pretty

Sunday, November 25, 2012

File modification time python 



import os, time
(mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.stat(file)
print "last modified: %s" % time.ctime(mtime)

http://stackoverflow.com/questions/237079/how-to-get-file-creation-modification-date-times-in-python
Posted by at No comments:
Labels: , , ,

Wednesday, November 14, 2012

Update all python pip packages 


import pip
from subprocess import call

for dist in pip.get_installed_distributions():
    call("pip install --upgrade " + dist.project_name, shell=True)
i use it with ipython 

sudo ipython
""" Cut the code above and type
%paste
Posted by at No comments:
Labels: , ,

Monday, November 5, 2012

Kill process with python on linux 



import os
import signal

def kill_process(processname):
    for line in os.popen("ps xa"):
        fields = line.split()
        pid = fields[0]
        process = fields[4]
        print process
        if process == processname:
            os.kill(int(pid), signal.SIGKILL)
            break
        else:
            pass
look here for a windows solution or google it
Posted by at No comments:
Labels: , ,

Tuesday, October 30, 2012

Adding or subtracting a date in python

Some examples for calculating dates in the past and future. 

import datetime
"""
use timedelta for rolling dates
datetime.timedelta(days=0, seconds=0, microseconds=0, milliseconds=0, minutes=0, 
hours=0, weeks=0)
"""
a_week_ago = datetime.datetime.now() - datetime.timedelta(weeks=1)
tomorrow = datetime.date.today() + datetime.timedelta(days=1)
print a_week_ago
#2012-10-23 21:58:00.109116
print tomorrow
#2012-10-31
#and so on . . .
more here
and here
Posted by at No comments:
Labels: , , ,

Python datetime to unix timestamp

The most simple solution for converting datetime to unix timestamp 


import datetime
import time
import calendar

#Returns string
d = datetime.datetime.now()
d.strftime('%s')

#another solution returns int
calendar.timegm(d.timetuple())

#Yet another solution, returns float
time.mktime(d.timetuple())

Posted by at No comments:
Labels: , , , ,

Monday, October 15, 2012

Sanitize tshark date

A script to format date from tshark in a customizable way.
usage


tshark -tad -r example.pcap -T fields -e frame.time_epoch -e ip.src -e ip.dst | ./epochtodate.py  


2009-12-16 12:25:37 570704 10.0.2.15 224.0.0.251
2009-12-16 12:25:38 802853 10.0.2.15 194.179.1.100
2009-12-16 12:25:43 808373 10.0.2.15 62.14.2.1
2009-12-16 12:25:43 976156 62.14.2.1 10.0.2.15
2009-12-16 12:25:43 979653 10.0.2.15 194.179.1.100
2009-12-16 12:25:48 983549 10.0.2.15 62.14.2.1
2009-12-16 12:25:49 148470 62.14.2.1 10.0.2.15
2009-12-16 12:25:49 148789 10.0.2.15 194.179.1.100
2009-12-16 12:25:49 228531 194.179.1.100 10.0.2.15



#!/usr/bin/python
'''
Convert tshark frame.time_epoch to readable date
'''
import datetime
import fileinput
import re

def epochtodate(line):
    re_epoch = re.compile("([0-9]{10}\.[0-9]{9})")
    found = re_epoch.search(line)
    
    if found:
        nowstring =  datetime.datetime.fromtimestamp(float(found.group(1))).strftime('%Y-%m-%d %H:%M:%S %f')
        line = re.sub("[0-9]{10}\.[0-9]{9}",nowstring,line)
        print line.rstrip("\n")
    else:
        print line

for line in fileinput.input():
    epochtodate(line)

Posted by at No comments:
Labels: , ,

Thursday, October 4, 2012

Sort a dictionary in python

Sort by value

http://stackoverflow.com/questions/613183/python-sort-a-dictionary-by-value 

import operator
x = {1: 2, 3: 4, 4:3, 2:1, 0:0}
sorted_x = sorted(x.iteritems(), key=operator.itemgetter(1))
If you want to have descending just add reverse=True 

sorted_x = sorted(x.iteritems(), key=operator.itemgetter(1), reverse=True)

Sort by key

http://stackoverflow.com/questions/9001509/python-dictionary-sort-by-key 

import collections

d = {2:3, 1:89, 4:5, 3:0}
od = collections.OrderedDict(sorted(d.items()))
Posted by at No comments:
Labels: , ,

Monday, September 10, 2012

Scapy and HTTP

Found a HTTP dissector for scapy
A test that displays Requests and Responses 

#!/usr/bin/env python
# -*- coding: UTF-8 -*-
try:
    import scapy.all as scapy
except ImportError:
    import scapy

import HTTP

packets = scapy.rdpcap('example.pcap')
for p in packets:
    if p.haslayer("HTTPRequest") :
        #print p['TCP'].getfieldval('dport')
        print p.getlayer('HTTP Request')  
    if  p.haslayer("HTTPResponse"):
        print p.getlayer('HTTP Response')
        
print "done"

Posted by at No comments:
Labels: , , ,

Thursday, May 10, 2012

Supress Mysqldb warnings in python 


from warnings import filterwarnings
import MySQLdb as Database
filterwarnings('ignore', category = Database.Warning)

Re enable


from warnings import resetwarnings
resetwarnings()
Thanks! You saved my day
Posted by at No comments:
Labels: ,

rsync. copy folder recursive 


dirum@lupus:~$ rsync -azv /var/log /tmp/temp/
< supressed output >
dirum@lupus:~$ ls /tmp/temp
log
dirum@lupus:~$

Posted by at No comments:
Labels: ,

Get that datetime string in python 


import datetime
nowstring =  datetime.datetime.now().strftime("%Y-%m-%d %H-%M-%S") 
print (nowstring)
Posted by at No comments:
Labels: ,

Saturday, April 28, 2012

Compare directories and generate diff

A small directory comparison script

This only works on a flat file structure no subdirs.
The comparison is only one way.
Files thats found in new will be copied to a separate directory 

import filecmp
import shutil
 
old = "/tmp/old/"
new = "/tmp/new/"
diff_new = "/tmp/diff/"
 
new_list = filecmp.dircmp(old,new).right_only
 
for newfile in new_list:
 shutil.copy(new+newfile,diff_new+newfile)
I might get back with at more complex script that handles recursion and two way diff
Posted by at No comments:
Labels: , ,

Generate testfiles with dd 


#!/bin/bash
for i in {7..12}
do
   dd if=/dev/zero of=test$i.bin bs=1000 count=1
done
Posted by at No comments:
Labels: , , ,

Thursday, April 26, 2012

Python ip to int and int to ip

Adapted from various sources



def to_ip( intip ):
    triplets = []
    for exp in [3,2,1,0]:
        triplets.append (str(intip / ( 256 ** exp )))
        intip = intip % ( 256 ** exp )
    return('.'.join(triplets))
     
def to_int( dotted_ip ):
    exp = 3
    intip = 0
    for quad in dotted_ip.split('.'):
        intip = intip + (int(quad) * (256 ** exp))
        exp = exp - 1
    return(intip)

a = "192.168.1.1"
print to_int(a)
print to_ip(3232235777)

Posted by at No comments:
Labels:

Sunday, April 22, 2012

Tshark one liners


Show uris

tshark -T fields -e http.request.uri | grep -v “^$”

Unique urls

tshark -r sample.pcap -R http.request -T fields -e http.host -e http.request.uri | sort -u

Top ten urls from (http://goo.gl/qd5aI)

tshark -r sample1.cap -R http.request 
-T fields -e http.host -e http.request.uri |
sed -e 's/?.*$//' |
sed -e 's#^\(.*\)\t\(.*\)$#http://\1\2#' |
sort | uniq -c | sort -rn | head


List user agents

sudo tshark -nn -r capture_file.pcap -Tfields -e ip.src -e http.user_agent -R "http.user_agent"


List conversations 



tshark -r sample.pcap  -tad -R"tcp" -o column.format:'"Time","%t", "Source", "%s","Destination", "%d"'


tshark -r samples.cap -q -z conv,tcp


HTTP statistics

tshark -q -z http,stat, -z http,tree -r sample.pcap

DNS


Show responses

tshark -tad -r lupus.pcap -R dns.flags.response==1

Posted by at 2 comments:
Labels: ,

Saturday, April 14, 2012

Get your computer's IP adresses Python

Using IP lookupservice


import urllib2

def get_external_ip():
    ip = urllib2.urlopen("http://automation.whatismyip.com/n09230945.asp").read()
return ip

Simple approach


import socket

def get_ip():

    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.connect(("google.com", 80))
    ip = s.getsockname()[0] 
    s.close()
    return ip

Get them all by using fcntl systemcall on Linux


#!/usr/bin/env python
"""Module for getting IP Addresses from the local computer.
This only works for Linux, but should always work despite what 
may or may not be in /etc/hosts. 
A cross-platform approach is to set up a dummy socket and inspect
the sockname.
This is based originally on a snippet from Charles G Waldman on the
mailing list.
http://mail.python.org/pipermail/python-list/1999-August/009153.html
Errors are my own."""

import socket
import fcntl

def get_ip_address():
    """Returns a dictionary of interfaces and IP Addresses."""
    iflist = open("/proc/net/dev").readlines()
    dummy_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    ip_addresses = {}
    for line in iflist:
        if ':' not in line:
            continue
        ifname = line.split(':')[0].strip()
        ifr = ifname + '\0' * (32 - len(ifname))
        try:
            requ = fcntl.ioctl(dummy_sock.fileno(),
                               0x8915, # The magic SIOCGIFADDR
                               ifr)
        except IOError:
            print "Your loopback device may be dead."
            print "Check your system settings."
            
        addr = []
        for i in requ[20:24]: 
            addr.append(ord(i)) 
        ip_addresses[ifname] = addr
    return ip_addresses
        
def main():
    """When called directly, let's print the results in a 
    human readable format."""
    result = get_ip_address()
    for i in result:
        ient = ""
        for j in result[i]:
            ient += str(j) + '.'
        ient = ient.rstrip('.')
        print i, ient

# start the ball rolling
if __name__ == "__main__": 
    main()
Posted by at No comments:
Labels: , ,

Fetch all wireshark sample captures

lynx -dump 'http://wiki.wireshark.org/SampleCaptures' |  grep -Eh --only-matching 'http://[^ ]+' | grep AttachFile.*target= | sed 's/do=view/do=get/' | sort | uniq | while read i; do wget -O ${i##*=} "$i"; done
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)