├── cyt ├── run_create_ignore_list.sh ├── chasing_your_tail.sh ├── delete_ignore_lists.sh ├── ignore_list_ssid.py ├── wlan1_to_mon.sh ├── monitor.sh ├── create_ignore_list.py ├── ignore_list.py └── chasing_your_tail.py ├── prereqs.pdf ├── README.md ├── analysis.md └── cyt_gui.py /cyt/run_create_ignore_list.sh: -------------------------------------------------------------------------------- 1 | python3 create_ignore_list.py -------------------------------------------------------------------------------- /cyt/chasing_your_tail.sh: -------------------------------------------------------------------------------- 1 | python3 /home/pi/Desktop/cyt/chasing_your_tail.py -------------------------------------------------------------------------------- /prereqs.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/azmatt/chasing_your_tail/HEAD/prereqs.pdf -------------------------------------------------------------------------------- /cyt/delete_ignore_lists.sh: -------------------------------------------------------------------------------- 1 | rm /home/pi/Desktop/cyt/ignore_list.py 2 | rm /home/pi/Desktop/cyt/ignore_list_ssid.py -------------------------------------------------------------------------------- /cyt/ignore_list_ssid.py: -------------------------------------------------------------------------------- 1 | non_alert_ssid_list = ['CR-Guest-Wireless', 'gst02', 'Platinum Reserve', 'AG2F', 'Platinum Reserve'] -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # chasing_your_tail 2 | This project is no longer maintained. Check out the current (much better) version at: https://github.com/ArgeliusLabs/Chasing-Your-Tail-NG 3 | -------------------------------------------------------------------------------- /cyt/wlan1_to_mon.sh: -------------------------------------------------------------------------------- 1 | sudo ifconfig wlan0 down 2 | sudo iwconfig wlan0 mode monitor 3 | sudo ifconfig wlan0 up 4 | sudo ifconfig wlan1 down 5 | sudo iwconfig wlan1 mode monitor 6 | sudo ifconfig wlan1 up 7 | -------------------------------------------------------------------------------- /analysis.md: -------------------------------------------------------------------------------- 1 | Every time Kismet is started, it creates a new SQLite file with a .kismet extension. Data Kismet sees is placed in these files and can therefore be analyzed as is, or the files can be exported into .pcaps or other formats for analysis. 2 | 3 | Unique WiFi network names seen in probe requests can potentially be used to see networks that device has connected to in the past. 4 | -------------------------------------------------------------------------------- /cyt/monitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | while true; 3 | do 4 | GREEN='\033[0;32m' 5 | RED='\033[0;31m' 6 | NC='\033[0m' # no color 7 | numprocesses=$(ps aux | grep -i 'kismet' | wc -l) 8 | #echo $numprocesses 9 | if [[ $numprocesses > 2 ]] ; then 10 | echo -e "${GREEN}kismet up${NC}" 11 | else 12 | echo -e "${RED}kismet down${NC}" 13 | fi 14 | 15 | string=$(iwconfig wlan0 & iwconfig wlan1 ) 16 | if [[ $string == *"Mode:Monitor"* ]]; then 17 | echo -e "${GREEN}Monitor Mode Detected${NC}" 18 | echo 19 | else 20 | echo -e "${RED}Monitor Mode Not Detected${NC}" 21 | echo 22 | fi 23 | sleep 10; 24 | done 25 | -------------------------------------------------------------------------------- /cyt/create_ignore_list.py: -------------------------------------------------------------------------------- 1 | import sqlite3 2 | import glob 3 | import json 4 | import os 5 | import pathlib 6 | 7 | 8 | ### Check for/make subdirectories for logs, ignore lists etc. 9 | cyt_sub = pathlib.Path('/home/pi/Desktop/cyt/') 10 | cyt_sub.mkdir(parents=True, exist_ok=True) 11 | 12 | 13 | non_alert_list = [] 14 | 15 | non_alert_ssid_list = [] 16 | 17 | ### Set Initial Variables 18 | db_path = '/home/pi/kismet_logs/*.kismet' 19 | 20 | ######Find Newest Kismet DB file 21 | list_of_files = glob.glob(db_path) 22 | latest_file = max(list_of_files, key=os.path.getctime) 23 | print('Pulling from: {}'.format(latest_file)) 24 | 25 | con = sqlite3.connect(latest_file) ## kismet DB to point at 26 | 27 | def sql_fetch(con): 28 | 29 | cursorObj = con.cursor() 30 | 31 | cursorObj.execute("SELECT devmac FROM devices") 32 | 33 | rows = cursorObj.fetchall() 34 | 35 | for row in rows: 36 | 37 | #print(row) 38 | stripped_val = str(row).replace("(","").replace(")","").replace("'","").replace(",","") 39 | non_alert_list.append(stripped_val) 40 | 41 | sql_fetch(con) 42 | 43 | print ('Added {} MACs to the ignore list.'.format(len(non_alert_list))) 44 | 45 | ignore_list = open("/home/pi/Desktop/cyt/ignore_list.py","w") 46 | ignore_list.write("ignore_list = " + str(non_alert_list)) 47 | ignore_list.close() 48 | 49 | def grab_all_probes(con): 50 | cursorObj = con.cursor() 51 | cursorObj.execute("SELECT devmac, type, device FROM devices") 52 | rows = cursorObj.fetchall() 53 | for row in rows: 54 | raw_device_json = json.loads(row[2]) 55 | if 'dot11.probedssid.ssid' in str(row): 56 | ssid_probed_for = raw_device_json["dot11.device"]["dot11.device.last_probed_ssid_record"]["dot11.probedssid.ssid"] ### Grabbed SSID Probed for 57 | if ssid_probed_for == '': 58 | pass 59 | else: 60 | non_alert_ssid_list.append(ssid_probed_for) 61 | 62 | grab_all_probes(con) 63 | 64 | print ('Added {} Probed SSIDs to the ignore list.'.format(len(non_alert_ssid_list))) 65 | ignore_list_ssid = open("/home/pi/Desktop/cyt/ignore_list_ssid.py","w") 66 | ignore_list_ssid.write("non_alert_ssid_list = " + str(non_alert_ssid_list)) 67 | ignore_list_ssid.close() 68 | -------------------------------------------------------------------------------- /cyt_gui.py: -------------------------------------------------------------------------------- 1 | import tkinter as tk 2 | import subprocess 3 | 4 | 5 | 6 | 7 | def write_slogan(): 8 | print("Checking Status") 9 | #Change lxterminal to gnome-terminal, xterm etc as needed 10 | subprocess.call(["lxterminal", "-e" , "/home/pi/Desktop/cyt/monitor.sh"]) 11 | 12 | 13 | 14 | def func_delete_ignore(): 15 | print("Deleting Ignore Lists") 16 | subprocess.call(["lxterminal", "-e" , "/home/pi/Desktop/cyt/delete_ignore_lists.sh"]) 17 | 18 | 19 | def func_create_ignore(): 20 | print("Creating Ignore Lists") 21 | subprocess.call(["lxterminal", "-e" , "python3", "/home/pi/Desktop/cyt/create_ignore_list.py"]) 22 | 23 | def func_run_cyt(): 24 | print("Running CYT") 25 | subprocess.call(["lxterminal", "-e" , "/home/pi/Desktop/cyt/chasing_your_tail.sh"]) 26 | 27 | root = tk.Tk() 28 | root.title('Chasing Your Tail Viewer') 29 | frame = tk.Frame(root) 30 | frame.pack() 31 | 32 | button_quit = tk.Button(frame, 33 | text="QUIT", 34 | width=15, 35 | height=5, 36 | fg="red", 37 | relief="groove", 38 | command=quit) 39 | button_quit.pack(side=tk.LEFT) 40 | 41 | check_status = tk.Button(frame, 42 | text="Check Status", 43 | width=15, 44 | height=5, 45 | fg="green", 46 | relief="groove", 47 | command=write_slogan) 48 | check_status.pack(side=tk.LEFT) 49 | 50 | frame = tk.Frame(root) 51 | frame.pack() 52 | 53 | button = tk.Button(frame, 54 | relief="groove", 55 | text="Delete Ignore Lists", 56 | width=15, 57 | height=5, 58 | fg="red", 59 | #bg="blue", 60 | #fg="yellow", 61 | command=func_delete_ignore) 62 | 63 | button.pack(side=tk.LEFT) 64 | 65 | create_ignore = tk.Button(frame, 66 | width=15, 67 | height=5, 68 | text="Create Ignore Lists", 69 | relief="groove", 70 | command=func_create_ignore) 71 | create_ignore .pack(side=tk.LEFT) 72 | 73 | 74 | butn_run_cyt = tk.Button(frame, 75 | width=16, 76 | height=5, 77 | fg="green", 78 | text="Run Chasing Your Tail", 79 | relief="groove", 80 | command=func_run_cyt) 81 | butn_run_cyt .pack(side=tk.LEFT) 82 | 83 | 84 | root.mainloop() 85 | -------------------------------------------------------------------------------- /cyt/ignore_list.py: -------------------------------------------------------------------------------- 1 | ignore_list = ['01:F0:66:6C:5D:45', '04:D2:89:D9:E3:BF', '0E:49:23:28:08:70', '10:2B:41:1D:A4:09', '12:0B:8A:40:FE:BA', '1A:AB:D8:BC:51:F5', '1D:2E:80:36:0A:7B', '23:5A:1E:2A:13:08', '26:DF:D8:EA:9E:1F', '2C:83:08:EC:8A:7D', '3D:54:8A:5F:8D:D4', '3D:5E:07:F7:56:38', '43:E9:AF:C2:21:2F', '44:2D:6A:FF:E5:92', '49:92:4A:E9:17:CA', '4B:4C:40:87:32:60', '4D:0C:F5:73:AC:F3', '4F:47:7C:5A:BE:2A', '50:32:37:CA:3B:F7', '52:1D:4C:98:C6:E3', '5A:C0:AE:61:C8:8D', '5E:F3:3E:08:2C:25', '64:1C:AE:64:79:81', '65:70:9B:3F:DD:13', '72:C6:D9:A0:AC:F4', '74:89:E0:7B:B7:A3', '74:EE:AE:3B:72:97', '79:81:F6:1F:55:94', '7A:15:94:6A:B4:E2', '7C:F5:DF:B2:60:C4', '90:D7:15:9C:2E:65', 'D4:1C:43:03:CF:2D', 'D5:E2:E7:68:6E:DE', 'D6:52:67:3E:59:3E', 'F0:6A:7F:03:6E:09', 'F5:C0:00:05:DE:D8', 'FB:9A:AE:47:5D:2B', '00:0B:78:66:E1:9B', '00:15:6D:FC:F4:D7', '00:17:88:65:56:D1', '00:24:A3:86:0B:B7', '00:25:00:FF:94:73', '00:9D:6B:39:3E:55', '00:F4:8D:8A:72:65', '06:18:D6:E3:89:96', '06:A0:83:0B:28:9F', '06:DB:48:07:1B:11', '0C:B2:B7:45:AF:7C', '10:2B:41:1D:A4:08', '10:5F:06:3D:6B:30', '10:5F:06:3D:6B:35', '18:48:CA:6D:08:F2', '18:B4:30:7E:52:5F', '18:E8:29:26:F1:BA', '1C:F2:9A:5C:94:03', '20:DF:B9:59:4C:5B', '20:F1:9E:F3:84:73', '20:F3:75:BE:A8:B4', '24:0A:C4:FB:D4:BC', '24:5A:4C:3E:E7:D3', '24:5A:4C:3E:EB:87', '24:A4:3C:A0:CE:CF', '24:A4:3C:BA:55:F2', '24:EC:99:3F:81:D2', '26:52:1A:79:2F:80', '30:24:32:BF:C8:36', '38:D2:69:B9:1B:7D', '3E:B0:8C:B8:6A:9B', '42:F1:9E:F3:84:73', '44:65:0D:2D:73:AF', '44:D9:E7:52:D2:B3', '44:D9:E7:FF:16:28', '44:D9:E7:FF:16:2A', '46:F9:D1:97:A7:95', '50:32:37:CC:04:B2', '52:08:A9:A9:13:31', '52:7A:F3:39:44:0A', '58:D3:49:16:7D:27', '58:D3:49:16:B7:5A', '58:D3:49:1D:7A:4B', '58:D3:49:54:5A:4D', '5C:86:C1:0A:E6:F7', '5C:A5:BC:66:3D:83', '5C:A5:BC:66:3D:84', '5C:A5:BC:66:3D:85', '5C:A5:BC:66:3D:86', '5C:A5:BC:66:3D:87', '5C:A5:BC:66:3D:88', '5C:A5:BC:66:3D:8D', '5C:A5:BC:66:3D:8E', '5C:A5:BC:66:96:63', '5C:A5:BC:66:96:65', '5C:A5:BC:66:96:66', '5C:A5:BC:66:96:67', '5C:A5:BC:66:96:68', '5C:A5:BC:66:96:6E', '5C:A5:BC:66:B5:C3', '5C:A5:BC:66:B5:C4', '5C:A5:BC:66:B5:C5', '5C:A5:BC:66:B5:C6', '5C:A5:BC:66:B5:C7', '5C:A5:BC:66:B5:C8', '5C:A5:BC:66:B5:CE', '5E:C3:EC:BC:FA:97', '60:3D:26:B5:4D:DD', '60:3D:26:B5:4D:DE', '60:3D:26:B5:4D:E1', '60:3D:26:B5:4D:E3', '60:3D:26:B5:4D:E6', '60:3D:26:B5:4D:E8', '60:3D:26:B5:4D:E9', '60:3D:26:B5:4D:EA', '60:3D:26:B5:4D:EB', '62:A4:37:CB:D5:84', '64:1C:AE:64:79:80', '6C:56:97:9E:C4:6A', '6E:56:97:9E:44:6A', '70:3A:CB:12:88:FB', '70:3A:CB:5A:06:67', '70:3A:CB:5A:06:93', '70:3A:CB:5A:09:11', '70:CA:97:1C:45:60', '70:CA:97:1C:59:40', '70:CA:97:1C:59:60', '70:CA:97:1C:59:E0', '70:CA:97:1C:61:C0', '70:CA:97:1C:67:C0', '70:CA:97:1C:67:E0', '70:CA:97:1C:78:40', '70:CA:97:1C:7E:C0', '70:CD:0D:7F:5C:1A', '72:3A:CB:12:88:F8', '72:3A:CB:55:B1:F5', '72:3A:CB:5A:06:90', '72:3A:CB:5A:09:10', '74:4D:28:82:81:BE', '76:1B:92:E6:5C:8E', '78:8A:20:94:78:5C', '78:8A:20:9E:48:8B', '78:8A:20:CA:A0:A1', '78:A6:E1:2B:F7:34', '7C:38:66:3F:2D:34', '7E:65:F2:AE:66:DA', '80:2A:A8:24:D9:5F', '80:2A:A8:2E:8B:EB', '80:2A:A8:60:2F:0F', '80:2A:A8:72:0B:34', '80:2A:A8:B2:00:37', '82:2A:A8:CE:57:C5', '82:7A:CA:50:F8:E5', '84:18:3A:04:00:C8', '84:18:3A:04:00:C9', '84:18:3A:04:00:CC', '84:18:3A:04:00:CD', '84:18:3A:0A:CB:08', '84:18:3A:0A:CB:09', '84:18:3A:44:00:C8', '84:18:3A:44:00:CC', '84:18:3A:4A:CB:08', '84:18:3A:84:00:C8', '84:18:3A:84:00:CC', '84:18:3A:8A:CB:08', '84:18:3A:C4:00:C8', '84:18:3A:C4:00:CC', '84:18:3A:CA:CB:08', '84:CC:A8:66:99:C8', '88:57:1D:16:59:78', '8E:A7:48:4B:97:8E', '90:CD:B6:14:DC:DF', '92:F2:9E:97:95:E8', '94:A6:7E:DF:57:76', '98:6D:35:0F:97:0B', '9A:ED:E7:7A:77:BE', 'A4:83:E7:19:B4:E0', 'A8:03:2A:D9:D8:FD', 'AC:DB:48:07:1B:12', 'AC:DB:48:07:1B:13', 'AE:DB:48:07:1B:12', 'AE:DB:48:07:1B:13', 'B0:5A:DA:F4:67:CD', 'B4:B6:86:98:E8:F4', 'B4:FB:E4:38:12:0D', 'B4:FB:E4:38:13:84', 'B6:B6:86:98:68:F4', 'B6:DB:48:07:1B:12', 'B6:DB:48:07:1B:13', 'B8:27:EB:DE:FB:84', 'BA:3D:8C:86:31:14', 'BA:DB:FD:17:63:75', 'C0:97:27:8C:CD:1B', 'C0:97:27:8C:CD:24', 'C0:97:27:8C:CD:27', 'C0:97:27:8C:CD:58', 'C0:C5:20:A0:38:05', 'C0:C5:20:A8:22:7F', 'C0:C5:20:A8:67:55', 'C0:C5:20:A8:6C:1D', 'C0:C5:20:A8:AC:85', 'C0:C5:20:AA:04:8F', 'C0:C5:20:AA:0B:61', 'C0:C5:20:AA:0D:E9', 'C0:C5:20:BA:FA:49', 'C0:C5:20:BB:03:29', 'C0:C5:20:BB:09:C9', 'C0:C5:20:BB:0B:09', 'C0:C5:20:BB:0C:69', 'C4:41:1E:CE:8C:EC', 'C4:41:1E:CE:9D:7C', 'C4:41:1E:CE:C7:A8', 'C8:03:F5:22:61:90', 'C8:03:F5:22:61:C8', 'C8:03:F5:22:77:A8', 'C8:03:F5:22:87:D8', 'C8:63:FC:41:3F:45', 'D4:A3:3D:60:1A:CC', 'D4:A3:3D:75:DB:6F', 'D4:C1:9E:6D:C3:30', 'D4:C1:9E:6D:CC:78', 'D4:C1:9E:6E:C4:AC', 'D8:EC:5E:04:95:0E', 'D8:EC:5E:04:98:2A', 'D8:EC:5E:04:A1:1C', 'DA:B1:62:A8:57:7D', 'DC:89:83:50:F2:79', 'DC:9F:DB:62:5B:29', 'DC:BF:E9:F7:0C:DA', 'DC:F5:05:92:67:57', 'E0:E2:E6:DC:5D:B8', 'E4:7D:BD:24:A7:49', 'E6:03:96:59:7E:5B', 'E8:9F:80:71:08:E4', 'EA:35:D5:81:20:E2', 'F0:9F:C2:10:F9:8D', 'F6:0F:0A:FC:E5:EB', 'F6:32:AD:67:ED:74', 'F6:80:87:BF:3D:DC', 'F6:B4:BD:F8:29:B3', 'F8:04:2E:F1:E7:47', 'FA:06:F4:FA:64:C3', 'FC:EC:DA:6C:E8:DA', 'FC:EC:DA:DC:3A:7C'] -------------------------------------------------------------------------------- /cyt/chasing_your_tail.py: -------------------------------------------------------------------------------- 1 | ### Chasing Your Tail V04_15_22 2 | ### @matt0177 3 | ### Released under the MIT License https://opensource.org/licenses/MIT 4 | ### 5 | 6 | import sqlite3 7 | import time 8 | from datetime import datetime, timedelta 9 | import glob 10 | import os 11 | import json 12 | import pathlib 13 | 14 | 15 | ### Check for/make subdirectories for logs, ignore lists etc. 16 | cyt_sub = pathlib.Path('/home/pi/Desktop/cyt/cyt_sub') 17 | cyt_sub.mkdir(parents=True, exist_ok=True) 18 | 19 | print ('Current Time: ' + time.strftime('%Y-%m-%d %H:%M:%S')) 20 | 21 | ### Create Log file 22 | 23 | log_file_name = '/home/pi/Desktop/cyt/cyt_sub/cyt_log_' + time.strftime('%m%d%y_%H%M%S') 24 | 25 | cyt_log = open(log_file_name,"w", buffering=1) 26 | 27 | 28 | #######Import ignore list and alert if not found 29 | 30 | non_alert_ssid_list = [] 31 | try: 32 | from ignore_list_ssid import * 33 | #print (ignore_list) 34 | except: 35 | pass 36 | 37 | if non_alert_ssid_list: 38 | pass 39 | else: 40 | print ("No Probed SSID Ignore List Found!") 41 | cyt_log.write("No Probed SSID Ignore List Found! \n") 42 | 43 | probe_ignore_list = non_alert_ssid_list 44 | 45 | ignore_list = [] 46 | 47 | try: 48 | from ignore_list import * 49 | #print (ignore_list) 50 | except: 51 | pass 52 | 53 | if ignore_list: 54 | pass 55 | else: 56 | print ("No Ignore List Found!") 57 | cyt_log.write("No Ignore List Found! \n") 58 | 59 | 60 | print ('{} MACs added to ignore list.'.format(len(ignore_list))) 61 | print ('{} Probed SSIDs added to ignore list.'.format(len(probe_ignore_list))) 62 | cyt_log.write ('{} MACs added to ignore list. \n'.format(len(ignore_list))) 63 | cyt_log.write ('{} Probed SSIDs added to ignore list. \n'.format(len(probe_ignore_list))) 64 | 65 | ### Set Initial Variables 66 | db_path = '/home/pi/kismet_logs/*.kismet' 67 | 68 | ###Initialize Lists 69 | current_macs = [] 70 | five_ten_min_ago_macs = [] 71 | ten_fifteen_min_ago_macs = [] 72 | fifteen_twenty_min_ago_macs = [] 73 | current_ssids = [] 74 | five_ten_min_ago_ssids = [] 75 | ten_fifteen_min_ago_ssids = [] 76 | fifteen_twenty_min_ago_ssids = [] 77 | 78 | past_five_mins_macs = [] 79 | past_five_mins_ssids = [] 80 | 81 | ### Calculate Time Variables 82 | two_mins_ago = datetime.now() + timedelta(minutes=-2) 83 | unixtime_2_ago = time.mktime(two_mins_ago.timetuple()) ### Two Minute time used for current results 84 | five_mins_ago = datetime.now() + timedelta(minutes=-5) 85 | unixtime_5_ago = time.mktime(five_mins_ago.timetuple()) 86 | ten_mins_ago = datetime.now() + timedelta(minutes=-10) 87 | unixtime_10_ago = time.mktime(ten_mins_ago.timetuple()) 88 | fifteen_mins_ago = datetime.now() + timedelta(minutes=-15) 89 | unixtime_15_ago = time.mktime(fifteen_mins_ago.timetuple()) 90 | twenty_mins_ago = datetime.now() + timedelta(minutes=-20) 91 | unixtime_20_ago = time.mktime(twenty_mins_ago.timetuple()) 92 | 93 | ######Find Newest DB file 94 | list_of_files = glob.glob(db_path) 95 | latest_file = max(list_of_files, key=os.path.getctime) 96 | print ("Pulling data from: {}".format(latest_file)) 97 | cyt_log.write ("Pulling data from: {} \n".format(latest_file)) 98 | con = sqlite3.connect(latest_file) ## kismet DB to point at 99 | 100 | ######Initialize macs past five minutes 101 | 102 | def sql_fetch_past_5(con): 103 | cursorObj = con.cursor() 104 | cursorObj.execute("SELECT devmac FROM devices WHERE last_time >= {}".format(unixtime_5_ago)) 105 | rows = cursorObj.fetchall() 106 | for row in rows: 107 | #print(row) 108 | stripped_val = str(row).replace("(","").replace(")","").replace("'","").replace(",","") 109 | 110 | if stripped_val in ignore_list: 111 | pass 112 | else: 113 | #print ("new one!") 114 | past_five_mins_macs.append(stripped_val) 115 | 116 | sql_fetch_past_5(con) 117 | 118 | print ("{} MACS added to the within the past 5 mins list".format(len(past_five_mins_macs))) 119 | cyt_log.write ("{} MACS added to the within the past 5 mins list \n".format(len(past_five_mins_macs))) 120 | ######Initialize macs five to ten minutes ago 121 | 122 | def sql_fetch_5_to_10(con): 123 | cursorObj = con.cursor() 124 | cursorObj.execute("SELECT devmac FROM devices WHERE last_time <= {} AND last_time >= {} ".format(unixtime_5_ago, unixtime_10_ago)) 125 | rows = cursorObj.fetchall() 126 | for row in rows: 127 | #print(row) 128 | stripped_val = str(row).replace("(","").replace(")","").replace("'","").replace(",","") 129 | 130 | if stripped_val in ignore_list: 131 | pass 132 | else: 133 | #print ("new one!") 134 | five_ten_min_ago_macs.append(stripped_val) 135 | 136 | sql_fetch_5_to_10(con) 137 | 138 | print ("{} MACS added to the 5 to 10 mins ago list".format(len(five_ten_min_ago_macs))) 139 | cyt_log.write ("{} MACS added to the 5 to 10 mins ago list \n".format(len(five_ten_min_ago_macs))) 140 | 141 | ######Initialize macs ten to fifteen minutes ago 142 | 143 | def sql_fetch_10_to_15(con): 144 | cursorObj = con.cursor() 145 | cursorObj.execute("SELECT devmac FROM devices WHERE last_time <= {} AND last_time >= {} ".format(unixtime_10_ago, unixtime_15_ago)) 146 | rows = cursorObj.fetchall() 147 | for row in rows: 148 | #print(row) 149 | stripped_val = str(row).replace("(","").replace(")","").replace("'","").replace(",","") 150 | 151 | if stripped_val in ignore_list: 152 | pass 153 | else: 154 | #print ("new one!") 155 | ten_fifteen_min_ago_macs.append(stripped_val) 156 | 157 | 158 | sql_fetch_10_to_15(con) 159 | 160 | print ("{} MACS added to the 10 to 15 mins ago list".format(len(ten_fifteen_min_ago_macs))) 161 | cyt_log.write ("{} MACS added to the 10 to 15 mins ago list \n".format(len(ten_fifteen_min_ago_macs))) 162 | 163 | ######Initialize macs fifteen to twenty minutes ago 164 | 165 | def sql_fetch_15_to_20(con): 166 | cursorObj = con.cursor() 167 | cursorObj.execute("SELECT devmac FROM devices WHERE last_time <= {} AND last_time >= {} ".format(unixtime_15_ago, unixtime_20_ago)) 168 | rows = cursorObj.fetchall() 169 | for row in rows: 170 | #print(row) 171 | stripped_val = str(row).replace("(","").replace(")","").replace("'","").replace(",","") 172 | 173 | if stripped_val in ignore_list: 174 | pass 175 | else: 176 | #print ("new one!") 177 | fifteen_twenty_min_ago_macs.append(stripped_val) 178 | 179 | 180 | sql_fetch_15_to_20(con) 181 | 182 | print ("{} MACS added to the 15 to 20 mins ago list".format(len(fifteen_twenty_min_ago_macs))) 183 | cyt_log.write("{} MACS added to the 15 to 20 mins ago list \n".format(len(fifteen_twenty_min_ago_macs))) 184 | 185 | ######Initialize probe requests past 5 minutes 186 | 187 | def probe_request_sql_fetch_past_5(con): 188 | cursorObj = con.cursor() 189 | cursorObj.execute("SELECT devmac, type, device FROM devices WHERE last_time >= {}".format(unixtime_5_ago)) 190 | rows = cursorObj.fetchall() 191 | for row in rows: 192 | raw_device_json = json.loads(str(row[2], errors='ignore')) 193 | if 'dot11.probedssid.ssid' in str(row): 194 | ssid_probed_for = raw_device_json["dot11.device"]["dot11.device.last_probed_ssid_record"]["dot11.probedssid.ssid"] ### Grabbed SSID Probed for 195 | #print ('in 5 mins list with {}'.format(ssid_probed_for)) 196 | #print (row) 197 | if ssid_probed_for == '': 198 | pass 199 | elif ssid_probed_for in probe_ignore_list: 200 | pass 201 | else: 202 | past_five_mins_ssids.append(ssid_probed_for) 203 | 204 | probe_request_sql_fetch_past_5(con) 205 | 206 | print ("{} Probed SSIDs added to the within the past 5 minutes list".format(len(past_five_mins_ssids))) 207 | cyt_log.write ("{} Probed SSIDs added to the within the past 5 minutes list \n".format(len(past_five_mins_ssids))) 208 | 209 | ######Initialize probe requests five to ten minutes ago 210 | 211 | def probe_request_sql_fetch_5_to_10(con): 212 | cursorObj = con.cursor() 213 | cursorObj.execute("SELECT devmac, type, device FROM devices WHERE last_time <= {} AND last_time >= {} ".format(unixtime_5_ago, unixtime_10_ago)) 214 | rows = cursorObj.fetchall() 215 | for row in rows: 216 | raw_device_json = json.loads(str(row[2], errors='ignore')) 217 | if 'dot11.probedssid.ssid' in str(row): 218 | ssid_probed_for = raw_device_json["dot11.device"]["dot11.device.last_probed_ssid_record"]["dot11.probedssid.ssid"] ### Grabbed SSID Probed for 219 | #print ('in 5 mins list with {}'.format(ssid_probed_for)) 220 | #print (row) 221 | if ssid_probed_for == '': 222 | pass 223 | elif ssid_probed_for in probe_ignore_list: 224 | pass 225 | else: 226 | five_ten_min_ago_ssids.append(ssid_probed_for) 227 | 228 | probe_request_sql_fetch_5_to_10(con) 229 | 230 | print ("{} Probed SSIDs added to the 5 to 10 mins ago list".format(len(five_ten_min_ago_ssids))) 231 | cyt_log.write("{} Probed SSIDs added to the 5 to 10 mins ago list \n".format(len(five_ten_min_ago_ssids))) 232 | 233 | ######Initialize probe requests ten to fifteen minutes ago 234 | 235 | def probe_request_sql_fetch_10_to_15(con): 236 | cursorObj = con.cursor() 237 | cursorObj.execute("SELECT devmac, type, device FROM devices WHERE last_time <= {} AND last_time >= {} ".format(unixtime_10_ago, unixtime_15_ago)) 238 | rows = cursorObj.fetchall() 239 | for row in rows: 240 | raw_device_json = json.loads(str(row[2], errors='ignore')) 241 | if 'dot11.probedssid.ssid' in str(row): 242 | ssid_probed_for = raw_device_json["dot11.device"]["dot11.device.last_probed_ssid_record"]["dot11.probedssid.ssid"] ### Grabbed SSID Probed for 243 | #print ('in 10 mins list with {}'.format(ssid_probed_for)) 244 | if ssid_probed_for == '': 245 | pass 246 | elif ssid_probed_for in probe_ignore_list: 247 | pass 248 | else: 249 | ten_fifteen_min_ago_ssids.append(ssid_probed_for) 250 | 251 | probe_request_sql_fetch_10_to_15(con) 252 | 253 | print ("{} Probed SSIDs added to the 10 to 15 mins ago list".format(len(ten_fifteen_min_ago_ssids))) 254 | cyt_log.write ("{} Probed SSIDs added to the 10 to 15 mins ago list \n".format(len(ten_fifteen_min_ago_ssids))) 255 | 256 | ######Initialize probe requests fifteem to twenty minutes ago 257 | 258 | def probe_request_sql_fetch_15_to_20(con): 259 | cursorObj = con.cursor() 260 | cursorObj.execute("SELECT devmac, type, device FROM devices WHERE last_time <= {} AND last_time >= {} ".format(unixtime_15_ago, unixtime_20_ago)) 261 | rows = cursorObj.fetchall() 262 | for row in rows: 263 | raw_device_json = json.loads(str(row[2], errors='ignore')) 264 | if 'dot11.probedssid.ssid' in str(row): 265 | ssid_probed_for = raw_device_json["dot11.device"]["dot11.device.last_probed_ssid_record"]["dot11.probedssid.ssid"] ### Grabbed SSID Probed for 266 | #print ('in 15 mins list with {}'.format(ssid_probed_for)) 267 | if ssid_probed_for == '': 268 | pass 269 | elif ssid_probed_for in probe_ignore_list: 270 | pass 271 | else: 272 | fifteen_twenty_min_ago_ssids.append(ssid_probed_for) 273 | 274 | probe_request_sql_fetch_15_to_20(con) 275 | 276 | print ("{} Probed SSIDs added to the 15 to 20 mins ago list".format(len(fifteen_twenty_min_ago_ssids))) 277 | cyt_log.write("{} Probed SSIDs added to the 15 to 20 mins ago list \n".format(len(fifteen_twenty_min_ago_ssids))) 278 | 279 | #### Define main logic 280 | 281 | def sql_fetch_current(con): 282 | two_mins_ago = datetime.now() + timedelta(minutes=-2) 283 | unixtime_2_ago = time.mktime(two_mins_ago.timetuple()) 284 | cursorObj = con.cursor() 285 | cursorObj.execute("SELECT devmac, type, device FROM devices WHERE last_time >= {}".format(unixtime_2_ago)) 286 | rows = cursorObj.fetchall() 287 | for row in rows: 288 | raw_device_json = json.loads(str(row[2], errors='ignore')) 289 | if 'dot11.probedssid.ssid' in str(row): 290 | ssid_probed_for = raw_device_json["dot11.device"]["dot11.device.last_probed_ssid_record"]["dot11.probedssid.ssid"] ### Grabbed SSID Probed for 291 | if ssid_probed_for == '': 292 | pass 293 | else: 294 | #print ('Found a probe!: {}'.format(ssid_probed_for)) 295 | cyt_log.write ('Found a probe!: {} \n'.format(ssid_probed_for)) 296 | #### New 297 | if ssid_probed_for in five_ten_min_ago_ssids: 298 | print ("Probe for {} in 5 to 10 mins list".format(ssid_probed_for)) 299 | cyt_log.write ("Probe for {} in 5 to 10 mins list \n".format(ssid_probed_for)) 300 | else: 301 | pass 302 | if ssid_probed_for in ten_fifteen_min_ago_ssids: 303 | print ("Probe for {} 10 to 15 mins list".format(ssid_probed_for)) 304 | cyt_log.write ("Probe for {} 10 to 15 mins list \n".format(ssid_probed_for)) 305 | else: 306 | pass 307 | if ssid_probed_for in fifteen_twenty_min_ago_ssids: 308 | print ("Probe for {} in 15 to 20 mins list".format(ssid_probed_for)) 309 | cyt_log.write ("Probe for {} in 15 to 20 mins list \n".format(ssid_probed_for)) 310 | else: 311 | pass 312 | ##### End New 313 | else: 314 | pass 315 | stripped_val = str(row).replace("(","").replace(")","").replace("'","").replace(",","").split(" ")[0] 316 | #print (stripped_val) 317 | if stripped_val in ignore_list: 318 | pass 319 | else: 320 | if stripped_val in five_ten_min_ago_macs: 321 | print("{} {} in 5 to 10 mins list".format(row[0], row[1])) 322 | cyt_log.write("{} {} in 5 to 10 mins list \n".format(row[0], row[1])) 323 | else: 324 | pass 325 | if stripped_val in ten_fifteen_min_ago_macs: 326 | print("{} {} in 10 to 15 mins list".format(row[0], row[1])) 327 | cyt_log.write("{} {} in 10 to 15 mins list \n".format(row[0], row[1])) 328 | else: 329 | pass 330 | if stripped_val in fifteen_twenty_min_ago_macs: 331 | print("{} {} in 15 to 20 mins list".format(row[0], row[1])) 332 | cyt_log.write("{} {} in 15 to 20 mins list \n".format(row[0], row[1])) 333 | else: 334 | pass 335 | ## End sql_fetch_current 336 | 337 | 338 | 339 | #### Begin Time Loop 340 | 341 | time_count = 0 342 | 343 | while True: 344 | time_count = time_count + 1 345 | sql_fetch_current(con) 346 | if time_count % 5 == 0: 347 | ##Update Lists 348 | fifteen_twenty_min_ago_macs = ten_fifteen_min_ago_macs 349 | ten_fifteen_min_ago_macs = five_ten_min_ago_macs 350 | print ("{} MACs moved to the 15-20 Min list".format(len(fifteen_twenty_min_ago_macs))) 351 | print ("{} MACs moved to the 10-15 Min list".format(len(ten_fifteen_min_ago_macs))) 352 | cyt_log.write ("{} MACs moved to the 15-20 Min list \n".format(len(fifteen_twenty_min_ago_macs))) 353 | cyt_log.write ("{} MACs moved to the 10-15 Min list \n".format(len(ten_fifteen_min_ago_macs))) 354 | 355 | fifteen_twenty_min_ago_ssids = ten_fifteen_min_ago_ssids 356 | ten_fifteen_min_ago_ssids = five_ten_min_ago_ssids 357 | print ("{} Probed SSIDs moved to the 15 to 20 mins ago list".format(len(fifteen_twenty_min_ago_ssids))) 358 | print ("{} Probed SSIDs moved to the 10 to 15 mins ago list".format(len(ten_fifteen_min_ago_ssids))) 359 | cyt_log.write ("{} Probed SSIDs moved to the 15 to 20 mins ago list \n".format(len(fifteen_twenty_min_ago_ssids))) 360 | cyt_log.write ("{} Probed SSIDs moved to the 10 to 15 mins ago list \n".format(len(ten_fifteen_min_ago_ssids))) 361 | 362 | ###Update time variables 363 | five_mins_ago = datetime.now() + timedelta(minutes=-5) 364 | unixtime_5_ago = time.mktime(five_mins_ago.timetuple()) 365 | ten_mins_ago = datetime.now() + timedelta(minutes=-10) 366 | unixtime_10_ago = time.mktime(ten_mins_ago.timetuple()) 367 | 368 | ###Clear recent lists 369 | five_ten_min_ago_macs = [] 370 | five_ten_min_ago_ssids = [] 371 | 372 | ### Move the past 5 check from 5 mins ago into the past 5-10 list 373 | #sql_fetch_5_to_10(con) 374 | five_ten_min_ago_macs = past_five_mins_macs 375 | print ("{} MACs moved to the 5 to 10 mins ago list".format(len(five_ten_min_ago_macs))) 376 | cyt_log.write ("{} MACs moved to the 5 to 10 mins ago list \n".format(len(five_ten_min_ago_macs))) 377 | five_ten_min_ago_ssids = past_five_mins_ssids 378 | print ("{} Probed SSIDs moved to the 5 to 10 mins ago list".format(len(five_ten_min_ago_ssids))) 379 | cyt_log.write ("{} Probed SSIDs moved to the 5 to 10 mins ago list \n".format(len(five_ten_min_ago_ssids))) 380 | 381 | ### Update past 5 min check to have them ready for 5 mins from now 382 | past_five_mins_macs = [] 383 | past_five_mins_ssids = [] 384 | 385 | sql_fetch_past_5(con) 386 | probe_request_sql_fetch_past_5(con) 387 | #print ("{} MACs seen within the past 5 minutes".format(len(past_five_mins_macs))) 388 | #past_five_mins_ssids 389 | 390 | time.sleep(60) 391 | --------------------------------------------------------------------------------