Interfaz/ff
6
0
Fork 0
Code Issues Pull Requests Projects Releases 31 Wiki Activity
Files
23a3f27b574e67528e41ad7eac9e04b18d78edf6
ff/netstat.py
mkang18 23a3f27b57 mac compatibility
2022-11-02 13:05:39 -05:00

130 lines
4.8 KiB
Python
Raw Blame History

from util import find_data_file
from util import setup_child
from util import fprint
from util import run_cmd
from util import win32
from util import linux
from util import macos
import util
import time
import csv
def process(data):
setup_child()
fprint("netstat processing")
if win32:
#output = data.stdout
#print(output)
output = data.stdout.decode().split('\r\n') # split stdout into lines
#print(output)
if output[0].find("The requested operation requires elevation.") >= 0:
#print("test3")
raise PermissionError("Unable to acquire netstat data without admin!")
#print("test2")
output2 = list()
output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata
#print(output2)
procname = ""
"""for x in range(4, len(output)):
tmp = output[x].split(" ")
print(tmp)
tmp = [i for i in output[x] if i]
print(tmp)
print(len(tmp))
if len(len(tmp) == 1):
procname = tmp[0]
print(x)
else:
print(x)
output2[x] = list()
output2[x].append(procname)
output2[x].append(output[x].split(" "))
output2[x] = [i for i in output2[x] if i]
output2 = [i for i in output2 if i]
print(output2)"""
x = len(output) - 1 # start at the end because filename comes after connection
procname = "Unknown" # if the very last connection happens to have no file (yes, it's possible), we can say unknown
while x > 3:
string = output[x]
#print("LINE: ", string)
string_split = string.split(" ")
string_split = [i for i in string_split if i]
if string.find("Can not obtain ownership information") >= 0: # Higher privilige than us, must be system
procname = "Windows System"
elif string.find("]") >= 0 and string.find("[") == 1: # generic [file.exe]
procname = string[2:-1]
elif len(string_split) == 5: # actual netstat line
tmp = [procname,] # add executable name first
tmp.extend(string.split(" "))
tmp = [i for i in tmp if i]
#print(tmp)
output2.append(tmp)
#else: # In case of an extra line above file, or an empty line, ignore it
#print("Garbage data", string)
x = x - 1
#output2 = output2[2:]
#print(output2)
with open(find_data_file(util.datafile), "w", newline="") as f:
writer = csv.writer(f)
writer.writerows(output2)
fprint("done creating csv")
if linux or macos:
output = data.stdout.decode().split('\n') # split stdout into lines
#output = data.stdout.decode().split(',')
#fprint("output data: " + str(output))
output = [i for i in output if i]
if output[0].find("Not all processes could be identified") >= 0:
fprint("Not enough permissions")
raise PermissionError("Unable to acquire netstat data without admin!")
output2 = list()
output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata
for line in output:
string_split = line.split(" ")
string_split = [i for i in string_split if i]
fprint("Input: " + str(string_split))
if string_split[1].find("Multipath") >= 0:
break
if string_split[0].find("Active") >= 0 or string_split[0].find("Proto") >= 0:
continue
if len(string_split) == 10: # no connection status
fprint(string_split)
string_split.append(string_split[-1])
string_split[-7] = "UNKNOWN"
string_split[-4] = string_split[-5]
fprint(string_split)
output2.append(["", string_split[0], string_split[3], string_split[4], string_split[5], string_split[8]])
fprint("FINAL CSV: " + str(output2))
with open(find_data_file(util.datafile), "w", newline="") as f:
writer = csv.writer(f)
writer.writerows(output2)
fprint("done creating csv")
def start():
setup_child()
fprint("netstat started")
if win32:
data = run_cmd("netstat -n -o -b")
fprint("data acquired")
return data
if linux:
data = run_cmd("netstat -atunpw")
fprint("data acquired")
return data
if macos:
data = run_cmd("netstat -anv")
fprint("data acquired")
return data
Reference in New Issue View Git Blame Copy Permalink