chg: [launcher] Added launcher
parent
559af4ed10
commit
a0934b116f
33
README.md
33
README.md
|
@ -28,3 +28,36 @@ git clone https://github.com/D4-project/analyzer-d4-ipa.git
|
||||||
cd analyzer-d4-ipa
|
cd analyzer-d4-ipa
|
||||||
pipenv install
|
pipenv install
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
#### Start the redis server
|
||||||
|
Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for Passive DNS is running on TCP port 6400
|
||||||
|
```shell script
|
||||||
|
../redis/src/redis-server ./etc/redis.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Configure and start the D4 analyzer
|
||||||
|
```shell script
|
||||||
|
cd ./etc
|
||||||
|
cp analyzer.conf.sample analyzer.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
Edit the analyzer.conf to match the UUID of the analyzer queue from your D4 server.
|
||||||
|
```shell script
|
||||||
|
[global]
|
||||||
|
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
|
||||||
|
d4-server = 127.0.0.1:6380
|
||||||
|
# INFO|DEBUG
|
||||||
|
logging-level = INFO
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you can start the analyzer.
|
||||||
|
```shell script
|
||||||
|
cd ../bin
|
||||||
|
python3 run_ipa.py
|
||||||
|
```
|
||||||
|
|
||||||
|
If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.
|
||||||
|
```shell script
|
||||||
|
python3 run_ipa.py -p /absolute/path/to/dataset/root
|
||||||
|
```
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
#
|
||||||
|
# IPA Launcher
|
||||||
|
#
|
||||||
|
# Copyright (C) 2019 Romain Kieffer
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
from lib.analyzer import Analyzer
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description='D4-IPA')
|
||||||
|
parser.add_argument('-p', '--path', type=int, nargs=1, help='Path of local dataset.')
|
||||||
|
|
||||||
|
dataset = None
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
if args.path:
|
||||||
|
dataset = args.path[0]
|
||||||
|
|
||||||
|
ipa = Analyzer(dataset_path=dataset)
|
|
@ -126,7 +126,7 @@ class Analyzer:
|
||||||
icmp_layer = packet.icmp
|
icmp_layer = packet.icmp
|
||||||
|
|
||||||
icmp_type = str(icmp_layer.type)
|
icmp_type = str(icmp_layer.type)
|
||||||
icmp_code = str(icmp_layer.code)
|
# icmp_code = str(icmp_layer.code)
|
||||||
protocol = get_protocol(packet)
|
protocol = get_protocol(packet)
|
||||||
checksum_status = check_icmp_checksum(packet.icmp_raw.value)
|
checksum_status = check_icmp_checksum(packet.icmp_raw.value)
|
||||||
|
|
||||||
|
@ -150,7 +150,7 @@ class Analyzer:
|
||||||
pipeline.hincrby('checksum', 'total')
|
pipeline.hincrby('checksum', 'total')
|
||||||
pipeline.hincrby('checksum', checksum_status)
|
pipeline.hincrby('checksum', checksum_status)
|
||||||
|
|
||||||
entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
|
# entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
|
||||||
# pipeline.zadd(source_ip, {entry: 1}, incr=True)
|
# pipeline.zadd(source_ip, {entry: 1}, incr=True)
|
||||||
|
|
||||||
pipeline.zadd('protocols', {protocol: 1}, incr=True)
|
pipeline.zadd('protocols', {protocol: 1}, incr=True)
|
||||||
|
@ -166,7 +166,6 @@ class Analyzer:
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
def pop_cap(self):
|
def pop_cap(self):
|
||||||
absolute_path = None
|
|
||||||
if not self.dataset:
|
if not self.dataset:
|
||||||
absolute_path = self.r_d4.rpop(self.queue)
|
absolute_path = self.r_d4.rpop(self.queue)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
# ICMP Passive Analyzer for D4
|
# Inspection library for the analyzer
|
||||||
#
|
#
|
||||||
# Copyright (C) 2019 Romain Kieffer
|
# Copyright (C) 2019 Romain Kieffer
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue