l9format

package module
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2020 License: MIT Imports: 8 Imported by: 61

README

l9format

l9format is a schema declaration targeted at interoperability between network recon tools used at LeakIX.

Golang

This repository includes the Golang headers used as library in our components.

Other languages

Check l9event.json can be used to derive classes for your favorite language ( python, php ect)

Documentation

Index

Constants

View Source
const SEVERITY_CRITICAL = "critical"
View Source
const SEVERITY_HIGH = "high"
View Source
const SEVERITY_INFO = "info"
View Source
const SEVERITY_LOW = "low"
View Source
const SEVERITY_MEDIUM = "medium"
View Source
const STAGE_EXFILTRATE = "exfiltrate"
View Source
const STAGE_EXPLORE = "explore"
View Source
const STAGE_OPEN = "open"

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate

type Certificate struct {
	CommonName  string    `json:"cn"`
	Domains     []string  `json:"domain"`
	Fingerprint string    `json:"fingerprint"`
	KeyAlgo     string    `json:"key_algo"`
	KeySize     int       `json:"key_size"`
	IssuerName  string    `json:"issuer_name"`
	NotBefore   time.Time `json:"not_before"`
	NotAfter    time.Time `json:"not_after"`
	Valid       bool      `json:"valid"`
}

type DatasetSummary

type DatasetSummary struct {
	Rows        int64    `json:"rows"`
	Files       int64    `json:"files"`
	Size        int64    `json:"size"`
	Collections int64    `json:"collections"`
	Infected    bool     `json:"infected"`
	RansomNotes []string `json:"ransom_notes"`
}

type L9Event

type L9Event struct {
	EventType     string         `json:"event_type"`
	EventSource   string         `json:"event_source"`
	EventPipeline []string       `json:"event_pipeline"`
	Ip            string         `json:"ip"`
	Host          string         `json:"host"`
	Port          string         `json:"port"`
	Transports    []string       `json:"transport"`
	Protocol      string         `json:"protocol"`
	Http          L9HttpEvent    `json:"http"`
	Summary       string         `json:"summary"`
	Time          time.Time      `json:"time"`
	SSL           L9SSLEvent     `json:"ssl"`
	Service       L9ServiceEvent `json:"service"`
	Leak          L9LeakEvent    `json:"leak"`
}

func (*L9Event) AddSource

func (event *L9Event) AddSource(source string)

func (*L9Event) HasSource

func (event *L9Event) HasSource(source string) bool

func (*L9Event) HasTransport

func (event *L9Event) HasTransport(transport string) bool

func (*L9Event) MatchServicePlugin

func (event *L9Event) MatchServicePlugin(plugin ServicePluginInterface) bool

func (*L9Event) RemoveTransport

func (event *L9Event) RemoveTransport(transportCheck string)

type L9HttpEvent

type L9HttpEvent struct {
	Root        string            `json:"root"`
	Url         string            `json:"url"`
	Status      int               `json:"status"`
	Length      int64             `json:"length"`
	Headers     map[string]string `json:"header"`
	Title       string            `json:"title"`
	FaviconHash string            `json:"favicon_hash"`
}

type L9LeakEvent

type L9LeakEvent struct {
	Stage    string         `json:"stage"`
	Type     string         `json:"type"`
	Data     string         `json:"data"`
	Severity string         `json:"severity"`
	Dataset  DatasetSummary `json:"dataset"`
}

type L9SSLEvent

type L9SSLEvent struct {
	Detected    bool        `json:"detected"`
	Enabled     bool        `json:"enabled"`
	JARM        string      `json:"jarm"`
	CypherSuite string      `json:"cypher_suite"`
	Version     string      `json:"version"`
	Certificate Certificate `json:"certificate"`
}

type L9ServiceEvent

type L9ServiceEvent struct {
	Credentials ServiceCredentials `json:"credentials"`
	Software    Software           `json:"software"`
}

type ServiceCredentials

type ServiceCredentials struct {
	NoAuth   bool   `json:"noauth"`
	Username string `json:"username"`
	Password string `json:"password"`
	Key      string `json:"key"`
	Raw      []byte `json:"raw"`
}

type ServicePluginBase

type ServicePluginBase struct {
}

func (ServicePluginBase) DialContext

func (plugin ServicePluginBase) DialContext(ctx context.Context, network string, addr string) (conn net.Conn, err error)

func (ServicePluginBase) GetHttpClient

func (plugin ServicePluginBase) GetHttpClient(ctx context.Context, ip string, port string) *http.Client

func (ServicePluginBase) GetL9NetworkConnection

func (plugin ServicePluginBase) GetL9NetworkConnection(event *L9Event) (conn net.Conn, err error)

func (ServicePluginBase) GetNetworkConnection

func (plugin ServicePluginBase) GetNetworkConnection(network string, addr string) (conn net.Conn, err error)

type ServicePluginInterface

type ServicePluginInterface interface {
	GetVersion() (int, int, int)
	GetProtocols() []string
	GetName() string
	GetStage() string
	Run(ctx context.Context, event *L9Event, options map[string]string) (leak L9LeakEvent, hasLeak bool)
}

type Software

type Software struct {
	Name            string           `json:"name"`
	Version         string           `json:"version"`
	OperatingSystem string           `json:"os"`
	Modules         []SoftwareModule `json:"modules"`
	Fingerprint     string           `json:"fingerprint"`
}

type SoftwareModule

type SoftwareModule struct {
	Name        string `json:"name"`
	Version     string `json:"version"`
	Fingerprint string `json:"fingerprint"`
}

Directories

Path Synopsis
cmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL