yakcmds

package
v1.2.8-sp1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2023 License: AGPL-3.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ChaosMakerCommand = cli.Command{
	Name:    "chaosmaker",
	Aliases: []string{"chaos"},
	Usage:   `Chaos Maker is designed to generate chaos traffic for testing`,
	Flags: []cli.Flag{
		cli.StringFlag{
			Name: "search",
		},
		cli.StringFlag{
			Name: "remote-addr",
		},
	},
	Action: func(c *cli.Context) error {
		maker := chaosmaker.NewChaosMaker()
		for chaosRule := range chaosmaker.YieldRulesByKeywords(c.String("search")) {
			maker.FeedRule(chaosRule)
		}
		for trafficBytes := range maker.GenerateWithRule() {
			_, ipLayer, tcpLayer, payloads, err := pcapx.ParseEthernetLinkLayer(trafficBytes.Raw)
			if err != nil {
				fmt.Println(string(payloads.Payload()))
				log.Infof("parse traffic failed: %v", err)
				continue
			}
			_ = ipLayer
			_ = tcpLayer
			_ = payloads
		}
		return nil
	},
}
View Source
var PassiveCommands = cli.Command{
	Name:      "passive-scan",
	ShortName: "passive",
	Aliases: []string{
		"webscan",
	},
	Usage:       "yak passive-scan [options]",
	Description: "Passive Proxy(MITM) Scan.",
	Flags: []cli.Flag{
		cli.StringFlag{
			Name:  "listen",
			Value: "0.0.0.0:8084",
			Usage: "MITM on which addr:port?",
		},
	},
	Action: func(c *cli.Context) error {

		return nil
	},
}
View Source
var PcapCommand = cli.Command{
	Name:  "pcap",
	Usage: "Sniff network traffic and output to stdout",
	Flags: []cli.Flag{
		cli.BoolFlag{
			Name:  "l,list-devices",
			Usage: `List available devices`,
		},
		cli.StringFlag{
			Name:  "device,d",
			Usage: "网卡(可选多个,使用逗号分隔)",
		},
		cli.StringFlag{
			Name:  "input",
			Usage: "pcap文件路径",
		},
		cli.StringFlag{
			Name:  "output",
			Usage: "过滤后的流量导出路径",
		},
		cli.BoolFlag{
			Name:  "v",
			Usage: "输出详细信息",
		},
		cli.StringFlag{
			Name:  "suricata",
			Usage: "suricata规则文件路径",
		},
		cli.StringFlag{
			Name:  "suricata-rule-keyword,k",
			Usage: `suricata规则关键字,可选多个,使用逗号分隔`,
		},
	},
	Action: func(c *cli.Context) error {
		if c.Bool("list-devices") {
			ifaces, err := pcap.FindAllDevs()
			if err != nil {
				return err
			}
			for _, i := range ifaces {
				fmt.Printf("%s (%s)\n", i.Name, i.Description)
				for _, addr := range i.Addresses {
					fmt.Printf("  %s\n", addr.IP)
				}
			}
			return nil
		}

		var opts []pcaputil.CaptureOption
		if c.Bool("v") {
			opts = append(opts, pcaputil.WithDebug(true))
		}
		if device := c.String("device"); device != "" {
			opts = append(opts, pcaputil.WithDevice(strings.Split(device, ",")...))
		}
		if input := c.String("input"); input != "" {
			opts = append(opts, pcaputil.WithFile(input))
		}
		if output := c.String("output"); output != "" {
			opts = append(opts, pcaputil.WithOutput(output))
		}
		if suricata := c.String("suricata"); suricata != "" {

		}

		var group *match.Group
		if skw := c.String("suricata-rule-keyword"); skw != "" {
			group = match.NewGroup(
				match.WithGroupOnMatchedCallback(func(packet gopacket.Packet, match *rule.Rule) {
					log.Infof("matched rule: %s", match.Message)
				}))
			err := group.LoadRulesWithQuery(skw)
			if err != nil {
				return err
			}
			defer group.Wait()
		}
		mng := yakit.NewTrafficStorageManager(consts.GetGormProjectDatabase())

		opts = append(
			opts,
			pcaputil.WithEveryPacket(func(packet gopacket.Packet) {
				err := mng.SaveRawPacket(packet)
				if err != nil {
					log.Errorf("save traffic failed: %s", err)
				}
			}),
			pcaputil.WithTLSClientHello(func(flow *pcaputil.TrafficFlow, hello *tlsutils.HandshakeClientHello) {
				if group == nil {
					log.Infof("%v SNI: %v", flow.String(), hello.SNI())
					return
				}
			}),
			pcaputil.WithOnTrafficFlowCreated(func(flow *pcaputil.TrafficFlow) {
				err := mng.CreateTCPReassembledFlow(flow)
				if err != nil {
					log.Errorf("create flow failed: %s", err)
				}
			}),
			pcaputil.WithOnTrafficFlowOnDataFrameReassembled(func(flow *pcaputil.TrafficFlow, conn *pcaputil.TrafficConnection, frame *pcaputil.TrafficFrame) {
				err := mng.SaveTCPReassembledFrame(flow, frame)
				if err != nil {
					log.Errorf("save frame failed: %s", err)
				}
			}),
			pcaputil.WithOnTrafficFlowClosed(func(reason pcaputil.TrafficFlowCloseReason, flow *pcaputil.TrafficFlow) {
				var err error
				switch reason {
				case pcaputil.TrafficFlowCloseReason_INACTIVE:
					err = mng.CloseTCPFlow(flow, false)
				case pcaputil.TrafficFlowCloseReason_FIN:
					err = mng.CloseTCPFlow(flow, false)
				case pcaputil.TrafficFlowCloseReason_RST:
					err = mng.CloseTCPFlow(flow, true)
				}
				if err != nil {
					log.Errorf("close flow failed: %s", err)
				}
			}),
			pcaputil.WithHTTPFlow(func(flow *pcaputil.TrafficFlow, req *http.Request, rsp *http.Response) {
				if req == nil {
					return
				}

				if group == nil {
					reqBytes, _ := utils.DumpHTTPRequest(req, true)
					fmt.Println(string(reqBytes))
					fmt.Println("-----------------------------------------")
					rspBytes, _ := utils.DumpHTTPResponse(rsp, true)
					fmt.Println(string(rspBytes))
					fmt.Println("-----------------------------------------")

					var urlStr string
					urlIns, _ := lowhttp.ExtractURLFromHTTPRequestRaw(reqBytes, false)
					if urlIns != nil {
						urlStr = urlIns.String()
					}
					yakit.SaveFromHTTPFromRaw(consts.GetGormProjectDatabase(), false, reqBytes, rspBytes, "pcap", urlStr, "")
					return
				}
				reqBytes, _ := utils.DumpHTTPRequest(req, true)
				rspBytes, _ := utils.DumpHTTPResponse(rsp, true)
				group.FeedHTTPFlowBytes(reqBytes, rspBytes)
			}),
		)
		return pcaputil.Start(opts...)
	},
}
View Source
var SuricataLoaderCommand = cli.Command{
	Name:  "suricata",
	Usage: "Load suricata rules to database",
	Flags: []cli.Flag{
		cli.StringFlag{
			Name:  "rule-file,i",
			Usage: `load suricata`,
		},
		cli.StringFlag{
			Name: "domain",
		},
	},
	Action: func(c *cli.Context) error {
		domain := c.String("domain")
		if domain != "" {
			domainRule := strings.Trim(strconv.Quote(domain), ` "'`+"`")
			rule := `alert http any any -> any any (msg:"Domain Fetch: ` + domainRule + `"; content:"` + domainRule + `"; http_header; sid:1; rev:1;)`
			log.Infof("generate suricata rule: %s", rule)
			err := chaosmaker.LoadSuricataToDatabase(rule)
			if err != nil {
				return err
			}
		}

		if c.String("rule-file") != "" {
			raw, err := os.ReadFile(c.String("rule-file"))
			if err != nil {
				return err
			}
			log.Infof("start to load suricata rule: %s", c.String("rule-file"))
			err = chaosmaker.LoadSuricataToDatabase(string(raw))
			if err != nil {
				return err
			}
		}
		return nil
	},
}

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL