STRLCPY/PCredz

Added IPv6 support and minor bug fix.
lgandx committed 3 years ago

256f2a67

1 parent 83258aad

■ ■ ■ ■ ■ ■ ■

Pcredz

1		-	#! /usr/bin/env python
2		-	# Pcredz 1.0.0
	1	+	#!/usr/bin/env python
	2	+	# Pcredz 2.0.2
3	3		# Created by Laurent Gaffie
4	4		#
5	5		# This program is free software: you can redistribute it and/or modify
		skipped 34 lines
40	40		from threading import Thread
41	41
42	42		def ShowWelcome():
43		-	Message = 'Pcredz 2.0.1\nAuthor: Laurent Gaffie\nPlease send bugs/comments/pcaps to: [email protected]\nThis script will extract NTLM (http,ldap,smb,sql,etc), Kerberos,\nFTP, HTTP Basic and credit card data from a given pcap file or from a live interface.\n'
	43	+	Message = 'Pcredz 2.0.2\nAuthor: Laurent Gaffie\nPlease send bugs/comments/pcaps to: [email protected]\nThis script will extract NTLM (HTTP,LDAP,SMB,MSSQL,RPC, etc), Kerberos,\nFTP, HTTP Basic and credit card data from a given pcap file or from a live interface.\n'
44	44		print(Message)
45	45
46	46		parser = argparse.ArgumentParser(description='Pcredz 1.0.0\nAuthor: Laurent Gaffie')
		skipped 304 lines
351	351		d['data']=s[4*d['header_len']:]
352	352		return d
353	353
	354	+	def Decode_Ipv6_Packet(s):
	355	+	d={}
	356	+	d['version']=(s[0] & 0xf0) >> 4
	357	+	d['nxthdr']=s[6]
	358	+	d['plen']=struct.unpack("!h", s[4:6])[0]
	359	+	d['source_address']="[" +socket.inet_ntop(socket.AF_INET6, s[8:24]) + "]"
	360	+	d['destination_address']="[" +socket.inet_ntop(socket.AF_INET6, s[24:40]) + "]"
	361	+	d['protocol']=s[6]
	362	+	d['data']=s[40:]
	363	+	return d
	364	+
354	365		def Print_Packet_Details(decoded,SrcPort,DstPort):
355	366		if timestamp:
356	367		ts = '[%f] ' % time.time()
		skipped 283 lines
640	651		DstPort = struct.unpack('>H',decoded['data'][2:4])[0]
641	652		ParseDataRegex(decoded, SrcPort, DstPort)
642	653
	654	+	if data[14:16]== b'\x86\xdd':
	655	+	decoded=Decode_Ipv6_Packet(data[16:])
	656	+	SrcPort = struct.unpack('>H',decoded['data'][0:2])[0]
	657	+	DstPort = struct.unpack('>H',decoded['data'][2:4])[0]
	658	+	ParseDataRegex(decoded, SrcPort, DstPort)
	659	+
	660	+
643	661		def Print_Packet_800dot11(pktlen, timestamp, data):
644	662		if not data:
645	663		return
646	664		if data[32:34]== b'\x08\x00':
647	665		decoded=Decode_Ip_Packet(data[34:])
	666	+	SrcPort = struct.unpack('>H',decoded['data'][0:2])[0]
	667	+	DstPort = struct.unpack('>H',decoded['data'][2:4])[0]
	668	+	ParseDataRegex(decoded, SrcPort, DstPort)
	669	+
	670	+	if data[32:34]== b'\x86\xdd':
	671	+	decoded=Decode_Ipv6_Packet(data[34:])
648	672		SrcPort = struct.unpack('>H',decoded['data'][0:2])[0]
649	673		DstPort = struct.unpack('>H',decoded['data'][2:4])[0]
650	674		ParseDataRegex(decoded, SrcPort, DstPort)
		skipped 11 lines
662	686		DstPort = struct.unpack('>H',decoded['data'][2:4])[0]
663	687		else:
664	688		DstPort = 0
	689	+	ParseDataRegex(decoded, SrcPort, DstPort)
	690	+
	691	+	if data[12:14]== b'\x86\xdd':
	692	+	decoded= Decode_Ipv6_Packet(data[14:])
	693	+	if len(decoded['data']) >= 2:
	694	+	SrcPort= struct.unpack('>H',decoded['data'][0:2])[0]
	695	+	else:
	696	+	SrcPort = 0
	697	+	if len(decoded['data']) > 2:
	698	+	DstPort = struct.unpack('>H',decoded['data'][2:4])[0]
665	699		ParseDataRegex(decoded, SrcPort, DstPort)
666	700
667	701		def loop_packets(pcap_object, func):
		skipped 106 lines

■ ■ ■ ■ ■ ■

Readme.md

		skipped 3 lines
4	4
5	5		## Features
6	6
7		-	- Extract from a pcap file or from a live interface:
	7	+	- Extract from a pcap file or from a live interface IPv4 and IPv6:
8	8		- Credit card numbers
9	9		- POP
10	10		- SMTP
		skipped 45 lines

Added IPv6 support and minor bug fix.