You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
170 lines
6.3 KiB
Python
170 lines
6.3 KiB
Python
from util import find_data_file
|
|
from util import setup_child
|
|
from util import fprint
|
|
from util import run_cmd
|
|
from util import win32
|
|
from util import linux
|
|
from util import macos
|
|
import util
|
|
import time
|
|
import csv
|
|
|
|
|
|
|
|
def process(data):
|
|
setup_child()
|
|
fprint("netstat processing")
|
|
if win32:
|
|
#output = data.stdout
|
|
#print(output)
|
|
output = data.stdout.decode().split('\r\n') # split stdout into lines
|
|
#print(output)
|
|
if output[0].find("The requested operation requires elevation.") >= 0:
|
|
#print("test3")
|
|
raise PermissionError("Unable to acquire netstat data without admin!")
|
|
#print("test2")
|
|
output2 = list()
|
|
output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata
|
|
#print(output2)
|
|
procname = ""
|
|
"""for x in range(4, len(output)):
|
|
tmp = output[x].split(" ")
|
|
print(tmp)
|
|
tmp = [i for i in output[x] if i]
|
|
print(tmp)
|
|
print(len(tmp))
|
|
if len(len(tmp) == 1):
|
|
procname = tmp[0]
|
|
print(x)
|
|
else:
|
|
print(x)
|
|
output2[x] = list()
|
|
output2[x].append(procname)
|
|
output2[x].append(output[x].split(" "))
|
|
output2[x] = [i for i in output2[x] if i]
|
|
output2 = [i for i in output2 if i]
|
|
print(output2)"""
|
|
x = len(output) - 1 # start at the end because filename comes after connection
|
|
procname = "Unknown" # if the very last connection happens to have no file (yes, it's possible), we can say unknown
|
|
while x > 3:
|
|
string = output[x]
|
|
#print("LINE: ", string)
|
|
string_split = string.split(" ")
|
|
string_split = [i for i in string_split if i]
|
|
if string.find("Can not obtain ownership information") >= 0: # Higher privilige than us, must be system
|
|
procname = "Windows System"
|
|
elif string.find("]") >= 0 and string.find("[") == 1: # generic [file.exe]
|
|
procname = string[2:-1]
|
|
elif len(string_split) == 5: # actual netstat line
|
|
tmp = [procname,] # add executable name first
|
|
tmp.extend(string.split(" "))
|
|
tmp = [i for i in tmp if i]
|
|
#print(tmp)
|
|
output2.append(tmp)
|
|
#else: # In case of an extra line above file, or an empty line, ignore it
|
|
#print("Garbage data", string)
|
|
x = x - 1
|
|
#output2 = output2[2:]
|
|
#print(output2)
|
|
with open(find_data_file(util.datafile), "w", newline="") as f:
|
|
writer = csv.writer(f)
|
|
writer.writerows(output2)
|
|
fprint("done creating csv")
|
|
|
|
if linux:
|
|
output = data.stdout.decode().split('\n') # split stdout into lines
|
|
output = [i for i in output if i]
|
|
if output[0].find("Not all processes could be identified") >= 0:
|
|
fprint("Not enough permissions")
|
|
raise PermissionError("Unable to acquire netstat data without admin!")
|
|
output2 = list()
|
|
output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata
|
|
for line in output:
|
|
string_split = line.split(" ")
|
|
string_split = [i for i in string_split if i]
|
|
#fprint("Input: " + str(string_split))
|
|
|
|
if string_split[0].find("Active") >= 0 or string_split[0].find("Proto") >= 0:
|
|
continue
|
|
|
|
if len(string_split) == 6: # no connection status
|
|
#fprint(string_split)
|
|
string_split.append(string_split[-1])
|
|
string_split[-2] = "UNKNOWN"
|
|
#fprint(string_split)
|
|
|
|
procname = string_split[6]
|
|
if procname != "-":
|
|
string_split2 = procname.split("/")
|
|
procname = string_split2[1]
|
|
pid = string_split2[0]
|
|
else:
|
|
pid = "Unknown"
|
|
|
|
output2.append([procname, string_split[0], string_split[3], string_split[4], string_split[5], pid])
|
|
#fprint(output2)
|
|
|
|
with open(find_data_file(util.datafile), "w", newline="") as f:
|
|
writer = csv.writer(f)
|
|
writer.writerows(output2)
|
|
fprint("done creating csv")
|
|
|
|
if macos:
|
|
output = data.stdout.decode().split('\n') # split stdout into lines
|
|
#output = data.stdout.decode().split(',')
|
|
#fprint("output data: " + str(output))
|
|
output = [i for i in output if i]
|
|
if output[0].find("Not all processes could be identified") >= 0:
|
|
fprint("Not enough permissions")
|
|
raise PermissionError("Unable to acquire netstat data without admin!")
|
|
output2 = list()
|
|
output2.append([util.sysid, util.userid, util.sysdom, util.time()]) # add metadata
|
|
for line in output:
|
|
string_split = line.split(" ")
|
|
string_split = [i for i in string_split if i]
|
|
#fprint("Input: " + str(string_split))
|
|
|
|
if string_split[1].find("Multipath") >= 0:
|
|
break
|
|
if string_split[0].find("Active") >= 0 or string_split[0].find("Proto") >= 0:
|
|
continue
|
|
|
|
if len(string_split) == 10: # no connection status
|
|
#fprint(string_split)
|
|
string_split.append(string_split[-1])
|
|
string_split[-7] = "UNKNOWN"
|
|
string_split[-4] = string_split[-5]
|
|
#fprint(string_split)
|
|
|
|
|
|
|
|
output2.append(["Unknown", string_split[0], string_split[3], string_split[4], string_split[5], string_split[8]])
|
|
#fprint("FINAL CSV: " + str(output2))
|
|
|
|
with open(find_data_file(util.datafile), "w", newline="") as f:
|
|
writer = csv.writer(f)
|
|
writer.writerows(output2)
|
|
fprint("done creating csv")
|
|
|
|
|
|
|
|
def start():
|
|
setup_child()
|
|
fprint("netstat started")
|
|
|
|
if win32:
|
|
data = run_cmd("netstat -n -o -b")
|
|
fprint("data acquired")
|
|
return data
|
|
|
|
if linux:
|
|
data = run_cmd("netstat -atunpw")
|
|
fprint("data acquired")
|
|
return data
|
|
|
|
if macos:
|
|
data = run_cmd("netstat -anv")
|
|
fprint("data acquired")
|
|
return data
|
|
|