• Fuentes

 #482864  por Blau
 14 Ene 2016, 11:47
Hola,
hace poco que he empezado con python y he hecho un pequeño wrapper para el comando netstat de Windows.
#netstatutil by Blau (14/01/2016)

import subprocess, re

class netstatutil():
	invalid_strings = ['0.0.0.0', '*:*', '[::]', '[::1]']
	
	@classmethod
	def get_connections(self, pid='', protocol='', status='', src_ip='', src_port='', dst_ip='', dst_port=''):
		output = subprocess.Popen(['netstat', '-ano'], stdout=subprocess.PIPE).communicate()
		valid = [line for line in output[0].split('\r\n') if not any(xs in line for xs in self.invalid_strings)] #split by new lines and not containing invalid_strings
		valid = valid[4:len(valid)-1] #remove first 4 lines and last
		
		connection_list = []
		for s in valid:
			s = re.sub('\s\s+' , ' ', s.lstrip()) #replace all whitespaces by one
			con_split = s.split(' ')
			connection = {
							'protocol' : con_split[0],
							'src_ip' : con_split[1].split(':')[0],
							'src_port' : con_split[1].split(':')[1],
							'dst_ip' : con_split[2].split(':')[0],
							'dst_port' : con_split[2].split(':')[1],
							'status' : con_split[3],
							'pid' : con_split[4]
				}
				
			#filter by params
			if pid 		!= '' 	and connection['pid'] 		!= pid: 				continue
			if src_ip 	!= '' 	and connection['src_ip'] 	!= src_ip: 				continue
			if dst_ip 	!= '' 	and connection['dst_ip'] 	!= dst_ip: 				continue
			if src_port != '' 	and connection['src_port'] 	!= src_port: 			continue
			if dst_port != '' 	and connection['dst_port'] 	!= dst_port: 			continue
			if protocol != '' 	and connection['protocol'] 	!= protocol.lower(): 	continue
			if status 	!= '' 	and connection['status'] 	!= status.lower(): 		continue

			connection_list.append(connection)
		return connection_list
Uso:
connections = netstatutil.get_connections()
#connections = netstatutil.get_connections(dst_port='80')
#connections = netstatutil.get_connections(dst_port='80', status='established')
print connections