xbase-util 0.5.2__tar.gz → 0.5.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. {xbase_util-0.5.2 → xbase_util-0.5.3}/PKG-INFO +1 -1
  2. {xbase_util-0.5.2 → xbase_util-0.5.3}/setup.py +1 -1
  3. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/packet_util.py +77 -50
  4. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/PKG-INFO +1 -1
  5. {xbase_util-0.5.2 → xbase_util-0.5.3}/README.md +0 -0
  6. {xbase_util-0.5.2 → xbase_util-0.5.3}/setup.cfg +0 -0
  7. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/__init__.py +0 -0
  8. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/add_column_util.py +0 -0
  9. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/dangerous_util.py +0 -0
  10. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/__init__.py +0 -0
  11. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/ConfigBean.py +0 -0
  12. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
  13. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/FlowBean.py +0 -0
  14. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
  15. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/bean/__init__.py +0 -0
  16. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/ConfigDao.py +0 -0
  17. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
  18. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/FlowDao.py +0 -0
  19. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
  20. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/dao/__init__.py +0 -0
  21. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/db/initsqlite3.py +0 -0
  22. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/es_db_util.py +0 -0
  23. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/esreq.py +0 -0
  24. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/geo_util.py +0 -0
  25. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/handle_features_util.py +0 -0
  26. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/pcap_util.py +0 -0
  27. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/xbase_constant.py +0 -0
  28. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/xbase_util.py +0 -0
  29. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/SOURCES.txt +0 -0
  30. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/dependency_links.txt +0 -0
  31. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/not-zip-safe +0 -0
  32. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/top_level.txt +0 -0
  33. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  34. {xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util_assets/arkimeparse.js +0 -0
{xbase_util-0.5.2 → xbase_util-0.5.3}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.5.2
3
+ Version: 0.5.3
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.5.2 → xbase_util-0.5.3}/setup.py RENAMED
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.5.2",
6
+ version="0.5.3",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
{xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util/packet_util.py RENAMED
@@ -66,57 +66,84 @@ req_body_pattern = re.compile(
66
66
 
67
67
 
68
68
  def get_all_packets_by_reg(packets):
69
- packets = [packet for packet in packets if packet.haslayer(TCP) and packet.haslayer(IP) and packet.haslayer(Raw)]
70
- packet_list = []
71
- my_map = {
72
- 'req_data': b'',
73
- 'res_data': b'',
74
- 'req_text': '',
75
- 'res_text': '',
76
- 'req_time': [],
77
- 'res_time': []
78
- }
79
- last_is_req = None
80
- for item in packets:
81
- data = item[Raw].load
82
- time = float(item.time)
83
- req_match = req_pattern.search(filter_visible_chars(data))
84
- res_match = res_pattern.search(filter_visible_chars(data))
85
- if req_match is not None or res_match is not None:
86
- if req_match:
87
- # 新的请求:请求时间不为空或者响应时间不为空,说明不为空,添加到列表并清空数据
88
- if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
89
- packet_list.append(my_map.copy())
90
- my_map = {
91
- 'req_data': data,
92
- 'res_data': b'',
93
- 'req_text': filter_visible_chars(data),
94
- 'res_text': '',
95
- 'req_time': [time],
96
- 'res_time': []
97
- }
98
- last_is_req = True
99
- if res_match:
100
- my_map['res_data'] += data
101
- my_map['res_text'] = filter_visible_chars(my_map['res_data'])
102
- my_map['res_time'].append(time)
103
- last_is_req = False
104
- else:
105
- # 不是请求不是相应,就是中间的包
106
- if last_is_req is None:
107
- # 一开始就没匹配到请求或者响应头,那就不管即使是中间的包
108
- continue
109
- if last_is_req is True:
110
- my_map['req_time'].append(time)
111
- my_map['req_data'] += data
112
- my_map['req_text'] = filter_visible_chars(my_map['req_data'])
113
- elif last_is_req is False:
114
- my_map['res_time'].append(time)
115
- my_map['res_data'] += data
116
- my_map['res_text'] = filter_visible_chars(my_map['res_data'])
117
- if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
118
- packet_list.append(my_map.copy())
69
+ http_Req_Raw = {}
70
+ http_methods = ("POST /", "PUT /", "OPTIONS /", "DELETE /", "GET /")
71
+ for packet in packets:
72
+ if TCP in packet and Raw in packet:
73
+ data = packet[Raw].load
74
+ ack = packet[TCP].ack
75
+ next_ack = packet[TCP].seq + len(data)
76
+ if ack not in http_Req_Raw:
77
+ http_Req_Raw[ack] = {"time": [packet.time], "data": data, "next_ack": next_ack}
78
+ else:
79
+ http_Req_Raw[ack]["time"].append(packet.time)
80
+ http_Req_Raw[ack]["data"] += data
81
+ http_Req_Raw[ack]["next_ack"] = next_ack
82
+ packet_list = [
83
+ {
84
+ 'req_data': item['data'],
85
+ 'res_data': http_Req_Raw[item['next_ack']]['data'],
86
+ 'req_text': filter_visible_chars(item['data']),
87
+ 'res_text': filter_visible_chars(http_Req_Raw[item['next_ack']]['data']),
88
+ 'req_time': item['time'],
89
+ 'res_time': http_Req_Raw[item['next_ack']]['time']
90
+ }
91
+ for ack, item in http_Req_Raw.items()
92
+ if any(method in filter_visible_chars(item['data']) for method in http_methods)
93
+ ]
119
94
  return packet_list
95
+ # def get_all_packets_by_reg(packets):
96
+ # packets = [packet for packet in packets if packet.haslayer(TCP) and packet.haslayer(IP) and packet.haslayer(Raw)]
97
+ # packet_list = []
98
+ # my_map = {
99
+ # 'req_data': b'',
100
+ # 'res_data': b'',
101
+ # 'req_text': '',
102
+ # 'res_text': '',
103
+ # 'req_time': [],
104
+ # 'res_time': []
105
+ # }
106
+ # last_is_req = None
107
+ # for item in packets:
108
+ # data = item[Raw].load
109
+ # time = float(item.time)
110
+ # req_match = req_pattern.search(filter_visible_chars(data))
111
+ # res_match = res_pattern.search(filter_visible_chars(data))
112
+ # if req_match is not None or res_match is not None:
113
+ # if req_match:
114
+ # # 新的请求:请求时间不为空或者响应时间不为空,说明不为空,添加到列表并清空数据
115
+ # if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
116
+ # packet_list.append(my_map.copy())
117
+ # my_map = {
118
+ # 'req_data': data,
119
+ # 'res_data': b'',
120
+ # 'req_text': filter_visible_chars(data),
121
+ # 'res_text': '',
122
+ # 'req_time': [time],
123
+ # 'res_time': []
124
+ # }
125
+ # last_is_req = True
126
+ # if res_match:
127
+ # my_map['res_data'] += data
128
+ # my_map['res_text'] = filter_visible_chars(my_map['res_data'])
129
+ # my_map['res_time'].append(time)
130
+ # last_is_req = False
131
+ # else:
132
+ # # 不是请求不是相应,就是中间的包
133
+ # if last_is_req is None:
134
+ # # 一开始就没匹配到请求或者响应头,那就不管即使是中间的包
135
+ # continue
136
+ # if last_is_req is True:
137
+ # my_map['req_time'].append(time)
138
+ # my_map['req_data'] += data
139
+ # my_map['req_text'] = filter_visible_chars(my_map['req_data'])
140
+ # elif last_is_req is False:
141
+ # my_map['res_time'].append(time)
142
+ # my_map['res_data'] += data
143
+ # my_map['res_text'] = filter_visible_chars(my_map['res_data'])
144
+ # if len(my_map['req_time']) != 0 or len(my_map['res_time']) != 0:
145
+ # packet_list.append(my_map.copy())
146
+ # return packet_list
120
147
 
121
148
 
122
149
  def get_body(param):
{xbase_util-0.5.2 → xbase_util-0.5.3}/xbase_util.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.5.2
3
+ Version: 0.5.3
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.5.2 → xbase_util-0.5.3}/README.md RENAMED
File without changes
{xbase_util-0.5.2 → xbase_util-0.5.3}/setup.cfg RENAMED
File without changes