Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #/bin/env/python3
- #Easy as PIE - Process Information Enumeration
- import psutil,hashlib,sys
- from uuid import uuid4
- def hash_file(file):
- # uuid is used to generate a random number
- salt = uuid4().hex
- hashed = hashlib.sha256()
- with open(file, 'rb') as ofile:
- buf = ofile.read()
- hashed.update(buf)
- return hashed.hexdigest()
- def check_file(hashed_file, new_file):
- # print("recalled hash: ",hashed_password)
- # print("user pass: ",user_password)
- password, salt = hashed_file.split(':')
- hashed = hashlib.sha256(salt.encode() + new_file.encode()).hexdigest()
- return password == hashed
- def format_neat_output(proclist):
- for proc in proclist: #iterate each tuple
- ex_states = ("LISTEN",None)
- if not proc[9]:
- raddr = "N/A"
- rport = "N/A"
- else:
- raddr = proc[9][0]
- rport = proc[9][1]
- print(
- """Process ID -> {pid}
- ***************************
- Name ---------------------> {proc_name}
- File Path ================> {file_path}
- File Sha256 Hash ---------> {hash}
- Working Dir ==============> {cwd}
- Status -------------------> {status}
- Running Under User =======> {perms}
- Socket State -------------> {state}
- Listening Address ========> {laddr}
- Local Port ---------------> {lport}
- Remote Address ===========> {raddr}
- Remote Port --------------> {rport}
- """.format(pid=proc[0],proc_name=proc[1],file_path=proc[2],hash=proc[3],cwd=proc[5],status=proc[4],
- perms=proc[6],laddr=proc[8][0],lport=proc[8][1],raddr=raddr,rport=rport,state=proc[10]))
- if len(proc[11]) != 0:
- children = proc[11]
- for child in children:
- print(
- """ \tChild ID -> {pid}
- ***************************
- Name ---------------------> {ch_name}
- File Path=================> {ch_exe}
- File Sha256 Hash ---------> {hash}
- """.format(pid=child[0],ch_name=child[1],ch_exe=child[2],hash=child[3]))
- # print("""
- # {pid} {status} {perms} {state} {laddr} {lport} {raddr} {rport} {file_path}
- # """.format(pid=proc[0],proc_name=proc[1],file_path=proc[2],hash=proc[3],status=proc[4],
- # perms=proc[5],laddr=proc[7][0],lport=proc[7][1],raddr=raddr,rport=rport,state=proc[9]))
- # sys.exit(0)
- def baseline_procs():
- conn_list = psutil.net_connections() #Return a tuple
- net_list = [] #maps a pid to its process information
- family_names = []
- #the proc_tup tuple contains objects related to the current process
- # a series of proc_tup tuples are in the larger net_tup tuple
- for processes in conn_list:
- #iterate over all the found network processes to extract their
- #process IDs
- # The following are the mappings
- # Below are the mappings for the Parent Tuple
- # 0 - process id
- # 1 - pid name
- # 2 - path to the process's file
- # 3 - hash of the file in #3
- # 4 - the status of the process
- # 5 - the process working dir
- # 6 - process's running permissions
- # 7 - any file the process has open
- # 8 - tuple - (listening addr,lport)
- # 9 - tuple - (remote addr,rport)
- # 10 - the state of the connection
- # 11 - children processes tuple in tuple with children details ((child1 name1, child1 exe-path1),(2,2).....)
- #The Following is the mapping for any children tuples
- # 0 - child pid
- # 1 - chile process name
- # 2 - path to child process exe
- # 3 - hash of #2
- ppid = processes[6] #processes[6] is the pid value
- ppid_object = psutil.Process(ppid)
- children_list = []
- children = ppid_object.children()
- if children:
- for child in children:
- children_list.append((child.pid,child.name(),child.exe(),hash_file(child.exe())))
- proc_tup = (ppid,ppid_object.name(),ppid_object.exe(),hash_file(ppid_object.exe()),ppid_object.status(),
- ppid_object.cwd(),ppid_object.username(),ppid_object.open_files(),processes[3],
- processes[4],processes[5],children_list)
- #Load the tuple with as much pertinent info about the process
- #and associated netowkr connections
- net_list.append(proc_tup) #append the tuple to the list
- return net_list
- if __name__ == '__main__':
- format_neat_output(baseline_procs())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement