udp.py

# -*- coding: utf-8 -*-
import os
from psutil import net_connections,Process,pids
from functools import reduce
from print_log import print_log

#----------&#21028;&#26029;&#20869;&#32593;ip---------------#

def ip_into_int(ip):
    return reduce(lambda x,y:(x<<8)+y,map(int,ip.split('.')))

def is_internal_ip(ip):
    ip = ip_into_int(ip)
    net_a = ip_into_int('10.255.255.255') >> 24
    net_b = ip_into_int('172.31.255.255') >> 20
    net_c = ip_into_int('192.168.255.255') >> 16
    return ip >> 24 == net_a or ip >>20 == net_b or ip >> 16 == net_c

#----------&#21028;&#26029;&#20869;&#32593;ip---------------#

#os.popen('firewall.cpl')
ip_list_udp = []
pid_list = []
pid_dist = {}#&#36827;&#31243;&#21517;&#23545;&#24212;pid&#21015;&#34920;
def search_pid(exe_list):#&#36890;&#36807;&#36827;&#31243;&#21517;&#26597;&#35810;pid
    for exe in exe_list:
        pid_dist[exe] = []
    a = pids()
    for i in a:
        try:
            #print(Process(i).name())
            if Process(i).name() in exe_list:
                for exe in exe_list:
                    if Process(i).name() == exe:
                        pid_dist[exe].append(i)
                pid_list.append(str(i))
        except :
            continue
    return pid_list
    

def udp_crawl(exe_list,is_print):
    os.popen('netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 1024 ENABLE ENABLE')
    log = os.popen('type %systemroot%\system32\LogFiles\Firewall\pfirewall.log')
    port_list_1 = []#&#25152;&#36873;&#36827;&#31243;&#25152;&#21344;&#29992;&#31471;&#21475;
    port_list_0 = []#&#38750;&#25152;&#36873;&#36827;&#31243;&#21344;&#29992;&#31471;&#21475;
    
    pid_list = search_pid(exe_list)
    #print(pid_list)
    for each_logline in log:
        #&#26085;&#24535;&#20013;&#23547;&#25214;UDP&#35760;&#24405;
        if 'UDP' in each_logline:
            log_list = each_logline.split(' ')
            if ':' in log_list[5]:#&#21435;&#38500;ipv6
                continue
            try:
                if log_list[6] in port_list_0:#&#37325;&#22797;&#38750;&#21344;&#29992;&#31471;&#21475;&#30452;&#25509;&#36339;&#36807;
                    continue
            except IndexError:
                continue
            for i in os.popen('netstat -ano|findstr "'+log_list[6]+'"'):
                #print(log_list[6])
                #&#36890;&#36807;&#35760;&#24405;&#21457;&#29616;&#26412;&#22320;&#31471;&#21475;&#65292;&#24182;&#25214;&#21040;&#21344;&#29992;&#26412;&#22320;&#31471;&#21475;&#30340;PID
                j = i.split(' ')
                j = list(filter(None,j))#&#36807;&#28388;&#31354;&#23383;&#31526;&#20018;
                if j[3].replace('\n','') in pid_list:
                    port_list_1.append(log_list[6])
                    if log_list[5] not in ip_list_udp:
                        for exe in pid_dist:
                            if j[3].replace('\n','') in pid_dist[exe]:#&#33719;&#21462;ip&#20174;&#23646;&#36827;&#31243;
                                exe = exe
                                break
                        if is_internal_ip(log_list[5]) != True and log_list[5].split('.')[0] !='127':
                            f_conf = open('temp.txt','r')
                            ip_list = f_conf.read()
                            if log_list[5] not in ip_list:
                                ip_list_udp.append(log_list[5])
                                print_log('&#21457;&#29616;&#26032;ip '+exe+'--udp\n'+log_list[5],is_print)
                            f_conf.close()
                else:
                    port_list_0.append(log_list[6])
    #print(len(ip_list_udp))
    return ip_list_udp

if __name__ == '__main__':
    #print(search_pid(['aria2c.exe','dlpc.exe','chrome.exe']))
    #print(pid_dist)
    udp_crawl(['aria2c.exe'])