mirror of
https://github.com/mblanke/ThreatHunt.git
synced 2026-03-01 14:00:20 -05:00
Added functionality
added securitytools functions
This commit is contained in:
52
backend/scripts/parse_tools_usage.py
Normal file
52
backend/scripts/parse_tools_usage.py
Normal file
@@ -0,0 +1,52 @@
|
||||
import csv
|
||||
import re
|
||||
import os
|
||||
from glob import glob
|
||||
|
||||
# 1. Extract tool/process names from the Markdown file
|
||||
def extract_tools(md_path):
|
||||
tools = set()
|
||||
with open(md_path, encoding='utf-8') as f:
|
||||
for line in f:
|
||||
line = line.strip()
|
||||
# Skip headers and empty lines
|
||||
if not line or line.endswith(':') or line.startswith('<!--'):
|
||||
continue
|
||||
# Only keep lines that look like process/tool names
|
||||
if re.match(r'^[\w\-.@]+(\.exe|\.dll|\.sys)?$', line, re.IGNORECASE):
|
||||
tools.add(line.lower())
|
||||
return tools
|
||||
|
||||
# 2. Parse the CSV file and build mapping
|
||||
def parse_csv(csv_path, tools):
|
||||
tool_hosts = {}
|
||||
with open(csv_path, newline='', encoding='utf-8') as csvfile:
|
||||
reader = csv.DictReader(csvfile)
|
||||
for row in reader:
|
||||
host = row.get('host') or row.get('hostname')
|
||||
proc = row.get('process') or row.get('process_name') or row.get('image')
|
||||
if not host or not proc:
|
||||
continue
|
||||
proc = proc.lower()
|
||||
if proc in tools:
|
||||
tool_hosts.setdefault(proc, set()).add(host)
|
||||
return tool_hosts
|
||||
|
||||
# 3. Output the breakdown
|
||||
def main():
|
||||
md_path = r'd:\Dev\ThreatHunt\backend\lists\security-tools.md'
|
||||
upload_dir = r'd:\Dev\ThreatHunt\uploaded'
|
||||
tools = extract_tools(md_path)
|
||||
csv_files = glob(os.path.join(upload_dir, '*.csv'))
|
||||
|
||||
for csv_path in csv_files:
|
||||
print(f"\nResults for: {os.path.basename(csv_path)}")
|
||||
tool_hosts = parse_csv(csv_path, tools)
|
||||
if not tool_hosts:
|
||||
print(" No known tools found.")
|
||||
continue
|
||||
for tool, hosts in sorted(tool_hosts.items()):
|
||||
print(f" {tool}: {', '.join(sorted(hosts))}")
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
Reference in New Issue
Block a user