You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
2.9 KiB
Python
81 lines
2.9 KiB
Python
2 years ago
|
from util import find_data_file
|
||
|
from util import setup_child
|
||
|
from util import fprint
|
||
|
from util import run_ps
|
||
|
from util import win32
|
||
|
import util
|
||
|
import time
|
||
|
import csv
|
||
|
|
||
|
|
||
|
|
||
|
def process(data):
|
||
|
setup_child()
|
||
|
fprint("netstat processing")
|
||
|
if win32:
|
||
|
#output = data.stdout
|
||
|
#print(output)
|
||
|
output = data.stdout.decode().split('\r\n') # split stdout into lines
|
||
|
#print(output)
|
||
|
if output[0].find("The requested operation requires elevation.") >= 0:
|
||
|
#print("test3")
|
||
|
raise PermissionError("Unable to acquire netstat data without admin!")
|
||
|
#print("test2")
|
||
|
output2 = list()
|
||
|
output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata
|
||
|
#print(output2)
|
||
|
procname = ""
|
||
|
"""for x in range(4, len(output)):
|
||
|
tmp = output[x].split(" ")
|
||
|
print(tmp)
|
||
|
tmp = [i for i in output[x] if i]
|
||
|
print(tmp)
|
||
|
print(len(tmp))
|
||
|
if len(len(tmp) == 1):
|
||
|
procname = tmp[0]
|
||
|
print(x)
|
||
|
else:
|
||
|
print(x)
|
||
|
output2[x] = list()
|
||
|
output2[x].append(procname)
|
||
|
output2[x].append(output[x].split(" "))
|
||
|
output2[x] = [i for i in output2[x] if i]
|
||
|
output2 = [i for i in output2 if i]
|
||
|
print(output2)"""
|
||
|
x = len(output) - 1 # start at the end because filename comes after connection
|
||
|
procname = "Unknown" # if the very last connection happens to have no file (yes, it's possible), we can say unknown
|
||
|
while x > 3:
|
||
|
string = output[x]
|
||
|
#print("LINE: ", string)
|
||
|
string_split = string.split(" ")
|
||
|
string_split = [i for i in string_split if i]
|
||
|
if string.find("Can not obtain ownership information") >= 0: # Higher privilige than us, must be system
|
||
|
procname = "Windows System"
|
||
|
elif string.find("]") >= 0 and string.find("[") == 1: # generic [file.exe]
|
||
|
procname = string[2:-1]
|
||
|
elif len(string_split) == 5: # actual netstat line
|
||
|
tmp = [procname,] # add executable name first
|
||
|
tmp.extend(string.split(" "))
|
||
|
tmp = [i for i in tmp if i]
|
||
|
#print(tmp)
|
||
|
output2.append(tmp)
|
||
|
#else: # In case of an extra line above file, or an empty line, ignore it
|
||
|
#print("Garbage data", string)
|
||
|
x = x - 1
|
||
|
#output2 = output2[2:]
|
||
|
#print(output2)
|
||
|
with open(find_data_file(util.datafile), "w", newline="") as f:
|
||
|
writer = csv.writer(f)
|
||
|
writer.writerows(output2)
|
||
|
fprint("done creating csv")
|
||
|
|
||
|
def start():
|
||
|
fprint("netstat started")
|
||
|
setup_child()
|
||
|
|
||
|
if win32:
|
||
|
data = run_ps("netstat -n -o -b")
|
||
|
fprint("data acquired")
|
||
|
return data
|
||
|
|