xbase-util 0.7.2__tar.gz → 0.7.4__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (35) hide show
  1. {xbase_util-0.7.2 → xbase_util-0.7.4}/PKG-INFO +1 -1
  2. {xbase_util-0.7.2 → xbase_util-0.7.4}/setup.py +1 -1
  3. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/packet_util.py +2 -33
  4. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/segment.py +14 -7
  5. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/PKG-INFO +1 -1
  6. {xbase_util-0.7.2 → xbase_util-0.7.4}/README.md +0 -0
  7. {xbase_util-0.7.2 → xbase_util-0.7.4}/setup.cfg +0 -0
  8. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/__init__.py +0 -0
  9. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/add_column_util.py +0 -0
  10. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/dangerous_util.py +0 -0
  11. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/__init__.py +0 -0
  12. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/ConfigBean.py +0 -0
  13. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
  14. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/FlowBean.py +0 -0
  15. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
  16. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/bean/__init__.py +0 -0
  17. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/ConfigDao.py +0 -0
  18. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
  19. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/FlowDao.py +0 -0
  20. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
  21. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/dao/__init__.py +0 -0
  22. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/db/initsqlite3.py +0 -0
  23. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/es_db_util.py +0 -0
  24. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/esreq.py +0 -0
  25. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/geo_util.py +0 -0
  26. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/handle_features_util.py +0 -0
  27. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/pcap_util.py +0 -0
  28. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/xbase_constant.py +0 -0
  29. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/xbase_util.py +0 -0
  30. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/SOURCES.txt +0 -0
  31. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/dependency_links.txt +0 -0
  32. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/not-zip-safe +0 -0
  33. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/top_level.txt +0 -0
  34. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  35. {xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util_assets/arkimeparse.js +0 -0
{xbase_util-0.7.2 → xbase_util-0.7.4}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.7.2
3
+ Version: 0.7.4
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.7.2 → xbase_util-0.7.4}/setup.py RENAMED
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.7.2",
6
+ version="0.7.4",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
{xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/packet_util.py RENAMED
@@ -70,37 +70,6 @@ http_req_method = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]*
70
70
  http_req_path = re.compile(r"(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH)\s+(\/[^\s]*)\s+HTTP\/\d\.\d")
71
71
  res_status_code_pattern = re.compile(r"HTTP\/\d\.\d\s+(\d{3})\s+.*")
72
72
 
73
-
74
- # def get_all_packets_by_reg(packets):
75
- # http_Req_Raw = {}
76
- # http_methods = ("POST /", "PUT /", "OPTIONS /", "DELETE /", "GET /")
77
- # for packet in packets:
78
- # if TCP in packet and Raw in packet:
79
- # data = packet[Raw].load
80
- # ack = packet[TCP].ack
81
- # next_ack = packet[TCP].seq + len(data)
82
- # if ack not in http_Req_Raw:
83
- # http_Req_Raw[ack] = {"time": [float(packet.time)], "data": data, "next_ack": next_ack}
84
- # else:
85
- # http_Req_Raw[ack]["time"].append(float(packet.time))
86
- # http_Req_Raw[ack]["data"] += data
87
- # http_Req_Raw[ack]["next_ack"] = next_ack
88
- # packet_list = [
89
- # {
90
- # 'req_data': item['data'],
91
- # 'res_data': http_Req_Raw[item['next_ack']]['data'],
92
- # 'req_text': filter_visible_chars(item['data']),
93
- # 'res_text': filter_visible_chars(http_Req_Raw[item['next_ack']]['data']),
94
- # 'req_time': item['time'],
95
- # 'res_time': http_Req_Raw[item['next_ack']]['time']
96
- # }
97
- # for ack, item in http_Req_Raw.items()
98
- # if item['next_ack'] in http_Req_Raw # 检查 next_ack 是否存在
99
- # and any(method in filter_visible_chars(item['data']) for method in http_methods)
100
- # ]
101
- # return packet_list
102
-
103
-
104
73
  def get_header_value(header_set, value):
105
74
  result = [item for item in header_set if value in item]
106
75
  if len(result) != 0:
@@ -139,9 +108,9 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
139
108
  res_field['plain_body_src'] = ""
140
109
  res_field['plain_body_dst'] = ""
141
110
  if content_type_is_plain(req_header):
142
- res_field['plain_body_src'] = f"{req_body}"
111
+ res_field['plain_body_src'] = req_body
143
112
  if content_type_is_plain(res_header):
144
- res_field['plain_body_dst'] = f"{res_body}"
113
+ res_field['plain_body_dst'] = res_body
145
114
 
146
115
  http_server_version_res = http_version.findall(res_header)
147
116
  res_field['http.serverVersion'] = http_server_version_res[0] if len(http_server_version_res) > 0 else ""
{xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util/segment.py RENAMED
@@ -1,10 +1,15 @@
1
1
  import copy
2
+ import gzip
2
3
  import re
4
+ import zlib
5
+ from io import BytesIO
3
6
 
4
7
  import numpy as np
5
8
  from scapy.all import *
6
9
  from scapy.layers.inet import TCP
7
10
 
11
+ from xbase_util.packet_util import filter_visible_chars
12
+
8
13
  REQUEST_LINE_RE = re.compile(rb"^(GET|POST|PUT|DELETE|OPTIONS|HEAD|PATCH)\s[^\r\n]+\r\n", re.MULTILINE)
9
14
  RESPONSE_LINE_RE = re.compile(rb"^HTTP/\d\.\d\s+\d{3}\s?[^\r\n]*", re.IGNORECASE)
10
15
 
@@ -50,7 +55,8 @@ def read_packets(packets):
50
55
  tmp_packets.clear()
51
56
  return packet_list
52
57
 
53
-
58
+ pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
59
+ pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
54
60
  def parse_req_or_res(data, pkts):
55
61
  if data.find(b"\r\n\r\n") != -1:
56
62
  res = data.split(b"\r\n\r\n", 1)
@@ -59,8 +65,6 @@ def parse_req_or_res(data, pkts):
59
65
  else:
60
66
  header = data
61
67
  body = b''
62
- pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
63
- pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
64
68
  chuncked_pattern = pattern_chuncked.search(header)
65
69
  gzip_pattern = pattern_gzip.search(header)
66
70
  if chuncked_pattern and b'chunked' in chuncked_pattern.group():
@@ -99,15 +103,16 @@ def parse_req_or_res(data, pkts):
99
103
  result_body = body
100
104
  if gzip_pattern and b'gzip' in gzip_pattern.group():
101
105
  try:
106
+
102
107
  decompressed = gzip.decompress(result_body)
103
108
  result_body_str = "\n".join(
104
- [line.strip() for line in decompressed.decode("utf-8", errors="replace").splitlines() if
109
+ [line.strip() for line in filter_visible_chars(decompressed).splitlines() if
105
110
  line.strip() != ""])
106
111
  except Exception as e:
107
- result_body_str = result_body.decode("utf-8", errors="replace")
112
+ result_body_str = filter_visible_chars(result_body)
108
113
  else:
109
- result_body_str = result_body.decode("utf-8", errors="replace")
110
- return header.decode("utf-8", errors="replace"), result_body_str, [float(pkt.time) for pkt in pkts]
114
+ result_body_str = filter_visible_chars(result_body)
115
+ return filter_visible_chars(header), result_body_str, [float(pkt.time) for pkt in pkts]
111
116
 
112
117
 
113
118
  def get_all_packets_by_segment(packets):
@@ -126,6 +131,8 @@ def get_all_packets_by_segment(packets):
126
131
  response = [item for item in response_packets if item['first_seq'] == ack]
127
132
  # print(f"找到对应的响应:{len(response)}")
128
133
  # print(f"请求:{request['data'].decode('utf-8', errors='replace')}")
134
+ # gzip.decompress(response[0]['data'].split(b'\r\n\r\n')[1])
135
+ # decompressed_data = zlib.decompress((response[0]['data'].split(b'\r\n\r\n')[1])[10:], wbits=zlib.MAX_WBITS | 16)
129
136
  if len(response) > 0:
130
137
  res_header, res_body, res_times = parse_req_or_res(response[0]['data'], response[0]['pkts'])
131
138
  req_header, req_body, req_times = parse_req_or_res(request['data'], request['pkts'])
{xbase_util-0.7.2 → xbase_util-0.7.4}/xbase_util.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.7.2
3
+ Version: 0.7.4
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.7.2 → xbase_util-0.7.4}/README.md RENAMED
File without changes
{xbase_util-0.7.2 → xbase_util-0.7.4}/setup.cfg RENAMED
File without changes