dap 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -5
- data/lib/dap/filter/geoip.rb +25 -3
- data/lib/dap/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ff9410dfc65b7f7aa6445a67ef23e153c185383f
|
|
4
|
+
data.tar.gz: 7dbb33c223d9523223b1517940a7cfb961aafd76
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3c9663e75f37a411208cc45daf18789aed596ef90ce314ac48c870ccce2aca0d81fe52afbdf2160df924565dfe0edf15b26bd0479b25c5cae664eebf17093d1d
|
|
7
|
+
data.tar.gz: 81fe7e7456f13f1aa79261c88166dae6da32200c463992526f8d323e924cff941d09efc26c4f3941b05a7fc103d07f2547a5397713635e42ea77af0fa963a453
|
data/README.md
CHANGED
|
@@ -14,15 +14,16 @@ DAP was written to process terabyte-sized public scan datasets, such as those pr
|
|
|
14
14
|
|
|
15
15
|
### Prerequisites
|
|
16
16
|
|
|
17
|
-
DAP requires Ruby, and is best suited for systems with a relatively current version
|
|
18
|
-
|
|
19
|
-
[`rbenv`](https://github.com/rbenv/rbenv) or [`rvm`](https://rvm.io/).
|
|
20
|
-
system managed/installed Rubies is possible but fraught with peril.
|
|
17
|
+
DAP requires Ruby, and is best suited for systems with a relatively current version with 2.1.0 being the minimum requirement.
|
|
18
|
+
Ideally, this will be managed with either
|
|
19
|
+
[`rbenv`](https://github.com/rbenv/rbenv) or [`rvm`](https://rvm.io/) with the bundler gem also installed and up to date.
|
|
20
|
+
Using system managed/installed Rubies is possible but fraught with peril.
|
|
21
21
|
|
|
22
22
|
DAP depends on [Maxmind's geoip database](http://dev.maxmind.com/geoip/legacy/downloadable/) to be able to append geographic metadata to analyzed datasets. If you intend on using this capability, run the following as `root`:
|
|
23
23
|
|
|
24
24
|
```bash
|
|
25
|
-
mkdir -p /var/lib/geoip && cd /var/lib/geoip && wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz && gunzip GeoLiteCity.dat.gz && mv GeoLiteCity.dat geoip.dat
|
|
25
|
+
sudo mkdir -p /var/lib/geoip && cd /var/lib/geoip && sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz && sudo gunzip GeoLiteCity.dat.gz && sudo mv GeoLiteCity.dat geoip.dat && sudo wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz && sudo gunzip GeoIPASNum.dat.gz
|
|
26
|
+
|
|
26
27
|
```
|
|
27
28
|
|
|
28
29
|
### Ubuntu
|
data/lib/dap/filter/geoip.rb
CHANGED
|
@@ -9,10 +9,12 @@ module GeoIPLibrary
|
|
|
9
9
|
"/var/lib/geoip"
|
|
10
10
|
]
|
|
11
11
|
GEOIP_CITY = %W{ geoip.dat geoip_city.dat GeoCity.dat IP_V4_CITY.dat GeoCityLite.dat }
|
|
12
|
-
GEOIP_ORGS = %W{ geoip_org.dat IP_V4_ORG.dat
|
|
12
|
+
GEOIP_ORGS = %W{ geoip_org.dat IP_V4_ORG.dat }
|
|
13
|
+
GEOIP_ASN = %W{ GeoIPASNum.dat }
|
|
13
14
|
|
|
14
15
|
@@geo_city = nil
|
|
15
16
|
@@geo_orgs = nil
|
|
17
|
+
@@geo_asn = nil
|
|
16
18
|
|
|
17
19
|
GEOIP_DIRS.each do |d|
|
|
18
20
|
GEOIP_CITY.each do |f|
|
|
@@ -28,7 +30,14 @@ module GeoIPLibrary
|
|
|
28
30
|
@@geo_orgs = GeoIP::Organization.new(path)
|
|
29
31
|
break
|
|
30
32
|
end
|
|
31
|
-
end
|
|
33
|
+
end
|
|
34
|
+
GEOIP_ASN.each do |f|
|
|
35
|
+
path = File.join(d, f)
|
|
36
|
+
if ::File.exist?(path)
|
|
37
|
+
@@geo_asn = GeoIP::Organization.new(path)
|
|
38
|
+
break
|
|
39
|
+
end
|
|
40
|
+
end
|
|
32
41
|
end
|
|
33
42
|
end
|
|
34
43
|
|
|
@@ -67,6 +76,19 @@ class FilterGeoIPOrg
|
|
|
67
76
|
end
|
|
68
77
|
end
|
|
69
78
|
|
|
79
|
+
#
|
|
80
|
+
# Add GeoIP ASN tags using the MaxMind GeoIP::ASN database
|
|
81
|
+
#
|
|
82
|
+
class FilterGeoIPAsn
|
|
83
|
+
include BaseDecoder
|
|
84
|
+
include GeoIPLibrary
|
|
85
|
+
def decode(ip)
|
|
86
|
+
return unless @@geo_asn
|
|
87
|
+
geo_hash = @@geo_asn.look_up(ip)
|
|
88
|
+
return unless (geo_hash and geo_hash[:name])
|
|
89
|
+
{ :asn => geo_hash[:name].split(' ')[0] }
|
|
90
|
+
end
|
|
91
|
+
end
|
|
70
92
|
|
|
71
93
|
end
|
|
72
|
-
end
|
|
94
|
+
end
|
data/lib/dap/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7 Research
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-07-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|