flows(): f.write(info + "\n") f.close() #TTL distribution f = open(outfile + "ttl_distribution.txt","w") for i in xrange(0,255): f.write(str(i)+",") f.write("\n"+str(','.join(map(str,miner.get_ttl_distribution())))) f.close()
def main(): oParser = optparse.OptionParser(usage='usage: %prog [options]\n' + __description__, version='%prog ' + __version__) oParser.add_option('-f', '--file', type='string', help='input PCAP file for processing') oParser.add_option('-v', '--verbose', action="store_true", default=False, help='verbose logging on performed actions') (options, args) = oParser.parse_args() if options.file: miner = pcap_miner(options.file) print "== DNS Queries and Domains ==\n" for dns in miner.get_dns_request_data(): print(dns['type'] + " - " + dns['request'] + " - " + dns['response']) print "\n== Destination Addresses ==\n" for ip in miner.get_destination_ip_details(): print(ip['ip_address'] + " - " + ip['owner'] + " - " + ip['asn'] + " - " + ip['block']) print "\n== Request Dump ==\n" for info in miner.get_http_request_data(): for key, value in info.items(): print(key + " - " + value) print("\n") print "\n== Flows ==\n" for info in miner.get_flows(): print(info) print "\n== TTL distribution ==\n" print miner.get_ttl_distribution() else: oParser.print_help() return