我从捕获标志事件DEFCON 22中获得了这些文件:
balalaikacr3w_00001_20140808100030.cap
balalaikacr3w_00001_20140809100255.cap
mmibh_00115_20140809193255.cap
mmibh_00116_20140808193530.cap
等等。团队名称不会更改,但每个团队都有多个文件,范围从00001到00125,显示在团队名称之后。然后文件还显示日期(Y / M / D)为20140808。更改的是日期,而不是年或月。
我正在寻找一种动态打开每个文件以读取其信息的方法。我也将这些团队放在一个目录中。我想使用通配符获得团队和一天的资料。这是我在bash中完成的代码:
ls | awk '/balala*/ && /20140808/' | while read line;
我需要将其翻译成python,并尽可能使用字典。这是我到目前为止所拥有的。
def main():
teams = {'balalaikacr3w':1,'binja':2,'blue-lotus':3,'codered':4,'dragonsector':5,'gallopsled':6
,'hackingforchimac':7,'hitcon':8,'kaist':9,'mmibh':10,'mslc':11,'oracle':12,'penthackon':13,'ppp':14
,'raon_asrt':15,'reckless':16,'routards':17,'shellphish':18,'stratum':19,'team9447':20,'w3stormz':21}
for key in sorted(teams.iterkeys()):
print (teams[key],": ", key, sep='')
x = str(raw_input("Please enter the name for the team that you would like to see: "))
#print(teams[str(x)]) # trying to get the name value rather than the key
Path = "~/sonomastate/cs496/"
filelist = os.listdir(Path)
for i in filelist:
if i.startswith(teams[str(x)]): # You could also add "and i.startswith('f')
with open(Path + i, 'r') as f:
for line in f:
# Here you can check (with regex, if, or whatever if the keyword is in the document.)
date = {'2014-08-08':1, '2014-08-09':2,'2014-08-10':3}
for key in sorted(date.iterkeys()):
print (date[key],": ", key, sep='')
y = int(input("Please entet the number for the date that you would like to load: "))
parser = argparse.ArgumentParser()
parser.add_argument('--name', type=str, default="balalaikacr3w_00001_20140808100030.cap", help="input file")
args = parser.parse_args()
sys.stdout.write(str(pcap_scan(args)))
以下是输出:
1: balalaikacr3w
2: binja
3: blue-lotus
4: codered
5: dragonsector
6: gallopsled
7: hackingforchimac
8: hitcon
9: kaist
10: mmibh
Please enter the name for the team that you would like to see:
1: 2014-08-08
2: 2014-08-09
3: 2014-08-10
Please enter the number for the date that you would like to load: