canary

package
v0.0.0-...-05965fc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2021 License: Apache-2.0 Imports: 28 Imported by: 1

Documentation

Overview

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package canary defines the canary listener

config: listener="canary" interfaces=["interface"] do_arp=true|false (default: false)

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016-2019 DutchSec (https://dutchsec.com/)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// MaxEpollEvents defines maximum number of poll events to retrieve at once
	MaxEpollEvents = 2048
	// DefaultBufferSize defines size of receive buffer
	DefaultBufferSize = 65535
)
View Source 
const (
	// EthernetTypeIPv4 is the protocol number for IPv4 traffic
	EthernetTypeIPv4 = 0x0800
	// EthernetTypeIPv6 is the protocol number for IPv6 traffic
	EthernetTypeIPv6 = 0x86DD
	// EthernetTypeARP is the protocol number for ARP traffic
	EthernetTypeARP = 0x0806
)

Variables

View Source 
var (
	SensorCanary = event.Sensor("canary")

	// EventCategorySSDP contains events for ssdp traffic
	EventCategoryUDP = event.Category("udp")

	CanaryOptions = event.NewWith(
		SensorCanary,
	)
)

contains different variables in use.

View Source 
var (
	// EventCategoryDNSQuery contains the category for dns query events
	EventCategoryDNSQuery = event.Category("dns-query")
	// EventCategoryDNSOther contains the category for dns other events
	EventCategoryDNSOther = event.Category("dns-other")
)
View Source 
var (
	// EventCategoryARP
	EventCategoryARP = event.Category("arp")
)
View Source 
var (
	// EventCategoryElasticsearch contains events for elasticsearch traffic
	EventCategoryElasticsearch = event.Category("elasticsearch")
)
View Source 
var (
	// EventCategoryFTP contains events for ssdp traffic
	EventCategoryFTP = event.Category("ftp")
)
View Source 
var (
	// EventCategoryHTTP contains events for ssdp traffic
	EventCategoryHTTP = event.Category("http")
)
View Source 
var (
	// EventCategoryHTTPS contains events for https traffic
	EventCategoryHTTPS = event.Category("https")
)
View Source 
var (
	// EventCategoryMSSQL contains events for ssdp traffic
	EventCategoryMSSQL = event.Category("mssql")
)
View Source 
var (
	// EventCategoryNBTIP contains events for ssdp traffic
	EventCategoryNBTIP = event.Category("nbt-ip")
)
View Source 
var (
	// EventCategoryNTP contains events for ntp traffic
	EventCategoryNTP = event.Category("ntp")
)
View Source 
var (
	// EventCategoryPortscan contains events for ssdp traffic
	EventCategoryPortscan = event.Category("portscan")
)
View Source 
var (
	// EventCategoryRDP contains events for ssdp traffic
	EventCategoryRDP = event.Category("rdp")
)
View Source 
var (
	// EventCategoryRedis contains events for ssdp traffic
	EventCategoryRedis = event.Category("redis")
)
View Source 
var (
	// EventCategorySIP contains events for ntp traffic
	EventCategorySIP = event.Category("sip")
)
View Source 
var (
	// EventCategorySMBIP contains events for ssdp traffic
	EventCategorySMBIP = event.Category("smb-ip")
)
View Source 
var (
	// EventCategorySNMP contains events for ntp traffic
	EventCategorySNMP = event.Category("snmp")
)
View Source 
var (
	// EventCategorySNMPTrap contains events for ntp traffic
	EventCategorySNMPTrap = event.Category("snmp-trap")
)
View Source 
var (
	// EventCategorySSDP contains events for ssdp traffic
	EventCategorySSDP = event.Category("ssdp")
)
View Source 
var (
	// EventCategoryTCP contains events for ssdp traffic
	EventCategoryTCP = event.Category("tcp")
)
View Source 
var (
	// EventCategoryTelnet contains events for ssdp traffic
	EventCategoryTelnet = event.Category("telnet")
)

Functions

func New 

func New(options ...func(listener.Listener) error) (listener.Listener, error)

New will return a Canary for specified interfaces. Events will be delivered through events

Types

type ARPCache 

type ARPCache []ARPEntry

ARPCache defines a slice of ARPEntrys.

func (ARPCache) Get 

func (ac ARPCache) Get(ip net.IP) *ARPEntry

Get retrieves the ARPEntry associated with the giving ip.

type ARPEntry 

type ARPEntry struct {
	IP              net.IP
	HardwareAddress net.HardwareAddr
	Interface       string
}

ARPEntry defines a type for containing address and interface detail.

type Canary 

type Canary struct {
	Interfaces []string `toml:"interfaces"`
	// contains filtered or unexported fields
}

Canary contains the canary struct

func (*Canary) Accept 

func (c *Canary) Accept() (net.Conn, error)

func (*Canary) Close 

func (c *Canary) Close()

Close will close the canary

func (*Canary) DecodeDNS 

func (c *Canary) DecodeDNS(iph *ipv4.Header, udph *udp.Header) error

DecodeDNS will decode DNS packets

func (*Canary) DecodeElasticsearch 

func (c *Canary) DecodeElasticsearch(conn net.Conn) error

DecodeElasticsearch will decode NTP packets

func (*Canary) DecodeFTP 

func (c *Canary) DecodeFTP(conn net.Conn) error

DecodeFTP will decode NTP packets

func (*Canary) DecodeHTTP 

func (c *Canary) DecodeHTTP(conn net.Conn) error

DecodeHTTP will decode NTP packets

func (*Canary) DecodeHTTPS 

func (c *Canary) DecodeHTTPS(conn net.Conn) error

DecodeHTTPS will decode NTP packets

func (*Canary) DecodeMSSQL 

func (c *Canary) DecodeMSSQL(conn net.Conn) error

DecodeMSSQL will decode NTP packets

func (*Canary) DecodeNBTIP 

func (c *Canary) DecodeNBTIP(conn net.Conn) error

DecodeNBTIP will decode NTP packets

func (*Canary) DecodeNTP 

func (c *Canary) DecodeNTP(iph *ipv4.Header, udph *udp.Header) error

DecodeNTP will decode NTP packets

func (*Canary) DecodeRDP 

func (c *Canary) DecodeRDP(conn net.Conn) error

DecodeRDP will decode NTP packets

func (*Canary) DecodeRedis 

func (c *Canary) DecodeRedis(conn net.Conn) error

DecodeRedis will decode NTP packets

func (*Canary) DecodeSIP 

func (c *Canary) DecodeSIP(iph *ipv4.Header, udph *udp.Header) error

DecodeSIP will decode NTP packets

func (*Canary) DecodeSMBIP 

func (c *Canary) DecodeSMBIP(conn net.Conn) error

DecodeSMBIP will decode NTP packets

func (*Canary) DecodeSNMP 

func (c *Canary) DecodeSNMP(iph *ipv4.Header, udph *udp.Header) error

DecodeSNMP will decode NTP packets

func (*Canary) DecodeSNMPTrap 

func (c *Canary) DecodeSNMPTrap(iph *ipv4.Header, udph *udp.Header) error

DecodeSNMPTrap will decode NTP packets

func (*Canary) DecodeSSDP 

func (c *Canary) DecodeSSDP(iph *ipv4.Header, udph *udp.Header) error

DecodeSSDP will decode NTP packets

func (*Canary) DecodeTelnet 

func (c *Canary) DecodeTelnet(conn net.Conn) error

DecodeTelnet will decode NTP packets

func (*Canary) NewState 

func (c *Canary) NewState(src net.IP, srcPort uint16, dest net.IP, dstPort uint16) *State

NewState returns a new instance of a State.

func (*Canary) SetChannel 

func (c *Canary) SetChannel(ch pushers.Channel)

func (*Canary) Start 

func (c *Canary) Start(ctx context.Context) error

Start will start Canary

type DummyFeedback 

type DummyFeedback struct {
}

DummyFeedback is a Dummy Feedback struct

func (DummyFeedback) SetTruncated 

func (f DummyFeedback) SetTruncated()

SetTruncated will suffice the FeedbackDecoder method

type KnockGroup 

type KnockGroup struct {
	Start time.Time
	Last  time.Time

	SourceHardwareAddr      net.HardwareAddr
	DestinationHardwareAddr net.HardwareAddr

	SourceIP      net.IP
	DestinationIP net.IP

	Protocol Protocol

	Count int

	Knocks *UniqueSet
}

KnockGroup groups multiple knocks

type KnockGrouper 

type KnockGrouper interface {
	NewGroup() *KnockGroup
}

KnockGrouper defines the interface for NewGroup function

type KnockICMP 

type KnockICMP struct {
	SourceHardwareAddr      net.HardwareAddr
	DestinationHardwareAddr net.HardwareAddr

	SourceIP      net.IP
	DestinationIP net.IP
}

KnockICMP struct contain ICMP knock metadata

func (KnockICMP) NewGroup 

func (k KnockICMP) NewGroup() *KnockGroup

NewGroup will return a new KnockGroup for ICMP protocol

type KnockTCPPort 

type KnockTCPPort struct {
	SourceHardwareAddr      net.HardwareAddr
	DestinationHardwareAddr net.HardwareAddr

	SourceIP        net.IP
	DestinationIP   net.IP
	DestinationPort uint16
}

KnockTCPPort struct contain TCP port knock metadata

func (KnockTCPPort) NewGroup 

func (k KnockTCPPort) NewGroup() *KnockGroup

NewGroup will return a new KnockGroup for TCP protocol

type KnockUDPPort 

type KnockUDPPort struct {
	SourceHardwareAddr      net.HardwareAddr
	DestinationHardwareAddr net.HardwareAddr

	SourceIP        net.IP
	DestinationIP   net.IP
	DestinationPort uint16
}

KnockUDPPort struct contain UDP port knock metadata

func (KnockUDPPort) NewGroup 

func (k KnockUDPPort) NewGroup() *KnockGroup

NewGroup will return a new KnockGroup for UDP protocol

type Protocol 

type Protocol int

Protocol specifies the network protocol 

const (
	// ProtocolTCP specifies tcp protocol
	ProtocolTCP Protocol = iota
	// ProtocolUDP specifies udp protocol
	ProtocolUDP
	// ProtocolICMP specifies icmp protocol
	ProtocolICMP
)

type Route 

type Route struct {
	Interface string

	Gateway     net.IP
	Destination net.IPNet
}

Route defines a Route element detailing given address for a gatewau connection.

type RouteTable 

type RouteTable []Route

RouteTable defines a slice of Route type.

type Socket 

type Socket struct {
	// contains filtered or unexported fields
}

Socket defines a object for representing a giving underrline socket

func (Socket) Close 

func (s Socket) Close() error

Close closes the underline connection.

func (Socket) LocalAddr 

func (s Socket) LocalAddr() net.Addr

LocalAddr returns local net.Addr.

func (Socket) Read 

func (s Socket) Read(p []byte) (n int, err error)

func (Socket) RemoteAddr 

func (s Socket) RemoteAddr() net.Addr

RemoteAddr returns remote net.Addr.

func (Socket) SetDeadline 

func (s Socket) SetDeadline(t time.Time) error

SetDeadline sets the read and write deadlines associated with the connection. It is equivalent to calling both SetReadDeadline and SetWriteDeadline.

A deadline is an absolute time after which I/O operations fail with a timeout (see type Error) instead of blocking. The deadline applies to all future I/O, not just the immediately following call to Read or Write.

An idle timeout can be implemented by repeatedly extending the deadline after successful Read or Write calls.

A zero value for t means I/O operations will not time out.

func (Socket) SetReadDeadline 

func (s Socket) SetReadDeadline(t time.Time) error

SetReadDeadline sets the deadline for future Read calls. A zero value for t means Read will not time out.

func (Socket) SetWriteDeadline 

func (s Socket) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the deadline for future Write calls. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.

func (Socket) Write 

func (s Socket) Write(p []byte) (n int, err error)

type SocketState 

type SocketState int

SocketState defines a int type. 

const (
	SocketClosed SocketState = iota
	SocketListen
	SocketSynReceived
	SocketSynSent
	SocketEstablished
	SocketFinWait1
	SocketFinWait2
	SocketClosing
	SocketTimeWait
	SocketCloseWait
	SocketLastAck
)

contains different SocketState.

func (SocketState) String 

func (ss SocketState) String() string

type State 

type State struct {
	SrcIP   net.IP
	SrcPort uint16

	DestIP   net.IP
	DestPort uint16

	ID uint32

	LastAcked uint32

	State SocketState

	// SND.UNA - send unacknowledged
	SendUnacknowledged uint32
	// SND.NXT - send next
	SendNext uint32
	// SND.WND - send window
	SendWindow uint32
	// SND.UP  - send urgent pointer
	SendUrgentPointer uint32

	// SND.WL1 - segment sequence number used for last window update
	SendWL1 uint32

	// SND.WL2 - segment acknowledgment number used for last window update
	SendWL2 uint32

	// ISS     - initial send sequence number
	InitialSendSequenceNumber uint32

	// RCV.NXT - receive next
	RecvNext uint32
	// RCV.WND - receive window
	ReceiveWindow uint16
	// RCV.UP  - receive urgent pointer
	ReceiveUrgentPointer uint32

	// IRS     - initial receive sequence number
	InitialReceiveSequenceNumber uint32
	// contains filtered or unexported fields
}

State defines a struct for holding connection data and address.

func (*State) NewSocket 

func (state *State) NewSocket(src, dst net.Addr) *Socket

NewSocket returns a new instance of Socket.

type StateTable 

type StateTable [65535]*State

StateTable defines a slice of States type.

func (*StateTable) Add 

func (st *StateTable) Add(state *State)

Add adds the state into the table.

func (*StateTable) Get 

func (st *StateTable) Get(SrcIP, DestIP net.IP, SrcPort, DestPort uint16) *State

Get will return the state for the ip, port combination

func (*StateTable) Remove 

func (st *StateTable) Remove(s *State)

type UniqueSet 

type UniqueSet struct {
	// contains filtered or unexported fields
}

UniqueSet defines a type to create a unique set of values.

func NewUniqueSet 

func NewUniqueSet(fn equalFn) *UniqueSet

NewUniqueSet returns a new instance of UniqueSet.

func (*UniqueSet) Add 

func (us *UniqueSet) Add(item interface{}) interface{}

Add adds the given item into the set if it not yet included.

func (*UniqueSet) Count 

func (us *UniqueSet) Count() int

Count returns count of all elements.

func (*UniqueSet) Each 

func (us *UniqueSet) Each(fn func(int, interface{}))

Each runs the function against all items in set.

func (*UniqueSet) Find 

func (us *UniqueSet) Find(fn func(interface{}) bool) interface{}

Find runs the function against all items in set.

func (*UniqueSet) Remove 

func (us *UniqueSet) Remove(item interface{})

Remove removes the item from the interal set.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.