Last active
August 29, 2015 14:05
-
-
Save kanazux/5952118ff6bf2af3ed64 to your computer and use it in GitHub Desktop.
Brincando com o scapy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/python | |
| #-*- coding: utf-8 -*- | |
| # | |
| # Silvio Giunge a.k.a Kanazuchi <[email protected]> | |
| # 1403614686 | |
| # | |
| import os | |
| import sys | |
| import MySQLdb | |
| import argparse | |
| from scapy.all import * | |
| def set_parser(): | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument( | |
| '-e', dest='iface', action='store', | |
| help='Enter with interface to watch.') | |
| parser.add_argument( | |
| '-ip', dest='ip_host', action='store', default='all', | |
| help='Enter with the ip of host to capture packets, default is all.') | |
| parser.add_argument( | |
| '-d', dest='direction', action='store', default='all', | |
| help='Enter with the direction of the packets, default is all.') | |
| parser.add_argument( | |
| '-D', dest='database', action='store', default='none', | |
| help='Enter with the database to save packets, default is none.') | |
| parser.add_argument( | |
| '-dip', 'ip_database', action='store', default='127.0.0.1', | |
| help='Enter with the ip of database server, default is localhost.') | |
| parser.add_argument( | |
| '-u', dest='user', action='store', default='bpnetwatch', | |
| help='Enter with database username, default is bpnetwatch.') | |
| parser.add_argument( | |
| '-p', dest='passwd', action='store', default='bpnetwatch', | |
| help='Enter with the password of database user.') | |
| return parser.parse_args() | |
| class send_pkts(Thread): | |
| def __init__(self, pkts): | |
| self.pkts = pkts | |
| try: | |
| self.conn = MySQLdb.connect(opts.ip_database,opts.user,opts.passwd,opts.database,connect_timeout=3) | |
| self.insert = self.conn.cursor() | |
| except Exception, error: | |
| print >> open('/var/log/netwatch','a'), error | |
| for pkt in self.pkts: | |
| print >> open('/tmp/pkts_saved','a'), ','.join(pkt) | |
| def run(self): | |
| if self.insert: | |
| for pkt in self.pkts: | |
| self.insert.execute("insert into packets('{}','{}','{}','{}','{}','{}','{}')".format(pkt[0],pkt[1],pkt[2],pkt[3],pkt[4],pkt[5],pkt[6])) | |
| self.insert.execute('COMMIT') | |
| def read_packets(pkt): | |
| # Append to list source, destination, s_port, d_port, packet_len, packet_seq, packet_ack | |
| list_pkts.append(str(pkt[IP].src),str(pkt[TCP].sport),str(pkt[IP].dst),str(pkt[TCP].dport),str(pkt[IP].len),str(pkt.seq),str(pkt.ack)) | |
| if len(list_pkts) > 1000: | |
| send = send_pkts(list_pkts) | |
| send.start() | |
| list_pkts = [] | |
| if __name__ == '__main__': | |
| opts = set_parser() | |
| list_pkts = [] | |
| while 1: | |
| sniff(iface=opts.iface, filter='ip and tcp', prn=read_pkts) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CREATE DATABASE IF NOT EXISTS netwatch | |
| DEFAULT CHARACTER SET latin1; | |
| USE netwatch; | |
| -- ============= | |
| -- CREATE TABLES | |
| -- ============= | |
| CREATE TABLE IF NOT EXISTS accesses ( | |
| id SERIAL NOT NULL PRIMARY KEY, | |
| packet_time VARCHAR(20) NOT NULL, | |
| packet_len VARCHAR(6) NOT NULL, | |
| source VARCHAR(16) NOT NULL, | |
| destination VARCHAR(16) NOT NULL, | |
| src_port VARCHAR(6) NOT NULL, | |
| dst_port VARCHAR(6) NOT NULL, | |
| seq_number VARCHAR(20) NOT NULL, | |
| ack_number VARCHAR(20) NOT NULL, | |
| ) ENGINE = InnoDB; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment