Skip to content

Instantly share code, notes, and snippets.

@jeremyBanks
Created August 9, 2008 09:19
Show Gist options
  • Save jeremyBanks/4666 to your computer and use it in GitHub Desktop.
Save jeremyBanks/4666 to your computer and use it in GitHub Desktop.
[2010-01] an lame sorta-functional network keyword monitor
#!/usr/bin/env python
# encoding: utf-8
from __future__ import division, with_statement
import sys, os
import subprocess
# This is a horrible little script written by someone who doesn't understand
# how to use tcpdumbp or subprocess well. It intends to display an allert
# whenever specified keywords (such as a password) are seen in network
# traffic. Along with the warning it sends 3 \x07 beeps to stdout, in case
# you aren't paying attention.
#
# If I don't run this as root it eats a processor core and achives nothing.
# Beware.
def main():
# It may not be en1 for you.
monitorApp = "tcpdump -s 0 -A -i en1".split(" ")
process = subprocess.Popen(monitorApp, stdout = subprocess.PIPE, stderr = subprocess.STDOUT)
keywords = []
while True:
next = raw_input("Triggering Keyword: ")
if next:
keywords.append(next)
else:
break
if not keywords:
raise ValueError("Must provide triggering keywords.")
keywords = ["password", "wordpass"]
data = ""
lastLen = 0
while process.returncode is None:
new = process.stdout.read(1024)
data = data[-lastLen:] + new
lastLen = len(new)
# This is to ensure nothing is cut between two chunks that are read.
# As a side effect, twice as many alets as neccessary are displayed.
if any(word in data for word in keywords):
sys.stderr.write("Keyword found in traffic!\x07\x07\x07\n")
else:
pass
# sys.stdout.write(".")
if __name__ == "__main__": sys.exit(main())
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment