chg: [launcher] Added launcher

pull/1/head
airkeyp 2019-09-19 09:41:58 +02:00
parent 559af4ed10
commit a0934b116f
4 changed files with 74 additions and 5 deletions

View File

@ -27,4 +27,37 @@ You can finally clone this repo on your machine and simply setup the virtual env
git clone https://github.com/D4-project/analyzer-d4-ipa.git
cd analyzer-d4-ipa
pipenv install
```
```
## Usage
#### Start the redis server
Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for Passive DNS is running on TCP port 6400
```shell script
../redis/src/redis-server ./etc/redis.conf
```
#### Configure and start the D4 analyzer
```shell script
cd ./etc
cp analyzer.conf.sample analyzer.conf
```
Edit the analyzer.conf to match the UUID of the analyzer queue from your D4 server.
```shell script
[global]
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
d4-server = 127.0.0.1:6380
# INFO|DEBUG
logging-level = INFO
```
Then you can start the analyzer.
```shell script
cd ../bin
python3 run_ipa.py
```
If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.
```shell script
python3 run_ipa.py -p /absolute/path/to/dataset/root
```

37
bin/run_ipa.py Normal file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# IPA Launcher
#
# Copyright (C) 2019 Romain Kieffer
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
from lib.analyzer import Analyzer
import argparse
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='D4-IPA')
parser.add_argument('-p', '--path', type=int, nargs=1, help='Path of local dataset.')
dataset = None
args = parser.parse_args()
if args.path:
dataset = args.path[0]
ipa = Analyzer(dataset_path=dataset)

View File

@ -126,7 +126,7 @@ class Analyzer:
icmp_layer = packet.icmp
icmp_type = str(icmp_layer.type)
icmp_code = str(icmp_layer.code)
# icmp_code = str(icmp_layer.code)
protocol = get_protocol(packet)
checksum_status = check_icmp_checksum(packet.icmp_raw.value)
@ -150,7 +150,7 @@ class Analyzer:
pipeline.hincrby('checksum', 'total')
pipeline.hincrby('checksum', checksum_status)
entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
# entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
# pipeline.zadd(source_ip, {entry: 1}, incr=True)
pipeline.zadd('protocols', {protocol: 1}, incr=True)
@ -166,7 +166,6 @@ class Analyzer:
return 0
def pop_cap(self):
absolute_path = None
if not self.dataset:
absolute_path = self.r_d4.rpop(self.queue)
else:

View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# ICMP Passive Analyzer for D4
# Inspection library for the analyzer
#
# Copyright (C) 2019 Romain Kieffer
#