暴力Python - 在OptParse输出正确信息时遇到问题

时间:2016-07-26 23:21:16

标签: python optparse

我直接使用Violent Python PDF,第147页。

我目前正在使用pygeoip模块来查找IP地址的位置。我能够相当容易地完成第一步,它由代码中的#1哈希表示。

第二步包括从pcap文件中获取数据并将相应的IP地址(目标和原始ip)与其pyschial位置相匹配。出于某种原因,我无法让程序返回此信息。相反,我从optParse实例中获取了一个打印的字符串。

我目前的代码是:

#1. pg 136 of Violent Python by TJ O'Connor



 #We are using the imported pygeoip module to search the database from
 #http://dev.maxmind.com/geoip/legacy/geolite/ and match it with an ip address

 import pygeoip

 GI = pygeoip.GeoIP('/home/cody/workspace/violent_python/opt/GeoIP/GeoLiteCity.dat')

 #output should be the location of the given ip; NOTE: does not work for IPV6

 gi = pygeoip.GeoIP('/home/cody/workspace/violent_python/opt/GeoIP/GeoLiteCity.dat')
def printRecord(tgt):
     rec = gi.record_by_name(tgt)
     city = rec['city']
     region = rec['region_code']
     country = rec['country_name']
     long = rec['longitude']
     lat = rec['latitude']
     print '[*] Target: ' + tgt + ' Geo-located.'
     print '[+] ' +str(city)+','+str(lat)+ ',longitude: '+str(long)
 tgt = '173.255.226.98'
 printRecord(tgt)



 #reading a pcap capture; NOTE: it would be useful to learn how to view live
 #traffic via studying pypcap
import dpkt
import socket
def printPcap(pcap):
    for (ts,buf) in pcap:
        try:
            eth = dpkt.ethernet.Ethernet(buf)
            ip = eth.data
            src = socket.inet_ntoa(ip.src)
            dst = socket.inet_ntoa(ip.dst)
            print '[+] Src: ' + src + ' --> Dst: ' + dst
        except:
            pass

 def main():
    f = open('geotest.pcap')
    pcap = dpkt.pcap.Reader(f)
    printPcap(pcap)
if __name__ == '__main__':
    main()


#create a new function that returns a pyschial location for an IP address
import dpkt, socket, pygeoip, optparse

gi = pygeoip.GeoIP("/home/cody/workspace/violent_python/opt/GeoIP/GeoLiteCity.dat")
def retGeoStr(ip):
    try:
        rec = gi.record_by_name(ip)
        city = rec['city']
        country = rec['country_code3']
        if (city != ''):
            geoLoc = city+' , '+country
        else:
            geoLoc = country
        return geoLoc
    except:
        return 'Unregistered'



#2. this is the entire set up put together

import dpkt,socket,pygeoip,optparse
gi = pygeoip.GeoIP("/home/cody/workspace/violent_python/opt/GeoIP/GeoLiteCity.dat")
def retGeoStr(ip):
    try:
        rec = gi.record_by_name(ip)
        city = rec['city']
        country = rec['country_code3']
        if city != '':
            geoLoc = city + ',' + country
        else:
            geoLoc = country
        return geoLoc
    except:
        return 'Unregistered'
def printPcap(pcap):
    for (ts, buf) in pcap:
        try:
            eth = dpkt.ethernet.Ethernet(buf)
            ip = eth.data
            src = socket.inet_ntoa(ip.src)
            dst = socket.inet_ntoa(ip.dst)
            print '[+] Src: ' + src + '----> Dst: ' + dst
            print '[+] Src: ' +retGeoStr(src) + '----> Dst: ' + retGeoStr(dst)
        except:
            pass

def main():
    parser = optparse.OptionParser('usage%prog -p <pcap file>')
    parser.add_option('-p',dest='pcapFile',type='string',\
    help='specify pcap filename')
(options,args) = parser.parse_args()
    if options.pcapFile == None:
        print parser.usage
        exit(0)
    pcapFile = options.pcapFile
    f = open(pcapFile)
    pcap = dpkt.pcap.Reader(f)
 if __name__ == '__main__':
     main()

'''
 Desiered output:


 analyst# python geoPrint.py -p geotest.pcap
[+] Src: 110.8.88.36 --> Dst: 188.39.7.79
[+] Src: KOR --> Dst: London, GBR
[+] Src: 28.38.166.8 --> Dst: 21.133.59.224
[+] Src: Columbus, USA --> Dst: Columbus, USA
[+] Src: 153.117.22.211 --> Dst: 138.88.201.132
[+] Src: Wichita, USA --> Dst: Hollywood, USA
[+] Src: 1.103.102.104 --> Dst: 5.246.3.148
[+] Src: KOR --> Dst: Unregistered
[+] Src: 166.123.95.157 --> Dst: 219.173.149.77
[+] Src: Washington, USA --> Dst: Kawabe, JPN
[+] Src: 8.155.194.116 --> Dst: 215.60.119.128
[+] Src: USA --> Dst: Columbus, USA
[+] Src: 133.115.139.226 --> Dst: 137.153.2.196
[+] Src: JPN --> Dst: Tokyo, JPN
[+] Src: 217.30.118.1 --> Dst: 63.77.163.212
[+] Src: Edinburgh, GBR --> Dst: USA
[+] Src: 57.70.59.157 --> Dst: 89.233.181.180
[+] Src: Endeavour Hills, AUS --> Dst: Prague, CZE
'''

 #3. we are going to build the kml document to map to google maps

我的实际输出:

[*] Target: 173.255.226.98 Geo-located.
[+] Newark,40.7357,longitude: -74.1724
[+] Src: 110.8.88.36 --> Dst: 188.39.7.79
[+] Src: 28.38.166.8 --> Dst: 21.133.59.224
[+] Src: 153.117.22.211 --> Dst: 138.88.201.132
[+] Src: 1.103.102.104 --> Dst: 5.246.3.148
[+] Src: 166.123.95.157 --> Dst: 219.173.149.77
[+] Src: 8.155.194.116 --> Dst: 215.60.119.128
[+] Src: 133.115.139.226 --> Dst: 137.153.2.196
[+] Src: 217.30.118.1 --> Dst: 63.77.163.212
[+] Src: 57.70.59.157 --> Dst: 89.233.181.180
usage%prog -p <pcap file>

请帮帮我!我无法弄清楚这一点,但我认为它与我的解析器有关

1 个答案:

答案 0 :(得分:1)

就像viraptor所说,将练习分成不同的脚本文件,然后再试一次。不仅将练习编写在单独的脚本中,如果您需要查看较少的代码(以及可能出错的代码较少),则更容易找到错误。

相关问题
最新问题