tech_tools package

Submodules

tech_tools.cli module

tech_tools.cli.ipconfig()[source]

Return string of raw ip configuration info from CLI.

Returns:

Printout of ipconifg /all on Windows or nmcli device show on linux

Return type:

str

Note:

Use of this function on Linux requires that nmcli be installed.

tech_tools.cli.local_arp()[source]

Return string of raw ip configuration info from CLI.

Returns:

Printout of the local arp table

Return type:

str

tech_tools.cli.parse_ipconfig()[source]

Parse raw ipconfig information and return a list containing a dictionary for each valid interface.

Returns:

List of dictionaries with keys: ip, subnet, mac, (gateway if present)

Return type:

list

Note:

Subnet will be provided as a mask on Windows (ex 255.255.255.0) and using CIDR notation on Linux (ex /24).

Valid interfaces might not have a defined gateway.

tech_tools.cli.parse_local_arp()[source]

Parse raw local arp data and return a Pandas DataFrame.

Returns:

Parsed information from the local arp table, IPv4 Address and Mac Address

Return type:

Pandas.DataFrame columns: ip, mac

tech_tools.cli.parse_trace_route_local(destination='8.8.8.8')[source]

Parse raw trace route data into a list of hosts considered to be part of local/private networks.

Parameters:

destination (str, IPv4Address) – (optional) Remote host, 8.8.8.8 by default

Returns:

Hosts (hops) along a given trace route with local (private) addresses

Return type:

list

tech_tools.cli.ping_range_ip(ip_list)[source]

Ping a list of hosts and return list of hosts that produced a valid response.

Parameters:

ip_list (list) – Containing either str or IPv4Address objects of hosts

Returns:

IPv4Address objects that responded to a ping

Return type:

list

tech_tools.cli.ping_single_ip(ip, output)[source]

Ping a single host and append to output list if successful.

Parameters:
  • ip (str, IPv4Address) – A valid IPv4 Address, example “10.10.10.132”

  • output (list) – List to update with values

Returns:

Nothing, external list will be updated

Return type:

None

tech_tools.cli.trace_route(destination='8.8.8.8')[source]

Determine route from local host to a given destination and return raw string data.

Parameters:

destination (str, IPv4Address) – (optional) Remote host, 8.8.8.8 by default

Returns:

Printout of tracert on Windows or traceroute on Linux

Note:

Use of this function on Linux requires that traceroute be installed.

tech_tools.detective_functions module

tech_tools.detective_functions.local_devices(network=None, ports=None)[source]

Return a DataFrame containing ip, mac, valid tcp ports, and manufacture information obtained from local network

Parameters:
  • network (str, IPv4Address) – (optional) Interface IP Address, local_ip() by default

  • ports (list) – (optional) TCP ports to scan, should be provided as integers, [80, 443] by default

Returns:

host ip addresses, mac addresses, valid tcp ports, manufacturing company

Return type:

Pandas.DataFrame

Note:

If no interface address is provided, the function will attempt to locate devices based on the address returned from the local_ip() function. If multiple interfaces are present, it is recommended to manually select the preferred one.

This function requires a valid host ping, as well as a valid entry in the local arp table. Some hosts might not meet these criteria.

tech_tools.detective_functions.semi_local_devices(destination='8.8.8.8', ports=None)[source]

Return a DataFrame of ip and TCP port information for Private networks along a designated trace route path.

Parameters:
  • destination (str, IPv4Address) – (optional) Remote host, 8.8.8.8 by default

  • ports (list) – (optional) TCP ports to scan, should be provided as integers, [80, 443] by default

Returns:

host ip addresses, valid tcp ports

Return type:

Pandas.DataFrame

Note:

Assumes /24 subnet, though this might not be correct in many cases.

Recommended to scan networks individually if subnets of different sizes exist along the trace path. A list of local networks along the trace path can be achieved with parse_trace_route_local().

tech_tools.resources module

tech_tools.resources.mac_lookup(mac_address)[source]

Return the manufacturing company for a given host mac address, “not_found” for failed matches.

Parameters:

mac_address (str) – Host mac address, example “00:1A:2B:3C:4D:5E”

Returns:

Manufacturing company

Return type:

str

tech_tools.utilities module

tech_tools.utilities.generate_range_from_subnet(ip, subnet=24)[source]

Return a list of IPv4 Address objects based on provided subnet information. Excludes network and broadcast addresses.

Parameters:
  • ip (str, IPv4Address) – A valid IPv4 Address

  • subnet (int, str) – (optional) CIDR notation integer value or subnet mask convention, 24 bf default

Returns:

IPv4 Address objects based upon range of provided subnet, excluding network and broadcast addresses

Return type:

list

Note:

If subnet is not referenced in either the ip or subnet params, function assumes 24 or (255.255.255.0). CIDR notation in ip param overrides subnet param.

The following are examples of valid inputs:

“10.0.0.1” <- assumption of 255.255.255.0 or 24

IPv4Address(“192.168.10.10”) <- assumption of 255.255.255.0 or 24

“192.168.5.1/20” <- overrides subnet parameter

(“192.168.0.1”, 24)

(“10.10.2.0”, “255.255.255.0”)

tech_tools.utilities.generate_range_from_two_ips(first_ip, second_ip)[source]

Return a list of IPv4 Address objects between two provided IP addresses, including both provided addresses.

Parameters:
  • first_ip (str, IPv4Address) – A valid IPv4 Address, example “10.10.10.132”

  • second_ip (str, IPv4Address) – A valid IPv4 Address, example IPv4Address(“10.10.10.157”)

Returns:

Both addresses along with every possible address in between them

Return type:

list

Note:

The returned list will have complete disregard for any subnet boundaries, broadcast addresses, etc.

Use some discretion as this function can generate a list with billions of values.

tech_tools.utilities.local_ip()[source]

Return local IPv4Address for the primary interface by way of attempting a socket connection. Unsuccessful socket attempt will return 127.0.0.1.

Returns:

IP address for the primary interface

Return type:

IPv4Address

Note:

This function attempts to forge a connection via the primary interface, in the event that multiple valid interfaces are online, the result may be undesirable. Either disable other interfaces, or determine local ip via other means.

If using a statically defined IP address (for instance, while connecting to an offline, unmanaged switch) it is highly recommended to supply an address, subnet, and gateway. Omission of this information could prevent a valid socket attempt and default to the fallback interface depending on a few factors.

tech_tools.utilities.reachable_tcp_single_ip(host, port, output, timeout=4)[source]

Determine if a given host on a given port is reachable via TCP socket connection, add successful values to dictionary.

Parameters:
  • host (str, IPv4Address) – A valid IPv4 Address, example “10.10.10.132”

  • port (int) – Port on which to attempt connection

  • output (dict) – Reachable hosts will be added to this

  • timeout (int) – (optional) Number of seconds to wait for a timeout failure, default 4

Returns:

Nothing, external dictionary will be updated

Return type:

None

Note:

The dictionary will be updated in the following format: {IP4Address: [port], IPv4Address: [port1, port2], …}

If host is already present within the dictionary, the port will be appended to the existing list. However, if the port in question already exists within said list, it will not be added to avoid duplicates

tech_tools.utilities.tcp_ip_port_scanner(ip_list, ports, df=True)[source]

Determine which hosts from a given list are reachable via a port or list of ports, return dictionary or DataFrame of valid connections.

Parameters:
  • ip_list (list) – Containing either str ip “10.10.1.1” or IPv4Address(“10.10.1.1”) objects

  • ports (int, list) – Either a single int port or list of int ports

  • df (bool) – (optional) This entry will determine what format is returned, True by default and therefore a DataFrame.

Returns:

Hosts with associated ports on which they responded

Return type:

dict, Pandas.DataFrame

Note:

Dictionary formatted as: {IPv4Address(“10.10.1.1”): [80, 443], …}

DataFrame columns: ip, ports

tech_tools.wireshark module

tech_tools.wireshark.wireshark_extract(file)[source]

Return a Series of desired information from a Wireshark JSON file using GroupBy. Includes docs_source ip, docs_source mac, docs_source mac company, destination ip, protocol, and category

Parameters:

file (str) – Valid path to a JSON wireshark file

Returns:

Groupby format docs_source ip, docs_source mac, docs_source mac company, destination ip, protocol, and category

Return type:

Pandas.Series

tech_tools.wireshark.wireshark_mac_addresses(file)[source]

Return MAC Address/Manufacturer information from a Wireshark JSON file

Parameters:

file (str) – Valid path to a Wireshark JSON file

Returns:

docs_source mac, docs_source mac manufacturing company

Return type:

Pandas.DataFrame

tech_tools.wireshark.wireshark_private_ips(file)[source]

Return private IP addresses from a Wireshark JSON file

Parameters:

file (str) – Valid path to a Wireshark JSON file

Returns:

IPv4Address objects within the range that falls under the category of Private networks

Return type:

list

Module contents