OWASP O2 Platform Blog

O2 Script: Util – Util – Show Open Ports (via NetStat -afo).h2

Here is are two scripts that show how to parse ‘kind-off’ unstructured data into a table.

In the first example we grab the output from netstat -fa , parse it in order to extract the port numbers and display it on a table. The 2nd example uses netstat-fao which will also contain the process id (which is used by the script to find the process name)

For reference,  in netstat

  • a = Displays all connections and listening ports
  • f = Displays Fully Qualified Domain Names (FQDN) for foreign addresses.
  • o = Displays the owning process ID associated with each connection

1st version (netstat -fa)

var topPanel = O2Gui.open<Panel>("Util - Show Open Ports (via NetStat -na)",700,600);
//var topPanel = panel.clear().add_Panel();
var tableList = topPanel.add_TableList();

Action showNetStatOnTable =
    ()=>{
            var lines = "netstat.exe".startProcess_getConsoleOut("-na")
                                     .lines()
                                     .removeRange(0,2);
            var netstatData = (from line in lines
                               let fragments = line.split(" ").removeEmpty()
                               let value0 = fragments.value(0)
                               let value1 = fragments.value(1)
                               let value2 = fragments.value(2)
                               let value3 = fragments.value(3)
                               select new {
                                               @Type = value0 ,  
                                               //Local_Address = value1,
                                               Local_Address_IP = value1.replace("::","__").split(":")[0].replace("__","::"),
                                               Local_Address_Port =  value1.replace("::","__").split(":")[1] ,
                                               //Foreign_Address = value2 ,
                                               Foreign_Address_IP = value2.replace("::","__").split(":")[0].replace("__","::"),
                                               Foreign_Address_Port =  value2.replace("::","__").split(":")[1] ,
                                               State = value3
                                              });       
            tableList.show(netstatData);                                 
        }; 

topPanel.insert_Above(40, "Actions")
        .add_Link("Refresh", ()=> showNetStatOnTable())
        .click();

2nd version (netstat -fao)

var topPanel = O2Gui.open<Panel>("Util - Show Open Ports (via NetStat -afo)",700,600);
//var topPanel = panel.clear().add_Panel();

var tableList = topPanel.add_TableList();
tableList.title("Table showing parsed version of netstat command");
var selectedProcess = 0;

Action showNetStatOnTable =
    ()=>{
            var lines = "netstat.exe".startProcess_getConsoleOut("-afo")
                                     .lines()
                                     .removeRange(0,2);
            var netstatData = (from line in lines
                               let fragments = line.split(" ").removeEmpty()
                               let value0 = fragments.value(0)
                               let value1 = fragments.value(1)
                               let value2 = fragments.value(2)
                               let value3 = fragments.value(3)
                               let value4 = fragments.value(4)                              
                               select new {
                                               @Type = value0 ,  
                                               //Local_Address = value1,
                                               Local_Address_IP = value1.replace("::","__").split(":")[0].replace("__","::"),
                                               Local_Address_Port =  value1.replace("::","__").split(":")[1] ,
                                               //Foreign_Address = value2 ,
                                               Foreign_Address_IP = value2.replace("::","__").split(":")[0].replace("__","::"),
                                               Foreign_Address_Port =  value2.replace("::","__").split(":")[1] ,
                                               State = value3,
                                               Process_ID = value4,
                                               Process_Name = Processes.getProcess(value4.toInt()).ProcessName //,
                                               //Executable = value5
                                              });       
            tableList.show(netstatData);                                 
        }; 
       
Action stopSelectedProcess =
    ()=>{
            if (selectedProcess ==0)
                "Cannot Stop process with ID 0".error();
            else
            {
                var process = Processes.getProcess(selectedProcess);               
                "Stopping process: {0} (id: {1})".info(process.ProcessName, process.Id);
                process.stop()
                       .WaitForExit();
                showNetStatOnTable();
            }
        };

topPanel.insert_Above(40, "Actions")
        .add_Link("Refresh", ()=> showNetStatOnTable())
        .append_Link("Stop Selected Process", ()=> stopSelectedProcess()).leftAdd(100);
       

tableList.add_ContextMenu()
         .add_MenuItem("Stop Selected Process", ()=> stopSelectedProcess());
        
tableList.afterSelect_get_Cell(6,
            (value)=> {
                        selectedProcess = value.toInt();
                        "selectedProcess: {0}".info(selectedProcess);
                      });
                     
showNetStatOnTable();
//return "netstat.exe".startProcess_getConsoleOut("-afo");       
return "ok";       

This script is now part of O2’s Scripts as Util – Show Open Ports (via NetStat -afo).h2

November 26, 2011 - Posted by | Network Security, Tools

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: