forked from MaskRay/pcap-search
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpcap2ap
executable file
·145 lines (127 loc) · 3.33 KB
/
pcap2ap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/bin/zsh
set -e -u
setopt nullglob
program=$0
dshell_defcon=${0:a:h}/dshell-defcon
pcap_suffix=.cap
ap_suffix=.ap
opt_recursive=
usage() {
cat <<e
Usage: ${program##*/} dir...
Transform .cap files into .ap files
Options:
-p max-procs Run up to max-procs dshell-decode at a time (currently by detecting python2 processes, inaccurate)
e
exit $1
}
fatal() {
echo ${@:2}
exit $1
}
log_generic() {
fmt=$1
print -- "$(date +%T.%N) $fmt" "${@:2}"
}
log_error() { tty -s && tput setaf 1; log_generic "$@"; tty -s && tput sgr0 }
log_action() { tty -s && tput setaf 2; log_generic "$@"; tty -s && tput sgr0 }
log_status() { tty -s && tput setaf 3; log_generic "$@"; tty -s && tput sgr0 }
log_event() { tty -s && tput setaf 6; log_generic "$@"; tty -s && tput sgr0 }
declare -A modified
add() { modified[$1]=1 }
del() { unset "modified[$1]" }
semaphore() {
seq $parallel
while read; do
echo
done
}
add_data() {
local filepath=$1
log_status found $filepath
(
read -p
start=$(date +%s.%N)
$dshell_defcon/dshell-decode -d stream2dump --stream2dump_outfiles=$filepath$ap_suffix $filepath >/dev/null
stop=$(date +%s.%N)
log_action created $ap_suffix for $filepath, size: $(stat -c %s $filepath), used $(bc -l<<<"scale=3;($stop-$start)/1") s
print -p
) &
}
rm_data() {
rm -fv $filepath$ap_suffix
}
parallel=$(nproc)
while getopts hp:r opt; do
case $opt; in
h) usage 0;;
p) parallel=$OPTARG;;
r) opt_recursive=1;;
\?) exit;;
esac
done
shift $[OPTIND-1]
echo +$@
if [[ -z ${1:-} ]]; then
usage 1
fi
for i in $@; do
[[ -d $i ]] || fatal 1 is not a directory
done
coproc semaphore
main() {
log_status processing $@
if [[ -n $opt_recursive ]]; then
for i in $@/**/*$pcap_suffix; do
[[ -e $i$ap_suffix && ! -z $i$ap_suffix ]] || add_data $i
done
else
for i in $@/*$pcap_suffix; do
[[ -e $i$ap_suffix && ! -z $i$ap_suffix ]] || add_data $i
done
fi
log_status start inotify
inotifywait ${opt_recursive:+-r} -mqe CREATE,CLOSE_WRITE,DELETE,MODIFY,MOVE --format $'%e\t%w\t%f' $@ | while IFS=$'\t' read -r event dir filename; do
local filepath=$dir/$filename
if [[ $event =~ 'CREATE|MOVED_TO' ]]; then
if [[ $event =~ CREATE ]]; then
log_event CREATE $filepath
else
log_event MOVED_TO $filepath
fi
if [[ ! $event =~ ISDIR && $filename =~ "\\$pcap_suffix\$" ]]; then
if filetype=$(stat -c %F $filepath); then
if [[ $filetype =~ symbolic ]]; then
add_data $filepath
elif [[ $filetype =~ regular ]]; then
add $filepath
fi
fi
fi
elif [[ $event =~ 'DELETE|MOVED_FROM' ]]; then
if [[ $event =~ DELETE ]]; then
log_event DELETE $filepath
else
log_event MOVED_FROM $filepath
fi
if [[ ! $event =~ ISDIR && $filename =~ "\\$pcap_suffix\$" ]]; then
del $filepath
rm_data $filepath
fi
elif [[ $event =~ MODIFY ]]; then
#log_event MODIFY $filepath
if [[ $filename =~ "\\$pcap_suffix\$" ]]; then
add $filepath
fi
elif [[ $event =~ CLOSE_WRITE ]]; then
if [[ -n ${modified[$filepath]:+1} ]]; then
log_event CLOSE_WRITE after MODIFY $filepath
del $filepath
add_data $filepath
else
log_event CLOSE_WRITE $filepath
fi
fi
done
}
main $@