basic_example.py

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #                                                 
#   ,---.  ,--.                   ,--.             ,--.           ,--.  ,--.     by Nemesis Mr.Chess  #   
#  '   .-' |  ,---.  ,---. ,--.--.|  | ,---.  ,---.|  |,-.  ,---. |  '--'  | ,---. ,--,--,--. ,---.   #
#  `.  `-. |  .-.  || .-. :|  .--'|  || .-. || .--'|     / (  .-' |  .--.  || .-. ||        || .-. :  #
#  .-'    ||  | |  |\   --.|  |   |  |' '-' '\ `--.|  \  \ .-'  `)|  |  |  |' '-' '|  |  |  |\   --.  #
#  `-----' `--' `--' `----'`--'   `--' `---'  `---'`--'`--'`----' `--'  `--' `---' `--`--`--' `----'  #
#   Will get all Bastards!                                                                            #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
                                               
from scapy.all import *
import csv
import time
import re

onion_address = "INSERT .ONION ADDRESS HERE" # .onion address you want to monitor
packet_list = []

def packet_capture(packet):
    if packet.haslayer(IP):
        if packet[IP].dst == onion_address or packet[IP].src == onion_address:
            timestamp = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(packet.time))
            src_ip = packet[IP].src
            dst_ip = packet[IP].dst
            protocol = packet[IP].proto
            packet_list.append([timestamp, src_ip, dst_ip, protocol])

while True:
    sniff(prn=packet_capture, filter=f"host {onion_address}", count=10)

    # Write packet data to CSV file
    with open('onion_communication.csv', mode='w', newline='') as file:
        writer = csv.writer(file)
        writer.writerow(['Timestamp', 'Source IP', 'Destination IP', 'Protocol'])
        for row in packet_list:
            writer.writerow(row)

    # Check destination
    for pkt in packet_list:
        ip_src = pkt[1]
        ip_dst = pkt[2]
        if re.match(r'127\.0\.0\.1:(8080|8081|8083)', ip_dst):
            print(f'Potential intruder detected: {ip_src} -> {ip_dst}')

    # Reset packet_list
    packet_list = []

    # Add a delay or other logic as needed
    time.sleep(60)  # Wait for 1 minute before capturing the next batch of packets