-
Notifications
You must be signed in to change notification settings - Fork 1
/
SafeNet-Analyzer.py
142 lines (115 loc) · 5.25 KB
/
SafeNet-Analyzer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# -*- coding: utf-8 -*-
'''
_____ ____ _ __ __ ___ __
/ ___/____ _/ __/__ / | / /__ / /_ / | ____ ____ _/ /_ ______ ___ _____
\__ \/ __ `/ /_/ _ \/ |/ / _ \/ __/_____/ /| | / __ \/ __ `/ / / / /_ / / _ \/ ___/
___/ / /_/ / __/ __/ /| / __/ /_/_____/ ___ |/ / / / /_/ / / /_/ / / /_/ __/ /
/____/\__,_/_/ \___/_/ |_/\___/\__/ /_/ |_/_/ /_/\__,_/_/\__, / /___/\___/_/
/____/
'''
#######################################################
# SafeNet-Analyzer.py
#
# SafeNet Analyzer is a tool that allows you to analyze
# and monitor network traffic, perform port scans on
# a network and monitor security events in real time.
# This tool is useful for identifying and analyzing
# suspicious activity on the network.
#
#
# 10/18/23 - Changed to Python3 (finally)
#
# Author: Facundo Fernandez
#
#
#######################################################
import os
from scapy.all import sniff, TCP
import nmap
import psutil
import pyinotify
logfile = "logs.txt"
firewall_logfile = "firewall.log"
sent_bytes_limit = 10000000
received_bytes_limit = 10000000
def analyze_packet(packet):
if packet.haslayer(TCP) and packet[TCP].dport == 80:
# Realiza el análisis de tráfico HTTP aquí
print("HTTP Packet:", packet.summary())
sniff(filter="tcp port 80", prn=analyze_packet)
def check_logs():
if os.path.isfile(logfile):
with open(logfile, "r") as file:
for entry in file:
if "suspicious_activity" in entry:
print("Suspicious activity found:", entry.strip())
def analyze_traffic():
def analyze_packet(packet):
if packet.haslayer(DNS):
dns_query = packet[DNS]
if dns_query.qr == 0: # 0 indicates DNS query / indica consulta DNS
domain = dns_query.qd.qname.decode()
if domain == "suspicious_domain.com":
print("Suspicious DNS query found:", packet.summary())
elif dns_query.qr == 1: # 1 indicates DNS response / indica respuesta DNS
# You can analyze DNS responses if needed / Puede analizar las respuestas de DNS si es necesario
pass
if packet.haslayer(HTTP):
# Analyze HTTP traffic here / Analice el tráfico HTTP aquí
pass
if packet.haslayer(FTP):
# Analyze FTP traffic here / Analice el tráfico FTP aquí
pass
if packet.haslayer(SMTP):
# Analyze SMTP traffic here / Analice el tráfico SMTP aquí
pass
filter = "udp port 53 or tcp port 80 or tcp port 21 or tcp port 25"
sniff(filter=filter, prn=analyze_packet)
def scan_network():
scanner = nmap.PortScanner()
ip_address = "{IP}/{PORT}"
scanner.scan(hosts=ip_address, arguments="-p 1-1000 -T4")
for host in scanner.all_hosts():
print("IP Address:", host)
for port, state in scanner[host].all_tcp():
print("Port:", port, "State:", state)
def monitor_performance():
stats = psutil.net_io_counters()
if stats.bytes_sent < sent_bytes_limit or stats.bytes_recv < received_bytes_limit:
print("Network performance is abnormal.")
def analyze_firewall():
if os.path.isfile(firewall_logfile):
with open(firewall_logfile, "r") as file:
for entry in file:
if "unauthorized_connection" in entry or "suspicious_request" in entry:
print("Suspicious activity found in firewall logs:", entry.strip())
def monitor_security_events():
class EventHandler(pyinotify.ProcessEvent):
def process_IN_ACCESS(self, event):
print("File accessed:", event.pathname)
def process_IN_MODIFY(self, event):
print("File modified:", event.pathname)
def process_IN_ATTRIB(self, event):
print("File attributes changed:", event.pathname)
def process_IN_CLOSE_WRITE(self, event):
print("File write closed:", event.pathname)
# Add other event processing methods as needed / Agregue otros métodos de procesamiento de eventos según sea necesario
# Create an instance of the event handler / Crear una instancia del controlador de eventos
handler = EventHandler()
# Create a WatchManager object / Crear un objeto WatchManager
wm = pyinotify.WatchManager()
# Add the events you want to monitor / Agregue los eventos que desea monitorear
events = pyinotify.IN_ACCESS | pyinotify.IN_MODIFY | pyinotify.IN_ATTRIB | pyinotify.IN_CLOSE_WRITE
# Create a Notifier object with the WatchManager and the event handler / Cree un objeto Notificador con WatchManager y el controlador de eventos
notifier = pyinotify.Notifier(wm, handler)
# Add a path to monitor events (e.g., the '/var/log' directory) / Agregue una ruta para monitorear eventos (por ejemplo, el directorio '/var/log')
directory = '/var/log'
wm.add_watch(directory, events)
# Start the main event monitoring loop / Inicie el ciclo de monitoreo de eventos principales
notifier.loop()
check_logs()
analyze_traffic()
scan_network()
monitor_performance()
analyze_firewall()
monitor_security_events()