-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscript.py
More file actions
83 lines (70 loc) · 2.47 KB
/
script.py
File metadata and controls
83 lines (70 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import scapy.all
from clickhouse_driver import Client
from scapy2dict import to_dict
import itertools
from datetime import datetime
from requests import get
from kiss_headers import parse_it
db_name = "nir"
metrics_table = "metrics"
data_table = "data"
def startup():
client = Client(host='localhost')
#create structure
client.execute(f"CREATE DATABASE IF NOT EXISTS {db_name}")
client.execute(f"""CREATE TABLE IF NOT EXISTS {db_name}.{data_table}
(
InterfaceLayer String,
InternetLayer String,
TransportLayer String,
ApplicationLayer String
) ENGINE = Memory
""")
client.execute(f""" CREATE TABLE IF NOT EXISTS {db_name}.{metrics_table}
(
Time String,
Ip String,
UserAgent String
) ENGINE = Memory
""")
#TinyLog engine for not testing, right now data is in RAM
return client
#action is called each time a packet is caught
def custom_action(packet):
data = {'InterfaceLayer': "None", 'InternetLayer': "None", 'TransportLayer': "None", 'ApplicationLayer': "None"}
d = to_dict(packet, strict=False)
#dunno why but need to iterate over d.maps which is a [], otherwise the order is fucked up
ip = d["IP"]["src"]
time = datetime.now()
user_agent = None
try:
if ip not in unique_ips:
unique_ips.append(ip)
except:
None
if "Raw" in d and d["Raw"]["load"].startswith(b"GET"):
try:
headers = parse_it(d["Raw"]["load"])
user_agent = headers.user_agent
except:
print("Exception!!!!!")
for layer, key in zip(d.maps, data):
x = next(iter(layer.items())) #tuple
data[key] = str(x[0]) + " " + str(x[1])
client.execute(f'INSERT INTO {db_name}.{data_table} VALUES',
[data] )
if user_agent:
client.execute(f'INSERT INTO {db_name}.{metrics_table} VALUES',
[{"Time": str(time),"Ip": ip, "UserAgent": str(user_agent)}])
print(f"Unique IP addresses: {unique_ips}, packets: {next(counter) + 1}", end='\r')
return None
if __name__ == "__main__":
client = startup()
while True:
counter = itertools.count()
unique_ips=[]
scapy.all.sniff(filter=f"src 192.168.0.100", prn=custom_action, count=int(input("Enter how much packets do you want to analyze \n")))
print()
print("Db is set up, waiting for packets to arrive....\n")
if input("Enter 1 to finish..\n") == "1":
break