software

package
v0.6.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 30, 2022 License: BSD-3-Clause, GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// UserAgentCache contains parsed user agents at runtime.
	UserAgentCache = make(map[string]*userAgent)

	// RegexGenericVersion is a regular expression for anything that could be a product / version indicator.
	RegexGenericVersion = regexp.MustCompile(`(?m)(?:^)(.*?)(\d+)\.(\d+)\.(\d+)(.*?)(?:$)`)
)
View Source
var (
	// Store SoftwareStore hold all connections.
	Store = &atomicSoftwareMap{
		Items: make(map[string]*AtomicSoftware),
	}

	// UserAgentParserMutex ensures atomic access to the user agent parser.
	UserAgentParserMutex sync.Mutex

	// HashDBMap contains HASSH digests mapped to software products at runtime.
	HashDBMap map[string][]sshSoftware
)
View Source
var CMSCookies = make(map[string]struct{})

CMSCookies contains the names of identifying cookies for CMSs and frontend frameworks nolint

View Source
var CMSHeaders = make(map[string]struct{})

CMSHeaders cmsHeadersList is the list of identifying headers for Content Management Systems and Web Servers. the header names will be loaded from the CMS JSON db this map is populated once at init and not supposed to change during runtime so it is safe for concurrent access. nolint

View Source
var Decoder = &decoder.AbstractDecoder{
	Type:        types.Type_NC_Software,
	Name:        "Software",
	Description: "A software product that was observed on the network",
	PostInit: func(d *decoder.AbstractDecoder) error {
		var err error
		softwareLog, _, err = logger.InitZapLogger(
			decoderconfig.Instance.Out,
			"software",
			decoderconfig.Instance.Debug,
		)
		if err != nil {
			return err
		}

		if errInitUAParser != nil {
			return errInitUAParser
		}

		data, err := ioutil.ReadFile(filepath.Join(resolvers.DataBaseFolderPath, "ja_3_3s.json"))
		if err != nil {
			return err
		}

		err = json.Unmarshal(data, &ja3db.Servers)
		if err != nil {
			return err
		}

		data, err = ioutil.ReadFile(filepath.Join(resolvers.DataBaseFolderPath, "hasshdb.json"))
		if err != nil {
			return err
		}

		err = json.Unmarshal(data, &hasshDB)
		if err != nil {
			return err
		}

		HashDBMap = make(map[string][]sshSoftware)

		for _, v := range hasshDB {
			HashDBMap[v.Hash] = v.Software
		}

		softwareLog.Info("loaded HASSH digests", zap.Int("total", len(HashDBMap)))

		err = loadCmsDB()
		if err != nil {
			return errors.Wrap(err, "failed to load CMS database")
		}

		softwareLog.Info("loaded CMS db", zap.Int("total", len(cmsDB)))

		indexName := filepath.Join(resolvers.DataBaseFolderPath, db.VulnerabilityDBName)
		db.VulnerabilitiesIndex, err = db.OpenBleve(indexName)
		if err != nil {

			db.VulnerabilitiesIndex = nil

			return errors.Wrap(err, "failed to open vulnerability bleve index at: "+indexName)
		}

		softwareLog.Info("loaded Ja3/ja3S database", zap.Int("total_records", len(ja3db.Servers)))

		return nil
	},
	DeInit: func(e *decoder.AbstractDecoder) error {

		// flush writer
		var err error
		for _, item := range Store.Items {
			item.Lock()
			err = e.Writer.Write(item.Software)
			if err != nil {
				softwareLog.Error("failed to flush software audit record", zap.Error(err))
			}

			atomic.AddInt64(&e.NumRecordsWritten, 1)
			item.Unlock()
		}

		db.CloseBleve(db.VulnerabilitiesIndex)

		return softwareLog.Sync()
	},
}

Decoder for protocol analysis and writing audit records to disk.

Functions

func ParseUserAgent

func ParseUserAgent(ua string) *userAgent

ParseUserAgent processes a raw user agent string and returned a structured instance.

func WriteSoftware

func WriteSoftware(software []*AtomicSoftware, update func(s *AtomicSoftware))

WriteSoftware can be used to write software to the software audit record writer.

Types

type AtomicSoftware

type AtomicSoftware struct {
	sync.Mutex
	*types.Software
}

AtomicSoftware wraps a types.Software to provide atomic access.

func WhatSoftwareHTTP

func WhatSoftwareHTTP(flowIdent string, h *types.HTTP) (s []*AtomicSoftware)

WhatSoftwareHTTP TODO: pass in the device profile.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL