Created
May 21, 2017 10:38
-
-
Save farshield/0c473792ac1b218be8a0ff844e24e3a8 to your computer and use it in GitHub Desktop.
Lists all the established TCP connections of a running application and runs every IP through a geolocation service.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Created on 28.07.2014 | |
@author: farshield | |
""" | |
import sys | |
import os | |
import time | |
import xml.etree.ElementTree as ET | |
import urllib2 | |
import psutil | |
REFRESH_RATE = 5 | |
def get_pid(proc_name): | |
"""Returns the PID of the process with the name 'proc_name' | |
""" | |
attrs = ['pid', 'name'] | |
for proc in psutil.process_iter(): | |
pinfo = proc.as_dict(attrs, ad_value='') | |
if pinfo['name'] == proc_name: | |
return pinfo['pid'] | |
def get_addr(target_pid): | |
"""Returns a list of all addresses (IP and port) of the application with the specified PID | |
""" | |
addr_list = [] | |
ignore_port_list = [80, 443] | |
for con in psutil.net_connections(kind='inet'): | |
if con.pid == target_pid: | |
if con.raddr: | |
target_ip = con.raddr[0] | |
target_port = con.raddr[1] | |
if target_port not in ignore_port_list: | |
addr_list.append([target_ip, target_port]) | |
return addr_list | |
def geolocate(ip): | |
"""Returns geolocation XML information of the specified IP | |
""" | |
response = urllib2.urlopen('http://freegeoip.net/xml/' + ip) | |
xml_info = response.read() | |
return xml_info | |
def pretty_print(xml_info, port): | |
"""Returns human readable data extracted from the geolocation XML information | |
""" | |
tree = ET.fromstring(xml_info) | |
ip = tree[0].text | |
country = tree[2].text | |
region = tree[4].text | |
city = tree[5].text | |
print '---------------------------------------------' | |
print 'Address: {0}:{1}'.format(ip, port) | |
print 'Country:', country | |
print ' Region:', region | |
print ' City:', city | |
print '---------------------------------------------' | |
print '' | |
def main(): | |
addr_list_old = [] | |
addr_list = [] | |
PROC_NAME = 'app.exe' | |
# Get the PID of the specified application | |
target_pid = get_pid(PROC_NAME) | |
if target_pid: | |
print 'PID of application {0} is {1}\n'.format(PROC_NAME, target_pid) | |
else: | |
print 'Application {0} is not open'.format(PROC_NAME) | |
sys.exit() | |
while True: | |
addr_list = get_addr(target_pid) # Get the list of addresses Skype is connected to | |
if (addr_list != addr_list_old): # Check if a refresh is need (a new address has appeared or disappeared) | |
addr_list_old = addr_list | |
os.system('cls') | |
for addr in addr_list: # For each address output geolocation information | |
ip = addr[0] | |
port = addr[1] | |
response = geolocate(ip) | |
pretty_print(response, port) | |
time.sleep(REFRESH_RATE) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment