This repository has been archived by the owner on Mar 15, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 19
/
view_pcap.py
59 lines (46 loc) · 1.76 KB
/
view_pcap.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
''' view_pcap worker '''
import zerorpc
import pprint
class ViewPcap(object):
''' ViewPcap: Generates a view for a pcap sample (depends on Bro)'''
dependencies = ['pcap_bro']
def __init__(self):
self.workbench = zerorpc.Client()
self.workbench.connect("tcp://127.0.0.1:4242")
def execute(self, input_data):
''' Execute '''
view = {}
# Grab logs from Bro
view['bro_logs'] = {key: input_data['pcap_bro'][key] for key in input_data['pcap_bro'].keys() if '_log' in key}
# Grab logs from Bro
view['extracted_files'] = input_data['pcap_bro']['extracted_files']
return view
def __del__(self):
''' Class Cleanup '''
# Close zeroRPC client
self.workbench.close()
# Unit test: Create the class, the proper input and run the execute() method for a test
def test():
''' view_pcap.py: Unit test'''
# This worker test requires a local server running
import zerorpc
workbench = zerorpc.Client()
workbench.connect("tcp://127.0.0.1:4242")
# Generate input for the worker
import os
data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'../data/pcap/winmediaplayer.pcap')
md5 = workbench.store_sample('winmedia.pcap', open(data_path, 'rb').read(), 'pcap')
input_data = workbench.get_sample(md5)
input_data.update(workbench.work_request('pcap_bro', md5))
# Execute the worker (unit test)
worker = ViewPcap()
output = worker.execute(input_data)
print '\n<<< Unit Test >>>'
pprint.pprint(output)
# Execute the worker (server test)
output = workbench.work_request('view_pcap', md5)
print '\n<<< Server Test >>>'
pprint.pprint(output)
if __name__ == "__main__":
test()