lsaddr

command module

v0.5.1 Latest Latest Go to latest Published: Sep 20, 2019 License: AGPL-3.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/booster-proj/lsaddr

Links

Open Source Insights

README ¶

lsaddr

Before we start

Supported OS

macOS
linux
windows (NEW 💥)

External dependencies

OS	Dep	Notes
macOS	`lsof`	(tested revision: 4.89)
macOS	`pgrep`
Linux	`lsof`
Windows	`netstat`
Windows	`tasklist`

Installation

Choose one

go get -u github.com/booster-proj/lsaddr
download the downloader script and execute it (you can also specify the version that you want to download as argument)
download your favourite release from the releases section

Big thanks to goreleaser and godownloader which made the releasing process FUN! 🤩

Usage

The idea is to easily filter the list of open network files of a specific application. The list is filtered with a regular expression: only the lines that match against it are kept, the others discarded. You can pass to lsaddr either directly the regex, or the root folder of the target app (supported only on macOS for now). Check out some examples:

Example #1

"Spotify" is used as a regular expression.

$ bin/lsaddr Spotify
COMMAND,NET,SRC,DST
Spotify,tcp,192.168.0.98:54862,104.199.64.69:4070
Spotify,tcp,*:57621,
Spotify,tcp,*:54850,
Spotify,udp,*:57621,
Spotify,udp,*:1900,
Spotify,udp,*:61152,
Spotify,udp,*:51535,
Spotify,tcp,192.168.0.98:54878,35.186.224.47:443
Spotify,tcp,192.168.0.98:54872,35.186.224.53:443

Example #2

"/Applications/Spotify.app" is used to find the application's name, then its process identifiers are used to build the regular expression.

$ bin/lsaddr /Applications/Spotify.app/
COMMAND,NET,SRC,DST
Spotify,tcp,192.168.0.98:54862,104.199.64.69:4070
Spotify,tcp,*:57621,
Spotify,tcp,*:54850,
Spotify,udp,*:57621,
Spotify,udp,*:1900,
Spotify,udp,*:61152,
Spotify,udp,*:51535,
Spotify,tcp,192.168.0.98:54878,35.186.224.47:443
Spotify,tcp,192.168.0.98:54872,35.186.224.53:443

Example #3

--debug information is printed to stderr, command's output to stdout.

$ bin/lsaddr /Applications/Spotify.app/ --debug
[lsaddr] 2019/07/12 14:29:50 app name: Spotify, path: /Applications/Spotify.app
[lsaddr] 2019/07/12 14:29:50 regexp built: "48042|48044|48045|48047"
[lsaddr] 2019/07/12 14:29:50 # of open files: 9
COMMAND,NET,SRC,DST
Spotify,tcp,192.168.0.98:54862,104.199.64.69:4070
Spotify,tcp,*:57621,
Spotify,tcp,*:54850,
Spotify,udp,*:57621,
Spotify,udp,*:1900,
Spotify,udp,*:61152,
Spotify,udp,*:51535,
Spotify,tcp,192.168.0.98:54878,35.186.224.47:443
Spotify,tcp,192.168.0.98:54872,35.186.224.53:443

Example #4

you can encode the output either in csv or as a bpf (hint: very useful for packet capturing tools).
only the unique destination addresses are taken into consideration when building the filter, ignoring the ports and without specifing if the "direction" (incoming or outgoing) that we want to filter. This is because the expected behaviour has not yet been defined.

$ bin/lsaddr /Applications/Mail.app --out=bpf
(tcp and host 192.168.0.98 and port 58100) or (tcp and host 64.233.184.108 and port 993) or (tcp and host 192.168.0.98 and port 58100) or (tcp and host 64.233.184.108 and port 993) or (tcp and host 192.168.0.98 and port 57213) or (tcp and host 10.0.0.1 and port 993) or (tcp and host 192.168.0.98 and port 57213) or (tcp and host 10.0.0.1 and port 993) or (tcp and host 192.168.0.98 and port 57214) or (tcp and host 10.0.0.1 and port 993) or (tcp and host 192.168.0.98 and port 57214) or (tcp and host 10.0.0.1 and port 993) or (tcp and host 192.168.0.98 and port 57216) or (tcp and host 17.56.136.197 and port 993) or (tcp and host 192.168.0.98 and port 57216) or (tcp and host 17.56.136.197 and port 993) or (tcp and host 192.168.0.98 and port 57217) or (tcp and host 17.56.136.197 and port 993) or (tcp and host 192.168.0.98 and port 57217) or (tcp and host 17.56.136.197 and port 993)

Example #5

At the moment on Windows you can pass the absulute path of the program you want (or straight <program>.exe) to analyze.

> lsaddr.exe "chrome.exe"
COMMAND,NET,SRC,DST
chrome.exe,tcp,10.211.55.3:50551,216.58.205.163:443
chrome.exe,tcp,10.211.55.3:50556,216.58.205.195:443
chrome.exe,tcp,10.211.55.3:50558,216.58.205.67:443
chrome.exe,tcp,10.211.55.3:50567,216.58.205.106:443
chrome.exe,udp,0.0.0.0:5353,*:*
chrome.exe,udp,0.0.0.0:5353,*:*
chrome.exe,udp,0.0.0.0:5353,*:*
chrome.exe,udp,[::]:5353,*:*
chrome.exe,udp,[::]:5353,*:*

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
bpf
cmd
csv
lookup
internal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL