Documentation
¶
Index ¶
- Constants
- Variables
- func GeneratePalmRpcBySchema(schema *PalmRpcApiSchema) ([]byte, error)
- func GeneratePalmRpcByYaml(raw []byte) ([]byte, error)
- func GetCliBasicConfig(idPrefix string) []cli.Flag
- func GetNodeBaseNotificationPushRoutingKeyByNodeId(nodeId string, key string) string
- func GetNodeBaseNotificationQueueByNodeId(id string) string
- func GetNodeBaseNotificationRoutingKeyByNodeId(id string) string
- func GetScanFingerprintQueueNameByNodeId(nodeId string) string
- func GetScanFingerprintRoutingKeyByNodeId(nodeId string) string
- func GetScanPortQueueNameByNodeId(nodeId string) string
- func GetScanPortRoutingKeyByNodeId(nodeId string) string
- func GetScriptRuntimeMessageKey(nodeId, taskId string) string
- func GetServerPushKey(nodeId string, key ServerPushKey) string
- func JenGeneratePalmRpcBySchema(schema *PalmRpcApiSchema) ([]byte, error)
- func JenGeneratePalmRpcByYaml(raw []byte) ([]byte, error)
- func ParseServerPushKey(r string) string
- func UnmarshalRPC_APIResponse(apiName string, response []byte) (interface{}, error)
- type AMQPConfig
- type ArgSchema
- type AuditLogConfig
- type Message
- type MessageType
- type ModelSchema
- type NodeRegisterRequest
- type NodeRegisterResponse
- type NodeType
- type NodeUnregisterRequest
- type NodeUnregisterResponse
- type PalmRpcApiSchema
- type PortFingerprint
- type PortState
- type PortStateType
- type PostgresDBConfig
- type RpcApi
- type ScanFingerprintTask
- type ScanPortTask
- type ScanResult
- type ScanResultType
- type ScriptRuntimeMessage
- type ScriptRuntimeMessageType
- type ScriptTask
- type ServerPushKey
Constants ¶
View Source
const ( // 服务器的节点 ID 常量 ServerNodeId = "palm-server" LogAgentNodeId = "log-agent" // RPC Exchange 一定是 Direct CommonRPCExchange = "palm-rpc" // 服务器推送数据的交换机 CommonServerPushExchange = "palm-push" CommonServerPushDefaultKey = "palm.nodebase.notification" // 服务器推送数据到交换机的 Key ServerPush_ScriptTask ServerPushKey = "script-task" ScanPortExchange = "palm-scan-port-task" ScanFingerprintExchange = ScanPortExchange // scan port CommonScanPortQueue = "palm-scan-port" CommonScanPortTaskKey = "palm.stream.task.scan-port" CommonScanPortResultKey = "palm.stream.result.scan-port" CommonScanFingerprintQueue = "palm-scan-fingerprint" CommonScanFingerprintTaskKey = "palm.stream.task.scan-fingerprint" CommonScanFingerprintResultKey = "palm.stream.result.scan-fingerprint" API_RegisterNode = "register-palm-node" API_UnregisterNode = "unregister-palm-node" BackendKey_HTTPFlow = "http-flow" BackendKey_Scanner = "scanner" BackendKey_ProcessInfo = "process" BackendKey_ProcessEvent = "process-event" BackendKey_ConnectionEvent = "connection-event" BackendKey_NetConnectInfo = "netconnect" BackendKey_Nginx = "nginx" BackendKey_Apache = "apache" BackendKey_FileChangeInfo = "filechange" BackendKey_SystemMatrix = "heartbeat" BackendKey_SSHInfo = "sshinfo" BackendKey_RequestConfig = "request_config" BackendKey_ReportHostUser = "report_host_user" BackendKey_ReportAllUserLoginOk = "report_all_user_login_ok" BackendKey_ReportAllUserLoginFail = "report_all_user_login_fail" BackendKey_ReportAllUserLoginFailFileTooLarge = "report_all_user_login_fail_file_too_large" BackendKey_Heartbeat = BackendKey_SystemMatrix BackendKey_UserLoginAttempt = "user_login_attempt" BackendKey_SoftwareVersion = "software_version" BackendKey_BootSoftware = "boot_software" BackendKey_Crontab = "crontab" BackendKey_ReverseShell = "reverse_shell" BackendKey_NodeLog = "node_log" HIDS_API_Sleep = "hids-rpc-sleep" )
Variables ¶
View Source
var ( HIDS_APIs = []string{ HIDS_API_Sleep, } )
View Source
var (
LocalTimeLocation *time.Location
)
Functions ¶
func GeneratePalmRpcBySchema ¶
func GeneratePalmRpcBySchema(schema *PalmRpcApiSchema) ([]byte, error)
func GeneratePalmRpcByYaml ¶
func GetCliBasicConfig ¶
func GetNodeBaseNotificationRoutingKeyByNodeId ¶
用于接收针对节点的服务器端通知
func GetServerPushKey ¶
func GetServerPushKey(nodeId string, key ServerPushKey) string
用于发送针对节点的服务器端通知
func JenGeneratePalmRpcBySchema ¶
func JenGeneratePalmRpcBySchema(schema *PalmRpcApiSchema) ([]byte, error)
func ParseServerPushKey ¶
Types ¶
type AMQPConfig ¶
type AMQPConfig struct {
Host string `json:"host" yaml:"host"`
Port int `json:"port" yaml:"port"`
Username string `json:"username" yaml:"username"`
Password string `json:"password" yaml:"password"`
VirtualHost string `json:"virtual_host" yaml:"virtual_host"`
}
func LoadAMQPConfigFromCliContext ¶
func LoadAMQPConfigFromCliContext(c *cli.Context) *AMQPConfig
func NewDefaultAMQPConfig ¶
func NewDefaultAMQPConfig() *AMQPConfig
func (*AMQPConfig) GetAMQPUrl ¶
func (a *AMQPConfig) GetAMQPUrl() string
type AuditLogConfig ¶
type AuditLogConfig struct {
ServerAddr string `json:"server_addr" yaml:"server_addr"`
PageSize int `json:"page_size" yaml:"page_size"`
FailReadMaxTicket int `json:"fail_read_max_ticket" yaml:"fail_read_max_ticket"`
}
func NewDefaultAuditLogConfig ¶
func NewDefaultAuditLogConfig() *AuditLogConfig
type Message ¶
type Message struct {
NodeId string `json:"node_id"`
Token string `json:"token"`
Type MessageType `json:"type"`
Timestamp int64 `json:"timestamp"`
Content json.RawMessage `json:"content"`
}
func NewScanNodeMessage ¶
func NewScanNodeMessage(id, token string, r *ScanResult) (*Message, error)
type MessageType ¶
type MessageType string
var ( MessageType_HIDS MessageType = "hids" MessageType_Scanner MessageType = "scanner" MessageType_SystemMatrix MessageType = "system—matrix" MessageType_ScriptRuntime MessageType = "script-runtime" MessageType_AuditLog MessageType = "audit-log" MessageType_MITM MessageType = "mitm" MessageType_NodeLog MessageType = "node-log" )
type ModelSchema ¶
type NodeRegisterRequest ¶
type NodeRegisterResponse ¶
type NodeUnregisterRequest ¶
type NodeUnregisterResponse ¶
type PalmRpcApiSchema ¶
type PalmRpcApiSchema struct {
PackageName string `json:"package_name" yaml:"package_name"`
Name string `json:"name" yaml:"name"`
Rpcs []*RpcApi `json:"rpcs" yaml:"rpcs"`
Models []*ModelSchema `json:"models"`
}
type PortFingerprint ¶
type PortFingerprint struct {
Host string `json:"host"`
Port int `json:"port"`
Proto fp.TransportProto `json:"proto"`
State PortStateType `json:"state"`
CPEs []string `json:"cpes"`
Banner string `json:"banner"`
ServiceName string `json:"service_name"`
}
type PortState ¶
type PortState struct {
Host string `json:"host"`
Port int `json:"port"`
Proto fp.TransportProto `json:"proto"`
State PortStateType `json:"state"`
}
type PortStateType ¶
type PortStateType string
const ( PortStateType_Unknown PortStateType = "unknown" PortStateType_Open PortStateType = "open" PortStateType_Closed PortStateType = "closed" )
type PostgresDBConfig ¶
type PostgresDBConfig struct {
DatabaseName string `json:"database_name" yaml:"database_name"`
Host string `json:"host" yaml:"host"`
Port int `json:"port" yaml:"port"`
Username string `json:"username" yaml:"username"`
Password string `json:"password" yaml:"password"`
}
func NewDefaultDatabaseConfig ¶
func NewDefaultDatabaseConfig() *PostgresDBConfig
func (*PostgresDBConfig) GetPostgresParams ¶
func (p *PostgresDBConfig) GetPostgresParams() string
type ScanFingerprintTask ¶
type ScanFingerprintTask struct {
Hosts string `json:"hosts"`
Ports string `json:"ports"`
Protos []fp.TransportProto `json:"protos"`
TimeoutSeconds int `json:"timeout_seconds"`
}
func (*ScanFingerprintTask) String ¶
func (s *ScanFingerprintTask) String() string
type ScanPortTask ¶
type ScanResult ¶
type ScanResult struct {
Type ScanResultType `json:"type"`
Content json.RawMessage `json:"content"`
// 如果这三个字段有的话,说明是分布式任务,需要额外处理一下这个内容
TaskId string `json:"task_id"`
RuntimeId string `json:"runtime_id"`
SubTaskId string `json:"sub_task_id"`
}
func NewHTTPFlowScanResult ¶
func NewScanFingerprintResult ¶
func NewScanFingerprintResult(m *fp.MatchResult) (*ScanResult, error)
func NewScanTCPOpenPortResult ¶
func NewScanTCPOpenPortResult(ip net.IP, port int, state PortStateType) (*ScanResult, error)
type ScanResultType ¶
type ScanResultType string
const ( // 只有端口开放信息 ScanResult_PortState ScanResultType = "port_state" // Fp.MatcherResult 包含指纹信息 ScanResult_Fingerprint ScanResultType = "fingerprint" // *yakit.Report 整体报告 ScanResult_Report ScanResultType = "report" // HttpFlow 的资产信息 ScanResult_HTTPFlow ScanResultType = "http-flow" // 漏洞信息,弱密码啥的也应该包含在这个里面 ScanResult_Vuln ScanResultType = "vuln" // 发现域名资产啥的 ScanResult_Domain ScanResultType = "domain" )
type ScriptRuntimeMessage ¶
type ScriptRuntimeMessage struct {
NodeID string `json:"node_id"`
TaskID string `json:"task_id"`
MessageType ScriptRuntimeMessageType `json:"message_type"`
Message string `json:"message"`
Timestamp int64 `json:"timestamp"`
}
type ScriptRuntimeMessageType ¶
type ScriptRuntimeMessageType string
const ( ScriptRuntimeMessageType_Output ScriptRuntimeMessageType = "output" ScriptRuntimeMessageType_Finished ScriptRuntimeMessageType = "finished" ScriptRuntimeMessageType_Alert ScriptRuntimeMessageType = "alert" ScriptRuntimeMessageType_Failed ScriptRuntimeMessageType = "failed" ScriptRuntimeMessageType_Log ScriptRuntimeMessageType = "log" )
type ScriptTask ¶
type ServerPushKey ¶
type ServerPushKey string
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.