列表未更新，似乎正在循环我的Python代码进行pcap分析

def email_list(info): #print('[+] email addresses found: ') list = [] emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info) for em in emaillist: list.append(em) print(list)

['simonbrew@hotmail.com'] ['samson@infoworld.com'] ['brianjungman@gmail.com'] ['sneakyg33ky@aol.com'] ['inter0pt1c@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com', 'inter0pt1c@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com', 'inter0pt1c@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com'] ['d4rktangent@gmail.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com', 'd4rktangent@gmail.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com', 'd4rktangent@gmail.com'] ['sneakyg33ky@aol.com'] ['mistersekritx@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com', 'mistersekritx@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com'] ['sneakyg33ky@aol.com', 'mistersekritx@aol.com']

import dpkt,socket,datetime,geoip2.database,re,sys,urllib.request,urllib from tabulate import tabulate from collections import Counter from prettytable import PrettyTable def packet_type(pcap): ####https://stackoverflow.com/questions/18256342/parsing-a-pcap-file-in-python#### other = [] IP = [] tcp = [] udp = [] igmp = [] for ts, buf in pcap: # Unpack the Ethernet frame (mac src/dst, ethertype) eth = dpkt.ethernet.Ethernet(buf) #print(f'#<INFO> eth ethernet packet: {repr(eth)}') # ip address ip = eth.data # Extract TCP Payload TCP = ip.data info = repr(TCP) # read the source IP in dst src = socket.inet_ntoa(ip.src) # read the destination IP in dst dst = socket.inet_ntoa(ip.dst) try: if eth.type != dpkt.ethernet.ETH_TYPE_IP: other.append(src) IP.append(ip.len) if ip.p == dpkt.ip.IP_PROTO_IGMP: igmp.append(ip.len) elif ip.p == dpkt.ip.IP_PROTO_TCP: tcp.append(ip.len) elif ip.p == dpkt.ip.IP_PROTO_UDP: udp.append(ip.len) except Exception as err: print(f'Oh no there has been an {err}') continue timestamp(tcp,udp,igmp) def timestamp(tcp,udp,igmp): tcp.sort() Tcp = len(tcp) TCP1st = tcp[0] TCP2nd = tcp[-1] TCPts = str(datetime.datetime.utcfromtimestamp(TCP1st)) TCP2ts = str(datetime.datetime.utcfromtimestamp(TCP2nd)) udp.sort() Udp = len(udp) UDP = udp[0] UDP2nd = udp[-1] UDPts = str(datetime.datetime.utcfromtimestamp(UDP)) UDP2ts = str(datetime.datetime.utcfromtimestamp(UDP2nd)) igmp.sort() Igmp = len(igmp) IGMP = igmp[0] IGMP2nd = igmp[-1] IGMPts = str(datetime.datetime.utcfromtimestamp(IGMP)) IGMP2ts = str(datetime.datetime.utcfromtimestamp(IGMP2nd)) mean_packet_length(tcp,udp,igmp,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp) def mean_packet_length(tcp,udp,igmp,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp): tcpmean = sum(tcp) / len(tcp) tcp_mean = round(tcpmean) udpmean = sum(udp) / len(udp) udp_mean = round(udpmean) igmpmean = sum(igmp) / len(igmp) igmp_mean = round(igmpmean) tabulate_table(tcp_mean,udp_mean,igmp_mean,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp) def tabulate_table(tcp_mean,udp_mean,igmp_mean,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp): table =[['TCP',Tcp,TCPts,TCP2ts,tcp_mean], ['UDP',Udp,UDPts, UDP2ts, udp_mean], ['IGMP',Igmp,IGMPts,IGMP2ts,igmp_mean]] headers = ['Protocol','Count', 'First_Timestamp', 'Last_Timestamp', 'Mean_Length'] print(tabulate(table, headers, tablefmt='fancy_grid')) tcp() def email_list(info): #print('[+] email addresses found: ') list = [] emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info) for em in emaillist: list.append(em) print(list) def tcp(): with open(r'C:\Users\snoopgrapes\Desktop\evidence-packet-analysis.pcap', 'rb') as pcapfile: pcap = dpkt.pcap.Reader(pcapfile) for ts, buf in pcap: # Unpack the Ethernet frame (mac src/dst, ethertype) eth = dpkt.ethernet.Ethernet(buf) #print(f'#<INFO> eth ethernet packet: {repr(eth)}') # ip address ip = eth.data # Extract TCP Payload TCP = ip.data info = repr(TCP) email_list(info) def find_uri(): found = False gif_uri = [] with open(r'C:\Users\snoopgrapes\Desktop\evidence-packet-analysis.pcap', 'rb') as pcapfile: pcap = dpkt.pcap.Reader(pcapfile) for ts, buf in pcap: try: eth = dpkt.ethernet.Ethernet(buf) ip = eth.data tcp = ip.data http = dpkt.http.Request(tcp.data) if http.method == 'GET': uri = http.uri.lower() if '.gif' in uri: gif_uri.append(uri) found = True except Exception: pass print(f'Gif URI {gif_uri}') def main(): pcapFile = r'C:\Users\snoopgrapes\Desktop\evidence-packet-analysis.pcap' #pcapFile = r'C:\Users\snoopgrapes\Desktop\filtered2.pcap' #pcapFile = r'C:\Users\snoopgrapes\Desktop\filtered3.pcap' #pcapFile = r'C:\Users\snoopgrapes\Desktop\http.pcap' #pcapFile = r'C:\Users\snoopgrapes\Desktop\sampledata.pcap' #email = r'C:\Users\snoopgrapes\Desktop\email_sample.txt' excludesrc = '146.176.164.91' f = open(pcapFile, 'rb') pcap = dpkt.pcap.Reader(f) reader = geoip2.database.Reader('C:\Program Files\Python39\Geo\Geo.mmdb') print(f'[*] analysing {pcapFile} for packets not source {excludesrc}') print('------------------------------------------------------------') packet_type(pcap) if __name__ == '__main__': main()

1条回答

网友

1楼 · 发布于 2024-06-02 04:59:27

list = []
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
    list.append(em)
    print(list)

基本上，你会在emaillist中得到所有电子邮件的列表。然后迭代这个emaillist，并将每个元素添加到list。但是在每个迭代中，您都会打印到目前为止收集的所有内容，包括您在上一次迭代中已经打印的值。您可能会尝试这样做（注意不同的缩进）：

list = []
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
    list.append(em)
print(list)

或者更简单

list = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
print(list)

相关问题更多 >

编程相关推荐

热门问题

热门文章