API client for p0f3
This is a simple API client for p0f3, available at http://lcamtuf.coredump.cx/p0f3/ . It is not compatible with version 2.x or 1.x. Start p0f with -s path/to/unix_socket option.
from p0f import P0f, P0fException data = None p0f = P0f("p0f.sock") # point this to socket defined with "-s" argument. try: data = p0f.get_info("192.168.0.1") except P0fException, e: # Invalid query was sent to p0f. Maybe the API has changed? print e except KeyError, e: # No data is available for this IP address. print e except ValueError, e: # p0f returned invalid constant values. Maybe the API has changed? print e if data: print "First seen:", data["first_seen"] print "Last seen:", data["last_seen"]
See examples/django_models.py for complete Django model of the data returned by p0f.
Django middleware is available in p0f.django.middleware.
To use, add P0FSOCKET = "path/to/p0f_unix_socket" to your project’s settings.py, and p0f.django.middleware.P0fMiddleware to MIDDLEWARE_CLASSES.
The middleware adds p0f attribute to all incoming requests. request.p0f is None if connection to p0f failed or p0f did not return data for remote IP address.
Parts of these descriptions are shamelessly copied from http://lcamtuf.coredump.cx/p0f3/README :
By default, following fields are parsed:
Additionally, bad_sw and os_match_q are validated. “ValueError” is raised, if incorrect value is encountered. For all empty fields, None is used instead of empty strings or constants:
This parsing and validation can be disabled with
Full descriptions of the fields:
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|p0f-1.0.0.macosx-10.10-x86_64.tar.gz (7.0 kB) Copy SHA256 Checksum SHA256||any||Dumb Binary||Dec 18, 2014|
|p0f-1.0.0.tar.gz (5.6 kB) Copy SHA256 Checksum SHA256||–||Source||Dec 18, 2014|