Created
February 1, 2022 14:49
-
-
Save BoredHackerBlog/d2683c388c5a8406666d5d5bf827bc0a to your computer and use it in GitHub Desktop.
process graph using graphviz and python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from graphviz import Digraph | |
| process_data = [] | |
| process_data.append({"pid":"1", "ppid":"204", "path":"c:/cmd.exe"}) | |
| process_data.append({"pid":"4", "ppid":"204", "path":"c:/powershell.exe"}) | |
| process_data.append({"pid":"204", "ppid":"0", "path":"c:/svhost.exe"}) | |
| process_data.append({"pid":"8", "ppid":"4", "path":"c:/net.exe"}) | |
| process_data.append({"pid":"10", "ppid":"4", "path":"c:/netsh.exe"}) | |
| def graph_process(jsonarray, pid_key, ppid_key, label_key): | |
| dot = Digraph() | |
| for event in jsonarray: | |
| dot.node(event[pid_key], event[label_key]) | |
| for event in jsonarray: | |
| dot.edge(event[ppid_key], event[pid_key]) | |
| return dot | |
| graph_process(process_data, "pid", "ppid", "path") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment