from util import find_data_file from util import setup_child from util import fprint from util import run_cmd from util import win32 from util import linux from util import macos from ippigeon import settings import util import time import csv def process(data): setup_child() fprint("netstat processing", settings) if win32: #output = data.stdout #print(output) output = data.stdout.decode().split('\r\n') # split stdout into lines #print(output) if output[0].find("The requested operation requires elevation.") >= 0: #print("test3") raise PermissionError("Unable to acquire netstat data without admin!") #print("test2") output2 = list() output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata #print(output2) procname = "" """for x in range(4, len(output)): tmp = output[x].split(" ") print(tmp) tmp = [i for i in output[x] if i] print(tmp) print(len(tmp)) if len(len(tmp) == 1): procname = tmp[0] print(x) else: print(x) output2[x] = list() output2[x].append(procname) output2[x].append(output[x].split(" ")) output2[x] = [i for i in output2[x] if i] output2 = [i for i in output2 if i] print(output2)""" x = len(output) - 1 # start at the end because filename comes after connection procname = "Unknown" # if the very last connection happens to have no file (yes, it's possible), we can say unknown while x > 3: string = output[x] #print("LINE: ", string) string_split = string.split(" ") string_split = [i for i in string_split if i] if string.find("Can not obtain ownership information") >= 0: # Higher privilige than us, must be system procname = "Windows System" elif string.find("]") >= 0 and string.find("[") == 1: # generic [file.exe] procname = string[2:-1] elif len(string_split) == 5: # actual netstat line tmp = [procname,] # add executable name first tmp.extend(string.split(" ")) tmp = [i for i in tmp if i] #print(tmp) output2.append(tmp) #else: # In case of an extra line above file, or an empty line, ignore it #print("Garbage data", string) x = x - 1 #output2 = output2[2:] #print(output2) with open(find_data_file(util.datafile), "w", newline="") as f: writer = csv.writer(f) writer.writerows(output2) fprint("done creating csv", settings) if linux: output = data.stdout.decode().split('\n') # split stdout into lines output = [i for i in output if i] if output[0].find("Not all processes could be identified") >= 0: fprint("Not enough permissions", settings) raise PermissionError("Unable to acquire netstat data without admin!") output2 = list() output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata for line in output: string_split = line.split(" ") string_split = [i for i in string_split if i] #fprint("Input: " + str(string_split)) if string_split[0].find("Active") >= 0 or string_split[0].find("Proto") >= 0: continue if len(string_split) == 6: # no connection status #fprint(string_split) string_split.append(string_split[-1]) string_split[-2] = "UNKNOWN" #fprint(string_split) procname = string_split[6] if procname != "-": string_split2 = procname.split("/") procname = string_split2[1] pid = string_split2[0] else: pid = "Unknown" output2.append([procname, string_split[0], string_split[3], string_split[4], string_split[5], pid]) #fprint(output2) with open(find_data_file(util.datafile), "w", newline="") as f: writer = csv.writer(f) writer.writerows(output2) fprint("done creating csv", settings) if macos: output = data.stdout.decode().split('\n') # split stdout into lines #output = data.stdout.decode().split(',') #fprint("output data: " + str(output)) output = [i for i in output if i] if output[0].find("Not all processes could be identified") >= 0: fprint("Not enough permissions", settings) raise PermissionError("Unable to acquire netstat data without admin!") output2 = list() output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata for line in output: string_split = line.split(" ") string_split = [i for i in string_split if i] #fprint("Input: " + str(string_split)) if string_split[1].find("Multipath") >= 0: break if string_split[0].find("Active") >= 0 or string_split[0].find("Proto") >= 0: continue if len(string_split) == 10: # no connection status #fprint(string_split) string_split.append(string_split[-1]) string_split[-7] = "UNKNOWN" string_split[-4] = string_split[-5] #fprint(string_split) output2.append(["Unknown", string_split[0], string_split[3], string_split[4], string_split[5], string_split[8]]) #fprint("FINAL CSV: " + str(output2)) with open(find_data_file(util.datafile), "w", newline="") as f: writer = csv.writer(f) writer.writerows(output2) fprint("done creating csv", settings) def start(): setup_child() fprint("netstat started", settings) if win32: data = run_cmd("netstat -n -o -b") fprint("data acquired", settings) return data if linux: data = run_cmd("netstat -atunpw") fprint("data acquired", settings) return data if macos: data = run_cmd("netstat -anv") fprint("data acquired", settings) return data