xbase-util 0.7.2__tar.gz → 0.7.4__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. {xbase_util-0.7.2 → xbase_util-0.7.4}/PKG-INFO +1 -1
  2. {xbase_util-0.7.2 → xbase_util-0.7.4}/setup.py +1 -1
  3. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/packet_util.py +2 -33
  4. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/segment.py +14 -7
  5. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/PKG-INFO +1 -1
  6. {xbase_util-0.7.2 → xbase_util-0.7.4}/README.md +0 -0
  7. {xbase_util-0.7.2 → xbase_util-0.7.4}/setup.cfg +0 -0
  8. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/__init__.py +0 -0
  9. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/add_column_util.py +0 -0
  10. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/dangerous_util.py +0 -0
  11. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/__init__.py +0 -0
  12. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/ConfigBean.py +0 -0
  13. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
  14. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/FlowBean.py +0 -0
  15. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
  16. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/__init__.py +0 -0
  17. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/ConfigDao.py +0 -0
  18. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
  19. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/FlowDao.py +0 -0
  20. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
  21. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/__init__.py +0 -0
  22. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/initsqlite3.py +0 -0
  23. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/es_db_util.py +0 -0
  24. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/esreq.py +0 -0
  25. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/geo_util.py +0 -0
  26. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/handle_features_util.py +0 -0
  27. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/pcap_util.py +0 -0
  28. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/xbase_constant.py +0 -0
  29. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/xbase_util.py +0 -0
  30. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/SOURCES.txt +0 -0
  31. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/dependency_links.txt +0 -0
  32. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/not-zip-safe +0 -0
  33. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/top_level.txt +0 -0
  34. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  35. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util_assets/arkimeparse.js +0 -0
{xbase_util-0.7.2 → xbase_util-0.7.4}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.7.2
3
+ Version: 0.7.4
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.7.2 → xbase_util-0.7.4}/setup.py RENAMED
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.7.2",
6
+ version="0.7.4",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
{xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/packet_util.py RENAMED
@@ -70,37 +70,6 @@ http_req_method = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]*
70
70
  http_req_path = re.compile(r"(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH)\s+(\/[^\s]*)\s+HTTP\/\d\.\d")
71
71
  res_status_code_pattern = re.compile(r"HTTP\/\d\.\d\s+(\d{3})\s+.*")
72
72
 
73
-
74
- # def get_all_packets_by_reg(packets):
75
- # http_Req_Raw = {}
76
- # http_methods = ("POST /", "PUT /", "OPTIONS /", "DELETE /", "GET /")
77
- # for packet in packets:
78
- # if TCP in packet and Raw in packet:
79
- # data = packet[Raw].load
80
- # ack = packet[TCP].ack
81
- # next_ack = packet[TCP].seq + len(data)
82
- # if ack not in http_Req_Raw:
83
- # http_Req_Raw[ack] = {"time": [float(packet.time)], "data": data, "next_ack": next_ack}
84
- # else:
85
- # http_Req_Raw[ack]["time"].append(float(packet.time))
86
- # http_Req_Raw[ack]["data"] += data
87
- # http_Req_Raw[ack]["next_ack"] = next_ack
88
- # packet_list = [
89
- # {
90
- # 'req_data': item['data'],
91
- # 'res_data': http_Req_Raw[item['next_ack']]['data'],
92
- # 'req_text': filter_visible_chars(item['data']),
93
- # 'res_text': filter_visible_chars(http_Req_Raw[item['next_ack']]['data']),
94
- # 'req_time': item['time'],
95
- # 'res_time': http_Req_Raw[item['next_ack']]['time']
96
- # }
97
- # for ack, item in http_Req_Raw.items()
98
- # if item['next_ack'] in http_Req_Raw # 检查 next_ack 是否存在
99
- # and any(method in filter_visible_chars(item['data']) for method in http_methods)
100
- # ]
101
- # return packet_list
102
-
103
-
104
73
  def get_header_value(header_set, value):
105
74
  result = [item for item in header_set if value in item]
106
75
  if len(result) != 0:
@@ -139,9 +108,9 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
139
108
  res_field['plain_body_src'] = ""
140
109
  res_field['plain_body_dst'] = ""
141
110
  if content_type_is_plain(req_header):
142
- res_field['plain_body_src'] = f"{req_body}"
111
+ res_field['plain_body_src'] = req_body
143
112
  if content_type_is_plain(res_header):
144
- res_field['plain_body_dst'] = f"{res_body}"
113
+ res_field['plain_body_dst'] = res_body
145
114
 
146
115
  http_server_version_res = http_version.findall(res_header)
147
116
  res_field['http.serverVersion'] = http_server_version_res[0] if len(http_server_version_res) > 0 else ""
{xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/segment.py RENAMED
@@ -1,10 +1,15 @@
1
1
  import copy
2
+ import gzip
2
3
  import re
4
+ import zlib
5
+ from io import BytesIO
3
6
 
4
7
  import numpy as np
5
8
  from scapy.all import *
6
9
  from scapy.layers.inet import TCP
7
10
 
11
+ from xbase_util.packet_util import filter_visible_chars
12
+
8
13
  REQUEST_LINE_RE = re.compile(rb"^(GET|POST|PUT|DELETE|OPTIONS|HEAD|PATCH)\s[^\r\n]+\r\n", re.MULTILINE)
9
14
  RESPONSE_LINE_RE = re.compile(rb"^HTTP/\d\.\d\s+\d{3}\s?[^\r\n]*", re.IGNORECASE)
10
15
 
@@ -50,7 +55,8 @@ def read_packets(packets):
50
55
  tmp_packets.clear()
51
56
  return packet_list
52
57
 
53
-
58
+ pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
59
+ pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
54
60
  def parse_req_or_res(data, pkts):
55
61
  if data.find(b"\r\n\r\n") != -1:
56
62
  res = data.split(b"\r\n\r\n", 1)
@@ -59,8 +65,6 @@ def parse_req_or_res(data, pkts):
59
65
  else:
60
66
  header = data
61
67
  body = b''
62
- pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
63
- pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
64
68
  chuncked_pattern = pattern_chuncked.search(header)
65
69
  gzip_pattern = pattern_gzip.search(header)
66
70
  if chuncked_pattern and b'chunked' in chuncked_pattern.group():
@@ -99,15 +103,16 @@ def parse_req_or_res(data, pkts):
99
103
  result_body = body
100
104
  if gzip_pattern and b'gzip' in gzip_pattern.group():
101
105
  try:
106
+
102
107
  decompressed = gzip.decompress(result_body)
103
108
  result_body_str = "\n".join(
104
- [line.strip() for line in decompressed.decode("utf-8", errors="replace").splitlines() if
109
+ [line.strip() for line in filter_visible_chars(decompressed).splitlines() if
105
110
  line.strip() != ""])
106
111
  except Exception as e:
107
- result_body_str = result_body.decode("utf-8", errors="replace")
112
+ result_body_str = filter_visible_chars(result_body)
108
113
  else:
109
- result_body_str = result_body.decode("utf-8", errors="replace")
110
- return header.decode("utf-8", errors="replace"), result_body_str, [float(pkt.time) for pkt in pkts]
114
+ result_body_str = filter_visible_chars(result_body)
115
+ return filter_visible_chars(header), result_body_str, [float(pkt.time) for pkt in pkts]
111
116
 
112
117
 
113
118
  def get_all_packets_by_segment(packets):
@@ -126,6 +131,8 @@ def get_all_packets_by_segment(packets):
126
131
  response = [item for item in response_packets if item['first_seq'] == ack]
127
132
  # print(f"找到对应的响应:{len(response)}")
128
133
  # print(f"请求:{request['data'].decode('utf-8', errors='replace')}")
134
+ # gzip.decompress(response[0]['data'].split(b'\r\n\r\n')[1])
135
+ # decompressed_data = zlib.decompress((response[0]['data'].split(b'\r\n\r\n')[1])[10:], wbits=zlib.MAX_WBITS | 16)
129
136
  if len(response) > 0:
130
137
  res_header, res_body, res_times = parse_req_or_res(response[0]['data'], response[0]['pkts'])
131
138
  req_header, req_body, req_times = parse_req_or_res(request['data'], request['pkts'])
{xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.7.2
3
+ Version: 0.7.4
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.7.2 → xbase_util-0.7.4}/README.md RENAMED
File without changes
{xbase_util-0.7.2 → xbase_util-0.7.4}/setup.cfg RENAMED
File without changes