Initial
This commit is contained in:
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
.idea
|
||||||
|
*.txt
|
BIN
GeoLite2-City.mmdb
Normal file
BIN
GeoLite2-City.mmdb
Normal file
Binary file not shown.
After Width: | Height: | Size: 49 MiB |
BIN
GeoLite2-Country.mmdb
Normal file
BIN
GeoLite2-Country.mmdb
Normal file
Binary file not shown.
91
analyze.py
Normal file
91
analyze.py
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
import re
|
||||||
|
from collections import defaultdict
|
||||||
|
import matplotlib.pyplot as plt
|
||||||
|
|
||||||
|
def parse_file(file_path):
|
||||||
|
with open(file_path, 'r') as file:
|
||||||
|
data = file.read()
|
||||||
|
|
||||||
|
pattern = re.compile(r'Source address: /(\d+\.\d+\.\d+\.\d+).*?Destination address: /(\d+\.\d+\.\d+\.\d+).*?Source port: (\d+).*?Destination port: (\d+)', re.DOTALL)
|
||||||
|
matches = pattern.findall(data)
|
||||||
|
|
||||||
|
return matches
|
||||||
|
|
||||||
|
def count_occurrences(matches):
|
||||||
|
counts = defaultdict(int)
|
||||||
|
src_ip_counts = defaultdict(int)
|
||||||
|
dst_ip_counts = defaultdict(int)
|
||||||
|
src_port_counts = defaultdict(int)
|
||||||
|
dst_port_counts = defaultdict(int)
|
||||||
|
|
||||||
|
for src_ip, dst_ip, src_port, dst_port in matches:
|
||||||
|
counts[(src_ip, dst_ip, dst_port)] += 1
|
||||||
|
src_ip_counts[src_ip] += 1
|
||||||
|
dst_ip_counts[dst_ip] += 1
|
||||||
|
src_port_counts[src_port] += 1
|
||||||
|
dst_port_counts[dst_port] += 1
|
||||||
|
|
||||||
|
return counts, src_ip_counts, dst_ip_counts, src_port_counts, dst_port_counts
|
||||||
|
|
||||||
|
def plot_data(counts):
|
||||||
|
src_ips = []
|
||||||
|
dst_ips = []
|
||||||
|
ports = []
|
||||||
|
occurrences = []
|
||||||
|
|
||||||
|
for (src_ip, dst_ip, port), count in counts.items():
|
||||||
|
src_ips.append(src_ip)
|
||||||
|
dst_ips.append(dst_ip)
|
||||||
|
ports.append(port)
|
||||||
|
occurrences.append(count)
|
||||||
|
|
||||||
|
fig, ax = plt.subplots(figsize=(10, 8))
|
||||||
|
|
||||||
|
bar_width = 0.35
|
||||||
|
index = range(len(src_ips))
|
||||||
|
|
||||||
|
bars = ax.bar(index, occurrences, bar_width, label='Occurrences')
|
||||||
|
|
||||||
|
ax.set_xlabel('IP and Port Combinations')
|
||||||
|
ax.set_ylabel('Occurrences')
|
||||||
|
ax.set_title('Occurrences of Source IPs, Destination IPs, and Ports')
|
||||||
|
ax.set_xticks(index)
|
||||||
|
ax.set_xticklabels([f'{src_ips[i]} -> {dst_ips[i]}:{ports[i]}' for i in range(len(src_ips))], rotation=90)
|
||||||
|
ax.legend()
|
||||||
|
|
||||||
|
plt.tight_layout()
|
||||||
|
plt.show()
|
||||||
|
|
||||||
|
def plot_single_category(data, category_name):
|
||||||
|
items = list(data.keys())
|
||||||
|
occurrences = list(data.values())
|
||||||
|
|
||||||
|
fig, ax = plt.subplots(figsize=(10, 8))
|
||||||
|
|
||||||
|
bar_width = 0.35
|
||||||
|
index = range(len(items))
|
||||||
|
|
||||||
|
bars = ax.bar(index, occurrences, bar_width, label='Occurrences')
|
||||||
|
|
||||||
|
ax.set_xlabel(category_name)
|
||||||
|
ax.set_ylabel('Occurrences')
|
||||||
|
ax.set_title(f'Occurrences of {category_name}')
|
||||||
|
ax.set_xticks(index)
|
||||||
|
ax.set_xticklabels(items, rotation=90)
|
||||||
|
ax.legend()
|
||||||
|
|
||||||
|
plt.tight_layout()
|
||||||
|
plt.show()
|
||||||
|
|
||||||
|
# File path to your text file
|
||||||
|
file_path = 'sample.txt'
|
||||||
|
|
||||||
|
matches = parse_file(file_path)
|
||||||
|
counts, src_ip_counts, dst_ip_counts, src_port_counts, dst_port_counts = count_occurrences(matches)
|
||||||
|
|
||||||
|
# Plot each category
|
||||||
|
plot_data(counts) # Current graph with everything
|
||||||
|
plot_single_category(dst_ip_counts, 'Destination IPs')
|
||||||
|
plot_single_category(src_ip_counts, 'Source IPs')
|
||||||
|
plot_single_category(dst_port_counts, 'Destination Ports')
|
||||||
|
plot_single_category(src_port_counts, 'Source Ports')
|
68
heatmap-back.py
Normal file
68
heatmap-back.py
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
from mpl_toolkits.basemap import Basemap
|
||||||
|
import matplotlib.pyplot as plt
|
||||||
|
from matplotlib.patches import Polygon
|
||||||
|
import matplotlib as mpl
|
||||||
|
from collections import defaultdict
|
||||||
|
import geoip2.database
|
||||||
|
|
||||||
|
# Function to read IPs from file
|
||||||
|
def read_ips_from_file(file_path):
|
||||||
|
with open(file_path, 'r') as f:
|
||||||
|
ips = f.read().strip().splitlines()
|
||||||
|
return ips
|
||||||
|
|
||||||
|
# Function to geolocate IPs and count IPs per country
|
||||||
|
def geolocate_and_count(ips):
|
||||||
|
reader = geoip2.database.Reader('GeoLite2-Country.mmdb')
|
||||||
|
country_count = defaultdict(int)
|
||||||
|
|
||||||
|
for ip in ips:
|
||||||
|
try:
|
||||||
|
response = reader.country(ip)
|
||||||
|
country_name = response.country.name
|
||||||
|
country_count[country_name] += 1
|
||||||
|
except geoip2.errors.AddressNotFoundError:
|
||||||
|
continue
|
||||||
|
|
||||||
|
reader.close()
|
||||||
|
return country_count
|
||||||
|
|
||||||
|
# Function to generate heatmap based on country IP counts
|
||||||
|
def generate_heatmap(country_counts, title):
|
||||||
|
plt.figure(figsize=(16, 10)) # Increase figure size as needed
|
||||||
|
m = Basemap(projection='mill', llcrnrlat=-60, urcrnrlat=90, llcrnrlon=-180, urcrnrlon=180, resolution='c')
|
||||||
|
m.drawcoastlines()
|
||||||
|
m.drawcountries()
|
||||||
|
|
||||||
|
# Normalize counts for colormap
|
||||||
|
max_count = max(country_counts.values())
|
||||||
|
norm = mpl.colors.Normalize(vmin=0, vmax=max_count)
|
||||||
|
cmap = plt.cm.get_cmap('YlOrRd')
|
||||||
|
|
||||||
|
for country, count in country_counts.items():
|
||||||
|
try:
|
||||||
|
country_info = m.readshapefile('shapefiles/TM_WORLD_BORDERS-0.3', 'world', drawbounds=True)
|
||||||
|
country_code = country_info['world_info'][country_info['world_info']['NAME'] == country]['ISO3'][0]
|
||||||
|
if country_code != '-99':
|
||||||
|
color = cmap(norm(count))
|
||||||
|
poly = Polygon(m.world[country_code], facecolor=color, edgecolor='black')
|
||||||
|
plt.gca().add_patch(poly)
|
||||||
|
except:
|
||||||
|
continue
|
||||||
|
|
||||||
|
plt.title(title)
|
||||||
|
sm = plt.cm.ScalarMappable(cmap=cmap, norm=norm)
|
||||||
|
sm.set_array([])
|
||||||
|
cbar = plt.colorbar(sm, orientation='vertical', shrink=0.7) # Adjust shrink parameter if necessary
|
||||||
|
cbar.set_label('Number of IPs')
|
||||||
|
plt.show()
|
||||||
|
|
||||||
|
|
||||||
|
# Main function to execute the program
|
||||||
|
def main():
|
||||||
|
ips = read_ips_from_file('sample.txt')
|
||||||
|
country_counts = geolocate_and_count(ips)
|
||||||
|
generate_heatmap(country_counts, 'Heatmap of IPs by Country')
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
91
heatmap.py
Normal file
91
heatmap.py
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
import re
|
||||||
|
import matplotlib.pyplot as plt
|
||||||
|
from mpl_toolkits.basemap import Basemap
|
||||||
|
from geoip2.database import Reader
|
||||||
|
|
||||||
|
|
||||||
|
# Function to extract IP addresses from text using regex
|
||||||
|
def extract_ip_addresses(text):
|
||||||
|
ip_pattern = r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
|
||||||
|
return re.findall(ip_pattern, text)
|
||||||
|
|
||||||
|
|
||||||
|
# Function to check if an IP address is private
|
||||||
|
def is_private_ip(ip):
|
||||||
|
octets = ip.split('.')
|
||||||
|
first_octet = int(octets[0])
|
||||||
|
second_octet = int(octets[1])
|
||||||
|
|
||||||
|
# Check for private IP ranges
|
||||||
|
if (first_octet == 10) or (first_octet == 172 and 16 <= second_octet <= 31) or (
|
||||||
|
first_octet == 192 and second_octet == 168):
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
# Function to geolocate multiple IP addresses using GeoIP2
|
||||||
|
def geolocate_ips(ip_list):
|
||||||
|
latitudes = []
|
||||||
|
longitudes = []
|
||||||
|
if ip_list:
|
||||||
|
try:
|
||||||
|
reader = Reader('GeoLite2-City.mmdb') # Replace with your actual GeoIP2 database path
|
||||||
|
for ip in ip_list:
|
||||||
|
response = reader.city(ip)
|
||||||
|
latitudes.append(response.location.latitude)
|
||||||
|
longitudes.append(response.location.longitude)
|
||||||
|
return latitudes, longitudes
|
||||||
|
except Exception as e:
|
||||||
|
print(f"Error geolocating IPs: {e}")
|
||||||
|
return [], []
|
||||||
|
finally:
|
||||||
|
if 'reader' in locals():
|
||||||
|
reader.close()
|
||||||
|
else:
|
||||||
|
return [], []
|
||||||
|
|
||||||
|
|
||||||
|
# Function to generate heatmap
|
||||||
|
def generate_heatmap(latitude_list, longitude_list, title):
|
||||||
|
plt.figure(figsize=(50, 40))
|
||||||
|
m = Basemap(projection='merc', llcrnrlat=-60, urcrnrlat=90, llcrnrlon=-180, urcrnrlon=180, resolution='c')
|
||||||
|
|
||||||
|
if latitude_list and longitude_list and len(latitude_list) == len(longitude_list):
|
||||||
|
valid_indices = [i for i in range(len(latitude_list)) if latitude_list[i] is not None and longitude_list[i] is not None]
|
||||||
|
if valid_indices:
|
||||||
|
latitudes = [latitude_list[i] for i in valid_indices]
|
||||||
|
longitudes = [longitude_list[i] for i in valid_indices]
|
||||||
|
|
||||||
|
x, y = m(longitudes, latitudes)
|
||||||
|
m.scatter(x, y, marker='o', color='r', s=50, zorder=10)
|
||||||
|
|
||||||
|
m.drawcoastlines()
|
||||||
|
m.drawcountries()
|
||||||
|
m.drawmapboundary()
|
||||||
|
|
||||||
|
plt.title(title)
|
||||||
|
plt.show()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Read the contents of the text file
|
||||||
|
file_path = 'sample.txt' # Replace with your actual file path
|
||||||
|
with open(file_path, 'r') as file:
|
||||||
|
data = file.read()
|
||||||
|
|
||||||
|
# Extract all source and destination IP addresses
|
||||||
|
ips = extract_ip_addresses(data)
|
||||||
|
source_ips = [ip for ip in ips[::2] if not is_private_ip(ip)] # Exclude private IPs from source list
|
||||||
|
destination_ips = [ip for ip in ips[1::2] if not is_private_ip(ip)] # Exclude private IPs from destination list
|
||||||
|
|
||||||
|
print(f"Source IPs: {source_ips}")
|
||||||
|
print(f"Destination IPs: {destination_ips}")
|
||||||
|
|
||||||
|
# Geolocate all source and destination IPs
|
||||||
|
source_lats, source_lons = geolocate_ips(source_ips)
|
||||||
|
destination_lats, destination_lons = geolocate_ips(destination_ips)
|
||||||
|
|
||||||
|
# Generate heatmaps for source and destination IPs
|
||||||
|
generate_heatmap(source_lats, source_lons, 'Source IPs Geolocation Heatmap (excluding private)')
|
||||||
|
generate_heatmap(destination_lats, destination_lons, 'Destination IPs Geolocation Heatmap (excluding private)')
|
55
old.py
Normal file
55
old.py
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
import re
|
||||||
|
from collections import defaultdict
|
||||||
|
import matplotlib.pyplot as plt
|
||||||
|
|
||||||
|
def parse_file(file_path):
|
||||||
|
with open(file_path, 'r') as file:
|
||||||
|
data = file.read()
|
||||||
|
|
||||||
|
pattern = re.compile(r'Source address: /(\d+\.\d+\.\d+\.\d+).*?Destination address: /(\d+\.\d+\.\d+\.\d+).*?Source port: (\d+).*?Destination port: (\d+)', re.DOTALL)
|
||||||
|
matches = pattern.findall(data)
|
||||||
|
|
||||||
|
return matches
|
||||||
|
|
||||||
|
def count_occurrences(matches):
|
||||||
|
counts = defaultdict(int)
|
||||||
|
for src_ip, dst_ip, src_port, dst_port in matches:
|
||||||
|
counts[(src_ip, dst_ip, dst_port)] += 1
|
||||||
|
|
||||||
|
return counts
|
||||||
|
|
||||||
|
def plot_data(counts):
|
||||||
|
src_ips = []
|
||||||
|
dst_ips = []
|
||||||
|
ports = []
|
||||||
|
occurrences = []
|
||||||
|
|
||||||
|
for (src_ip, dst_ip, port), count in counts.items():
|
||||||
|
src_ips.append(src_ip)
|
||||||
|
dst_ips.append(dst_ip)
|
||||||
|
ports.append(port)
|
||||||
|
occurrences.append(count)
|
||||||
|
|
||||||
|
fig, ax = plt.subplots(figsize=(10, 8))
|
||||||
|
|
||||||
|
bar_width = 0.35
|
||||||
|
index = range(len(src_ips))
|
||||||
|
|
||||||
|
bars = ax.bar(index, occurrences, bar_width, label='Occurrences')
|
||||||
|
|
||||||
|
ax.set_xlabel('IP and Port Combinations')
|
||||||
|
ax.set_ylabel('Occurrences')
|
||||||
|
ax.set_title('Occurrences of Source IPs, Destination IPs, and Ports')
|
||||||
|
ax.set_xticks(index)
|
||||||
|
ax.set_xticklabels([f'{src_ips[i]} -> {dst_ips[i]}:{ports[i]}' for i in range(len(src_ips))], rotation=90)
|
||||||
|
ax.legend()
|
||||||
|
|
||||||
|
plt.tight_layout()
|
||||||
|
plt.show()
|
||||||
|
|
||||||
|
# File path to your text file
|
||||||
|
file_path = 'sample.txt'
|
||||||
|
|
||||||
|
matches = parse_file(file_path)
|
||||||
|
counts = count_occurrences(matches)
|
||||||
|
plot_data(counts)
|
Reference in New Issue
Block a user