红蓝攻防演练时写的小脚本,挺管用的,记录一下。。。
#!coding:utf-8 from socket import * import pygame,re tmpSip = '' tmpDip = '' #!红队IP Sip = ['210.72.243.18','114.242.71.226','114.242.71.227','114.242.71.228','114.242.71.229','114.242.71.230','114.242.71.231','114.242.71.232','114.242.71.233','114.242.71.234','114.242.71.235','114.242.71.236','114.242.71.237','114.242.71.238','114.242.71.239','114.242.71.240','114.242.71.241','114.242.71.242','114.242.71.243','114.242.71.244','114.242.71.245','114.242.71.246','114.242.71.247','114.242.71.248','114.242.71.249','114.242.71.250','114.242.71.251','114.242.71.252','114.242.71.253','114.242.71.254','1.50.104.62','14.135.74.35'] #接收WAF告警 revlog = socket(AF_INET,SOCK_DGRAM) addr = ('172.16.26.122',515) revlog.bind(addr) while True: receive_data = revlog.recvfrom(204800) date = receive_data[0]#decode('gbk')# 存储接收的数据 addr = receive_data[1] Dev_ip = addr[0] port = addr[1] #!匹配目标 try: src_ip = str(re.findall("src_ip:+(\d+\S+)",date)[0]) dst_ip = str(re.findall("dst_ip:+(\d+\S+)",date)[0]) alertlevel = str(re.findall("alertlevel:+(\S+)",date)[0]) event_type = str(re.findall("event_type:+(\S+)",date)[0]) action = str(re.findall("action:+(\S+)",date)[0]) except: pass print "=",#日志接收状态 #监测红队IP #!去重 if tmpSip == src_ip: if tmpDip == dst_ip: continue #!告警 if src_ip in Sip: tmpSip = src_ip tmpDip = dst_ip pygame.mixer.init() track = pygame.mixer.music.load(r"D:\auto-tools\tool\listening\MP3\620.wav") pygame.mixer.music.play() #print "==="*10 print "===== This is WAF =====\n" print "检测到红队攻击IP: %s 目标服务器IP:%s 安全事件:%s 危险等级:%s 动作:%s\n".decode('UTF-8').encode('GBK') %(src_ip,dst_ip,event_type,alertlevel,action) print "==="*10
免责声明:本站某些文章、信息、图片、软件等来源于互联网,由本网整理发表,希望传递更多信息和学习之目的,并不意味赞同起观点或证实其内容的真实性以及非法用途。 如设计、版权等问题,请立即联系管理员,我们会给予更改或删除相关文章,保证您的权利。
评论