spec

package
v1.3.2-sp1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2024 License: AGPL-3.0 Imports: 17 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	// 服务器的节点 ID 常量
	ServerNodeId   = "palm-server"
	LogAgentNodeId = "log-agent"

	// RPC Exchange 一定是 Direct
	CommonRPCExchange = "palm-rpc"

	// 服务器推送数据的交换机
	CommonServerPushExchange   = "palm-push"
	CommonServerPushDefaultKey = "palm.nodebase.notification"

	// 服务器推送数据到交换机的 Key
	ServerPush_ScriptTask ServerPushKey = "script-task"

	ScanPortExchange        = "palm-scan-port-task"
	ScanFingerprintExchange = ScanPortExchange

	// scan port
	CommonScanPortQueue     = "palm-scan-port"
	CommonScanPortTaskKey   = "palm.stream.task.scan-port"
	CommonScanPortResultKey = "palm.stream.result.scan-port"

	CommonScanFingerprintQueue     = "palm-scan-fingerprint"
	CommonScanFingerprintTaskKey   = "palm.stream.task.scan-fingerprint"
	CommonScanFingerprintResultKey = "palm.stream.result.scan-fingerprint"

	API_RegisterNode   = "register-palm-node"
	API_UnregisterNode = "unregister-palm-node"

	BackendKey_HTTPFlow                           = "http-flow"
	BackendKey_Scanner                            = "scanner"
	BackendKey_ProcessInfo                        = "process"
	BackendKey_ProcessEvent                       = "process-event"
	BackendKey_ConnectionEvent                    = "connection-event"
	BackendKey_NetConnectInfo                     = "netconnect"
	BackendKey_Nginx                              = "nginx"
	BackendKey_Apache                             = "apache"
	BackendKey_FileChangeInfo                     = "filechange"
	BackendKey_SystemMatrix                       = "heartbeat"
	BackendKey_SSHInfo                            = "sshinfo"
	BackendKey_RequestConfig                      = "request_config"
	BackendKey_ReportHostUser                     = "report_host_user"
	BackendKey_ReportAllUserLoginOk               = "report_all_user_login_ok"
	BackendKey_ReportAllUserLoginFail             = "report_all_user_login_fail"
	BackendKey_ReportAllUserLoginFailFileTooLarge = "report_all_user_login_fail_file_too_large"
	BackendKey_Heartbeat                          = BackendKey_SystemMatrix
	BackendKey_UserLoginAttempt                   = "user_login_attempt"
	BackendKey_SoftwareVersion                    = "software_version"
	BackendKey_BootSoftware                       = "boot_software"
	BackendKey_Crontab                            = "crontab"
	BackendKey_ReverseShell                       = "reverse_shell"
	BackendKey_NodeLog                            = "node_log"

	HIDS_API_Sleep = "hids-rpc-sleep"
)

Variables

View Source 
var (
	HIDS_APIs = []string{
		HIDS_API_Sleep,
	}
)
View Source 
var (
	LocalTimeLocation *time.Location
)

Functions

func GeneratePalmRpcBySchema 

func GeneratePalmRpcBySchema(schema *PalmRpcApiSchema) ([]byte, error)

func GeneratePalmRpcByYaml 

func GeneratePalmRpcByYaml(raw []byte) ([]byte, error)

func GetCliBasicConfig 

func GetCliBasicConfig(idPrefix string) []cli.Flag

func GetNodeBaseNotificationPushRoutingKeyByNodeId 

func GetNodeBaseNotificationPushRoutingKeyByNodeId(nodeId string, key string) string

func GetNodeBaseNotificationQueueByNodeId 

func GetNodeBaseNotificationQueueByNodeId(id string) string

func GetNodeBaseNotificationRoutingKeyByNodeId 

func GetNodeBaseNotificationRoutingKeyByNodeId(id string) string

用于接收针对节点的服务器端通知

func GetScanFingerprintQueueNameByNodeId 

func GetScanFingerprintQueueNameByNodeId(nodeId string) string

func GetScanFingerprintRoutingKeyByNodeId 

func GetScanFingerprintRoutingKeyByNodeId(nodeId string) string

func GetScanPortQueueNameByNodeId 

func GetScanPortQueueNameByNodeId(nodeId string) string

func GetScanPortRoutingKeyByNodeId 

func GetScanPortRoutingKeyByNodeId(nodeId string) string

func GetScriptRuntimeMessageKey 

func GetScriptRuntimeMessageKey(nodeId, taskId string) string

func GetServerPushKey 

func GetServerPushKey(nodeId string, key ServerPushKey) string

用于发送针对节点的服务器端通知

func JenGeneratePalmRpcBySchema 

func JenGeneratePalmRpcBySchema(schema *PalmRpcApiSchema) ([]byte, error)

func JenGeneratePalmRpcByYaml 

func JenGeneratePalmRpcByYaml(raw []byte) ([]byte, error)

func ParseServerPushKey 

func ParseServerPushKey(r string) string

func UnmarshalRPC_APIResponse 

func UnmarshalRPC_APIResponse(apiName string, response []byte) (interface{}, error)

Types

type AMQPConfig 

type AMQPConfig struct {
	Host        string `json:"host" yaml:"host"`
	Port        int    `json:"port" yaml:"port"`
	Username    string `json:"username" yaml:"username"`
	Password    string `json:"password" yaml:"password"`
	VirtualHost string `json:"virtual_host" yaml:"virtual_host"`
}

func LoadAMQPConfigFromCliContext 

func LoadAMQPConfigFromCliContext(c *cli.Context) *AMQPConfig

func NewDefaultAMQPConfig 

func NewDefaultAMQPConfig() *AMQPConfig

func (*AMQPConfig) GetAMQPUrl 

func (a *AMQPConfig) GetAMQPUrl() string

type ArgSchema 

type ArgSchema struct {
	Name string `json:"name" yaml:"name"`
	Type string `json:"type" yaml:"type"`
}

type AuditLogConfig 

type AuditLogConfig struct {
	ServerAddr        string `json:"server_addr" yaml:"server_addr"`
	PageSize          int    `json:"page_size" yaml:"page_size"`
	FailReadMaxTicket int    `json:"fail_read_max_ticket" yaml:"fail_read_max_ticket"`
}

func NewDefaultAuditLogConfig 

func NewDefaultAuditLogConfig() *AuditLogConfig

type Message 

type Message struct {
	NodeId    string      `json:"node_id"`
	Token     string      `json:"token"`
	Type      MessageType `json:"type"`
	Timestamp int64       `json:"timestamp"`

	Content json.RawMessage `json:"content"`
}

func NewScanNodeMessage 

func NewScanNodeMessage(id, token string, r *ScanResult) (*Message, error)

type MessageType 

type MessageType string
var (
	MessageType_HIDS          MessageType = "hids"
	MessageType_Scanner       MessageType = "scanner"
	MessageType_SystemMatrix  MessageType = "system—matrix"
	MessageType_ScriptRuntime MessageType = "script-runtime"
	MessageType_AuditLog      MessageType = "audit-log"
	MessageType_MITM          MessageType = "mitm"
	MessageType_NodeLog       MessageType = "node-log"
)

type ModelSchema 

type ModelSchema struct {
	Name   string       `json:"name" yaml:"name"`
	Fields []*ArgSchema `json:"fields" yaml:"fields"`
}

type NodeRegisterRequest 

type NodeRegisterRequest struct {
	NodeId    string   `json:"node_id"`
	NodeType  NodeType `json:"node_type"`
	Token     string   `json:"token"`
	Timestamp int64    `json:"timestamp"`
}

type NodeRegisterResponse 

type NodeRegisterResponse struct {
	OriginNodeId  string `json:"origin_node_id"`
	Token         string `json:"token"`
	Ok            bool   `json:"ok"`
	Reason        string `json:"reason,omitempty"`
	WebServerPort string `json:"web_server_port"`
}

type NodeType 

type NodeType string
var (
	NodeType_HIDSAgent NodeType = "hids-agent"
	NodeType_Scanner   NodeType = "scanner-agent"
	NodeType_LogAgent  NodeType = "log-agent"
	NodeType_MITMAgent NodeType = "mitm-agent"
)

type NodeUnregisterRequest 

type NodeUnregisterRequest struct {
	NodeId string `json:"node_id"`
	Token  string `json:"token"`
}

type NodeUnregisterResponse 

type NodeUnregisterResponse struct {
	Ok     bool   `json:"ok"`
	Reason string `json:"reason,omitempty"`
}

type PalmRpcApiSchema 

type PalmRpcApiSchema struct {
	PackageName string `json:"package_name" yaml:"package_name"`
	Name        string `json:"name" yaml:"name"`

	Rpcs   []*RpcApi      `json:"rpcs" yaml:"rpcs"`
	Models []*ModelSchema `json:"models"`
}

type PortFingerprint 

type PortFingerprint struct {
	Host        string            `json:"host"`
	Port        int               `json:"port"`
	Proto       fp.TransportProto `json:"proto"`
	State       PortStateType     `json:"state"`
	CPEs        []string          `json:"cpes"`
	Banner      string            `json:"banner"`
	ServiceName string            `json:"service_name"`
}

type PortState 

type PortState struct {
	Host  string            `json:"host"`
	Port  int               `json:"port"`
	Proto fp.TransportProto `json:"proto"`
	State PortStateType     `json:"state"`
}

func (*PortState) String 

func (p *PortState) String() string

type PortStateType 

type PortStateType string
const (
	PortStateType_Unknown PortStateType = "unknown"
	PortStateType_Open    PortStateType = "open"
	PortStateType_Closed  PortStateType = "closed"
)

type PostgresDBConfig 

type PostgresDBConfig struct {
	DatabaseName string `json:"database_name" yaml:"database_name"`
	Host         string `json:"host" yaml:"host"`
	Port         int    `json:"port" yaml:"port"`
	Username     string `json:"username" yaml:"username"`
	Password     string `json:"password" yaml:"password"`
}

func NewDefaultDatabaseConfig 

func NewDefaultDatabaseConfig() *PostgresDBConfig

func (*PostgresDBConfig) GetPostgresParams 

func (p *PostgresDBConfig) GetPostgresParams() string

type RpcApi 

type RpcApi struct {
	Method   string       `json:"method" yaml:"method"`
	Request  []*ArgSchema `json:"request" yaml:"request"`
	Response []*ArgSchema `json:"response" yaml:"response"`
}

type ScanFingerprintTask 

type ScanFingerprintTask struct {
	Hosts          string              `json:"hosts"`
	Ports          string              `json:"ports"`
	Protos         []fp.TransportProto `json:"protos"`
	TimeoutSeconds int                 `json:"timeout_seconds"`
}

func (*ScanFingerprintTask) String 

func (s *ScanFingerprintTask) String() string

type ScanPortTask 

type ScanPortTask struct {
	// 扫描目标
	Hosts string `json:"host"`
	Ports string `json:"port"`
}

type ScanResult 

type ScanResult struct {
	Type    ScanResultType  `json:"type"`
	Content json.RawMessage `json:"content"`

	// 如果这三个字段有的话,说明是分布式任务,需要额外处理一下这个内容
	TaskId    string `json:"task_id"`
	RuntimeId string `json:"runtime_id"`
	SubTaskId string `json:"sub_task_id"`
}

func NewHTTPFlowScanResult 

func NewHTTPFlowScanResult(isHttps bool, req *http.Request, rsp *http.Response) (*ScanResult, error)

func NewScanFingerprintResult 

func NewScanFingerprintResult(m *fp.MatchResult) (*ScanResult, error)

func NewScanTCPOpenPortResult 

func NewScanTCPOpenPortResult(ip net.IP, port int, state PortStateType) (*ScanResult, error)

type ScanResultType 

type ScanResultType string
const (
	// 只有端口开放信息
	ScanResult_PortState ScanResultType = "port_state"

	// Fp.MatcherResult 包含指纹信息
	ScanResult_Fingerprint ScanResultType = "fingerprint"

	// *yakit.Report 整体报告
	ScanResult_Report ScanResultType = "report"

	// HttpFlow 的资产信息
	ScanResult_HTTPFlow ScanResultType = "http-flow"

	// 漏洞信息,弱密码啥的也应该包含在这个里面
	ScanResult_Vuln ScanResultType = "vuln"

	// 发现域名资产啥的
	ScanResult_Domain ScanResultType = "domain"
)

type ScriptRuntimeMessage 

type ScriptRuntimeMessage struct {
	NodeID      string                   `json:"node_id"`
	TaskID      string                   `json:"task_id"`
	MessageType ScriptRuntimeMessageType `json:"message_type"`
	Message     string                   `json:"message"`
	Timestamp   int64                    `json:"timestamp"`
}

type ScriptRuntimeMessageType 

type ScriptRuntimeMessageType string
const (
	ScriptRuntimeMessageType_Output   ScriptRuntimeMessageType = "output"
	ScriptRuntimeMessageType_Finished ScriptRuntimeMessageType = "finished"
	ScriptRuntimeMessageType_Alert    ScriptRuntimeMessageType = "alert"
	ScriptRuntimeMessageType_Failed   ScriptRuntimeMessageType = "failed"
	ScriptRuntimeMessageType_Log      ScriptRuntimeMessageType = "log"
)

type ScriptTask 

type ScriptTask struct {
	ScriptName string `json:"script_name"`
	TaskID     string `json:"task_id"`
	ScriptCode string `json:"script_code"`
}

type ServerPushKey 

type ServerPushKey string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.