{"id":18131677,"url":"https://github.com/mrtc0/snorttools","last_synced_at":"2025-08-21T01:06:39.580Z","repository":{"id":84696614,"uuid":"46943716","full_name":"mrtc0/SnortTools","owner":"mrtc0","description":"Snort Utility Tools","archived":false,"fork":false,"pushed_at":"2015-11-28T08:40:05.000Z","size":73,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-15T19:35:34.041Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrtc0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-26T19:28:26.000Z","updated_at":"2017-05-06T19:29:11.000Z","dependencies_parsed_at":"2023-03-02T11:01:08.064Z","dependency_job_id":null,"html_url":"https://github.com/mrtc0/SnortTools","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mrtc0/SnortTools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrtc0%2FSnortTools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrtc0%2FSnortTools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrtc0%2FSnortTools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrtc0%2FSnortTools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrtc0","download_url":"https://codeload.github.com/mrtc0/SnortTools/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrtc0%2FSnortTools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271410635,"owners_count":24754757,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-01T12:08:36.129Z","updated_at":"2025-08-21T01:06:39.545Z","avatar_url":"https://github.com/mrtc0.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SnortTools\n\nSnort Utility Tools\n\n---\n## u2reader.py\n\nSnort and Suricata unified2 log file reader.\n\n```\nusage: u2reader.py [-h] [-g GEN_MAP] [-s SID_MAP] [-c CLASSFICATION]\n [-p PRIORITY] [-v]\n logfile\n\nSnort Unified2 Log Parser\n\npositional arguments:\n logfile\n\noptional arguments:\n -h, --help show this help message and exit\n -g GEN_MAP, --gen-map GEN_MAP\n Snort gen-msg.map file. Default ./gen-msg.map\n -s SID_MAP, --sid-map SID_MAP\n Snort sid-msg.map file. Default ./sid-map.map\n -c CLASSFICATION, --classfication CLASSFICATION\n Snort classification.config file. Default ./classification.config\n -p PRIORITY, --priority PRIORITY\n Priority\n -v, --verbose Verbose mode\n\n```\n\n出力フォーマットは以下のようになっています. \n-vオプションを使用しない場合\n```\nEvent ID Event Time Source IP:Source Port =\u003e Destination IP:Destination Port Protocol Priority\n```\n\n-vオプションを使用した場合\n```\nEvent ID Event Time Source IP:Source Port =\u003e Destination IP:Destination Port Protocol Priority\nSiganature Message Signature Class Signature Reference(URL)\nClassification Name Description %s\n```\n\n#### Example\n\n```\n$ ./u2reader.py -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -c /etc/snort/classification.config samples/snort.unified2\n...\n10 2015-11-27 18:13:37 192.168.3.35:1034 =\u003e 195.2.253.92:80 TCP 1\n11 2015-11-27 18:13:37 192.168.3.35:1035 =\u003e 66.96.224.213:80 TCP 1\n12 2015-11-27 18:13:38 192.168.3.35:1036 =\u003e 195.2.253.92:80 TCP 1\n13 2015-11-27 18:13:38 192.168.3.35:1036 =\u003e 195.2.253.92:80 TCP 1\n14 2015-11-27 18:13:38 192.168.3.35:1036 =\u003e 195.2.253.92:80 TCP 1\n15 2015-11-27 18:13:38 192.168.3.35:1037 =\u003e 195.2.253.92:80 TCP 1\n16 2015-11-27 18:13:39 192.168.1.101:1037 =\u003e 65.32.5.111:53 UDP 3\n17 2015-11-27 18:13:43 192.168.10.127:1196 =\u003e 192.168.10.101:445 TCP 3\n18 2015-11-27 18:13:43 192.168.10.127:1196 =\u003e 192.168.10.101:445 TCP 3\n19 2015-11-27 18:13:44 192.168.10.128:1495 =\u003e 192.168.10.101:445 TCP 3\n20 2015-11-27 18:13:44 192.168.10.128:1495 =\u003e 192.168.10.101:445 TCP 3\n21 2015-11-27 18:13:44 192.168.10.128:1505 =\u003e 64.127.109.133:80 TCP 1\n22 2015-11-27 18:13:44 192.168.10.128:36012 =\u003e 72.20.34.145:6881 UDP 1\n23 2015-11-27 18:13:44 192.168.10.128:1536 =\u003e 192.168.10.101:445 TCP 3\n24 2015-11-27 18:13:44 192.168.10.128:1536 =\u003e 192.168.10.101:445 TCP 3\n25 2015-11-27 18:13:44 192.168.10.128:1547 =\u003e 192.168.10.101:445 TCP 3\n...\n```\n\npriorityが3より大きいalertを表示するには次のようにします.\n\n```\n$ python u2reader.py -g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -c /etc/snort/classification.config -p 3 -v samples/snort.unified2\n...\n28 2015-11-27 18:13:45 192.168.10.126:1158 =\u003e 192.168.10.101:445 TCP 3\n GPL NETBIOS SMB-DS IPC$ unicode share access None []\n tcp-connection A TCP connection was detected\n39 2015-11-27 18:13:47 192.168.10.129:1104 =\u003e 192.168.10.101:445 TCP 3\n GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt None ['url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx', 'nessus,12065', 'nessus,12052', 'cve,200\n3-0818', 'bugtraq,9635', 'bugtraq,9633']\n tcp-connection A TCP connection was detected\n40 2015-11-27 18:13:47 192.168.10.129:1104 =\u003e 192.168.10.101:445 TCP 3\n GPL NETBIOS SMB-DS IPC$ unicode share access None []\n tcp-connection A TCP connection was detected\n50 2015-11-27 18:13:49 192.168.10.120:63324 =\u003e 192.168.10.102:139 TCP 3\n GPL NETBIOS SMB IPC$ unicode share access None []\n tcp-connection A TCP connection was detected\n51 2015-11-27 18:13:49 192.168.10.120:63378 =\u003e 192.168.10.102:139 TCP 3\n GPL NETBIOS SMB IPC$ unicode share access None []\n tcp-connection A TCP connection was detected\n52 2015-11-27 18:13:49 192.168.10.125:1359 =\u003e 192.168.10.101:445 TCP 3\n GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt None ['url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx', 'nessus,12065', 'nessus,12052', 'cve,200\n3-0818', 'bugtraq,9635', 'bugtraq,9633']\n tcp-connection A TCP connection was detected\n53 2015-11-27 18:13:49 192.168.10.125:1359 =\u003e 192.168.10.101:445 TCP 3\n GPL NETBIOS SMB-DS IPC$ unicode share access None []\n tcp-connection A TCP connection was detected\n54 2015-11-27 18:13:49 192.168.10.127:1209 =\u003e 192.168.10.101:445 TCP 3\n GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt None ['url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx', 'nessus,12065', 'nessus,12052', 'cve,200\n3-0818', 'bugtraq,9635', 'bugtraq,9633']\n tcp-connection A TCP connection was detected\n...\n```\n\n---\n\n## Todo\n\nめっちゃある\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrtc0%2Fsnorttools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrtc0%2Fsnorttools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrtc0%2Fsnorttools/lists"}