pretty

Saturday, April 28, 2012

Compare directories and generate diff

A small directory comparison script

This only works on a flat file structure no subdirs.
The comparison is only one way.
Files thats found in new will be copied to a separate directory 

import filecmp
import shutil
 
old = "/tmp/old/"
new = "/tmp/new/"
diff_new = "/tmp/diff/"
 
new_list = filecmp.dircmp(old,new).right_only
 
for newfile in new_list:
 shutil.copy(new+newfile,diff_new+newfile)
I might get back with at more complex script that handles recursion and two way diff
Posted by at No comments:
Labels: , ,

Generate testfiles with dd 


#!/bin/bash
for i in {7..12}
do
   dd if=/dev/zero of=test$i.bin bs=1000 count=1
done
Posted by at No comments:
Labels: , , ,

Thursday, April 26, 2012

Python ip to int and int to ip

Adapted from various sources



def to_ip( intip ):
    triplets = []
    for exp in [3,2,1,0]:
        triplets.append (str(intip / ( 256 ** exp )))
        intip = intip % ( 256 ** exp )
    return('.'.join(triplets))
     
def to_int( dotted_ip ):
    exp = 3
    intip = 0
    for quad in dotted_ip.split('.'):
        intip = intip + (int(quad) * (256 ** exp))
        exp = exp - 1
    return(intip)

a = "192.168.1.1"
print to_int(a)
print to_ip(3232235777)

Posted by at No comments:
Labels:

Sunday, April 22, 2012

Tshark one liners


Show uris

tshark -T fields -e http.request.uri | grep -v “^$”

Unique urls

tshark -r sample.pcap -R http.request -T fields -e http.host -e http.request.uri | sort -u

Top ten urls from (http://goo.gl/qd5aI)

tshark -r sample1.cap -R http.request 
-T fields -e http.host -e http.request.uri |
sed -e 's/?.*$//' |
sed -e 's#^\(.*\)\t\(.*\)$#http://\1\2#' |
sort | uniq -c | sort -rn | head


List user agents

sudo tshark -nn -r capture_file.pcap -Tfields -e ip.src -e http.user_agent -R "http.user_agent"


List conversations 



tshark -r sample.pcap  -tad -R"tcp" -o column.format:'"Time","%t", "Source", "%s","Destination", "%d"'


tshark -r samples.cap -q -z conv,tcp


HTTP statistics

tshark -q -z http,stat, -z http,tree -r sample.pcap

DNS


Show responses

tshark -tad -r lupus.pcap -R dns.flags.response==1

Posted by at 2 comments:
Labels: ,

Saturday, April 14, 2012

Get your computer's IP adresses Python

Using IP lookupservice


import urllib2

def get_external_ip():
    ip = urllib2.urlopen("http://automation.whatismyip.com/n09230945.asp").read()
return ip

Simple approach


import socket

def get_ip():

    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.connect(("google.com", 80))
    ip = s.getsockname()[0] 
    s.close()
    return ip

Get them all by using fcntl systemcall on Linux


#!/usr/bin/env python
"""Module for getting IP Addresses from the local computer.
This only works for Linux, but should always work despite what 
may or may not be in /etc/hosts. 
A cross-platform approach is to set up a dummy socket and inspect
the sockname.
This is based originally on a snippet from Charles G Waldman on the
mailing list.
http://mail.python.org/pipermail/python-list/1999-August/009153.html
Errors are my own."""

import socket
import fcntl

def get_ip_address():
    """Returns a dictionary of interfaces and IP Addresses."""
    iflist = open("/proc/net/dev").readlines()
    dummy_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    ip_addresses = {}
    for line in iflist:
        if ':' not in line:
            continue
        ifname = line.split(':')[0].strip()
        ifr = ifname + '\0' * (32 - len(ifname))
        try:
            requ = fcntl.ioctl(dummy_sock.fileno(),
                               0x8915, # The magic SIOCGIFADDR
                               ifr)
        except IOError:
            print "Your loopback device may be dead."
            print "Check your system settings."
            
        addr = []
        for i in requ[20:24]: 
            addr.append(ord(i)) 
        ip_addresses[ifname] = addr
    return ip_addresses
        
def main():
    """When called directly, let's print the results in a 
    human readable format."""
    result = get_ip_address()
    for i in result:
        ient = ""
        for j in result[i]:
            ient += str(j) + '.'
        ient = ient.rstrip('.')
        print i, ient

# start the ball rolling
if __name__ == "__main__": 
    main()
Posted by at No comments:
Labels: , ,

Fetch all wireshark sample captures

lynx -dump 'http://wiki.wireshark.org/SampleCaptures' |  grep -Eh --only-matching 'http://[^ ]+' | grep AttachFile.*target= | sed 's/do=view/do=get/' | sort | uniq | while read i; do wget -O ${i##*=} "$i"; done
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)