Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from scapy.all import *
- from scapy.layers.dns import DNS, DNSRR
- from scapy.layers.inet import IP, TCP
- import re
- EMAIL_SEPARATOR = r"%40" # in groopy.co.il the '@' changed to '%40' (someone@gmail.com ---> someone%40gmail.com)
- WEATHER_FORECAST_IP = "34.218.16.79"
- EXIT_CODE = "5"
- URL_GET_PATTERN = r"GET (.+?) "
- WEATHER_FORECAST_PATTERN = r"^200:ANSWER:date=(.+?)&city=(.+?)&temp=(.+?)&text=(.+)$"
- EMAIL_PATTERN = r"[a-zA-Z0-9_.+-]+" + EMAIL_SEPARATOR + r"[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+"
- def main():
- TYPES = {"1": dns_selected, "2": weather_forecast_selected, "3": http_get_selected, "4": email_scan_selected}
- user_input = ""
- while user_input != EXIT_CODE:
- print_menu()
- try:
- user_input = input("> ")
- TYPES[user_input]()
- except:
- continue
- print("Goodbye.")
- # region DNS
- def dns_selected():
- print("Sniffing: DNS\n")
- sniff(lfilter=is_dns_answer, prn=print_dns)
- def is_dns_answer(inc_packet):
- my_ip = get_if_addr(conf.iface)
- return DNS in inc_packet and IP in inc_packet and inc_packet[IP].src != my_ip and DNSRR in inc_packet
- def print_dns(inc_packet):
- ip = inc_packet[DNS][DNSRR].rdata
- domain = inc_packet[DNS][DNSRR].rrname
- if isinstance(ip, bytes):
- ip = ip.decode()
- if isinstance(domain, bytes):
- domain = domain.decode()
- print("########\n"
- f"- ip: {ip}\n"
- f"- domain: {domain}")
- # endregion
- # region HTTP
- def http_get_selected():
- print("Sniffing: HTTP[GET] URL\n")
- sniff(lfilter=is_http_get, prn=print_http)
- def is_http_get(inc_packet):
- return inc_packet.haslayer(TCP) and inc_packet.getlayer(TCP).dport == 80 and inc_packet.haslayer(Raw) \
- and b'GET' in bytes(inc_packet[Raw])
- def print_http(inc_packet):
- get_url = re.findall(URL_GET_PATTERN, inc_packet.getlayer(Raw).load.decode())[0]
- print(f"New HTTP[GET] URL: \"{get_url}\"")
- # endregion
- # region EMAIL
- def email_scan_selected():
- print("Sniffing: Email scanning\n")
- sniff(lfilter=is_http_contains_email, prn=print_email_in_http)
- def is_http_contains_email(inc_packet):
- try:
- return inc_packet.haslayer(TCP) and inc_packet.getlayer(TCP).dport == 80 and inc_packet.haslayer(Raw) and (
- re.search(EMAIL_PATTERN, inc_packet[Raw].load.decode()) is not None)
- except:
- return False
- def print_email_in_http(inc_packet):
- email_scanned = re.findall(EMAIL_PATTERN, inc_packet.getlayer(Raw).load.decode())[0]
- print(f"New Email scanned: {email_scanned}")
- # endregion
- # region WEATHER
- def weather_forecast_selected():
- print("Sniffing: Weather forecast\n")
- sniff(lfilter=is_weather_forecast_answer, prn=print_weather_forecast)
- def is_weather_forecast_answer(inc_packet):
- return inc_packet.haslayer(IP) and inc_packet[IP].src == WEATHER_FORECAST_IP and inc_packet.haslayer(Raw) \
- and b'200:ANSWER' in bytes(inc_packet[Raw])
- def print_weather_forecast(inc_packet):
- forecast = re.findall(WEATHER_FORECAST_PATTERN, inc_packet.getlayer(Raw).load.decode())[0]
- print("########\n"
- f"Date: {forecast[0]}\n"
- f"City: {forecast[1]}\n"
- f"Temperature: {forecast[2]}\n"
- f"Status: {forecast[3]}")
- # endregion
- def print_menu():
- print("""
- - [MENU] Select by the digit [MENU] -
- 1. Print addresses that returned from DNS server
- 2. Print weather client response
- 3. Print HTTP[GET] URL
- 4. Print email scan
- 5. Exit
- - [MENU] Select by the digit [MENU] -
- """)
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement