From a0934b116f33954e01cbd756bfecf47deeadcb74 Mon Sep 17 00:00:00 2001 From: airkeyp Date: Thu, 19 Sep 2019 09:41:58 +0200 Subject: [PATCH] chg: [launcher] Added launcher --- README.md | 35 ++++++++++++++++++++++++++++++++++- bin/run_ipa.py | 37 +++++++++++++++++++++++++++++++++++++ lib/analyzer.py | 5 ++--- lib/inspection.py | 2 +- 4 files changed, 74 insertions(+), 5 deletions(-) create mode 100644 bin/run_ipa.py diff --git a/README.md b/README.md index 024db14..11076d0 100644 --- a/README.md +++ b/README.md @@ -27,4 +27,37 @@ You can finally clone this repo on your machine and simply setup the virtual env git clone https://github.com/D4-project/analyzer-d4-ipa.git cd analyzer-d4-ipa pipenv install -``` \ No newline at end of file +``` + +## Usage +#### Start the redis server +Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for Passive DNS is running on TCP port 6400 +```shell script +../redis/src/redis-server ./etc/redis.conf +``` + +#### Configure and start the D4 analyzer +```shell script +cd ./etc +cp analyzer.conf.sample analyzer.conf +``` + +Edit the analyzer.conf to match the UUID of the analyzer queue from your D4 server. +```shell script +[global] +my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715 +d4-server = 127.0.0.1:6380 +# INFO|DEBUG +logging-level = INFO +``` + +Then you can start the analyzer. +```shell script +cd ../bin +python3 run_ipa.py +``` + +If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder. +```shell script +python3 run_ipa.py -p /absolute/path/to/dataset/root +``` diff --git a/bin/run_ipa.py b/bin/run_ipa.py new file mode 100644 index 0000000..d7a95c5 --- /dev/null +++ b/bin/run_ipa.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# +# IPA Launcher +# +# Copyright (C) 2019 Romain Kieffer +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +from lib.analyzer import Analyzer + +import argparse + + +if __name__ == "__main__": + + parser = argparse.ArgumentParser(description='D4-IPA') + parser.add_argument('-p', '--path', type=int, nargs=1, help='Path of local dataset.') + + dataset = None + + args = parser.parse_args() + if args.path: + dataset = args.path[0] + + ipa = Analyzer(dataset_path=dataset) diff --git a/lib/analyzer.py b/lib/analyzer.py index 6174bb4..12f9c79 100644 --- a/lib/analyzer.py +++ b/lib/analyzer.py @@ -126,7 +126,7 @@ class Analyzer: icmp_layer = packet.icmp icmp_type = str(icmp_layer.type) - icmp_code = str(icmp_layer.code) + # icmp_code = str(icmp_layer.code) protocol = get_protocol(packet) checksum_status = check_icmp_checksum(packet.icmp_raw.value) @@ -150,7 +150,7 @@ class Analyzer: pipeline.hincrby('checksum', 'total') pipeline.hincrby('checksum', checksum_status) - entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code + # entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code # pipeline.zadd(source_ip, {entry: 1}, incr=True) pipeline.zadd('protocols', {protocol: 1}, incr=True) @@ -166,7 +166,6 @@ class Analyzer: return 0 def pop_cap(self): - absolute_path = None if not self.dataset: absolute_path = self.r_d4.rpop(self.queue) else: diff --git a/lib/inspection.py b/lib/inspection.py index 61d8e99..d8baf83 100644 --- a/lib/inspection.py +++ b/lib/inspection.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # -# ICMP Passive Analyzer for D4 +# Inspection library for the analyzer # # Copyright (C) 2019 Romain Kieffer #