xbase-util 0.4.8__tar.gz → 0.5.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. {xbase_util-0.4.8 → xbase_util-0.5.0}/PKG-INFO +1 -1
  2. {xbase_util-0.4.8 → xbase_util-0.5.0}/setup.py +1 -1
  3. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/packet_util.py +11 -11
  4. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/PKG-INFO +1 -1
  5. {xbase_util-0.4.8 → xbase_util-0.5.0}/README.md +0 -0
  6. {xbase_util-0.4.8 → xbase_util-0.5.0}/setup.cfg +0 -0
  7. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/__init__.py +0 -0
  8. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/add_column_util.py +0 -0
  9. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/dangerous_util.py +0 -0
  10. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/__init__.py +0 -0
  11. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/ConfigBean.py +0 -0
  12. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
  13. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/FlowBean.py +0 -0
  14. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
  15. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/bean/__init__.py +0 -0
  16. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/ConfigDao.py +0 -0
  17. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
  18. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/FlowDao.py +0 -0
  19. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
  20. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/dao/__init__.py +0 -0
  21. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/db/initsqlite3.py +0 -0
  22. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/es_db_util.py +0 -0
  23. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/esreq.py +0 -0
  24. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/geo_util.py +0 -0
  25. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/handle_features_util.py +0 -0
  26. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/pcap_util.py +0 -0
  27. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/xbase_constant.py +0 -0
  28. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util/xbase_util.py +0 -0
  29. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/SOURCES.txt +0 -0
  30. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/dependency_links.txt +0 -0
  31. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/not-zip-safe +0 -0
  32. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util.egg-info/top_level.txt +0 -0
  33. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  34. {xbase_util-0.4.8 → xbase_util-0.5.0}/xbase_util_assets/arkimeparse.js +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.4.8
3
+ Version: 0.5.0
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.4.8",
6
+ version="0.5.0",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
@@ -59,12 +59,10 @@ def get_all_columns(
59
59
 
60
60
 
61
61
  def get_all_packets_by_reg(packets):
62
- req_pattern = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?\r\n\r\n",
63
- re.DOTALL)
64
- req_res_pattern = re.compile(
65
- r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?(?=HTTP/\d\.\d \d{3} [a-zA-Z]+|$)",
66
- re.DOTALL)
67
- res_pattern = re.compile(r"HTTP/\d\.\d \d{3} [a-zA-Z]+.*", re.DOTALL)
62
+ req_pattern = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?\r\n\r\n",re.DOTALL)
63
+ req_body_pattern = re.compile(
64
+ r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?(?=HTTP/\d\.\d)",re.DOTALL)
65
+ res_pattern = re.compile(r"HTTP/\d\.\d \d{3}.*",re.DOTALL)
68
66
  tcp_packet_map = {}
69
67
  for packet in packets:
70
68
  if packet.haslayer(TCP) and packet.haslayer(Raw):
@@ -97,6 +95,7 @@ def get_all_packets_by_reg(packets):
97
95
  next_ack = f"{data_set['last_len'] + data_set['last_seq']}"
98
96
  packet_data = data_set['data']
99
97
  request_time = data_set['time']
98
+ response_time=[]
100
99
  req_len = len(packet_data)
101
100
  res_len = 0
102
101
  while True:
@@ -107,36 +106,37 @@ def get_all_packets_by_reg(packets):
107
106
  break
108
107
  new_packet = tcp_packet_map[next_ack]
109
108
  # 判断新的包是不是响应包
110
-
111
109
  res_match = re.search(res_pattern, filter_visible_chars(new_packet['data']))
112
110
  if res_match is None:
113
111
  req_len += len(new_packet['data'])
112
+ request_time += new_packet['time']
114
113
  else:
115
114
  print("匹配到响应")
116
115
  res_len += len(new_packet['data'])
116
+ response_time += new_packet['time']
117
+
117
118
  # 判断新的包是不是第二个请求包
118
119
  if re.search(req_pattern, new_packet['data'].decode("utf-8", errors="ignore")):
119
120
  print("这个包是个新的请求包的开头,停止查找")
120
121
  break
121
122
  packet_data += new_packet['data']
122
- request_time += new_packet['time']
123
123
  next_ack = f"{new_packet['last_len'] + new_packet['last_seq']}"
124
124
  map = {}
125
125
  data = filter_visible_chars(packet_data)
126
126
  match_req = re.search(
127
- req_res_pattern,
127
+ req_body_pattern,
128
128
  data)
129
129
  match_res = re.search(res_pattern, data)
130
130
  map['data'] = packet_data
131
131
  map['req_len'] = req_len
132
132
  map['res_len'] = res_len
133
- map['time'] = request_time
133
+ map['request_time'] = request_time
134
+ map['response_time'] = response_time
134
135
  map['req'] = match_req.group() if match_req is not None else ""
135
136
  map['res'] = match_res.group() if match_res is not None else ""
136
137
  packet_list.append(map)
137
138
  return packet_list
138
139
 
139
-
140
140
  def get_body(param):
141
141
  body = "".join([item.strip() for item in param.split("\r\n\r\n") if item.strip() != "" and "HTTP/" not in param])
142
142
  return "" if body is None else body
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.4.8
3
+ Version: 0.5.0
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
File without changes
File without changes