Python列表看起来像是在循环,而不是在更新
我一直试图从pcap文件中提取电子邮件并将其添加到列表中。我已经尝试了所有我能思考的方法,但除了看起来像一个循环的方式外,似乎无法以任何其他方式输出它Python列表看起来像是在循环,而不是在更新,python,list,loops,email,pcap,Python,List,Loops,Email,Pcap,我一直试图从pcap文件中提取电子邮件并将其添加到列表中。我已经尝试了所有我能思考的方法,但除了看起来像一个循环的方式外,似乎无法以任何其他方式输出它 def findemail(info): '''Suitable function doc string here''' regex = '^[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}$' emails = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z
def findemail(info):
'''Suitable function doc string here'''
regex = '^[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}$'
emails = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
emaillist = emails
print(emaillist)
样本输出
---
[]
[]
[]
[]
['sneakyg33ky@aol.com']
[]
[]
[]
[]
[]
[]
[]
[]
[]
['sneakyg33ky@aol.com', 'd4rktangent@gmail.com']
[]
---
这种方式稍微好一点,因为它会打印所有找到的电子邮件,但当我将它们附加到列表中时,它不会像循环一样更新输出
def email_list(info):
print('[+] email addresses found: ')
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
print(em)
这是我得到的输出:
---
simonbrew@hotmail.com
samson@infoworld.com
brianjungman@gmail.com
sneakyg33ky@aol.com
inter0pt1c@aol.com
sneakyg33ky@aol.com
inter0pt1c@aol.com
sneakyg33ky@aol.com
sneakyg33ky@aol.com
inter0pt1c@aol.com
sneakyg33ky@aol.com
sneakyg33ky@aol.com
d4rktangent@gmail.com
sneakyg33ky@aol.com
d4rktangent@gmail.com
sneakyg33ky@aol.com
sneakyg33ky@aol.com
d4rktangent@gmail.com
sneakyg33ky@aol.com
mistersekritx@aol.com
sneakyg33ky@aol.com
mistersekritx@aol.com
sneakyg33ky@aol.com
sneakyg33ky@aol.com
mistersekritx@aol.com
Process finished with exit code 0
---
我试过的另一种方法是:
---
def email_list(info):
#print('[+] email addresses found: ')
list = []
emaillist = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
for em in emaillist:
list.append(em)
print(list)
样本输出:
---
['simonbrew@hotmail.com']
['samson@infoworld.com']
['brianjungman@gmail.com']
['sneakyg33ky@aol.com']
['inter0pt1c@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'inter0pt1c@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'inter0pt1c@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['d4rktangent@gmail.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'd4rktangent@gmail.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'd4rktangent@gmail.com']
['sneakyg33ky@aol.com']
['mistersekritx@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'mistersekritx@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com']
['sneakyg33ky@aol.com', 'mistersekritx@aol.com']
---
我的想法是,我想找到这些电子邮件,将它们添加到一个列表中,删除重复的邮件,然后以漂亮的表格格式打印出来
到目前为止,这是我所有的代码
import dpkt,socket,datetime,geoip2.database,re
from tabulate import tabulate
from collections import Counter
from prettytable import PrettyTable
import pprint
def packet_type(pcap):
####https://stackoverflow.com/questions/18256342/parsing-a-pcap-file-in-python####
other = []
IP = []
tcp = []
udp = []
igmp = []
for ts, buf in pcap:
# Unpack the Ethernet frame (mac src/dst, ethertype)
eth = dpkt.ethernet.Ethernet(buf)
#print(f'#<INFO> eth ethernet packet: {repr(eth)}')
# ip address
ip = eth.data
# read the source IP in dst
src = socket.inet_ntoa(ip.src)
# read the destination IP in dst
dst = socket.inet_ntoa(ip.dst)
try:
if eth.type != dpkt.ethernet.ETH_TYPE_IP:
other.append(src)
IP.append(ip.len)
if ip.p == dpkt.ip.IP_PROTO_IGMP:
igmp.append(ip.len)
elif ip.p == dpkt.ip.IP_PROTO_TCP:
tcp.append(ip.len)
elif ip.p == dpkt.ip.IP_PROTO_UDP:
udp.append(ip.len)
except Exception as err:
print(f'Oh no there has been an {err}')
continue
timestamp(tcp,udp,igmp)
def timestamp(tcp,udp,igmp):
tcp.sort()
Tcp = len(tcp)
TCP1st = tcp[0]
TCP2nd = tcp[-1]
TCPts = str(datetime.datetime.utcfromtimestamp(TCP1st))
TCP2ts = str(datetime.datetime.utcfromtimestamp(TCP2nd))
udp.sort()
Udp = len(udp)
UDP = udp[0]
UDP2nd = udp[-1]
UDPts = str(datetime.datetime.utcfromtimestamp(UDP))
UDP2ts = str(datetime.datetime.utcfromtimestamp(UDP2nd))
igmp.sort()
Igmp = len(igmp)
IGMP = igmp[0]
IGMP2nd = igmp[-1]
IGMPts = str(datetime.datetime.utcfromtimestamp(IGMP))
IGMP2ts = str(datetime.datetime.utcfromtimestamp(IGMP2nd))
mean_packet_length(tcp,udp,igmp,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp)
def mean_packet_length(tcp,udp,igmp,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp):
tcpmean = sum(tcp) / len(tcp)
tcp_mean = round(tcpmean)
udpmean = sum(udp) / len(udp)
udp_mean = round(udpmean)
igmpmean = sum(igmp) / len(igmp)
igmp_mean = round(igmpmean)
tabulate_table(tcp_mean,udp_mean,igmp_mean,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp)
def tabulate_table(tcp_mean,udp_mean,igmp_mean,TCPts,TCP2ts,UDPts,UDP2ts,IGMPts,IGMP2ts,Tcp,Udp,Igmp):
table =[['TCP',Tcp,TCPts,TCP2ts,tcp_mean], ['UDP',Udp,UDPts, UDP2ts, udp_mean], ['IGMP',Igmp,IGMPts,IGMP2ts,igmp_mean]]
headers = ['Protocol','Count', 'First_Timestamp', 'Last_Timestamp', 'Mean_Length']
print(tabulate(table, headers, tablefmt='fancy_grid'))
def findemail(info):
'''Suitable function doc string here'''
regex = '^[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}$'
emails = re.findall(r"[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}", info)
emaillist = emails
print(emaillist)
def main():
pcapFile = r'C:\Users\snoopgrapes\Desktop\evidence-packet-analysis.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\filtered2.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\filtered3.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\http.pcap'
#pcapFile = r'C:\Users\snoopgrapes\Desktop\sampledata.pcap'
#email = r'C:\Users\snoopgrapes\Desktop\email_sample.txt'
excludesrc = '146.176.164.91'
f = open(pcapFile, 'rb')
pcap = dpkt.pcap.Reader(f)
reader = geoip2.database.Reader('C:\Program Files\Python39\Geo\Geo.mmdb')
print(f'[*] analysing {pcapFile} for packets not source {excludesrc}')
print('------------------------------------------------------------')
packet_type(pcap)
f = open(pcapFile, 'rb')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
TCP = ip.data
info = repr(TCP)
findemail(info)
if __name__ == '__main__':
main()
导入dpkt、套接字、日期时间、geoip2.database、re
从表格导入表格
从收款进口柜台
从prettytable导入prettytable
导入pprint
def数据包类型(pcap):
####https://stackoverflow.com/questions/18256342/parsing-a-pcap-file-in-python####
其他=[]
IP=[]
tcp=[]
udp=[]
igmp=[]
对于ts,pcap中的buf:
#解压缩以太网帧(mac src/dst,以太网类型)
eth=dpkt.ethernet.ethernet(buf)
#打印(f'#以太网数据包:{repr(eth)}')
#ip地址
ip=eth.data
#在dst中读取源IP
src=socket.inet\u ntoa(ip.src)
#在dst中读取目标IP
dst=socket.inet_ntoa(ip.dst)
尝试:
如果eth.type!=dpkt.ethernet.ETH_类型_IP:
其他.附加(src)
IP.append(IP.len)
如果ip.p==dpkt.ip.ip_PROTO_IGMP:
igmp.append(ip.len)
elif ip.p==dpkt.ip.ip_PROTO_TCP:
tcp.append(ip.len)
elif ip.p==dpkt.ip.ip_PROTO_UDP:
udp.append(ip.len)
除异常作为错误外:
打印(哦,不,有一个{err}})
持续
时间戳(tcp、udp、igmp)
def时间戳(tcp、udp、igmp):
tcp.sort()
Tcp=len(Tcp)
TCP1st=tcp[0]
TCP2nd=tcp[-1]
TCPts=str(datetime.datetime.utcfromtimestamp(TCP1st))
TCP2ts=str(datetime.datetime.utcfromtimestamp(TCP2nd))
udp.sort()
Udp=len(Udp)
UDP=UDP[0]
UDP2nd=udp[-1]
UDPts=str(datetime.datetime.utcfromtimestamp(UDP))
UDP2ts=str(datetime.datetime.utcfromtimestamp(UDP2nd))
igmp.sort()
Igmp=len(Igmp)
IGMP=IGMP[0]
IGMP2nd=igmp[-1]
IGMPts=str(datetime.datetime.utcfromtimestamp(IGMP))
IGMP2ts=str(datetime.datetime.utcfromtimestamp(IGMP2nd))
平均数据包长度(tcp、udp、igmp、TCPts、TCP2ts、UDPts、UDP2ts、IGMPts、IGMP2ts、tcp、udp、igmp)
def平均数据包长度(tcp、udp、igmp、TCPts、TCP2ts、UDPts、UDP2ts、IGMPS、IGMP2ts、tcp、udp、igmp):
tcpmean=总和(tcp)/len(tcp)
tcp_平均值=四舍五入(tcpmean)
udpmean=总和(udp)/长度(udp)
udp_平均值=四舍五入(udpmean)
igmpmean=总和(igmp)/len(igmp)
igmp_平均值=四舍五入(igmpmean)
表格(tcp平均值、udp平均值、igmp平均值、TCPT、TCP2ts、UDPT、UDP2ts、IGMPts、IGMP2ts、tcp、udp、igmp)
def表格(tcp平均值、udp平均值、igmp平均值、TCPts、TCP2ts、UDPts、UDP2ts、IGMPS、IGMP2ts、tcp、udp、igmp):
表=['TCP',TCP,TCPts,TCP2ts,TCP_平均值],'UDP',UDP,UDPts,UDP2ts,UDP_平均值],'IGMP',IGMP,IGMPS,IGMP2ts,IGMP_平均值]]
头文件=['Protocol','Count','First_Timestamp','Last_Timestamp','Mean_Length']
打印(表格(表格、标题、表格FMT='fancy_grid'))
def findemail(信息):
''此处有合适的函数文档字符串''
正则表达式='^[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}$'
电子邮件=回复findall(r“[a-zA-Z0-9.]+@[a-zA-Z0-9.]+\.\w{2,4}”,信息)
emaillist=电子邮件
打印(电子邮件列表)
def main():
pcapFile=r'C:\Users\snoopgrapes\Desktop\evidence packet analysis.pcap'
#pcapFile=r'C:\Users\snoopgrapes\Desktop\filtered2.pcap'
#pcapFile=r'C:\Users\snoopgrapes\Desktop\filtered3.pcap'
#pcapFile=r'C:\Users\snoopgrapes\Desktop\http.pcap'
#pcapFile=r'C:\Users\snoopgrapes\Desktop\sampledata.pcap'
#email=r'C:\Users\snoopgrapes\Desktop\email\u sample.txt'
excludesrc='146.176.164.91'
f=打开(pcapFile'rb')
pcap=dpkt.pcap.Reader(f)
reader=geoip2.database.reader('C:\ProgramFiles\Python39\Geo\Geo.mmdb')
打印(f'[*]分析{pcapFile}中的数据包不是源{excludesrc}')
打印('---------------------------------------------------------------')
数据包类型(pcap)
f=打开(pcapFile'rb')
pcap=dpkt.pcap.Reader(f)
对于ts,pcap中的buf:
eth=dpkt.ethernet.ethernet(buf)
ip=eth.data
TCP=ip.data
info=repr(TCP)
findemail(信息)
如果uuuu name uuuuuu='\uuuuuuu main\uuuuuuu':
main()