Documentation
¶
Overview ¶
Package resolvers implements primitives to resolve various identifiers against external data
Index ¶
- Variables
- func Init(c Config, quietMode bool)
- func InitDHCPFingerprintAPIKey()
- func InitDHCPFingerprintDB()
- func InitDNSWhitelist()
- func InitLocalDNS()
- func InitServiceDB()
- func IsPrivateIP(ip net.IP) bool
- func IsWhitelistedDomain(domain string) bool
- func LookupDHCPFingerprint(fp, vendor string, userAgents []string) (*dhcpResult, error)
- func LookupDNSNameLocal(ip string) string
- func LookupDNSNames(ip string) []string
- func LookupGeolocation(addr string) (string, string)
- func LookupJa3(hash string) string
- func LookupManufacturer(mac string) string
- func LookupServiceByPort(port int, protocol string) string
- func SaveFingerprintDB()
- func SetLogger(lg *zap.Logger)
- type Config
Constants ¶
This section is empty.
Variables ¶
var ( // CurrentConfig holds the current configuration. CurrentConfig Config // ConfigRootPath points to the path for storing the netcap configuration and databases. // usually: /usr/local/etc/netcap ConfigRootPath string // DataBaseFolderPath points to the 'dbs' folder for storing the netcap databases. // usually: /usr/local/etc/netcap/dbs DataBaseFolderPath string // DataBaseBuildPath points to the build folder for db generation artifacts, // that are not tracked in version control. // usually: /usr/local/etc/netcap/build DataBaseBuildPath string )
var DefaultConfig = Config{ ReverseDNS: false, LocalDNS: false, MACDB: true, Ja3DB: true, ServiceDB: true, GeolocationDB: true, }
DefaultConfig is an example configuration.
Functions ¶
func Init ¶
Init can be used to initialize the resolvers package according to the provided configuration.
func InitDHCPFingerprintAPIKey ¶
func InitDHCPFingerprintAPIKey()
InitDHCPFingerprintAPIKey initializes the DHCP fingerprinting API key
func InitDHCPFingerprintDB ¶
func InitDHCPFingerprintDB()
InitDHCPFingerprintDB initializes the DHCP fingerprint database from the JSON encoded mapping persisted on disk.
func InitLocalDNS ¶
func InitLocalDNS()
InitLocalDNS initializes reverse dns resolution via local hosts mapping.
func InitServiceDB ¶
func InitServiceDB()
InitServiceDB initializes the ports to service names mapping. TODO: include service names for other transport protocols
func IsPrivateIP ¶
IsPrivateIP can be used whether an address belongs to private address space.
func IsWhitelistedDomain ¶
IsWhitelistedDomain checks whether a given domain is whitelisted must be called after calling InitDNSWhitelist().
func LookupDHCPFingerprint ¶
LookupDHCPFingerprint retrieves the data associated with an DHCP fingerprint.
func LookupDNSNameLocal ¶
LookupDNSNameLocal retrieves the DNS names associated with an IP addr.
func LookupDNSNames ¶
LookupDNSNames retrieves the DNS names associated with an IP address.
func LookupGeolocation ¶
LookupGeolocation returns all associated geolocations for a given address and db handle results are being cached in an atomic map to avoid unnecessary lookups.
func LookupJa3 ¶
LookupJa3 tries to locate the JA3(S) hash in the ja3 database and return a description access to the underlying map is not locked because after initialization the map is always read and never written again.
func LookupManufacturer ¶
LookupManufacturer resolves a MAC addr to the manufacturer.
func LookupServiceByPort ¶
LookupServiceByPort looks up the service name associated with a given port and protocol.
func SaveFingerprintDB ¶
func SaveFingerprintDB()
SaveFingerprintDB will persist the fingerprint database on disk. TODO: use a boltDB?
Types ¶
type Config ¶
type Config struct {
// Controls whether ip addresses are resolved through the default OS resolver
ReverseDNS bool
// Controls if ip addresses are resolved locally through a provided hosts mapping
LocalDNS bool
// Enables MAC address vendor lookups
MACDB bool
// Enables looking up Ja3 profiles
Ja3DB bool
// Enables resolving port numbers to service names
ServiceDB bool
// Enables ip to geolocation lookups via MaxMind GeoLite
GeolocationDB bool
}
Config contains settings for the resolvers package.
Source Files