Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
executable file 61 lines (53 sloc) 1.4 KB
#!/usr/bin/env ruby
## Copyright 2008 Matthew Lee Hinman
## Read a pcap file, query the Harimau list and display output
## Usage: ./harimau <pcap_file>
require 'pcapparser'
file = ARGV[0]
if file.nil?
puts "Please specify a filename"
exit(0)
end
$ipaddr = {}
$wgetinstalled = false
$wgetinstalled = system("which wget 2>&1 > /dev/null")
if !$wgetinstalled
require 'net/http'
end
def print_harimau(addr)
return if !$ipaddr[addr].nil?
$ipaddr[addr] = 1 ## So it's not nil any more
addr = [addr.to_i].pack("N").unpack("C4").join(".")
truncaddr = String.new(addr)
truncaddr =~ /(\d{1,3}\.\d{1,3}\.\d{1,3})\./
truncaddr = String.new($1)
if $wgetinstalled
out = `wget -q -O - http://watchlist.security.org.my/watchlist/show?ip=#{addr} | grep '#{truncaddr}'`
if out.length < 1
puts "#{addr}: No records"
else
puts out.chomp
end
else
url = URI.parse("http://watchlist.security.org.my/watchlist/show?ip=#{addr}")
req = Net::HTTP::Get.new(url.path)
res = Net::HTTP.start(url.host, url.port) {|http|
http.request(req)
}
found = false
res.body.each_line { |line|
if line =~ /#{truncaddr}/i
puts line.chomp
found = true
end
}
if found == false
puts "#{addr}: No records found"
end
end
end
pp = PcapParser.new(File.new(file))
pp.each { |pkt|
print_harimau(pkt.ip_src.to_s)
print_harimau(pkt.ip_dst.to_s)
}