Merge pull request #31 from Srinivas11789/develop

3.0 Part 1

.travis.yml

@@ -1,16 +1,31 @@
 language: python
+
+os:
+  - linux
+
+addons:
+  apt:
+    packages:
+      - graphviz
+      - python-tk
+      - tshark
+
 python:
   - "2.7"
   - "3.6"
+
 matrix:
   allow_failures:
-    - python: "3.6"
+    - python: "2.7"
+
 before_install:
-    - pip install -U pytest pytest-cov
-    - pip install codecov
-    - pip install flake8
+  - pip install -U pytest pytest-cov
+  - pip install codecov
+  - pip install flake8
+
 install:
   - pip install -r requirements.txt
+
 before_script:
   # stop the build if there are Python syntax errors or undefined names
   - flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics

README.md

@@ -24,9 +24,9 @@ Tool Highlights:
   * Device Details
 
 ### Tool Image:
-![Alt text](/Samples/screen1_2_1.png?raw=true)
+![Alt text](/Samples/screen2_2_4.png?raw=true)
 
-![Alt text](/Samples/screen2_2_1.png?raw=true)
+![Alt text](/Samples/screen1_2_4.png?raw=true)
 
 ### Components:
 *	Network Diagram 
@@ -39,6 +39,8 @@ Tool Highlights:
 * Tkinter and TTK – Install from pip or apt-get – Ensure Tkinter and graphviz is installed (Most Linux contain by default) 
   * apt install python-tk
   * apt install graphviz
+  * apt install python3-tk (for python3 support)
+  * Sometimes ImageTk errors are thrown in python3 env --> use apt install python3-pil python3-pil.imagetk
 * All these are included in the requirements.txt file
   * Scapy – rdpcap to read the packets from the pcap file 
   *	Ipwhois – to obtain whois information from ip
@@ -47,10 +49,10 @@ Tool Highlights:
   *	Stem – tor consensus data fetch library
   *	pyGraphviz – plot graph
   *	Networkx – plot graph
-  *	Matplotlib – plot graph
+  *	Matplotlib – plot graph (not used as of now)
 
 ### Demo
-![Alt text](/Samples/demo2_2.gif?raw=true)
+![Alt text](/Samples/demo2_4.gif?raw=true)
 
 ### Getting started:
 * Clone the repository
@@ -59,7 +61,7 @@ Tool Highlights:
 
 ### Additional Information:
 * Tested on Linux
-* Options for Traffic include - Web (HTTP and HTTPS), Tor, Malicious
+* Options for Traffic include - Web (HTTP and HTTPS), Tor, Malicious, ICMP, DNS
 
 ### Challenges:
   * Unstability of the TK GUI:
@@ -83,12 +85,6 @@ Tool Highlights:
 
 *	Current Fix in rare occasions: If any of the above issue occurs the progress bar keeps running and no output is generated, a restart of the app would be required.
 
-### PcapXray 2.0 
-* Includes zoom feature 
-* Improves usability with a Browse files feature
-* Report directory fixes for graph images
-* Includes some bug fixes
-
 ### Docker Containers of PcapXray
 * Dockerfile present in the root folder was used to build images
 * Already built docker images are found at dockerhub
@@ -97,12 +93,22 @@ Tool Highlights:
 * Performing the steps in `run.sh` file manually would work to launch the tool via docker (I can help with errors)
 * Running `run.sh` scripts is an attempt to automate (would not work 100 percent)
   - tested on mac and linux - will be better soon!...
+
+### PcapXray 2.0 
+* Includes zoom feature 
+* Improves usability with a Browse files feature
+* Report directory fixes for graph images
+* Includes some bug fixes
 
 ### Immediate Future Tasks: (Target: 3.0)
-* Clean up code - beautify code base from being a prototype
-* Report generation on unique folders for all assets of a packet capture
-* Suspicious activity detection
-* Known file type detection + Extract
+
+- Clean up code (beautify code base from being a prototype)
+- Report generation on unique folders for all assets of a packet capture
+- Suspicious activity detection
+- Support more pcap reader engine
+- Traffic support: ICMP, DNS
+- Known file type detection and Extract
+- Python2 and Python3
 
 ### Future:
 * Structured and clean code flow
@@ -113,3 +119,5 @@ Tool Highlights:
 * Clean up code
 
 [![Analytics](https://ga-beacon.appspot.com/UA-114681129-1/PcapXray/readme)](https://github.com/igrigorik/ga-beacon)
+
+Just for Security Fun!

Source/Module/communication_details_fetch.py

@@ -0,0 +1,43 @@
+import memory 
+
+# Library Import
+import ipwhois
+from dns import reversename, resolver
+import socket
+# Module Import
+import pcap_reader
+import netaddr
+
+# Class Communication or Traffic Details Fetch
+
+class trafficDetailsFetch():
+
+    def __init__(self, option):
+        for host in memory.destination_hosts:
+            if not memory.destination_hosts[host]:
+                if option == "whois":
+                    memory.destination_hosts[host] = self.whois_info_fetch(host)
+                else:
+                    memory.destination_hosts[host] = self.dns(host)
+
+    def whois_info_fetch(self, ip):
+        try:
+           whois_info = ipwhois.IPWhois(ip).lookup_rdap()
+        except:
+           whois_info = "NoWhoIsInfo"
+        return whois_info
+
+    def dns(self, ip):
+        try:
+            dns_info = socket.gethostbyaddr(ip)[0]
+        except:
+            dns_info = "NotResolvable"
+        return dns_info
+
+def main():
+    capture = pcap_reader.PcapEngine('examples/test.pcap', "scapy")
+    details = trafficDetailsFetch("sock")
+    print(memory.destination_hosts)
+    print("\n")
+
+#main()

Source/Module/device_details_fetch.py

@@ -0,0 +1,66 @@
+"""
+Module device_details
+"""
+# Library Import
+import urllib#.request
+import json
+import logging
+# Module Import
+import pcap_reader
+import memory
+import threading
+from netaddr import *
+
+class fetchDeviceDetails:
+
+    def __init__(self, option="ieee"):
+        """
+        Init
+        """
+        self.target_oui_database = option
+
+    def fetch_info(self):
+        for ip in memory.lan_hosts:
+            if self.target_oui_database == "api":
+                memory.lan_hosts[ip]["device_vendor"] = self.oui_identification_via_api(memory.lan_hosts[ip]["mac"])  
+            else:
+                memory.lan_hosts[ip]["device_vendor"], memory.lan_hosts[ip]["vendor_address"] = self.oui_identification_via_ieee(memory.lan_hosts[ip]["mac"])
+            mac = memory.lan_hosts[ip]["mac"].replace(":",".")
+            if ":" in ip:
+                ip_san = ip.replace(":",".")
+            else:
+                ip_san = ip
+            memory.lan_hosts[ip]["node"] = ip_san+"\n"+mac+"\n"+memory.lan_hosts[ip]['device_vendor']
+
+    def oui_identification_via_api(self, mac):
+        url = "http://macvendors.co/api/" + mac
+        api_request = urllib.request.Request(url, headers={'User-Agent':'PcapXray'})
+        try:
+            apiResponse = urllib.request.urlopen(api_request)
+            details = json.loads(apiResponse.read())
+            #reportThread = threading.Thread(target=reportGen.reportGen().deviceDetailsReport,args=(details,))
+            #reportThread.start()
+            return details["result"]["company"], details["result"]["address"]
+        except Exception as e:
+            logging.info("device_details module: oui identification failure via api" + str(e))
+            return "Unknown", "Unknown"
+
+    def oui_identification_via_ieee(self, mac):
+        try:
+            mac_obj = EUI(mac)
+            mac_oui = mac_obj.oui
+            return mac_oui.registration().org, mac_oui.registration().address
+        except Exception as e:
+            logging.info("device_details module: oui identification failure via ieee " + str(e))
+            return "Unknown", "Unknown"
+
+def main():
+    filename = "test.pcap"
+    pcap_reader.PcapEngine('examples/test.pcap', "scapy")
+    fetchDeviceDetails("ieee").fetch_info()
+    print(memory.lan_hosts)
+
+#main()
+
+# MAC Oui Identification Module
+# LAN IP and Getway Identification