Magshimshark.py

from scapy.all import *
from scapy.layers.dns import DNS, DNSRR
from scapy.layers.inet import IP, TCP
import re

EMAIL_SEPARATOR = r"%40"  # in groopy.co.il the '@' changed to '%40' (someone@gmail.com ---> someone%40gmail.com)
WEATHER_FORECAST_IP = "34.218.16.79"
EXIT_CODE = "5"
URL_GET_PATTERN = r"GET (.+?) "
WEATHER_FORECAST_PATTERN = r"^200:ANSWER:date=(.+?)&city=(.+?)&temp=(.+?)&text=(.+)$"
EMAIL_PATTERN = r"[a-zA-Z0-9_.+-]+" + EMAIL_SEPARATOR + r"[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+"


def main():
    TYPES = {"1": dns_selected, "2": weather_forecast_selected, "3": http_get_selected, "4": email_scan_selected}
    user_input = ""
    while user_input != EXIT_CODE:
        print_menu()
        try:
            user_input = input("> ")
            TYPES[user_input]()
        except:
            continue
    print("Goodbye.")


# region DNS
def dns_selected():
    print("Sniffing: DNS\n")
    sniff(lfilter=is_dns_answer, prn=print_dns)


def is_dns_answer(inc_packet):
    my_ip = get_if_addr(conf.iface)
    return DNS in inc_packet and IP in inc_packet and inc_packet[IP].src != my_ip and DNSRR in inc_packet


def print_dns(inc_packet):
    ip = inc_packet[DNS][DNSRR].rdata
    domain = inc_packet[DNS][DNSRR].rrname

    if isinstance(ip, bytes):
        ip = ip.decode()
    if isinstance(domain, bytes):
        domain = domain.decode()

    print("########\n"
          f"- ip: {ip}\n"
          f"- domain: {domain}")


# endregion
# region HTTP
def http_get_selected():
    print("Sniffing: HTTP[GET] URL\n")
    sniff(lfilter=is_http_get, prn=print_http)


def is_http_get(inc_packet):
    return inc_packet.haslayer(TCP) and inc_packet.getlayer(TCP).dport == 80 and inc_packet.haslayer(Raw) \
           and b'GET' in bytes(inc_packet[Raw])


def print_http(inc_packet):
    get_url = re.findall(URL_GET_PATTERN, inc_packet.getlayer(Raw).load.decode())[0]
    print(f"New HTTP[GET] URL: \"{get_url}\"")


# endregion
# region EMAIL
def email_scan_selected():
    print("Sniffing: Email scanning\n")
    sniff(lfilter=is_http_contains_email, prn=print_email_in_http)


def is_http_contains_email(inc_packet):
    try:
        return inc_packet.haslayer(TCP) and inc_packet.getlayer(TCP).dport == 80 and inc_packet.haslayer(Raw) and (
                re.search(EMAIL_PATTERN, inc_packet[Raw].load.decode()) is not None)
    except:
        return False


def print_email_in_http(inc_packet):
    email_scanned = re.findall(EMAIL_PATTERN, inc_packet.getlayer(Raw).load.decode())[0]
    print(f"New Email scanned: {email_scanned}")


# endregion
# region WEATHER
def weather_forecast_selected():
    print("Sniffing: Weather forecast\n")
    sniff(lfilter=is_weather_forecast_answer, prn=print_weather_forecast)


def is_weather_forecast_answer(inc_packet):
    return inc_packet.haslayer(IP) and inc_packet[IP].src == WEATHER_FORECAST_IP and inc_packet.haslayer(Raw) \
           and b'200:ANSWER' in bytes(inc_packet[Raw])


def print_weather_forecast(inc_packet):
    forecast = re.findall(WEATHER_FORECAST_PATTERN, inc_packet.getlayer(Raw).load.decode())[0]
    print("########\n"
          f"Date: {forecast[0]}\n"
          f"City: {forecast[1]}\n"
          f"Temperature: {forecast[2]}\n"
          f"Status: {forecast[3]}")


# endregion


def print_menu():
    print("""
- [MENU] Select by the digit [MENU] -
1. Print addresses that returned from DNS server
2. Print weather client response
3. Print HTTP[GET] URL
4. Print email scan
5. Exit
- [MENU] Select by the digit [MENU] -
    """)


if __name__ == '__main__':
    main()