pstream 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/pstream +41 -3
- data/lib/pstream.rb +29 -37
- data/lib/pstream/stream.rb +10 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2afaa0231c97802387625086c64da95b5ce114c2
|
4
|
+
data.tar.gz: 6e187acbce7c6c027faafacdcf1cd732f63e9ecf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: becd5a9ac9389461223797903374a9b4d8d26384748bacd8f2d1bd4dbb512df26ed0b3a6d525d6407f36040dfb15c7230e52f188f5c26b62b2b504a2fcb832e1
|
7
|
+
data.tar.gz: 3a1f74c8c74442bb8b8a31743bdb2295b31686592d802a5992e5d1fadc4c9fd2d638719d598ddda6c40078f9a591b4c37daa2ac34062433a872160714da8b4d9
|
data/bin/pstream
CHANGED
@@ -41,6 +41,10 @@ def parse(args)
|
|
41
41
|
exit PStreamExit::GOOD
|
42
42
|
end
|
43
43
|
|
44
|
+
opts.on("--nocolor", "Disable colorized output") do
|
45
|
+
String.disable_colorization = true
|
46
|
+
end
|
47
|
+
|
44
48
|
opts.on("-s", "--stream=NUM", "Show specified stream") do |s|
|
45
49
|
options["stream"] = s.to_i
|
46
50
|
end
|
@@ -91,14 +95,48 @@ begin
|
|
91
95
|
pstream = PStream.new(options["pcap"])
|
92
96
|
|
93
97
|
if (options["stream"])
|
94
|
-
|
98
|
+
pstream.get_stream(
|
95
99
|
options["stream"].to_i,
|
96
100
|
options["prot"]
|
97
|
-
).contents
|
101
|
+
).contents.split("\n").each do |line|
|
102
|
+
m = line.match(/([0-9A-Fa-f]{8}) (.*) (.{17})/)
|
103
|
+
puts [
|
104
|
+
m[1].light_blue,
|
105
|
+
m[2].light_green,
|
106
|
+
m[3].white
|
107
|
+
].join(" ")
|
108
|
+
end
|
98
109
|
elsif (options["ciphers"])
|
99
110
|
puts pstream.ciphers
|
100
111
|
else
|
101
|
-
|
112
|
+
pstream.to_s.split("\n").each do |line|
|
113
|
+
case line
|
114
|
+
when /.*:$/
|
115
|
+
# Headers
|
116
|
+
puts line.white
|
117
|
+
when /<->/
|
118
|
+
# Streams
|
119
|
+
m = line.match(/([0-9]+) \| (.+) \| ([0-9]+ Frames)/)
|
120
|
+
puts [
|
121
|
+
m[1].light_blue,
|
122
|
+
m[2].light_green,
|
123
|
+
m[3].light_white
|
124
|
+
].join(" | ")
|
125
|
+
else
|
126
|
+
case line
|
127
|
+
when /Unknown/
|
128
|
+
puts line.light_yellow
|
129
|
+
when /NULL|MD5|RC4|anon/
|
130
|
+
# Bad cipher suites
|
131
|
+
puts line.light_red
|
132
|
+
when /E?(EC)?DHE?|AES_256/
|
133
|
+
# Great cipher suites
|
134
|
+
puts line.light_green
|
135
|
+
else
|
136
|
+
puts line.white
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
102
140
|
end
|
103
141
|
rescue PStream::Error => e
|
104
142
|
$stderr.puts e.message.red
|
data/lib/pstream.rb
CHANGED
@@ -2,8 +2,7 @@ require "pathname"
|
|
2
2
|
require "scoobydoo"
|
3
3
|
|
4
4
|
class PStream
|
5
|
-
attr_reader :
|
6
|
-
attr_reader :udp_streams
|
5
|
+
attr_reader :streams
|
7
6
|
|
8
7
|
def ciphers
|
9
8
|
# List ciphers during ssl handshake
|
@@ -16,24 +15,28 @@ class PStream
|
|
16
15
|
|
17
16
|
def get_stream(stream, prot = "tcp")
|
18
17
|
case prot
|
19
|
-
when
|
20
|
-
if (@
|
18
|
+
when /^tcp$/i
|
19
|
+
if (@streams["tcp"].empty? && !@streams["udp"].empty?)
|
21
20
|
return get_stream(stream, "udp")
|
22
21
|
end
|
23
|
-
if (stream >= @
|
22
|
+
if (stream >= @streams["tcp"].length)
|
23
|
+
if (stream < @streams["udp"].length)
|
24
|
+
return @streams["udp"][stream]
|
25
|
+
end
|
24
26
|
raise PStream::Error::StreamNotFound.new(stream, prot)
|
25
|
-
else
|
26
|
-
return @tcp_streams[stream]
|
27
27
|
end
|
28
|
-
|
29
|
-
|
30
|
-
|
28
|
+
return @streams["tcp"][stream]
|
29
|
+
when /^udp$/i
|
30
|
+
if (@streams["udp"].empty? && !@streams["tcp"].empty?)
|
31
|
+
return get_stream(stream, "tcp")
|
31
32
|
end
|
32
|
-
if (stream >= @
|
33
|
+
if (stream >= @streams["udp"].length)
|
34
|
+
if (stream < @streams["tcp"].length)
|
35
|
+
return @streams["tcp"][stream]
|
36
|
+
end
|
33
37
|
raise PStream::Error::StreamNotFound.new(stream, prot)
|
34
|
-
else
|
35
|
-
return @udp_streams[stream]
|
36
38
|
end
|
39
|
+
return @streams["udp"][stream]
|
37
40
|
else
|
38
41
|
raise PStream::Error::ProtocolNotSupported.new(prot)
|
39
42
|
end
|
@@ -41,7 +44,7 @@ class PStream
|
|
41
44
|
|
42
45
|
def get_streams(prot)
|
43
46
|
case prot
|
44
|
-
when
|
47
|
+
when /^tcp$/i, /^udp$/i
|
45
48
|
# Do nothing
|
46
49
|
else
|
47
50
|
raise PStream::Error::ProtocolNotSupported.new(prot)
|
@@ -57,11 +60,7 @@ class PStream
|
|
57
60
|
count = 0
|
58
61
|
out.split("\n").each do |line|
|
59
62
|
desc, frames = line.split(" | ")
|
60
|
-
|
61
|
-
id = count
|
62
|
-
id = desc.gsub(" <-> ", ",") if (prot == "udp")
|
63
|
-
|
64
|
-
streams.push(Stream.new(@pcap, prot, id, desc, frames))
|
63
|
+
streams.push(Stream.new(@pcap, prot, count, desc, frames))
|
65
64
|
count += 1
|
66
65
|
end
|
67
66
|
|
@@ -82,8 +81,10 @@ class PStream
|
|
82
81
|
raise PStream::Error::PcapNotReadable.new(@pcap)
|
83
82
|
end
|
84
83
|
|
85
|
-
@
|
86
|
-
|
84
|
+
@streams = Hash.new
|
85
|
+
["tcp", "udp"].each do |prot|
|
86
|
+
@streams[prot] = get_streams(prot)
|
87
|
+
end
|
87
88
|
end
|
88
89
|
|
89
90
|
def negotiated_ciphers
|
@@ -99,23 +100,14 @@ class PStream
|
|
99
100
|
def summary
|
100
101
|
ret = Array.new
|
101
102
|
|
102
|
-
# List
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
ret.push("")
|
110
|
-
|
111
|
-
# List UDP streams
|
112
|
-
ret.push("UDP Streams:")
|
113
|
-
count = 0
|
114
|
-
@udp_streams.each do |stream|
|
115
|
-
ret.push("#{count} | #{stream.desc} | #{stream.frames}")
|
116
|
-
count += 1
|
103
|
+
# List streams
|
104
|
+
["tcp", "udp"].each do |prot|
|
105
|
+
ret.push("#{prot} streams:")
|
106
|
+
@streams[prot].each do |s|
|
107
|
+
ret.push("#{s.id} | #{s.desc} | #{s.frames}")
|
108
|
+
end
|
109
|
+
ret.push("")
|
117
110
|
end
|
118
|
-
ret.push("")
|
119
111
|
|
120
112
|
# List ciphers that were actually selected
|
121
113
|
ret.push("Ciphers in use:")
|
data/lib/pstream/stream.rb
CHANGED
@@ -4,8 +4,17 @@ class PStream::Stream
|
|
4
4
|
attr_reader :id
|
5
5
|
|
6
6
|
def contents
|
7
|
+
case @prot
|
8
|
+
when /^tcp$/i
|
9
|
+
id=@id
|
10
|
+
when /^udp$/i
|
11
|
+
id=@desc.gsub(" <-> ", ",")
|
12
|
+
else
|
13
|
+
raise PStream::Error::ProtocolNotSupported.new(@prot)
|
14
|
+
end
|
15
|
+
|
7
16
|
out = %x(
|
8
|
-
tshark -r #{@pcap} -z follow,#{@prot},hex,#{
|
17
|
+
tshark -r #{@pcap} -z follow,#{@prot},hex,#{id} | \
|
9
18
|
sed "s|^ ||" | \grep -E "^[0-9A-Fa-f]{8}"
|
10
19
|
)
|
11
20
|
return out
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pstream
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Miles Whittaker
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-03-
|
11
|
+
date: 2016-03-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: colorize
|