utils

package module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2024 License: MIT Imports: 12 Imported by: 0

README

l9format

l9format is a schema declaration targeted at interoperability between network recon tools used at LeakIX.

Golang

This repository includes the Golang headers used as library in our components.

Other languages

Check l9event.json can be used to derive classes for your favorite language ( python, php ect)

Documentation

Index

Constants

View Source 
const (
	SEVERITY_CRITICAL string = "critical"
	SEVERITY_HIGH            = "high"
	SEVERITY_MEDIUM          = "medium"
	SEVERITY_LOW             = "low"
	SEVERITY_INFO            = "info"
)
View Source 
const (
	STAGE_OPEN       string = "open"
	STAGE_EXPLORE           = "explore"
	STAGE_EXFILTRATE        = "exfiltrate"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate 

type Certificate struct {
	CommonName  string    `json:"cn"`
	Domains     []string  `json:"domain"`
	Fingerprint string    `json:"fingerprint"`
	KeyAlgo     string    `json:"key_algo"`
	KeySize     int       `json:"key_size"`
	IssuerName  string    `json:"issuer_name"`
	NotBefore   time.Time `json:"not_before"`
	NotAfter    time.Time `json:"not_after"`
	Valid       bool      `json:"valid"`
}

type DatasetSummary 

type DatasetSummary struct {
	Rows        int64    `json:"rows"`
	Files       int64    `json:"files"`
	Size        int64    `json:"size"`
	Collections int64    `json:"collections"`
	Infected    bool     `json:"infected"`
	RansomNotes []string `json:"ransom_notes"`
}

type Event 

type Event struct {
	EventType        string       `json:"event_type"`
	EventSource      string       `json:"event_source"`
	EventPipeline    []string     `json:"event_pipeline"`
	EventFingerprint string       `json:"event_fingerprint"`
	Ip               string       `json:"ip"`
	Host             string       `json:"host"`
	Reverse          string       `json:"reverse"`
	Port             string       `json:"port"`
	Mac              string       `json:"mac"`
	Vendor           string       `json:"vendor"`
	Transports       []string     `json:"transport"`
	Protocol         string       `json:"protocol"`
	Http             HttpEvent    `json:"http"`
	Summary          string       `json:"summary"`
	Time             time.Time    `json:"time"`
	SSL              SslEvent     `json:"ssl"`
	SSH              SSHEvent     `json:"ssh"`
	Service          ServiceEvent `json:"service"`
	Leak             LeakEvent    `json:"leak"`
	Tags             []string     `json:"tags"`
	GeoIp            GeoLocation  `json:"geoip"`
	Network          Network      `json:"network"`
}

func (*Event) AddSource 

func (event *Event) AddSource(source string)

func (*Event) AddTag 

func (event *Event) AddTag(tag string)

func (*Event) HasSource 

func (event *Event) HasSource(source string) bool

func (*Event) HasTag 

func (event *Event) HasTag(tag string) bool

func (*Event) HasTransport 

func (event *Event) HasTransport(transport string) bool

func (*Event) MatchServicePlugin 

func (event *Event) MatchServicePlugin(plugin ServicePluginInterface) bool

func (*Event) RemoveTransport 

func (event *Event) RemoveTransport(transportCheck string)

func (*Event) UpdateFingerprint 

func (event *Event) UpdateFingerprint() error

func (*Event) Url 

func (event *Event) Url() string

type GeoLocation 

type GeoLocation struct {
	ContinentName  string   `json:"continent_name"`
	RegionISOCode  string   `json:"region_iso_code"`
	CityName       string   `json:"city_name"`
	CountryISOCode string   `json:"country_iso_code"`
	CountryName    string   `json:"country_name"`
	RegionName     string   `json:"region_name"`
	GeoPoint       GeoPoint `json:"location"`
}

type GeoPoint 

type GeoPoint struct {
	Latitude  float64 `json:"lat"`
	Longitude float64 `json:"lon"`
}

type HttpEvent 

type HttpEvent struct {
	Root        string            `json:"root"`
	Url         string            `json:"url"`
	Status      int               `json:"status"`
	Length      int64             `json:"length"`
	Headers     map[string]string `json:"header"`
	Title       string            `json:"title"`
	FaviconHash string            `json:"favicon_hash"`
}

type LeakEvent 

type LeakEvent struct {
	Stage    string         `json:"stage"`
	Type     string         `json:"type"`
	Severity string         `json:"severity"`
	Dataset  DatasetSummary `json:"dataset"`
}

type Network 

type Network struct {
	OrganisationName string `json:"organization_name"`
	ASN              int    `json:"asn"`
	NetworkCIDR      string `json:"network"`
}

type SSHEvent 

type SSHEvent struct {
	Fingerprint string `json:"fingerprint"`
	Version     int    `json:"version"`
	Banner      string `json:"banner"`
	Motd        string `json:"motd"`
}

type ServiceCredentials 

type ServiceCredentials struct {
	NoAuth   bool   `json:"noauth"`
	Username string `json:"username"`
	Password string `json:"password"`
	Key      string `json:"key"`
	Raw      []byte `json:"raw"`
}

type ServiceEvent 

type ServiceEvent struct {
	Credentials ServiceCredentials `json:"credentials"`
	Software    Software           `json:"software"`
}

type ServicePluginBase 

type ServicePluginBase struct {
}

func (ServicePluginBase) DialContext 

func (plugin ServicePluginBase) DialContext(ctx context.Context, network string, addr string) (conn net.Conn, err error)

func (ServicePluginBase) GetEventNetworkConnection 

func (plugin ServicePluginBase) GetEventNetworkConnection(event *Event) (conn net.Conn, err error)

func (ServicePluginBase) GetHttpClient 

func (plugin ServicePluginBase) GetHttpClient(ctx context.Context, ip string, port string) *http.Client

func (ServicePluginBase) GetNetworkConnection 

func (plugin ServicePluginBase) GetNetworkConnection(network string, addr string) (conn net.Conn, err error)

func (ServicePluginBase) Init 

func (plugin ServicePluginBase) Init() error

type ServicePluginInterface 

type ServicePluginInterface interface {
	GetVersion() (int, int, int)
	GetProtocols() []string
	GetName() string
	GetStage() string
	Run(ctx context.Context, event *Event, options map[string]string) (hasLeak bool)
	Init() error
}

type Software 

type Software struct {
	Name            string           `json:"name"`
	Version         string           `json:"version"`
	OperatingSystem string           `json:"os"`
	Modules         []SoftwareModule `json:"modules"`
	Fingerprint     string           `json:"fingerprint"`
}

type SoftwareModule 

type SoftwareModule struct {
	Name        string `json:"name"`
	Version     string `json:"version"`
	Fingerprint string `json:"fingerprint"`
}

type SslEvent 

type SslEvent struct {
	Detected    bool        `json:"detected"`
	Enabled     bool        `json:"enabled"`
	JARM        string      `json:"jarm"`
	CypherSuite string      `json:"cypher_suite"`
	Version     string      `json:"version"`
	Certificate Certificate `json:"certificate"`
}

type WebPluginInterface 

type WebPluginInterface interface {
	GetVersion() (int, int, int)
	GetRequests() []WebPluginRequest
	GetName() string
	GetStage() string
	Verify(request WebPluginRequest, response WebPluginResponse, event *Event, options map[string]string) (hasLeak bool)
}

type WebPluginRequest 

type WebPluginRequest struct {
	Method  string
	Path    string
	Headers map[string]string
	Body    []byte

	Tags []string
	// contains filtered or unexported fields
}

func (*WebPluginRequest) AddTag 

func (request *WebPluginRequest) AddTag(tag string)

func (*WebPluginRequest) AddTags 

func (request *WebPluginRequest) AddTags(tags []string)

func (*WebPluginRequest) Equal 

func (request *WebPluginRequest) Equal(testRequest WebPluginRequest) bool

func (*WebPluginRequest) EqualAny 

func (request *WebPluginRequest) EqualAny(testRequests []WebPluginRequest) bool

func (*WebPluginRequest) GetHash 

func (request *WebPluginRequest) GetHash() string

func (*WebPluginRequest) HasAnyTags 

func (request *WebPluginRequest) HasAnyTags(tags []string) bool

func (*WebPluginRequest) HasTag 

func (request *WebPluginRequest) HasTag(tag string) bool

type WebPluginResponse 

type WebPluginResponse struct {
	Response *http.Response
	Body     []byte
	Document *goquery.Document
}

func (*WebPluginResponse) GetHash 

func (resp *WebPluginResponse) GetHash() string

Source Files

View all Source files

Directories

Path Synopsis
cmd
genjson command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.