Documentation ¶
Overview ¶
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Package canary defines the canary listener ¶
config: listener="canary" interfaces=["interface"] do_arp=true|false (default: false)
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func New(options ...func(listener.Listener) error) (listener.Listener, error)
- type ARPCache
- type ARPEntry
- type Canary
- func (c *Canary) Accept() (net.Conn, error)
- func (c *Canary) Close()
- func (c *Canary) DecodeDNS(iph *ipv4.Header, udph *udp.Header) error
- func (c *Canary) DecodeElasticsearch(conn net.Conn) error
- func (c *Canary) DecodeFTP(conn net.Conn) error
- func (c *Canary) DecodeHTTP(conn net.Conn) error
- func (c *Canary) DecodeHTTPS(conn net.Conn) error
- func (c *Canary) DecodeMSSQL(conn net.Conn) error
- func (c *Canary) DecodeNBTIP(conn net.Conn) error
- func (c *Canary) DecodeNTP(iph *ipv4.Header, udph *udp.Header) error
- func (c *Canary) DecodeRDP(conn net.Conn) error
- func (c *Canary) DecodeRedis(conn net.Conn) error
- func (c *Canary) DecodeSIP(iph *ipv4.Header, udph *udp.Header) error
- func (c *Canary) DecodeSMBIP(conn net.Conn) error
- func (c *Canary) DecodeSNMP(iph *ipv4.Header, udph *udp.Header) error
- func (c *Canary) DecodeSNMPTrap(iph *ipv4.Header, udph *udp.Header) error
- func (c *Canary) DecodeSSDP(iph *ipv4.Header, udph *udp.Header) error
- func (c *Canary) DecodeTelnet(conn net.Conn) error
- func (c *Canary) NewState(src net.IP, srcPort uint16, dest net.IP, dstPort uint16) *State
- func (c *Canary) SetChannel(ch pushers.Channel)
- func (c *Canary) Start(ctx context.Context) error
- type DummyFeedback
- type KnockGroup
- type KnockGrouper
- type KnockICMP
- type KnockTCPPort
- type KnockUDPPort
- type Protocol
- type Route
- type RouteTable
- type Socket
- func (s Socket) Close() error
- func (s Socket) LocalAddr() net.Addr
- func (s Socket) Read(p []byte) (n int, err error)
- func (s Socket) RemoteAddr() net.Addr
- func (s Socket) SetDeadline(t time.Time) error
- func (s Socket) SetReadDeadline(t time.Time) error
- func (s Socket) SetWriteDeadline(t time.Time) error
- func (s Socket) Write(p []byte) (n int, err error)
- type SocketState
- type State
- type StateTable
- type UniqueSet
Constants ¶
const ( // MaxEpollEvents defines maximum number of poll events to retrieve at once MaxEpollEvents = 2048 // DefaultBufferSize defines size of receive buffer DefaultBufferSize = 65535 )
const ( // EthernetTypeIPv4 is the protocol number for IPv4 traffic EthernetTypeIPv4 = 0x0800 // EthernetTypeIPv6 is the protocol number for IPv6 traffic EthernetTypeIPv6 = 0x86DD // EthernetTypeARP is the protocol number for ARP traffic EthernetTypeARP = 0x0806 )
Variables ¶
var ( SensorCanary = event.Sensor("canary") // EventCategorySSDP contains events for ssdp traffic EventCategoryUDP = event.Category("udp") CanaryOptions = event.NewWith( SensorCanary, ) )
contains different variables in use.
var ( // EventCategoryDNSQuery contains the category for dns query events EventCategoryDNSQuery = event.Category("dns-query") // EventCategoryDNSOther contains the category for dns other events EventCategoryDNSOther = event.Category("dns-other") )
var ( // EventCategoryARP EventCategoryARP = event.Category("arp") )
var ( // EventCategoryElasticsearch contains events for elasticsearch traffic EventCategoryElasticsearch = event.Category("elasticsearch") )
var ( // EventCategoryFTP contains events for ssdp traffic EventCategoryFTP = event.Category("ftp") )
var ( // EventCategoryHTTP contains events for ssdp traffic EventCategoryHTTP = event.Category("http") )
var ( // EventCategoryHTTPS contains events for https traffic EventCategoryHTTPS = event.Category("https") )
var ( // EventCategoryMSSQL contains events for ssdp traffic EventCategoryMSSQL = event.Category("mssql") )
var ( // EventCategoryNBTIP contains events for ssdp traffic EventCategoryNBTIP = event.Category("nbt-ip") )
var ( // EventCategoryNTP contains events for ntp traffic EventCategoryNTP = event.Category("ntp") )
var ( // EventCategoryPortscan contains events for ssdp traffic EventCategoryPortscan = event.Category("portscan") )
var ( // EventCategoryRDP contains events for ssdp traffic EventCategoryRDP = event.Category("rdp") )
var ( // EventCategoryRedis contains events for ssdp traffic EventCategoryRedis = event.Category("redis") )
var ( // EventCategorySIP contains events for ntp traffic EventCategorySIP = event.Category("sip") )
var ( // EventCategorySMBIP contains events for ssdp traffic EventCategorySMBIP = event.Category("smb-ip") )
var ( // EventCategorySNMP contains events for ntp traffic EventCategorySNMP = event.Category("snmp") )
var ( // EventCategorySNMPTrap contains events for ntp traffic EventCategorySNMPTrap = event.Category("snmp-trap") )
var ( // EventCategorySSDP contains events for ssdp traffic EventCategorySSDP = event.Category("ssdp") )
var ( // EventCategoryTCP contains events for ssdp traffic EventCategoryTCP = event.Category("tcp") )
var ( // EventCategoryTelnet contains events for ssdp traffic EventCategoryTelnet = event.Category("telnet") )
Functions ¶
Types ¶
type ARPEntry ¶
type ARPEntry struct { IP net.IP HardwareAddress net.HardwareAddr Interface string }
ARPEntry defines a type for containing address and interface detail.
type Canary ¶
type Canary struct { Interfaces []string `toml:"interfaces"` // contains filtered or unexported fields }
Canary contains the canary struct
func (*Canary) DecodeElasticsearch ¶
DecodeElasticsearch will decode NTP packets
func (*Canary) DecodeHTTP ¶
DecodeHTTP will decode NTP packets
func (*Canary) DecodeHTTPS ¶
DecodeHTTPS will decode NTP packets
func (*Canary) DecodeMSSQL ¶
DecodeMSSQL will decode NTP packets
func (*Canary) DecodeNBTIP ¶
DecodeNBTIP will decode NTP packets
func (*Canary) DecodeRedis ¶
DecodeRedis will decode NTP packets
func (*Canary) DecodeSMBIP ¶
DecodeSMBIP will decode NTP packets
func (*Canary) DecodeSNMP ¶
DecodeSNMP will decode NTP packets
func (*Canary) DecodeSNMPTrap ¶
DecodeSNMPTrap will decode NTP packets
func (*Canary) DecodeSSDP ¶
DecodeSSDP will decode NTP packets
func (*Canary) DecodeTelnet ¶
DecodeTelnet will decode NTP packets
func (*Canary) SetChannel ¶
type DummyFeedback ¶
type DummyFeedback struct { }
DummyFeedback is a Dummy Feedback struct
func (DummyFeedback) SetTruncated ¶
func (f DummyFeedback) SetTruncated()
SetTruncated will suffice the FeedbackDecoder method
type KnockGroup ¶
type KnockGroup struct { Start time.Time Last time.Time SourceHardwareAddr net.HardwareAddr DestinationHardwareAddr net.HardwareAddr SourceIP net.IP DestinationIP net.IP Protocol Protocol Count int Knocks *UniqueSet }
KnockGroup groups multiple knocks
type KnockGrouper ¶
type KnockGrouper interface {
NewGroup() *KnockGroup
}
KnockGrouper defines the interface for NewGroup function
type KnockICMP ¶
type KnockICMP struct { SourceHardwareAddr net.HardwareAddr DestinationHardwareAddr net.HardwareAddr SourceIP net.IP DestinationIP net.IP }
KnockICMP struct contain ICMP knock metadata
func (KnockICMP) NewGroup ¶
func (k KnockICMP) NewGroup() *KnockGroup
NewGroup will return a new KnockGroup for ICMP protocol
type KnockTCPPort ¶
type KnockTCPPort struct { SourceHardwareAddr net.HardwareAddr DestinationHardwareAddr net.HardwareAddr SourceIP net.IP DestinationIP net.IP DestinationPort uint16 }
KnockTCPPort struct contain TCP port knock metadata
func (KnockTCPPort) NewGroup ¶
func (k KnockTCPPort) NewGroup() *KnockGroup
NewGroup will return a new KnockGroup for TCP protocol
type KnockUDPPort ¶
type KnockUDPPort struct { SourceHardwareAddr net.HardwareAddr DestinationHardwareAddr net.HardwareAddr SourceIP net.IP DestinationIP net.IP DestinationPort uint16 }
KnockUDPPort struct contain UDP port knock metadata
func (KnockUDPPort) NewGroup ¶
func (k KnockUDPPort) NewGroup() *KnockGroup
NewGroup will return a new KnockGroup for UDP protocol
type Socket ¶
type Socket struct {
// contains filtered or unexported fields
}
Socket defines a object for representing a giving underrline socket
func (Socket) RemoteAddr ¶
RemoteAddr returns remote net.Addr.
func (Socket) SetDeadline ¶
SetDeadline sets the read and write deadlines associated with the connection. It is equivalent to calling both SetReadDeadline and SetWriteDeadline.
A deadline is an absolute time after which I/O operations fail with a timeout (see type Error) instead of blocking. The deadline applies to all future I/O, not just the immediately following call to Read or Write.
An idle timeout can be implemented by repeatedly extending the deadline after successful Read or Write calls.
A zero value for t means I/O operations will not time out.
func (Socket) SetReadDeadline ¶
SetReadDeadline sets the deadline for future Read calls. A zero value for t means Read will not time out.
func (Socket) SetWriteDeadline ¶
SetWriteDeadline sets the deadline for future Write calls. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.
type SocketState ¶
type SocketState int
SocketState defines a int type.
const ( SocketClosed SocketState = iota SocketListen SocketSynReceived SocketSynSent SocketEstablished SocketFinWait1 SocketFinWait2 SocketClosing SocketTimeWait SocketCloseWait SocketLastAck )
contains different SocketState.
func (SocketState) String ¶
func (ss SocketState) String() string
type State ¶
type State struct { SrcIP net.IP SrcPort uint16 DestIP net.IP DestPort uint16 ID uint32 LastAcked uint32 State SocketState // SND.UNA - send unacknowledged SendUnacknowledged uint32 // SND.NXT - send next SendNext uint32 // SND.WND - send window SendWindow uint32 // SND.UP - send urgent pointer SendUrgentPointer uint32 // SND.WL1 - segment sequence number used for last window update SendWL1 uint32 // SND.WL2 - segment acknowledgment number used for last window update SendWL2 uint32 // ISS - initial send sequence number InitialSendSequenceNumber uint32 // RCV.NXT - receive next RecvNext uint32 // RCV.WND - receive window ReceiveWindow uint16 // RCV.UP - receive urgent pointer ReceiveUrgentPointer uint32 // IRS - initial receive sequence number InitialReceiveSequenceNumber uint32 // contains filtered or unexported fields }
State defines a struct for holding connection data and address.
type StateTable ¶
type StateTable [65535]*State
StateTable defines a slice of States type.
func (*StateTable) Get ¶
func (st *StateTable) Get(SrcIP, DestIP net.IP, SrcPort, DestPort uint16) *State
Get will return the state for the ip, port combination
func (*StateTable) Remove ¶
func (st *StateTable) Remove(s *State)
type UniqueSet ¶
type UniqueSet struct {
// contains filtered or unexported fields
}
UniqueSet defines a type to create a unique set of values.
func NewUniqueSet ¶
func NewUniqueSet(fn equalFn) *UniqueSet
NewUniqueSet returns a new instance of UniqueSet.
func (*UniqueSet) Add ¶
func (us *UniqueSet) Add(item interface{}) interface{}
Add adds the given item into the set if it not yet included.