-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.py
121 lines (97 loc) · 3.7 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
from scapy.all import rdpcap
import requests
from scapy.layers.inet import IP
import pandas as pd
import os
API_KEY = "your_api_key_here"
def check_ip_virustotal(ip):
url = f"https://www.virustotal.com/api/v3/ip_addresses/{ip}"
headers = {
"accept": "application/json",
"x-apikey": API_KEY
}
try:
response = requests.get(url, headers=headers)
if response.status_code == 200:
json_response = response.json()
if 'data' in json_response and 'attributes' in json_response['data']:
attributes = json_response['data']['attributes']
malicious = attributes['last_analysis_stats']['malicious']
reputation = attributes.get('reputation', 'No score available')
country = attributes.get('country', 'Unknown')
return {
'IP': ip,
'Status': 'Malicious' if malicious > 0 else 'Clean',
'Community Score': reputation,
'Country': country
}
else:
return {
'IP': ip,
'Status': 'Unknown',
'Community Score': 'No score available',
'Country': 'Unknown'
}
else:
return {
'IP': ip,
'Status': f"Error {response.status_code}",
'Community Score': 'N/A',
'Country': 'N/A'
}
except Exception as e:
return {
'IP': ip,
'Status': 'Exception',
'Community Score': str(e),
'Country': 'N/A'
}
def open_pcap(file_path):
if file_path:
packets = rdpcap(file_path)
ip_addresses = set()
for packet in packets:
if IP in packet:
ip_dst = packet[IP].dst
ip_addresses.add(ip_dst)
results = []
for ip in ip_addresses:
result = check_ip_virustotal(ip)
print(f"{result['IP']} - {result['Status']} "
f"(Community Score: {result['Community Score']}, Country: {result['Country']})")
results.append(result)
return results
else:
print("No file selected")
return []
def export_to_excel(results, save_path, file_name):
df = pd.DataFrame(results)
full_path = os.path.join(save_path, file_name)
df.to_excel(full_path, index=False)
print(f"Results exported to {full_path}")
def main():
if API_KEY == "" or API_KEY == " " or API_KEY == "your_api_key_here":
print("Please enter your API key in the code before running this script.")
exit()
file_path = input("Enter the path of the pcap file: ").strip()
if '"' in file_path:
file_path = file_path.replace('"', '')
print(f'Quotes were found and removed from the file path. New path: {file_path}')
results = open_pcap(file_path)
if results:
export_choice = input("Do you want to export the results to an Excel file? (y/n): ").strip().lower()
if export_choice == "y":
save_path = input("Enter the directory where you want to save the Excel file: ").strip()
file_name = input("Enter the name of the Excel file: ").strip()
if not file_name.endswith('.xlsx'):
file_name += '.xlsx'
if not os.path.exists(save_path):
print("The directory does not exist. Please provide a valid directory.")
return
export_to_excel(results, save_path, file_name)
else:
print("Export to Excel skipped.")
else:
print("No results to export.")
if __name__ == "__main__":
main()