| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- #Port Scan without reduction
-
- import ipaddress
- import json
-
-
- #Version 1
- #Read all the flows and append to a hash their destination ip and destination port
- #Check which flows share the same destination ip though differente dports.
-
- x = 20
- y = 60000
- deletevar = []
- newHash={}
-
- PATH = '/Users/Sara/Documents/Univ Classes/Investigacion/Programas/netflows.txt'
-
- myFile = open(PATH, 'r')
- ip = myFile.read()
- flow = json.loads(ip)
-
- for i in flow["flows"]: #itera por cada elemento del diccionario de flows
- #if (i['dport'] >= 1 and i['dport'] < x) or i['dport'] > y: #verifica que sean puertos (se me fue la palabra...)
- #continue
- #else: #agrega a un hash cada puerto con su destination ip
- if i['sip'] == 2291263257:
- if i['dip'] in newHash:
- newHash[i['dip']].append(i['dport'])
- else:
- newHash[i['dip']] = [i['dport']]
-
- #LO SIGUIENTE ESTA COMENTADO Y LO EXPLICO EN EL WORD
-
- # for k, v in newHash.items(): #itera por cada ip address y sus puertos
- # if len(v) >= 100:
- # #print ("something suspicious...")
- # continue
- # else: #Si no tiene una cantidad considerable de puertos, agrega el ip a una lista
- # if k in deletevar:
- # continue
- # else:
- # deletevar.append(k)
-
-
- #for i in deletevar: #borra todos los elementos que estan en la lista deletevar
- #del hash con todos los ip y sus puertos
- # newHash.pop(i)
-
- counter = 0 #Para contar total de elementos en el hash
- for k, v in newHash.items(): #imprime los destination ip address con sus puertos
- counter = counter+1
- k = str(ipaddress.IPv4Address(k))
- print ("{}:{}".format(k,v))
- print (counter)
- print( "Done checking:")
|
