xbase-util 0.9.1__tar.gz → 0.9.2__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (35) hide show
  1. {xbase_util-0.9.1 → xbase_util-0.9.2}/PKG-INFO +1 -1
  2. {xbase_util-0.9.1 → xbase_util-0.9.2}/setup.py +1 -1
  3. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/common_util.py +8 -8
  4. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/pcap_util.py +10 -9
  5. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/test.py +1 -1
  6. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util.egg-info/PKG-INFO +1 -1
  7. {xbase_util-0.9.1 → xbase_util-0.9.2}/README.md +0 -0
  8. {xbase_util-0.9.1 → xbase_util-0.9.2}/setup.cfg +0 -0
  9. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/__init__.py +0 -0
  10. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/add_column_util.py +0 -0
  11. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/dangerous_util.py +0 -0
  12. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/__init__.py +0 -0
  13. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/bean/ConfigBean.py +0 -0
  14. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
  15. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/bean/FlowBean.py +0 -0
  16. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
  17. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/bean/__init__.py +0 -0
  18. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/dao/ConfigDao.py +0 -0
  19. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
  20. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/dao/FlowDao.py +0 -0
  21. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
  22. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/dao/__init__.py +0 -0
  23. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/db/initsqlite3.py +0 -0
  24. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/es_db_util.py +0 -0
  25. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/esreq.py +0 -0
  26. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/geo_util.py +0 -0
  27. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/handle_features_util.py +0 -0
  28. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/packet_util.py +0 -0
  29. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/xbase_constant.py +0 -0
  30. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util.egg-info/SOURCES.txt +0 -0
  31. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util.egg-info/dependency_links.txt +0 -0
  32. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util.egg-info/not-zip-safe +0 -0
  33. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util.egg-info/top_level.txt +0 -0
  34. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  35. {xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util_assets/arkimeparse.js +0 -0
{xbase_util-0.9.1 → xbase_util-0.9.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.9.1
3
+ Version: 0.9.2
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.9.1 → xbase_util-0.9.2}/setup.py RENAMED
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.9.1",
6
+ version="0.9.2",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
{xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/common_util.py RENAMED
@@ -26,7 +26,7 @@ def filter_visible_chars(data):
26
26
  return ''.join(chr(b) for b in data if 32 <= b <= 126 or b in (9, 10, 13))
27
27
 
28
28
 
29
- def parse_chunked_body(data: bytes,session_id="none",skey='') -> bytes:
29
+ def parse_chunked_body(data: bytes,need_un_gzip=False,session_id="none",skey='') -> bytes:
30
30
  try:
31
31
  body = b''
32
32
  while True:
@@ -41,13 +41,13 @@ def parse_chunked_body(data: bytes,session_id="none",skey='') -> bytes:
41
41
  chunk_end = chunk_start + chunk_size
42
42
  body += data[chunk_start:chunk_end]
43
43
  data = data[chunk_end + 2:]
44
- # if need_un_gzip:
45
- # try:
46
- # return gzip.decompress(body)
47
- # except gzip.BadGzipFile:
48
- # print(f"解压错误:{session_id}")
49
- # return body
50
- # else:
44
+ if need_un_gzip:
45
+ try:
46
+ return gzip.decompress(body)
47
+ except gzip.BadGzipFile:
48
+ print(f"解压错误:{session_id}")
49
+ return body
50
+ else:
51
51
  return body
52
52
  except Exception as e:
53
53
  traceback.print_exc()
{xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/pcap_util.py RENAMED
@@ -4,6 +4,7 @@ import math
4
4
  import os
5
5
  import struct
6
6
  import time
7
+ import traceback
7
8
  import zlib
8
9
  from functools import cmp_to_key
9
10
 
@@ -274,7 +275,7 @@ def process_session_id_disk_simple(id, node, packet_pos, esdb, pcap_path_prefix)
274
275
  return get_file_and_read_pos(id, file, pos_list)
275
276
 
276
277
 
277
- def parse_body(data,skey='',session_id='none'):
278
+ def parse_body(data, skey='', session_id='none'):
278
279
  if data.find(b"\r\n\r\n") != -1:
279
280
  res = data.split(b"\r\n\r\n", 1)
280
281
  header = res[0]
@@ -284,22 +285,24 @@ def parse_body(data,skey='',session_id='none'):
284
285
  body = b''
285
286
  chunked_pattern = pattern_chuncked.search(header)
286
287
  gzip_pattern = pattern_gzip.search(header)
288
+ need_unzip = gzip_pattern and b'gzip' in gzip_pattern.group()
287
289
  if chunked_pattern and b'chunked' in chunked_pattern.group():
288
- body = parse_chunked_body(body,session_id=session_id,skey=skey)
289
- if gzip_pattern and b'gzip' in gzip_pattern.group():
290
+ body = parse_chunked_body(body, need_un_gzip=need_unzip, session_id=session_id, skey=skey)
291
+ elif need_unzip:
290
292
  try:
291
293
  body = gzip.decompress(body)
292
- except:
294
+ except Exception as e:
295
+ traceback.print_exc()
293
296
  print(f"解压失败:{skey} {session_id}")
297
+ body = b''
294
298
  return filter_visible_chars(header), filter_visible_chars(body)
295
299
 
296
300
 
297
301
  def reassemble_session_pcap(reassemble_tcp_res, skey, session_id='none'):
298
- my_map = None # 初始化为 None
302
+ my_map = None
299
303
  packet_list = []
300
304
  for packet in reassemble_tcp_res:
301
- header, body = parse_body(packet['data'],skey=skey, session_id=session_id)
302
- # 如果当前数据包是请求
305
+ header, body = parse_body(packet['data'], skey=skey, session_id=session_id)
303
306
  if packet['key'] == skey:
304
307
  if my_map is not None:
305
308
  packet_list.append(copy.deepcopy(my_map))
@@ -400,8 +403,6 @@ def reassemble_tcp_pcap(p):
400
403
  return a_ack - (b_seq + len(b_data) - 1)
401
404
 
402
405
  packets2.sort(key=cmp_to_key(compare_packets))
403
- # del packets[num_packets:]
404
- # Now divide up conversation
405
406
  clientSeq = 0
406
407
  hostSeq = 0
407
408
  previous = 0
{xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util/test.py RENAMED
@@ -5,5 +5,5 @@ from xbase_util.pcap_util import reassemble_tcp_pcap, reassemble_session_pcap
5
5
  if __name__ == '__main__':
6
6
  packets_scapy = reassemble_tcp_pcap(rdpcap("test.pcap"))
7
7
  skey = '10.28.7.6:53867'
8
- all_packets = reassemble_session_pcap(packets_scapy, skey=skey,session_id='enn')
8
+ all_packets = reassemble_session_pcap(packets_scapy, skey=skey,session_id='emmmmm')
9
9
  print(all_packets)
{xbase_util-0.9.1 → xbase_util-0.9.2}/xbase_util.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.9.1
3
+ Version: 0.9.2
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.9.1 → xbase_util-0.9.2}/README.md RENAMED
File without changes
{xbase_util-0.9.1 → xbase_util-0.9.2}/setup.cfg RENAMED
File without changes