forked from fakhrizulkifli/Hybrid-Shell-Script
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpcap.sh
executable file
·176 lines (155 loc) · 4.52 KB
/
pcap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/bin/bash
usage() {
echo "Usage:./$0 <pcap file>"
echo "-s <pcapfile> Pcap file analysis"
echo "-p <inpcapfile> <outpcapfile> <configfile> rewrite source/destination IP address"
echo "-m <inpcapfile> <outpcapfile> <configfile> rewrite source/destination MAC address"
exit
}
list_ip_conversation() {
echo -e "\e[33mList of IPs conversation\e[0m"
echo -e "\e[33m------------------------\e[0m"
tshark -nn -r $1 -T fields -e ip.dst -e ip.src | sort | uniq
if [ $? -ne 0 ]
then
echo -e "\e[36mPlease make sure Tshark is installed before using this script.\e[0m"
exit 1
fi
}
total_ip_frames() {
echo -e "\e[33mTotal frames per conversation\e[0m"
echo -e "\e[33m-----------------------------\e[0m"
#tshark -nn -r $1 -T fields -e ip.dst -e ip.src | sort | uniq -c | sed 's/^[ \t]*//' | awk '{print $2"\t" "<-> " $3"\t" "occurrences = "$1}' | column -t
printf "\e[1;36mSource IP\t\tDestination IP\t\tNo. Occurrences\e[0m\n" && tshark -r $1 -q -z conv,ip | awk '{print $1 "\t\t" $3 "\t\t" $8}' | sed 's/IPv4.*//g' | sed 's/Filter.*//g' | sed 's/=*//g'| sed 's/Total//g' | sed 's/|//g' | sed 's/Bytes.*//g' | sed '/^\s*$/d'
if [ $? -ne 0 ]
then
echo -e "\e[36mPlease make sure Tshark is installed before using this script.\e[0m"
exit 1
fi
}
list_ip() {
echo -e "\e[33mList of IPs available in $1\e[0m"
echo -e "\e[33m---------------------------\e[0m"
tshark -nn -r $1 -T fields -e ip.src | sort | uniq | sed 's/$/,/g'
if [ $? -ne 0 ]
then
echo -e "\e[36mPlease make sure Tshark is installed before using this script.\e[0m"
exit 1
fi
}
tcpip() {
cat << END > tcpip.py
#!/usr/bin/python
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
pkts = rdpcap("$1")
file = open("$3", "r")
d = {}
for i in file:
print i.strip()
if len(i.strip())> 10:
k, v = i.strip().split(',')
d[k.strip()] = v.strip()
for k, v in d.items():
x = k
y = v
if len(y) is 0:
y = k
for p in pkts:
if p.haslayer(TCP): # Proto options
if p[IP].src == x:
p[IP].src = y
if p[IP].dst == x:
p[IP].dst = y
wrpcap("$2", pkts)
END
}
tcpmac() {
cat << END > tcpmac.py
#!/usr/bin/python
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
pkts = rdpcap("$1")
file = open("$3", "r")
d = {}
for i in file:
k, v = i.strip().split(',')
d[k.strip()] = v.strip()
for k, v in d.items():
x = k
y = v
if len(y) is 0:
y = k
for p in pkts:
if p.haslayer(Ether): # Proto options
if p[Ether].src == x:
p[Ether].src = y
if p[Ether].dst == x:
p[Ether].dst = y
wrpcap("$2", pkts)
END
}
rewrite_ip() {
echo -e "\e[33mRewriting IP address in $1\e[0m"
echo -e "\e[33m--------------------------\e[0m"
#tcprewrite --infile=.tcpout --outfile=$2 --srcipmap=0.0.0.0/0:$3 --dstipmap=0.0.0.0/0:$4
tcpip $1 $2 $3; python tcpip.py; rm tcpip.py
if [ $? -ne 0 ]
then
echo -e "\e[36mPlease make sure python and python-scapy is installed before using this script.\e[0m"
exit 1
fi
echo -e "\e[34mIP address written in $2\e[0m"
}
rewrite_mac() {
echo -e "\e[33mRewriting MAC address in $1\e[0m"
echo -e "\e[33m---------------------------\e[0m"
#tcprewrite --infile=.tcpout --outfile=$2 --enet-smac=$3 --enet=dmac=$4
tcpmac $1 $2 $3; python tcpmac.py; rm tcpmac.py
if [ $? -ne 0 ]
then
echo -e "\e[36mPlease make sure python and python-scapy is installed before using this script.\e[0m"
exit 1
fi
echo -e "\e[34mMAC address written in $2\e[0m"
}
if [ -z $1 ]
then
usage
fi
while getopts spmo opts; do
case $opts in
s)
list_ip_conversation $2
echo `date` >> config.file
echo "===================================" >> config.file
#list_ip_conversation $2 | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" >> config.file
#echo >> config.file
echo
total_ip_frames $2
#total_ip_frames $2 | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" >> config.file
#echo >> config.file
echo
list_ip $2
#list_ip $2 | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" >> config.file
#echo >> config.file
tshark -nn -r $2 -T fields -e ip.src | sort | uniq | sed 's/$/,/g' > config.file
echo
echo -e "\e[34mIPs logged in config.file\e[0m"
#echo "##########################################################" >> config.file
;;
p)
rewrite_ip $2 $3 $4 $5
echo
;;
m)
rewrite_mac $2 $3 $4 $5
echo
;;
\?)
usage
;;
esac
done