l9format

package module
v1.0.0-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 23, 2021 License: MIT Imports: 13 Imported by: 61

README

l9format

l9format is a schema declaration targeted at interoperability between network recon tools used at LeakIX.

Golang

This repository includes the Golang headers used as library in our components.

Other languages

Check l9event.json can be used to derive classes for your favorite language ( python, php ect)

Documentation

Index

Constants

View Source
const SEVERITY_CRITICAL = "critical"
View Source
const SEVERITY_HIGH = "high"
View Source
const SEVERITY_INFO = "info"
View Source
const SEVERITY_LOW = "low"
View Source
const SEVERITY_MEDIUM = "medium"
View Source
const STAGE_EXFILTRATE = "exfiltrate"
View Source
const STAGE_EXPLORE = "explore"
View Source
const STAGE_OPEN = "open"

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate

type Certificate struct {
	CommonName  string    `json:"cn"`
	Domains     []string  `json:"domain"`
	Fingerprint string    `json:"fingerprint"`
	KeyAlgo     string    `json:"key_algo"`
	KeySize     int       `json:"key_size"`
	IssuerName  string    `json:"issuer_name"`
	NotBefore   time.Time `json:"not_before"`
	NotAfter    time.Time `json:"not_after"`
	Valid       bool      `json:"valid"`
}

type DatasetSummary

type DatasetSummary struct {
	Rows        int64    `json:"rows"`
	Files       int64    `json:"files"`
	Size        int64    `json:"size"`
	Collections int64    `json:"collections"`
	Infected    bool     `json:"infected"`
	RansomNotes []string `json:"ransom_notes"`
}

type GeoLocation added in v0.9.0

type GeoLocation struct {
	ContinentName  string   `json:"continent_name"`
	RegionISOCode  string   `json:"region_iso_code"`
	CityName       string   `json:"city_name"`
	CountryISOCode string   `json:"country_iso_code"`
	CountryName    string   `json:"country_name"`
	RegionName     string   `json:"region_name"`
	GeoPoint       GeoPoint `json:"location"`
}

type GeoPoint added in v0.9.0

type GeoPoint struct {
	Latitude  float64 `json:"lat"`
	Longitude float64 `json:"lon"`
}

type L9Event

type L9Event struct {
	EventType        string         `json:"event_type"`
	EventSource      string         `json:"event_source"`
	EventPipeline    []string       `json:"event_pipeline"`
	EventFingerprint string         `json:"event_fingerprint"`
	Ip               string         `json:"ip"`
	Host             string         `json:"host"`
	Reverse          string         `json:"reverse"`
	Port             string         `json:"port"`
	Mac              string         `json:"mac"`
	Vendor           string         `json:"vendor"`
	Transports       []string       `json:"transport"`
	Protocol         string         `json:"protocol"`
	Http             L9HttpEvent    `json:"http"`
	Summary          string         `json:"summary"`
	Time             time.Time      `json:"time"`
	SSL              L9SSLEvent     `json:"ssl"`
	SSH              L9SSHEvent     `json:"ssh"`
	Service          L9ServiceEvent `json:"service"`
	Leak             L9LeakEvent    `json:"leak"`
	Tags             []string       `json:"tags"`
	GeoIp            GeoLocation    `json:"geoip"`
	Network          Network        `json:"network"`
}

func (*L9Event) AddSource

func (event *L9Event) AddSource(source string)

func (*L9Event) AddTag added in v0.8.3

func (event *L9Event) AddTag(tag string)

func (*L9Event) HasSource

func (event *L9Event) HasSource(source string) bool

func (*L9Event) HasTag added in v0.8.3

func (event *L9Event) HasTag(tag string) bool

func (*L9Event) HasTransport

func (event *L9Event) HasTransport(transport string) bool

func (*L9Event) MatchServicePlugin

func (event *L9Event) MatchServicePlugin(plugin ServicePluginInterface) bool

func (*L9Event) RemoveTransport

func (event *L9Event) RemoveTransport(transportCheck string)

func (*L9Event) UpdateFingerprint added in v1.0.0

func (event *L9Event) UpdateFingerprint() error

func (*L9Event) Url added in v0.8.0

func (event *L9Event) Url() string

type L9HttpEvent

type L9HttpEvent struct {
	Root        string            `json:"root"`
	Url         string            `json:"url"`
	Status      int               `json:"status"`
	Length      int64             `json:"length"`
	Headers     map[string]string `json:"header"`
	Title       string            `json:"title"`
	FaviconHash string            `json:"favicon_hash"`
}

type L9LeakEvent

type L9LeakEvent struct {
	Stage    string         `json:"stage"`
	Type     string         `json:"type"`
	Severity string         `json:"severity"`
	Dataset  DatasetSummary `json:"dataset"`
}

type L9SSHEvent added in v0.8.1

type L9SSHEvent struct {
	Fingerprint string `json:"fingerprint"`
	Version     int    `json:"version"`
	Banner      string `json:"banner"`
	Motd        string `json:"motd"`
}

type L9SSLEvent

type L9SSLEvent struct {
	Detected    bool        `json:"detected"`
	Enabled     bool        `json:"enabled"`
	JARM        string      `json:"jarm"`
	CypherSuite string      `json:"cypher_suite"`
	Version     string      `json:"version"`
	Certificate Certificate `json:"certificate"`
}

type L9ServiceEvent

type L9ServiceEvent struct {
	Credentials ServiceCredentials `json:"credentials"`
	Software    Software           `json:"software"`
}

type Network added in v0.9.0

type Network struct {
	OrganisationName string `json:"organization_name"`
	ASN              int    `json:"asn"`
	NetworkCIDR      string `json:"network"`
}

type ServiceCredentials

type ServiceCredentials struct {
	NoAuth   bool   `json:"noauth"`
	Username string `json:"username"`
	Password string `json:"password"`
	Key      string `json:"key"`
	Raw      []byte `json:"raw"`
}

type ServicePluginBase

type ServicePluginBase struct {
}

func (ServicePluginBase) DialContext

func (plugin ServicePluginBase) DialContext(ctx context.Context, network string, addr string) (conn net.Conn, err error)

func (ServicePluginBase) GetHttpClient

func (plugin ServicePluginBase) GetHttpClient(ctx context.Context, ip string, port string) *http.Client

func (ServicePluginBase) GetL9NetworkConnection

func (plugin ServicePluginBase) GetL9NetworkConnection(event *L9Event) (conn net.Conn, err error)

func (ServicePluginBase) GetNetworkConnection

func (plugin ServicePluginBase) GetNetworkConnection(network string, addr string) (conn net.Conn, err error)

type ServicePluginInterface

type ServicePluginInterface interface {
	GetVersion() (int, int, int)
	GetProtocols() []string
	GetName() string
	GetStage() string
	Run(ctx context.Context, event *L9Event, options map[string]string) (hasLeak bool)
}

type Software

type Software struct {
	Name            string           `json:"name"`
	Version         string           `json:"version"`
	OperatingSystem string           `json:"os"`
	Modules         []SoftwareModule `json:"modules"`
	Fingerprint     string           `json:"fingerprint"`
}

type SoftwareModule

type SoftwareModule struct {
	Name        string `json:"name"`
	Version     string `json:"version"`
	Fingerprint string `json:"fingerprint"`
}

type WebPluginInterface added in v0.8.0

type WebPluginInterface interface {
	GetVersion() (int, int, int)
	GetRequests() []WebPluginRequest
	GetName() string
	GetStage() string
	Verify(request WebPluginRequest, response WebPluginResponse, event *L9Event, options map[string]string) (hasLeak bool)
}

type WebPluginRequest added in v0.8.0

type WebPluginRequest struct {
	Method  string
	Path    string
	Headers map[string]string
	Body    []byte
	// contains filtered or unexported fields
}

func (*WebPluginRequest) Equal added in v0.8.0

func (request *WebPluginRequest) Equal(testRequest WebPluginRequest) bool

func (*WebPluginRequest) EqualAny added in v1.0.0

func (request *WebPluginRequest) EqualAny(testRequests []WebPluginRequest) bool

func (*WebPluginRequest) GetHash added in v0.8.0

func (request *WebPluginRequest) GetHash() string

type WebPluginResponse added in v0.8.0

type WebPluginResponse struct {
	Response *http.Response
	Body     []byte
	Document *goquery.Document
}

func (*WebPluginResponse) GetHash added in v0.8.0

func (resp *WebPluginResponse) GetHash() string

Directories

Path Synopsis
cmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL