diff options
| -rwxr-xr-x | utils/parse_reader_json.py | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/utils/parse_reader_json.py b/utils/parse_reader_json.py new file mode 100755 index 000000000..19eaf6929 --- /dev/null +++ b/utils/parse_reader_json.py @@ -0,0 +1,52 @@ +#!/usr/bin/python3 + +# +# Usage +# +# ./example/ndpiReader -K JSON -k /tmp/a.json -L lists/public_suffix_list.dat -i packets.pcap +# +# ./parse_reader_json.py /tmp/a.json +# + +import json +import sys + +if(len(sys.argv) != 2): + print("Usage: parse_reader_json.py <ndpiReader>.json") + sys.exit() + +fname = sys.argv[1] + +fingeprints = {} + +# Open and read the JSON file +with open(fname, 'r') as file: + for line in file: + data = json.loads(line) + + # Print the data + if(('tcp_fingerprint' in data) + and ('tls' in data['ndpi']) + and ('hostname' in data['ndpi']) + and ('ja4' in data['ndpi']['tls']) + ): + tcp_fingerprint = data['tcp_fingerprint'] + ja4 = data['ndpi']['tls']['ja4'] + domainame = data['ndpi']['domainame'] + hostname = data['ndpi']['hostname'] + + key = tcp_fingerprint+"-"+ja4 + if(not(key in fingeprints)): + fingeprints[key] = {} + + value = hostname + fingeprints[key][value] = True + + +for k in fingeprints.keys(): + print(k, end =" [ ") + + for host in fingeprints[k]: + print(host, end =" ") + + print("]") |