python - 列表未更新并且似乎循环我的 Python 代码以进行 pcap 分析
问题描述
我一直在尝试从 pcap 文件中提取电子邮件并将它们添加到列表中。我已经尝试了所有我能想到的方法,但除了看起来像循环之外,似乎无法以任何其他方式输出它。
def email_list(info):
#print('[+] email addresses found: ')
list = []
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
list.append(em)
print(list)
样本输出
['simonbrew@hotmail.com']
['samson@infoworld.com']
['brianjungman@gmail.com']
['sneakyg33ky@aol.com']
['inter0pt1c@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'inter0pt1c@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'inter0pt1c@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['d4rktangent@gmail.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'd4rktangent@gmail.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'd4rktangent@gmail.com']
['sneakyg33ky@aol.com']
['mistersekritx@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'mistersekritx@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'mistersekritx@aol.com']
这个想法是,我想找到电子邮件,将它们添加到列表中,删除重复项,然后以漂亮的表格格式打印出来。
到目前为止,这是我所有的代码。
import dpkt,socket,datetime,geoip2.database,re,sys,urllib.request,urllib
from tabulate import tabulate
from collections import Counter
from prettytable import PrettyTable
def packet_type(pcap):
####https://stackoverflow.com/questions/18256342/parsing-a-pcap-file-in-python####
other = []
IP = []
tcp = []
udp = []
igmp = []
for ts, buf in pcap:
# Unpack the Ethernet frame (mac src/dst, ethertype)
eth = dpkt.ethernet.Ethernet(buf)
#print(f'#<INFO> eth ethernet packet: {repr(eth)}')
# ip address
ip = eth.data
# Extract TCP Payload
TCP = ip.data
info = repr(TCP)
# read the source IP in dst
src = socket.inet_ntoa(ip.src)
# read the destination IP in dst
dst = socket.inet_ntoa(ip.dst)
try:
if eth.type != dpkt.ethernet.ETH_TYPE_IP:
other.append(src)
IP.append(ip.len)
if ip.p == dpkt.ip.IP_PROTO_IGMP:
igmp.append(ip.len)
elif ip.p == dpkt.ip.IP_PROTO_TCP:
tcp.append(ip.len)
elif ip.p == dpkt.ip.IP_PROTO_UDP:
udp.append(ip.len)
except Exception as err:
print(f'Oh no there has been an {err}')
continue
timestamp(tcp,udp,igmp)
def timestamp(tcp,udp,igmp):
tcp.sort()
Tcp = len(tcp)
TCP1st = tcp[0]
TCP2nd = tcp[-1]
TCPts = str(datetime.datetime.utcfromtimestamp(TCP1st))
TCP2ts = str(datetime.datetime.utcfromtimestamp(TCP2nd))
udp.sort()
Udp = len(udp)
UDP = udp[0]
UDP2nd = udp[-1]
UDPts = str(datetime.datetime.utcfromtimestamp(UDP))
UDP2ts = str(datetime.datetime.utcfromtimestamp(UDP2nd))
igmp.sort()
Igmp = len(igmp)
IGMP = igmp[0]
IGMP2nd = igmp[-1]
IGMPts = str(datetime.datetime.utcfromtimestamp(IGMP))
IGMP2ts = str(datetime.datetime.utcfromtimestamp(IGMP2nd))
mean_packet_length(tcp,udp,igmp,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp)
def mean_packet_length(tcp,udp,igmp,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp):
tcpmean = sum(tcp) / len(tcp)
tcp_mean = round(tcpmean)
udpmean = sum(udp) / len(udp)
udp_mean = round(udpmean)
igmpmean = sum(igmp) / len(igmp)
igmp_mean = round(igmpmean)
tabulate_table(tcp_mean,udp_mean,igmp_mean,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp)
def tabulate_table(tcp_mean,udp_mean,igmp_mean,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp):
table =[['TCP',Tcp,TCPts,TCP2ts,tcp_mean], ['UDP',Udp,UDPts, UDP2ts, udp_mean], ['IGMP',Igmp,IGMPts,IGMP2ts,igmp_mean]]
headers = ['Protocol','Count', 'First_Timestamp', 'Last_Timestamp', 'Mean_Length']
print(tabulate(table, headers, tablefmt='fancy_grid'))
tcp()
def email_list(info):
#print('[+] email addresses found: ')
list = []
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
list.append(em)
print(list)
def tcp():
with open(r'C:\Users\snoopgrapes\Desktop\evidence-packet-analysis.pcap', 'rb') as pcapfile:
pcap = dpkt.pcap.Reader(pcapfile)
for ts, buf in pcap:
# Unpack the Ethernet frame (mac src/dst, ethertype)
eth = dpkt.ethernet.Ethernet(buf)
#print(f'#<INFO> eth ethernet packet: {repr(eth)}')
# ip address
ip = eth.data
# Extract TCP Payload
TCP = ip.data
info = repr(TCP)
email_list(info)
def find_uri():
found = False
gif_uri = []
with open(r'C:\Users\snoopgrapes\Desktop\evidence-packet-analysis.pcap', 'rb') as pcapfile:
pcap = dpkt.pcap.Reader(pcapfile)
for ts, buf in pcap:
try:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
http = dpkt.http.Request(tcp.data)
if http.method == 'GET':
uri = http.uri.lower()
if '.gif' in uri:
gif_uri.append(uri)
found = True
except Exception:
pass
print(f'Gif URI {gif_uri}')
def main():
pcapFile = r'C:\Users\snoopgrapes\Desktop\evidence-packet-analysis.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\filtered2.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\filtered3.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\http.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\sampledata.pcap'
#email = r'C:\Users\snoopgrapes\Desktop\email_sample.txt'
excludesrc = '146.176.164.91'
f = open(pcapFile, 'rb')
pcap = dpkt.pcap.Reader(f)
reader = geoip2.database.Reader('C:\Program Files\Python39\Geo\Geo.mmdb')
print(f'[*] analysing {pcapFile} for packets not source {excludesrc}')
print('------------------------------------------------------------')
packet_type(pcap)
if __name__ == '__main__':
main()
非常感谢您的帮助
解决方案
list = []
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
list.append(em)
print(list)
基本上你会得到一个所有电子邮件的列表emaillist
。然后你遍历它emaillist
并将每个元素添加到list
. 但是在每次迭代中,您打印到目前为止收集的所有内容,包括您在上一次迭代中已经打印的值。您可能会尝试这样做(注意不同的缩进):
list = []
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
list.append(em)
print(list)
或者更简单
list = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
print(list)
推荐阅读
- html - 为表格单元格添加内边框
- javascript - 在弹出窗口中显示表单结果
- node.js - 如何使用 Microsoft Bot Framework 版本 4 从机器人中保存和检索对话数据?
- linux - 如何在 unix 中转置或旋转文本文件的数据?
- maven - 如何将 jar 转换为依赖项并将它们部署到本地存储库?
- powershell - 如何在 Powershell 中使用破折号参数?
- rabbitmq - RabbitMQ 死信处理保证
- google-cloud-storage - 如何通过 cURL 的命令行获取 User Credentials 所需的授权码
- python - 不使用睡眠我怎么能延迟python
- javascript - 从后端获取上传的图像(资源)并将其显示为 angular7 中的图像