detect

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 25, 2024 License: GPL-3.0 Imports: 28 Imported by: 0

README

入侵检测分析模块

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Compiler *yara.Compiler
View Source 
var Err error
View Source 
var FileErr error
View Source 
var FileExcelErr error

Functions

func GetBaseInfo 

func GetBaseInfo() string

func GetCronTab 

func GetCronTab() []string

func RemoveRepeatedElement 

func RemoveRepeatedElement(arr []string) (newArr []string)

func SaveSummaryBaseInfo 

func SaveSummaryBaseInfo()

Types

type AutoRuns 

type AutoRuns struct {
	AutoRuns []*autoruns.Autorun
}

func GetAutorun 

func GetAutorun() *AutoRuns

type AutorunOptions 

type AutorunOptions struct {
	internal.BaseOption
}
var AutorunOption *AutorunOptions

func NewDetectPluginAutorun 

func NewDetectPluginAutorun() *AutorunOptions

func (*AutorunOptions) Action 

func (autorun *AutorunOptions) Action(_ *cli.Context) error

func (*AutorunOptions) InitCommand 

func (autorun *AutorunOptions) InitCommand() []*cli.Command

type CheckOptions 

type CheckOptions struct {
	internal.BaseOption
}
var CheckOption *CheckOptions

func NewDetectPluginCheck 

func NewDetectPluginCheck() *CheckOptions

func (*CheckOptions) Action 

func (check *CheckOptions) Action(c *cli.Context) error

func (*CheckOptions) InitCommand 

func (check *CheckOptions) InitCommand() []*cli.Command

type FileResult 

type FileResult struct {
	Risk     string
	RiskPath string
}

type HostOptions 

type HostOptions struct {
	internal.BaseOption
}
var HostOption *HostOptions

func NewDetectPluginHost 

func NewDetectPluginHost() *HostOptions

func (*HostOptions) Action 

func (hostOption *HostOptions) Action(c *cli.Context) error

func (*HostOptions) InitCommand 

func (hostOption *HostOptions) InitCommand() []*cli.Command

type NetworkOptions 

type NetworkOptions struct {
	internal.BaseOption
}
var NetworkOption *NetworkOptions

func NewDetectPluginNetwork 

func NewDetectPluginNetwork() *NetworkOptions

func (*NetworkOptions) Action 

func (network *NetworkOptions) Action(_ *cli.Context) error

func (*NetworkOptions) InitCommand 

func (network *NetworkOptions) InitCommand() []*cli.Command

type Process 

type Process struct {
	Process []*process.Process
}

type PsWithCpu added in v1.3.0 

type PsWithCpu struct {
	// contains filtered or unexported fields
}

type Result 

type Result struct {
	Risk     string
	RiskPath string
}

type SummaryOptions 

type SummaryOptions struct {
	internal.BaseOption
}
var SummaryOption *SummaryOptions

func NewDetectPluginSummary 

func NewDetectPluginSummary() *SummaryOptions

func (*SummaryOptions) Action 

func (summary *SummaryOptions) Action(c *cli.Context) error

func (*SummaryOptions) InitCommand 

func (summary *SummaryOptions) InitCommand() []*cli.Command

type TaskOptions 

type TaskOptions struct {
	internal.BaseOption
}
var TaskOption *TaskOptions

func NewDetectPluginTask 

func NewDetectPluginTask() *TaskOptions

func (*TaskOptions) Action 

func (task *TaskOptions) Action(c *cli.Context) error

func (*TaskOptions) InitCommand 

func (task *TaskOptions) InitCommand() []*cli.Command

type TopOptions 

type TopOptions struct {
	internal.BaseOption
}
var TopOption *TopOptions

func NewPluginWindowsTop 

func NewPluginWindowsTop() *TopOptions

func (*TopOptions) Action 

func (top *TopOptions) Action(c *cli.Context) error

func (*TopOptions) InitCommand 

func (top *TopOptions) InitCommand() []*cli.Command

type UserOptions 

type UserOptions struct {
	internal.BaseOption
}
var UserOption *UserOptions

func NewDetectPluginUser 

func NewDetectPluginUser() *UserOptions

func (*UserOptions) Action 

func (userOption *UserOptions) Action(c *cli.Context) error

func (*UserOptions) InitCommand 

func (userOption *UserOptions) InitCommand() []*cli.Command

type YaraFileScanOptions 

type YaraFileScanOptions struct {
	// 指定要扫描的文件夹
	Path string
	// 自定义rule
	RulePath string
	// yara规则
	Rules *yara.Rules
	// yara规则是否获取到
	RulesErr error
	// 线程
	Thread int
	// 超时时间
	Timeout time.Duration
	// 输出excel
	EnableExcel bool
	// 排除目录
	ExcludeDir cli.StringSlice
	internal.BaseOption
}
var YaraFileScanOption *YaraFileScanOptions

func NewDetectPluginYaraFileScan 

func NewDetectPluginYaraFileScan() *YaraFileScanOptions

func (*YaraFileScanOptions) Action 

func (scan *YaraFileScanOptions) Action(c *cli.Context) error

func (*YaraFileScanOptions) InitCommand 

func (scan *YaraFileScanOptions) InitCommand() []*cli.Command

func (*YaraFileScanOptions) LoadYaraRule added in v1.3.1 

func (scan *YaraFileScanOptions) LoadYaraRule(ruleFs fs.FS)

type YaraProcessScanOptions 

type YaraProcessScanOptions struct {
	// 要扫描的pid
	Pid int
	// 自定义rule
	RulePath string
	// yara规则
	Rules *yara.Rules
	// yara规则是否获取到
	RulesErr error
	// 线程
	Thread int
	internal.BaseOption
}
var YaraProcessScanOption *YaraProcessScanOptions

func NewDetectPluginYaraScan 

func NewDetectPluginYaraScan() *YaraProcessScanOptions

func (*YaraProcessScanOptions) Action 

func (scan *YaraProcessScanOptions) Action(c *cli.Context) error

func (*YaraProcessScanOptions) InitCommand 

func (scan *YaraProcessScanOptions) InitCommand() []*cli.Command

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.