工控蜜罐日志分析

打开日志文件，里面包含有很多IP

用脚本提取下log日志里面的ip地址

#-*- coding:utf-8 -*-
import fileinput
import re
import os
import shutil
def readIp():#从日志中获得IP
 with open(r'honeypot.log', 'r') as f:
      for line in f.readlines():
         result2 = re.findall('[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}',line) #匹配ip正则表达式                          
         if not result2 == []:
             result = result2[0] + '\n'
         with open('ip.txt', 'a+') as w:
             w.write(result)
def setIp():#去重
 a=0
 readDir = "ip.txt"
 writeDir = "newip.txt"#new
 lines_seen = set()
 outfile = open(writeDir, "w")
 f = open(readDir, "r")
 for line in f:
   if line not in lines_seen:
     a+=1
     outfile.write(line)
     lines_seen.add(line)
 print(a)
 outfile.close()
def readDns():#域名解析
 with open(r'newip.txt', 'r') as g:
     for i in g.readlines():
         com=os.popen('nslookup %s'%i)
         comm=com.read()
         if comm.find('NXDOMAIN')==-1:
             print comm
if __name__ == '__main__':
 readIp()
 setIp()
 readDns()

 

 ip反查域名http://www.ipip.net/ip.html

 

flag{scan-42.security.ipip.net}