Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- from optparse import OptionParser
- import sys
- import os, os.path
- import subprocess
- import base64
- import email
- import mimetypes
- import hashlib
- outputdirectory="./report"
- def decode_base64(data):
- """Decode base64, padding being optional.
- :param data: Base64 data as an ASCII byte string
- :returns: The decoded byte string.
- """
- missing_padding = 4 - len(data) % 4
- if missing_padding:
- data += b'='* missing_padding
- return base64.decodestring(data)
- def primaoperazione(pcap):
- if os.path.exists(outputdirectory):
- print "Errore: directory esistente, rimuoverla prima di procedere"
- exit()
- if not os.path.exists(outputdirectory):
- os.makedirs(outputdirectory)
- subprocess.call("(cd %s && tcpflow -r %s)"%(outputdirectory, pcap), shell=True)
- def smtpinfo():
- report = open(os.path.join(outputdirectory, "report.txt"), 'wb')
- for file in os.listdir(outputdirectory):
- report.write("-"*50+"\n")
- report.write(("Filename %s\n\n")%file)
- message = []
- a = open(os.path.join(outputdirectory,file)).readlines()
- for i in range(len(a)):
- if "AUTH LOGIN" in a[i]:
- report.write("Dati LOGIN\n")
- report.write(decode_base64(str(a[i+1]))+"\n")
- report.write(decode_base64(str(a[i+2]))+"\n")
- if "MAIL FROM" in a[i]:
- report.write(a[i]+"\n")
- if "RCPT TO" in a[i]:
- report.write(a[i]+"\n")
- if "DATA" in a[i]:
- b="".join(a[(i+1):(len(a)-1)])
- msg = email.message_from_string(b)
- for part in msg.walk():
- if part.get_content_type() == 'text/plain':
- report.write("Testo del messaggio\n")
- report.write(part.get_payload()+"\n")
- filename = part.get_filename()
- if filename == None:
- continue
- else:
- fp = open(os.path.join(outputdirectory, filename), 'wb')
- fp.write(part.get_payload(decode=1))
- fp.close()
- report.write("Il nome dell'allegato:"+filename+"\n")
- fp = open(os.path.join(outputdirectory, filename), 'rb')
- data = fp.read()
- fp.close()
- msgmd5 = hashlib.md5(data).hexdigest()
- report.write("L'hash MD5 del file:"+msgmd5+ "\n")
- report.close()
- if __name__ == '__main__':
- usage = "Usage: %prog [options]"
- parser = OptionParser(usage)
- parser.add_option("-p",dest="pcapfile",help="Complete path to pcap file")
- (options, args) = parser.parse_args(sys.argv)
- if not options.pcapfile:
- parser.error("-p is required, see --help for details")
- primaoperazione(options.pcapfile)
- smtpinfo()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement