Hello Reader!

This weeks script comes from a case I’m working on right now for my job, and while I didn’t HAVE to write a python script for it, when I was talking with my co-worker about looking through some Windows DNS logs, he said to me…”There’s your python script for the week.”

And thus, YOP Week Forty Five was born!

The case I’m working on currently revolves around reviewing DNS logs for some specific information.  The Windows DNS logs themselves aren’t that bad to look through, until they are several hundred/thousand/billion megs in size…then you want to create some way to search through it rather easily.  I was starting to look through the data with Notepad++ when I realized it would be a lot nicer if there was an easy way to filter the data down.

So for this week, my script begins the process of what I want the end result script to be.  I did some looking online and there are a few Python scripts out there that parse Windows DNS logs, but they were designed for specific purposes, and I was looking to add some flexibility to mine.

But for this first stage, my goal was to clean up the file, and then output it to CSV format so I can filter it in Excel.  My plan for the next stage is to allow you to search, and clean up some of the formatting errors that are present in this version.

The first part of this script takes the DNS file and runs it through two stages, the first gets rid of the 34 lines at the start of the file.  These lines define the fields in the report.  My plan is to add them in as a header row in the second run through of this script.  The second function gets rid of the new lines in between each of the DNS log entires in the file itself.  For this part I actually create a backup file, since during some of my earlier testing I removed ALL the contents of the file.  Again in the second version I’ll move the backup portion to the first function, so that they entire script works off the backup file instead of the original file.

Finally I walk through the script and split the fields up to output into a CSV file.  The downside to Windows DNS logs is that they are field separated by spaces.  Where that becomes a problem is when you get to the Opcode field.  Since that field can have more than one value, you can have spaces between them, which the script interprets as two separate fields (even through it’s not).  I’m still trying to figure out the logic on that one, so you’ll need to be careful with the final CSV output, you might have some fields that have shifted over on accident.

Like I said this is the first pass on this script.  There are a few more things I need to tweak and fix.  But it’ll be enough to get me started with what I need it for on this case!

Until next week!

https://github.com/CdtDelta/YOP

Advertisements

Hello Reader!

Ok this is going to be a quick post.  For this week I started working on a script to help my kids practice their division.  It’s similar to the multiplication one I did back with Week 41.  However, what I wanted to do was avoid any remainder problems.  So what I did this time around was generate two random numbers (based on input), multiply those numbers, take the product, and then use that as part of the division problem.  That way it focuses more on what my kids are working on.

That’s it!  Like I said this one was going to be quick….

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader!

This week I’m changing gears a bit.  Recently I’ve been doing a lot of checking on IP addresses that show up in logs, memory dumps, alerts, etc.  And I decided it would nice to have a simple script that can just pull that information for me automatically without typing multiple commands over and over.

This script takes an IP address and a DNS server as arguments, does a DNS lookup on the IP, then pulls the whois information, and finally will pull down the main webpage from the site (I’m assuming here there’s a webserver on the other end).  The webpage gets saved in the directory the script is run from.

This script does require the following modules in order to run:

ipwhois and pycurl

But otherwise that’s it!

Until next week!
https://github.com/CdtDelta/YOP


Hello Reader!

This week we return to pieces of my case management system.

I decided to create a Chain of Custody entry system.  It’s based off the script from Week 38, but I’ve altered it to allow you to enter in the basic information for a standard chain of custody entry.  Namely when it happened, who was involved and the reason.  I haven’t set it up to link back to a specific item of evidence, primarily because it’s a component of the overall finished product.  With each of these scripts they’ve been created to write to their own sqlite database.

Otherwise it’s another straightforward script to create an entry in the database.  I didn’t put a loop around it since you don’t typically enter in chain of custody entries like you might with case notes, evidence, etc…

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader!

Well this weeks script is coming completely out of left field.  I started a new job this week and didn’t have a chance to put a lot of time into this weeks script.  However, I have been wanting to work on a math testing program for my kids, so this is a first pass at it.

I created a simple multiplication script, where you choose the lowest and highest numbers to multiply with, and then you specify how many questions you want to answer.  From there I just run a function that randomly chooses two numbers between your low and high, and multiplies it together.  At the same time it counts down from how many questions you want it to ask.  When it’s done the program just exits.

My plan with this script long term is two fold.  One, I’m going to use it to start playing around with python in a web browser, so I can have my kids just go to a site and answer the questions (yes I know there are sites out there already that do this).  Second I’m going to have it grow as my kids enter new grades and advance towards algebra, calculus, etc.  I’m also planning on adding a scoring system to keep track of how they are doing, and for basic math I want to add a timer.  That way for something like multiplication, you’re not only trying to answer all the problems, but you’re also trying to do it before time runs out.  So we’ll see how that progresses…

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader!

Here we are at week 40!  Only 12 more weeks to go!

This week I continue segments for my overall case management system.  This week I’m focusing on case notes, which are a critical part of any case management system.  I also think the best system is one where you can collaborate on adding case notes.  So multiple people can enter in their findings on the same case, and the other people involved can see the updates.

For this script, I’m just focusing on entering the case note into the database.  There are a lot of similarities to the last two weeks of code, which I’ve been using as a basic framework.  However in this instance, I’m just capturing the current date and time, the actual case note entry itself, and finally I’m hashing the case note entry with the SHA256 algorithm to prevent tampering.  Then all three items are written to the database.

In the larger code, this would end up looping as long as someone wanted to enter in case notes.

Until next week!

https://github.com/CdtDelta/YOP


Hello reader!

This weeks script is a continuation of what I started on last week.  However I am just starting to play around with creating the over all case itself.  Right now there’s not much to this, and it has some similarities to what I worked on last week.

The one little piece I played with is using today’s date with the case naming, so I have a separate function creating that part.  Then I use another function to create the initial “template” of the case database.   Right now all I’m doing is putting in the case number, the name of the person working the case, and a short description of what the case is actually about.

This is by no means complete, and as this overall project grows I’ll need to focus more on linking all of these individual scripts into one larger database.  But that will happen later…

Until next week!

https://github.com/CdtDelta/YOP