-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy pathexlex_win.py
159 lines (145 loc) · 5.26 KB
/
exlex_win.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# exlex_win.py
#
# Version: 1.0
#
# Copyright (C) 2009 novacane novacane[at]dandies[dot]org
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# TODO
# () linux compatibility
# () switch output mode
import os
import sys
import socket
import datetime
import re
from operator import itemgetter
from optparse import OptionParser
def main(logfile, importips=False):
matches = {}
cachedips = []
count_cached = 0
count_iips = 0
ip_pattern = re.compile(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")
#http://docs.python.org/library/socket.html
HOST = socket.gethostbyname(socket.gethostname())
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
s.bind((HOST, 0))
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
if os.path.exists(logfile):
try:
f_src = open(logfile)
except IOError:
print "!> Error reading from logfile!"
print "!> " + logfile
sys.exit(1)
print ">> Reading logfile: %s" % logfile
for line in f_src:
try:
ip = line.replace("\n", "").split()[2]
except IndexError:
print "!> Error while reading IPs from logfile!"
print "!> " + logfile
sys.exit(1)
# check input for valid ip address
if ip_pattern.match(ip):
cachedips.append(ip)
else:
print "!> Invalid IP address in line:"
print "!>> " + line
sys.exit(1)
f_src.close()
count_cached = len(cachedips)
print ">> Existing IP Addresses: " + str(count_cached)
if importips:
if os.path.exists(importips):
try:
f_iips = open(importips)
except IOError:
print "!> Error reading from import file!"
print "!> " + importips
sys.exit(1)
print ">> Caching IP Addresses from import file: %s" % importips
for line in f_iips:
try:
iip = line.replace("\n", "")
except IndexError:
print "!> Error while reading IPs from import file!"
print "!> " + importips
sys.exit(1)
# check input for valid ip address
if not ip_pattern.match(iip):
print "!> Invalid IP address in line:"
print "!>> " + line
sys.exit(1)
if iip not in cachedips:
matches[iip] = str(datetime.datetime.now())
else:
print "!> " + iip + " already imported!"
f_iips.close()
count_iips = len(matches)
print ">> Imported IP Addresses: " + str(count_iips)
else:
print "!> Could not find import file!"
print "!> " + importips
sys.exit(1)
try:
f_dst = open(logfile, "a")
except IOError:
print "!> Error writing to logfile!"
print "!> " + logfile
sys.exit(1)
print ">> Sniffing for Hosts..."
while 1:
try:
sniffedstr,addr = s.recvfrom(65536)
host,port = addr
if not addr[0] in cachedips and addr[0] not in matches:
matches[addr[0]] = str(datetime.datetime.now())
print addr[0]
except KeyboardInterrupt:
break
if count_iips == 0:
count_new = len(matches)
else:
count_new = len(matches) - count_iips
count_total = count_new + count_cached + count_iips
# performance optimized method to sort dictionary
# thanks to writeonly.wordpress.com
for addr, time in sorted(matches.iteritems(), key=itemgetter(1)):
f_dst.write(time + " " + addr + "\n")
print ">> ...\n>> FINISHED!\n>> New IP Addresses: " + str(count_new)
print ">> Total: " + str(count_total)
s.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
f_dst.close()
if __name__ == '__main__':
usage = "usage: %prog [options] outfile"
parser = OptionParser(usage=usage, version="%prog 1.0")
parser.add_option("-i", "--import", action="store", type="string",
metavar="FILE", dest="importips",
help="Import IP Adresses form file")
(options, args) = parser.parse_args()
if len(args) != 1:
print "\n\t[*] exlex_win 1.0 [*]"
print "\n\tTry: exlex_win.py --help\n"
sys.exit(2)
if options.importips:
main(args[0], options.importips)
else:
main(args[0])