Add advanced windows netstat parser

2022-09-19 23:14:02 -05:00 · 2022-09-19 23:14:02 -05:00 · ca3e489adb
commit ca3e489adb
parent 159bbf2130
3 changed files with 150 additions and 83 deletions
--- a/.~lock.out.csv#
+++ b/.~lock.out.csv#
@ -1 +1 @@
-,FRAMEWORKWIN/Cole,frameworkwin,19.09.2022 20:57,file:///C:/Users/Cole/AppData/Roaming/LibreOffice/4;
+,FRAMEWORKWIN/Cole,frameworkwin,19.09.2022 23:09,file:///C:/Users/Cole/AppData/Roaming/LibreOffice/4;
--- a/main.py
+++ b/main.py
@ -4,13 +4,20 @@ import subprocess
 from multiprocessing import Process, Manager, Pool, TimeoutError, freeze_support
 from sys import platform
 from time import sleep
 import time
 import csv
 import uuid 
 displaydata = None
 settings = None
 netdata_res = None
 procdata_res = None
 sysid = hex(uuid.getnode())
 res = subprocess.check_output(["WMIC", "ComputerSystem", "GET", "UserName"], universal_newlines=True)
 _, username = res.strip().rsplit("\n", 1)
 userid, sysdom = username.rsplit("\\", 1)
 def run_ps(cmd):
    if platform == "win32":
        completed = subprocess.run(["powershell", "-Command", cmd], capture_output=True)
@ -18,32 +25,69 @@ def run_ps(cmd):
 def netstat():
    print("netstat started")
-    data = run_ps("netstat -n -o")
+    data = run_ps("netstat -n -o -b")
    return data
 def netstat_done(res):
    print("netstat done")
    procdata_res = pool.apply_async(process_netstat, (res,))
    #print(procdata_res.get())
    #netdata_res = pool.apply_async(netstat)
 def process_netstat(data):
    print("netstat processing")
-    #if platform == 'win32':
+    if platform == 'win32':
-    #output = data.stdout
+        #output = data.stdout
-    #print(output)
+        #print(output)
-    output = data.stdout.decode().split('\r\n')
+        output = data.stdout.decode().split('\r\n')
-    output2 = list(range(len(output)))
+        output2 = list()
-    for x in range(len(output)):
+        output2.append([sysid, userid, sysdom, int( time.time() )])
-            output2[x] = output[x].split(" ")
+        print(output2)
-            output2[x] = [i for i in output2[x] if i]
+        procname = ""
-    output2 = [i for i in output2 if i]
+        """for x in range(4, len(output)):
-    print(output2)
+                tmp = output[x].split(" ")
-    output2 = output2[2:]
+                print(tmp)
-    with open("out.csv", "w", newline="") as f:
+                tmp = [i for i in output[x] if i]
-        writer = csv.writer(f)
+                print(tmp)
-        writer.writerows(output2)
+                print(len(tmp))
-    print("done")
+                if len(len(tmp) == 1):
                    procname = tmp[0]
                    print(x)
                else:
                    print(x)
                    output2[x] = list()
                    output2[x].append(procname)
                    output2[x].append(output[x].split(" "))
                    output2[x] = [i for i in output2[x] if i]
        output2 = [i for i in output2 if i]
        print(output2)"""
        x = len(output) - 1
        procname = "Unknown"
        while x > 3:
            string = output[x]
            #print("LINE: ", string)
            string_split = string.split(" ")
            string_split = [i for i in string_split if i]
            if string.find("Can not obtain ownership information") >= 0:
                procname = "Windows System"
            elif string.find("]") >= 0 and string.find("[") == 1:
                procname = string[2:-1]
            elif len(string_split) == 5: # and string.find("TIME_WAIT") < 0:
                tmp = [procname,]
                tmp.extend(string.split(" "))
                tmp = [i for i in tmp if i]
                #print(tmp)
                output2.append(tmp)
            #else:
                #print("Garbage data", string)
            x = x - 1
        #output2 = output2[2:]
        #print(output2)
        with open("out.csv", "w", newline="") as f:
            writer = csv.writer(f)
            writer.writerows(output2)
        print("done")
 def mainloop(pool):
@ -64,6 +108,9 @@ if __name__ == '__main__':
    freeze_support() # required if packaged into EXE
    # create manager to share data to me, background, foreground
    # create worker pool
    #global sysid
    #sysdom, userid
    print(sysid, sysdom, userid)
    with Pool(processes=5) as pool:
        with Manager() as manager:
            displaydata = manager.list(range(2)) # data to be printed
--- a/out.csv
+++ b/out.csv
@ -1,65 +1,85 @@
-TCP,100.106.209.107:51133,192.168.1.216:445,ESTABLISHED,4
+0xf44ee3942e7d,FRAMEWORKWIN,Cole,1663646899
-TCP,100.106.209.107:51134,192.168.1.11:445,ESTABLISHED,4
+firefox.exe,TCP,[2620:f3:8000:5060:5939:a4c0:4f5b:113f]:53338,[2607:f518:5::4816:b9c7]:80,ESTABLISHED,8008
-TCP,100.106.209.107:56843,192.168.1.173:5000,ESTABLISHED,5936
+firefox.exe,TCP,[2620:f3:8000:5060:5939:a4c0:4f5b:113f]:53301,[2607:f8b0:4009:817::200e]:443,ESTABLISHED,8008
-TCP,104.194.122.206:49413,40.83.240.146:443,ESTABLISHED,6108
+firefox.exe,TCP,[2620:f3:8000:5060:5939:a4c0:4f5b:113f]:53292,[2607:f8b0:4009:808::2003]:80,TIME_WAIT,0
-TCP,104.194.122.206:50750,199.38.182.118:443,ESTABLISHED,8076
+firefox.exe,TCP,[2620:f3:8000:5060:5939:a4c0:4f5b:113f]:53285,[2606:4700:4400::6812:2962]:443,TIME_WAIT,0
-TCP,104.194.122.206:50786,54.148.242.254:443,ESTABLISHED,8008
+python.exe,TCP,127.0.0.1:51987,127.0.0.1:51986,ESTABLISHED,17244
-TCP,104.194.122.206:50818,104.192.142.11:443,ESTABLISHED,8008
+python.exe,TCP,127.0.0.1:51986,127.0.0.1:51987,ESTABLISHED,17244
-TCP,104.194.122.206:51107,18.156.90.224:80,ESTABLISHED,8076
+VSCodium.exe,TCP,127.0.0.1:51978,127.0.0.1:51977,ESTABLISHED,17828
-TCP,104.194.122.206:51451,172.245.94.35:22067,ESTABLISHED,8896
+VSCodium.exe,TCP,127.0.0.1:51977,127.0.0.1:51978,ESTABLISHED,17828
-TCP,104.194.122.206:52328,20.42.73.139:443,ESTABLISHED,6048
+firefox.exe,TCP,127.0.0.1:51761,127.0.0.1:51760,ESTABLISHED,10420
-TCP,104.194.122.206:52348,142.250.191.170:443,ESTABLISHED,8008
+firefox.exe,TCP,127.0.0.1:51760,127.0.0.1:51761,ESTABLISHED,10420
-TCP,104.194.122.206:52354,142.250.191.170:443,ESTABLISHED,8008
+firefox.exe,TCP,127.0.0.1:51759,127.0.0.1:51758,ESTABLISHED,8008
-TCP,127.0.0.1:4742,127.0.0.1:50778,ESTABLISHED,8116
+firefox.exe,TCP,127.0.0.1:51758,127.0.0.1:51759,ESTABLISHED,8008
-TCP,127.0.0.1:5354,127.0.0.1:49670,ESTABLISHED,4076
+nxserver.bin,TCP,127.0.0.1:50792,127.0.0.1:22890,ESTABLISHED,8116
-TCP,127.0.0.1:5354,127.0.0.1:49674,ESTABLISHED,4076
+nxserver.bin,TCP,127.0.0.1:50778,127.0.0.1:4742,ESTABLISHED,8116
-TCP,127.0.0.1:6363,127.0.0.1:49761,ESTABLISHED,8116
+tailscale-ipn.exe,TCP,127.0.0.1:50530,127.0.0.1:41112,ESTABLISHED,14552
-TCP,127.0.0.1:7039,127.0.0.1:49765,ESTABLISHED,8116
+nxclient.bin,TCP,127.0.0.1:50409,127.0.0.1:19231,ESTABLISHED,11836
-TCP,127.0.0.1:10055,127.0.0.1:50174,ESTABLISHED,11608
+nxclient.bin,TCP,127.0.0.1:50408,127.0.0.1:26068,ESTABLISHED,11836
-TCP,127.0.0.1:10632,127.0.0.1:50407,ESTABLISHED,11836
+nxclient.bin,TCP,127.0.0.1:50407,127.0.0.1:10632,ESTABLISHED,11836
-TCP,127.0.0.1:15907,127.0.0.1:49698,ESTABLISHED,8116
+nxnode.bin,TCP,127.0.0.1:50406,127.0.0.1:25001,ESTABLISHED,11608
-TCP,127.0.0.1:16619,127.0.0.1:49767,ESTABLISHED,8116
+nxnode.bin,TCP,127.0.0.1:50405,127.0.0.1:23938,ESTABLISHED,11608
-TCP,127.0.0.1:16950,127.0.0.1:49772,ESTABLISHED,8116
+nxnode.bin,TCP,127.0.0.1:50402,127.0.0.1:28488,ESTABLISHED,11608
-TCP,127.0.0.1:17311,127.0.0.1:50397,ESTABLISHED,11608
+nxnode.bin,TCP,127.0.0.1:50397,127.0.0.1:17311,ESTABLISHED,11608
-TCP,127.0.0.1:19231,127.0.0.1:50409,ESTABLISHED,11836
+nxnode.bin,TCP,127.0.0.1:50395,127.0.0.1:21968,ESTABLISHED,11608
-TCP,127.0.0.1:19492,127.0.0.1:50160,ESTABLISHED,5544
+nxnode.bin,TCP,127.0.0.1:50174,127.0.0.1:10055,ESTABLISHED,11608
-TCP,127.0.0.1:21968,127.0.0.1:50395,ESTABLISHED,8116
+nxservice64.exe,TCP,127.0.0.1:50160,127.0.0.1:19492,ESTABLISHED,5544
-TCP,127.0.0.1:22890,127.0.0.1:50792,ESTABLISHED,8116
+nxserver.bin,TCP,127.0.0.1:49772,127.0.0.1:16950,ESTABLISHED,8116
-TCP,127.0.0.1:22921,127.0.0.1:49762,ESTABLISHED,8116
+nxserver.bin,TCP,127.0.0.1:49767,127.0.0.1:16619,ESTABLISHED,8116
-TCP,127.0.0.1:23938,127.0.0.1:50405,ESTABLISHED,11608
+nxserver.bin,TCP,127.0.0.1:49766,127.0.0.1:31770,ESTABLISHED,8116
-TCP,127.0.0.1:25001,127.0.0.1:50406,ESTABLISHED,11836
+nxserver.bin,TCP,127.0.0.1:49765,127.0.0.1:7039,ESTABLISHED,8116
-TCP,127.0.0.1:26068,127.0.0.1:50408,ESTABLISHED,11836
+nxserver.bin,TCP,127.0.0.1:49762,127.0.0.1:22921,ESTABLISHED,8116
-TCP,127.0.0.1:28488,127.0.0.1:50402,ESTABLISHED,11608
+nxserver.bin,TCP,127.0.0.1:49761,127.0.0.1:6363,ESTABLISHED,8116
-TCP,127.0.0.1:31770,127.0.0.1:49766,ESTABLISHED,8116
+nxserver.bin,TCP,127.0.0.1:49698,127.0.0.1:15907,ESTABLISHED,8116
-TCP,127.0.0.1:41112,127.0.0.1:50530,ESTABLISHED,8076
+AppleMobileDeviceService.exe,TCP,127.0.0.1:49674,127.0.0.1:5354,ESTABLISHED,4280
-TCP,127.0.0.1:49670,127.0.0.1:5354,ESTABLISHED,4280
+AppleMobileDeviceService.exe,TCP,127.0.0.1:49670,127.0.0.1:5354,ESTABLISHED,4280
-TCP,127.0.0.1:49674,127.0.0.1:5354,ESTABLISHED,4280
+tailscaled.exe,TCP,127.0.0.1:41112,127.0.0.1:50530,ESTABLISHED,8076
-TCP,127.0.0.1:49698,127.0.0.1:15907,ESTABLISHED,8116
+nxserver.bin,TCP,127.0.0.1:31770,127.0.0.1:49766,ESTABLISHED,8116
-TCP,127.0.0.1:49761,127.0.0.1:6363,ESTABLISHED,8116
+nxnode.bin,TCP,127.0.0.1:28488,127.0.0.1:50402,ESTABLISHED,11608
-TCP,127.0.0.1:49762,127.0.0.1:22921,ESTABLISHED,8116
+nxclient.bin,TCP,127.0.0.1:26068,127.0.0.1:50408,ESTABLISHED,11836
-TCP,127.0.0.1:49765,127.0.0.1:7039,ESTABLISHED,8116
+nxclient.bin,TCP,127.0.0.1:25001,127.0.0.1:50406,ESTABLISHED,11836
-TCP,127.0.0.1:49766,127.0.0.1:31770,ESTABLISHED,8116
+nxnode.bin,TCP,127.0.0.1:23938,127.0.0.1:50405,ESTABLISHED,11608
-TCP,127.0.0.1:49767,127.0.0.1:16619,ESTABLISHED,8116
+nxserver.bin,TCP,127.0.0.1:22921,127.0.0.1:49762,ESTABLISHED,8116
-TCP,127.0.0.1:49772,127.0.0.1:16950,ESTABLISHED,8116
+nxserver.bin,TCP,127.0.0.1:22890,127.0.0.1:50792,ESTABLISHED,8116
-TCP,127.0.0.1:50160,127.0.0.1:19492,ESTABLISHED,5544
+nxserver.bin,TCP,127.0.0.1:21968,127.0.0.1:50395,ESTABLISHED,8116
-TCP,127.0.0.1:50174,127.0.0.1:10055,ESTABLISHED,11608
+nxservice64.exe,TCP,127.0.0.1:19492,127.0.0.1:50160,ESTABLISHED,5544
-TCP,127.0.0.1:50395,127.0.0.1:21968,ESTABLISHED,11608
+nxclient.bin,TCP,127.0.0.1:19231,127.0.0.1:50409,ESTABLISHED,11836
-TCP,127.0.0.1:50397,127.0.0.1:17311,ESTABLISHED,11608
+nxnode.bin,TCP,127.0.0.1:17311,127.0.0.1:50397,ESTABLISHED,11608
-TCP,127.0.0.1:50402,127.0.0.1:28488,ESTABLISHED,11608
+nxserver.bin,TCP,127.0.0.1:16950,127.0.0.1:49772,ESTABLISHED,8116
-TCP,127.0.0.1:50405,127.0.0.1:23938,ESTABLISHED,11608
+nxserver.bin,TCP,127.0.0.1:16619,127.0.0.1:49767,ESTABLISHED,8116
-TCP,127.0.0.1:50406,127.0.0.1:25001,ESTABLISHED,11608
+nxserver.bin,TCP,127.0.0.1:15907,127.0.0.1:49698,ESTABLISHED,8116
-TCP,127.0.0.1:50407,127.0.0.1:10632,ESTABLISHED,11836
+nxclient.bin,TCP,127.0.0.1:10632,127.0.0.1:50407,ESTABLISHED,11836
-TCP,127.0.0.1:50408,127.0.0.1:26068,ESTABLISHED,11836
+nxnode.bin,TCP,127.0.0.1:10055,127.0.0.1:50174,ESTABLISHED,11608
-TCP,127.0.0.1:50409,127.0.0.1:19231,ESTABLISHED,11836
+nxserver.bin,TCP,127.0.0.1:7039,127.0.0.1:49765,ESTABLISHED,8116
-TCP,127.0.0.1:50530,127.0.0.1:41112,ESTABLISHED,14552
+nxserver.bin,TCP,127.0.0.1:6363,127.0.0.1:49761,ESTABLISHED,8116
-TCP,127.0.0.1:50778,127.0.0.1:4742,ESTABLISHED,8116
+mDNSResponder.exe,TCP,127.0.0.1:5354,127.0.0.1:49674,ESTABLISHED,4076
-TCP,127.0.0.1:50792,127.0.0.1:22890,ESTABLISHED,8116
+mDNSResponder.exe,TCP,127.0.0.1:5354,127.0.0.1:49670,ESTABLISHED,4076
-TCP,127.0.0.1:51758,127.0.0.1:51759,ESTABLISHED,8008
+nxserver.bin,TCP,127.0.0.1:4742,127.0.0.1:50778,ESTABLISHED,8116
-TCP,127.0.0.1:51759,127.0.0.1:51758,ESTABLISHED,8008
+nxserver.bin,TCP,104.194.122.206:53343,208.59.79.12:443,TIME_WAIT,0
-TCP,127.0.0.1:51760,127.0.0.1:51761,ESTABLISHED,10420
+nxserver.bin,TCP,104.194.122.206:53340,54.212.237.219:443,TIME_WAIT,0
-TCP,127.0.0.1:51761,127.0.0.1:51760,ESTABLISHED,10420
+firefox.exe,TCP,104.194.122.206:53339,54.212.237.219:443,ESTABLISHED,8008
-TCP,127.0.0.1:51977,127.0.0.1:51978,ESTABLISHED,17828
+firefox.exe,TCP,104.194.122.206:53337,54.212.237.219:443,ESTABLISHED,8008
-TCP,127.0.0.1:51978,127.0.0.1:51977,ESTABLISHED,17828
+firefox.exe,TCP,104.194.122.206:53335,208.59.79.12:443,TIME_WAIT,0
-TCP,127.0.0.1:51986,127.0.0.1:51987,ESTABLISHED,17244
+firefox.exe,TCP,104.194.122.206:53334,208.59.79.12:443,ESTABLISHED,8008
-TCP,127.0.0.1:51987,127.0.0.1:51986,ESTABLISHED,17244
+VSCodium.exe,TCP,104.194.122.206:53314,76.76.21.61:443,ESTABLISHED,3816
-TCP,[2620:f3:8000:5060:5939:a4c0:4f5b:113f]:52372,[2606:4700:3035::ac43:ca7b]:443,TIME_WAIT,0
+VSCodium.exe,TCP,104.194.122.206:53313,76.76.21.164:443,ESTABLISHED,3816
 VSCodium.exe,TCP,104.194.122.206:53312,76.76.21.164:443,CLOSE_WAIT,3816
 firefox.exe,TCP,104.194.122.206:53307,104.192.142.9:443,ESTABLISHED,8008
 firefox.exe,TCP,104.194.122.206:53300,54.201.164.58:443,TIME_WAIT,0
 firefox.exe,TCP,104.194.122.206:53299,35.186.227.140:443,ESTABLISHED,8008
 firefox.exe,TCP,104.194.122.206:53298,162.159.130.232:443,TIME_WAIT,0
 firefox.exe,TCP,104.194.122.206:53297,162.159.128.232:443,TIME_WAIT,0
 firefox.exe,TCP,104.194.122.206:53290,162.159.138.232:443,TIME_WAIT,0
 firefox.exe,TCP,104.194.122.206:53289,162.159.135.234:443,ESTABLISHED,8008
 firefox.exe,TCP,104.194.122.206:53284,72.21.91.29:80,TIME_WAIT,0
 firefox.exe,TCP,104.194.122.206:53160,142.250.191.106:443,ESTABLISHED,8008
 firefox.exe,TCP,104.194.122.206:53154,142.250.191.106:443,ESTABLISHED,8008
 firefox.exe,TCP,104.194.122.206:52525,104.192.142.11:443,ESTABLISHED,8008
 syncthing.exe,TCP,104.194.122.206:51451,172.245.94.35:22067,ESTABLISHED,8896
 tailscaled.exe,TCP,104.194.122.206:51107,18.156.90.224:80,ESTABLISHED,8076
 firefox.exe,TCP,104.194.122.206:50786,54.148.242.254:443,ESTABLISHED,8008
 tailscaled.exe,TCP,104.194.122.206:50750,199.38.182.118:443,ESTABLISHED,8076
 svchost.exe,TCP,104.194.122.206:49413,40.83.240.146:443,ESTABLISHED,6108
 VcomSvc.exe,TCP,100.106.209.107:56843,192.168.1.173:5000,ESTABLISHED,5936
 Windows System,TCP,100.106.209.107:52378,192.168.1.11:445,ESTABLISHED,4
 Windows System,TCP,100.106.209.107:52377,192.168.1.216:445,ESTABLISHED,4
		`@ -1 +1 @@`
			`,FRAMEWORKWIN/Cole,frameworkwin,19.09.2022 20:57,file:///C:/Users/Cole/AppData/Roaming/LibreOffice/4;`				`,FRAMEWORKWIN/Cole,frameworkwin,19.09.2022 23:09,file:///C:/Users/Cole/AppData/Roaming/LibreOffice/4;`