ciscoconfparse2：一款针对思科IOS风格配置的安全审计工具

git clone git://github.com/mpenning/ciscoconfparse2

cd ciscoconfparse2/ python -m pip install .

python -m pip install ciscoconfparse2

>>> from ciscoconfparse2 import CiscoConfParse>>>>>> parse = CiscoConfParse('/path/to/config/file')>>> intf_cmds = parse.find_parent_objects(['interface', 'shutdown'])>>>>>> shut_intf_names = [" ".join(cmd.split()[1:]) for cmd in intf_cmds]>>>>>> shut_intf_names['GigabitEthernet1/5', 'TenGigabitEthernet2/2', 'TenGigabitEthernet2/3']>>>

router bgp 65534  bgp router-id 10.0.0.100  address-family ipv4 unicast  !  neighbor 10.0.0.37    remote-as 64000    route-policy EBGP_IN in    route-policy EBGP_OUT out  !  neighbor 10.0.0.1    remote-as 65534    update-source Loopback0    route-policy MANGLE_IN in    route-policy MANGLE_OUT out      next-hop-self  !  neighbor 10.0.0.34    remote-as 64000    route-policy EBGP_IN in    route-policy EBGP_OUT out

from ciscoconfparse2 import CiscoConfParseparse = CiscoConfParse('/path/to/config/file')   # Or read directly from a list of strings# Get all neighbor configuration branchesbranches = parse.find_object_branches(('router bgp',                                       'neighbor',                                       'remote-as'))# Get the local BGP ASNbgp_cmd = branches[0][0]local_asn = bgp_cmd.split()[-1]# Find EBGP neighbors for any number of peersfor branch in branches:    neighbor_addr = branch[1].split()[-1]    remote_asn = branch[2].split()[-1]    if local_asn != remote_asn:        print("EBGP NEIGHBOR", neighbor_addr)

$ python example.pyEBGP NEIGHBOR 10.0.0.37EBGP NEIGHBOR 10.0.0.34$