In [4]:
#Automating Network Traffic Monitoring with scapy
import scapy.all as scapy
import logging
import time

# Configure logging
logging.basicConfig(filename='network_traffic.log', level=logging.INFO, format='%(asctime)s - %(message)s')

# Define a function to analyze the traffic
def packet_callback(packet):
    # Log basic info about the packet
    logging.info(f"Packet captured: {packet.summary()}")
    
    # Example: Check if there is an unusual number of packets from a single IP
    if packet.haslayer(scapy.IP):
        ip_src = packet[scapy.IP].src
        ip_dst = packet[scapy.IP].dst
        logging.info(f"Source IP: {ip_src}, Destination IP: {ip_dst}")
        
        # Example condition: If the source IP is suspicious (e.g., blacklisted or unexpected)
        if ip_src == '192.168.1.100':  # Replace with a known suspicious IP or a condition
            logging.warning(f"Suspicious traffic detected from IP: {ip_src}")

# Define a function to capture traffic and analyze it
def monitor_traffic():
    logging.info("Starting network traffic capture...")
    
    try:
        # Capture packets indefinitely (can be limited by setting count or timeout)
        scapy.sniff(prn=packet_callback, store=False)  # Set store=True if you want to keep packets in memory
    except KeyboardInterrupt:
        logging.info("Network traffic monitoring stopped manually.")
        pass
    except Exception as e:
        logging.error(f"Error while capturing packets: {e}")

if __name__ == "__main__":
    monitor_traffic()
# this script logs network traffic into network_traiffic.log, Packet_callback function processes each packet and logs its info, and scappy.sniff prcoesses all packets on the network

In [None]:
import nmap
import logging
import datetime
import os

# Configure logging
log_directory = "logs"
if not os.path.exists(log_directory):
    os.makedirs(log_directory)

logging.basicConfig(
    filename=os.path.join(log_directory, f'nmap_vulnerability_scan_{datetime.datetime.now().strftime("%Y-%m-%d")}.log'),
    level=logging.INFO,
    format='%(asctime)s - %(message)s'
)

# Function to run vulnerability scan
def run_nmap_vulnerability_scan(target):
    nm = nmap.PortScanner()
    
    logging.info(f"Starting Nmap scan on {target}")
    try:
        # Scan with the 'vuln' script to detect known vulnerabilities
        nm.scan(target, arguments='--script vuln')
        logging.info(f"Scan completed for {target}")
    except nmap.nmap.PortScannerError as e:
        logging.error(f"PortScannerError occurred while scanning {target}: {e}")
        return
    except Exception as e:
        logging.error(f"Error occurred while scanning {target}: {e}")
        return
    
    # Log results
    logging.info(f"Scan results for {target}:")
    for host in nm.all_hosts():
        logging.info(f"Host: {host} ({nm[host].hostname()})")
        logging.info(f"State: {nm[host].state()}")
        for proto in nm[host].all_protocols():
            logging.info(f"Protocol: {proto}")
            ports = list(nm[host][proto].keys())
            for port in ports:
                logging.info(f"Port: {port}\tState: {nm[host][proto][port]['state']}")
                if 'script' in nm[host][proto][port]:
                    for script, output in nm[host][proto][port]['script'].items():
                        logging.info(f"Vulnerability: {script} - {output}")
                else:
                    logging.info(f"No vulnerabilities found on port {port}.")

if __name__ == "__main__":
    TARGET_IP = input("Enter the target IP address or hostname: ")
    run_nmap_vulnerability_scan(TARGET_IP)


In [None]:
import subprocess
import logging
import datetime
import os

# Configure logging
log_directory = "logs"
if not os.path.exists(log_directory):
    os.makedirs(log_directory)

logging.basicConfig(
    filename=os.path.join(log_directory, f'openvas_vulnerability_scan_{datetime.datetime.now().strftime("%Y-%m-%d")}.log'),
    level=logging.INFO,
    format='%(asctime)s - %(message)s'
)

# Function to run OpenVAS scan
def run_openvas_vulnerability_scan(target):
    logging.info(f"Starting OpenVAS scan on {target}")
    
    # Start a scan using OpenVAS CLI commands
    try:
        # Replace 'openvas' with the actual OpenVAS scanner command if using CLI
        subprocess.run(['openvas', '-h', target], check=True)  # Modify as needed for your setup
        logging.info(f"Scan completed for {target}")
    except subprocess.CalledProcessError as e:
        logging.error(f"Error occurred while scanning {target}: {e}")
        return
    
    # Log results (you may want to specify result file or directory)
    logging.info(f"Scan results for {target} saved to {log_directory}")

if __name__ == "__main__":
    TARGET_IP = input("Enter the target IP address or hostname: ")
    run_openvas_vulnerability_scan(TARGET_IP)
