CLI.py 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. #! /usr/bin/env python3
  2. import argparse
  3. import sys
  4. from ID2TLib.Controller import Controller
  5. class LoadFromFile(argparse.Action):
  6. """
  7. Parses the parameter file given by application param -c/--config.
  8. """
  9. def __call__(self, parser, namespace, values, option_string=None):
  10. with values as f:
  11. parser.parse_args(f.read().split(), namespace)
  12. class CLI(object):
  13. def __init__(self):
  14. """
  15. Creates a new CLI object used to handle
  16. """
  17. # Reference to PcapFile object
  18. self.args = None
  19. self.attack_config = None
  20. def process_arguments(self):
  21. """
  22. Loads the application controller, the PCAP file statistics and if present, processes the given attacks. Evaluates
  23. given queries.
  24. """
  25. # Create ID2T Controller
  26. controller = Controller(self.args.input)
  27. # Load PCAP statistics
  28. controller.load_pcap_statistics(self.args.export, self.args.recalculate, self.args.statistics)
  29. # Create statistics plots
  30. if self.args.plot is not None:
  31. controller.create_statistics_plot(self.args.plot)
  32. # Process attack(s) with given attack params
  33. if self.args.attack is not None:
  34. # If attack is present, load attack with params
  35. controller.process_attacks(self.args.attack)
  36. # Parameter -q without arguments was given -> go into query loop
  37. if self.args.query == [None]:
  38. controller.enter_query_mode()
  39. # Parameter -q with arguments was given -> process query
  40. elif self.args.query is not None:
  41. controller.process_db_queries(self.args.query, True)
  42. def parse_arguments(self, args):
  43. """
  44. Defines the allowed application arguments and invokes the evaluation of the arguments.
  45. :param args: The application arguments
  46. """
  47. # Create parser for arguments
  48. parser = argparse.ArgumentParser(description="Intrusion Detection Dataset Toolkit (ID2T) - A toolkit for "
  49. "injection of synthetically created attacks into PCAP datasets.",
  50. prog="id2t")
  51. # Define required arguments
  52. requiredNamed = parser.add_argument_group('required named arguments')
  53. requiredNamed.add_argument('-i', '--input', metavar="FILEPATH", help='path to the input pcap file', required=True)
  54. # Define optional arguments
  55. parser.add_argument('-c', '--config', metavar='FILEPATH', help='file containing parameters used as input.',
  56. action=LoadFromFile, type=open)
  57. parser.add_argument('-e', '--export',
  58. help='stores the statistics as a textfile with ending .stat into the dataset directory',
  59. action='store_true', default=False)
  60. parser.add_argument('-a', '--attack', metavar="ATTACKNAME", action='append',
  61. help='injects a new attack into the given dataset.', nargs='+')
  62. parser.add_argument('-r', '--recalculate',
  63. help='forces to recalculate the statistics in case of an already existing statistics database.',
  64. action='store_true', default=False)
  65. parser.add_argument('-s', '--statistics', help='print general file statistics to stdout.', action='store_true',
  66. default=False)
  67. parser.add_argument('-p', '--plot', help='creates a plot of common dataset statistics', action='append',
  68. nargs='?')
  69. parser.add_argument('-q', '--query', metavar="QUERY",
  70. action='append', nargs='?',
  71. help='queries the statistics database. If no query is provided, the application enters into query mode.')
  72. # Parse arguments
  73. self.args = parser.parse_args(args)
  74. # Either PCAP filepath or GUI mode must be enabled
  75. if not self.args.input:
  76. parser.error("Parameter -i/--input required. See available options with -h/--help ")
  77. self.process_arguments()
  78. def main(args):
  79. """
  80. Creates a new CLI object and invokes the arguments parsing.
  81. :param args: The provided arguments
  82. """
  83. cli = CLI()
  84. # Check arguments
  85. cli.parse_arguments(args)
  86. # Uncomment to enable calling by terminal
  87. # if __name__ == '__main__':
  88. # main(sys.argv[1:])
  89. if __name__ == '__main__':
  90. INPUT = ['-i']
  91. # FILES = ['/root/datasets/201506021400_1G.pcap',
  92. # '/root/datasets/201506021400_2G.pcap',
  93. # '/root/datasets/201506021400_5G.pcap']
  94. FILES = ['/mnt/hgfs/datasets/201506021400_2G.pcap']
  95. # FILES = ['/mnt/hgfs/datasets/95M.pcap']
  96. ATTACK_PS = ['-a', 'PortscanAttack', 'ip.src=10.2.2.4', 'mac.dst=05:AB:47:B5:19:11',
  97. 'inject.at-timestamp=1449038705.316721', 'attack.note=Portscan2']
  98. ATTACK_PS2 = ['-a', 'PortscanAttack', 'port.dst=1-1024']
  99. ATTACK_DD = ['-a', 'DDoSAttack', 'attackers.count=10', 'packets.limit=1000']
  100. STATS_RECALC = ['-r']
  101. STATS_PRINT = ['-s']
  102. STATS_PLOT = ['-p']
  103. QUERY_MODE_LOOP = ['-q']
  104. QUERY_DB = ['-q', 'ipAddress(pktsSent > 1000, kbytesSent >= 20)']
  105. for f in FILES:
  106. main(INPUT + [f] + ATTACK_PS2 + ATTACK_DD) # Statistics Calculation
  107. #main(INPUT + ATTACK_DD) # Attack Packet Generation -> insert exit() | Merging