import time import struct import hashlib """ Demo POC for scraping memory dumps of IP Addresses """ filename = "/root/Desktop/mem/devmem" memory_dump = open(filename, "rb") memory_dump def byte_reader(memory_dump, number_bytes): ''' Read the bytes ''' byte = memory_dump.read(number_bytes) return byte byte_reader(memory_dump, 18) def hashing_byte_reader(memory_dump, number_bytes): ''' Read the bytes and return MD5 ''' byte = memory_dump.read(number_bytes) m = hashlib.md5() m.update(byte) hash_byte = m.hexdigest() return byte, hash_byte fd = open(filename, "rb") i=0 for element in range (0,56): buffer = hashing_byte_reader(fd, 18) print buffer fd = open(filename, "rb") i = 0 ''' Demo to parse the mem file with 10 of 56 records each of length 18 ''' for element in range (0,10): buffer = byte_reader(fd, 18) print 100*"*" print i sourceAddress = struct.unpack_from('B', buffer,0),\ struct.unpack_from('B', buffer,1),\ struct.unpack_from('B', buffer,2),\ struct.unpack_from('B', buffer,3) print "Reading Source IP Address" time.sleep(0.5) destinationAddress = struct.unpack_from('B', buffer,4),\ struct.unpack_from('B', buffer,5),\ struct.unpack_from('B', buffer,6),\ struct.unpack_from('B', buffer,7) print "Reading Destination IP Address" time.sleep(0.5) sourcePort = struct.unpack_from('H',buffer,8) destinationPort = struct.unpack_from('H',buffer,10) protocolUsed = struct.unpack_from('H',buffer,12) timeStamp = struct.unpack_from('B', buffer,14),\ struct.unpack_from('B', buffer,15),\ struct.unpack_from('B', buffer,16),\ struct.unpack_from('B', buffer,17) a,b,c,d = sourceAddress e,f,g,h = destinationAddress j = sourcePort k = destinationPort print "sourceAddress = ", ".".join([str(a[0]),str(b[0]),str(c[0]),str(d[0])]) print "destinationAddress = ", ".".join([str(e[0]),str(f[0]),str(g[0]),str(h[0])]) print "sourcePort = ", j[0] print "destinationPort = ", k[0] print "protocolUsed = ", protocolUsed print "timeStamp = ", timeStamp time.sleep(2) i=i+1