Skip to content

Commit 3da544d

Browse files
pythonhackerpythonhacker
committed
moving util functions to utils.py
1 parent f511411 commit 3da544d

File tree

2 files changed

+25
-11
lines changed

2 files changed

+25
-11
lines changed

scanlogger.py

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
import time
2222
import argparse
2323
import hasher
24-
24+
import utils
2525
import entry
2626
import timerlist
2727
from constants import *
@@ -35,10 +35,6 @@
3535

3636
PIDFILE="/var/run/pyscanlogger.pid"
3737

38-
get_timestamp = lambda : time.strftime('%Y-%m-%d %H:%M:%S', time.localtime())
39-
ip2quad = lambda x: socket.inet_ntoa(struct.pack('I', x))
40-
scan_ip2quad = lambda scan: list(map(ip2quad, [scan.src, scan.dst]))
41-
4238
class ScanLogger:
4339
""" Port scan detector and logger class """
4440

@@ -91,7 +87,7 @@ def __init__(self, timeout, threshold, maxsize=8192, daemon=True, logfile='/var/
9187
def log(self, msg):
9288
""" Log a message to console and/or log file """
9389

94-
line = f'[{get_timestamp()}]: {msg}'
90+
line = f'[{utils.timestamp()}]: {msg}'
9591
if self.scanlog:
9692
self.scanlog.write(line + '\n')
9793
self.scanlog.flush()
@@ -102,7 +98,7 @@ def log(self, msg):
10298
def log_scan(self, scan, continuation=False, slow_scan=False, unsure=False):
10399
""" Log the scan to file and/or console """
104100

105-
srcip, dstip = scan_ip2quad(scan)
101+
srcip, dstip = utils.scan_ip2quad(scan)
106102
ports = ','.join([str(port) for port in scan.ports])
107103

108104
if not continuation:
@@ -112,7 +108,7 @@ def log_scan(self, scan, continuation=False, slow_scan=False, unsure=False):
112108
if scan.type != 'Idle':
113109
line = '%s scan (flags:%d) from %s to %s (ports:%s)'
114110
else:
115-
tup.append(ip2quad(scan.zombie))
111+
tup.append(utils.ip2quad(scan.zombie))
116112
line = '%s scan (flags: %d) from %s to %s (ports: %s) using zombie host %s'
117113
else:
118114
tup.append(scan.time_avg)
@@ -126,7 +122,7 @@ def log_scan(self, scan, continuation=False, slow_scan=False, unsure=False):
126122
if scan.type != 'Idle':
127123
line = 'Continuation of %s scan from %s to %s (ports:%s)'
128124
else:
129-
tup.append(ip2quad(scan.zombie))
125+
tup.append(utils.ip2quad(scan.zombie))
130126
line = 'Continuation of %s scan from %s to %s (ports: %s) using zombie host %s'
131127
else:
132128
tup.append(scan.time_avg)
@@ -223,7 +219,7 @@ def inspect_scan(self, scan, slow_scan=False):
223219
if not recent.is_scan: continue
224220
if recent.type == 'TCP full-connect' and ((scan.src == recent.dst) and (scan.dst == recent.src)):
225221
# Spurious
226-
self.log("Ignoring spurious TCP full-connect scan from %s" % ' to '.join(scan_ip2quad(scan)))
222+
self.log("Ignoring spurious TCP full-connect scan from %s" % ' to '.join(utils.scan_ip2quad(scan)))
227223
not_scan = True
228224
break
229225

@@ -234,7 +230,7 @@ def inspect_scan(self, scan, slow_scan=False):
234230
recent1 = self.recent_scans[-1:-2:-1]
235231
for recent in recent1:
236232
if recent.type=='Idle' and scan.src==recent.zombie:
237-
self.log('Ignoring mis-interpreted syn scan from zombie host %s' % ' to '.join(scan_ip2quad(scan)))
233+
self.log('Ignoring mis-interpreted syn scan from zombie host %s' % ' to '.join(utils.scan_ip2quad(scan)))
238234
break
239235
# Reply from B->A for full-connect scan from A->B
240236
elif (recent.type == 'reply' and ((scan.src == recent.dst) and (scan.dst == recent.src))):

utils.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
# -- coding: utf-8
2+
""" Module with utility functions """
3+
4+
import time
5+
import socket
6+
import struct
7+
8+
def timestamp():
9+
return time.strftime('%Y-%m-%d %H:%M:%S', time.localtime())
10+
11+
def ip2quad(x):
12+
return socket.inet_ntoa(struct.pack('I', x))
13+
14+
def scan_ip2quad(scan):
15+
return map(ip2quad, (scan.src, scan.dst))
16+
17+
18+

0 commit comments

Comments
 (0)