dap 0.1.6 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8cd019aba689251f56e3ec08abb75533f3fe8eac
-  data.tar.gz: 75ce91184b5c8e1320acb557c009607530c6be17
+  metadata.gz: ff9410dfc65b7f7aa6445a67ef23e153c185383f
+  data.tar.gz: 7dbb33c223d9523223b1517940a7cfb961aafd76
 SHA512:
-  metadata.gz: 3a1f4d012a8b452f0671c0a262aa06b0f0f5787d9aba133e79f5389ad9bf5fb9e8c8c16df51201e0014410e711d29f5984f0599407944ccfbabc27b79a7bd27c
-  data.tar.gz: 996ff5f0efae982df396c29d1bad7c1b3a9a69cb97f451bbb65c09ec6589a7dc7f7bfca018ff971d7c9060b60211c9a0f1a6c7a000ba548ab6dd35681e5896eb
+  metadata.gz: 3c9663e75f37a411208cc45daf18789aed596ef90ce314ac48c870ccce2aca0d81fe52afbdf2160df924565dfe0edf15b26bd0479b25c5cae664eebf17093d1d
+  data.tar.gz: 81fe7e7456f13f1aa79261c88166dae6da32200c463992526f8d323e924cff941d09efc26c4f3941b05a7fc103d07f2547a5397713635e42ea77af0fa963a453

data/README.md

@@ -14,15 +14,16 @@ DAP was written to process terabyte-sized public scan datasets, such as those pr
 
 ### Prerequisites
 
-DAP requires Ruby, and is best suited for systems with a relatively current version,
-preferably one installed and managed by
-[`rbenv`](https://github.com/rbenv/rbenv) or [`rvm`](https://rvm.io/).  Using
-system managed/installed Rubies is possible but fraught with peril.
+DAP requires Ruby, and is best suited for systems with a relatively current version with 2.1.0 being the minimum requirement.
+Ideally, this will be managed with either
+[`rbenv`](https://github.com/rbenv/rbenv) or [`rvm`](https://rvm.io/) with the bundler gem also installed and up to date.
+Using system managed/installed Rubies is possible but fraught with peril.
 
 DAP depends on [Maxmind's geoip database](http://dev.maxmind.com/geoip/legacy/downloadable/) to be able to append geographic metadata to analyzed datasets.  If you intend on using this capability, run the following as `root`:
 
 ```bash
-mkdir -p /var/lib/geoip && cd /var/lib/geoip && wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz && gunzip GeoLiteCity.dat.gz && mv GeoLiteCity.dat geoip.dat
+sudo mkdir -p /var/lib/geoip && cd /var/lib/geoip && sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz && sudo gunzip GeoLiteCity.dat.gz && sudo mv GeoLiteCity.dat geoip.dat && sudo wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz && sudo gunzip GeoIPASNum.dat.gz
+
 ```
 
 ### Ubuntu

data/lib/dap/filter/geoip.rb

@@ -9,10 +9,12 @@ module GeoIPLibrary
     "/var/lib/geoip"
   ]
   GEOIP_CITY = %W{ geoip.dat geoip_city.dat GeoCity.dat IP_V4_CITY.dat GeoCityLite.dat }
-  GEOIP_ORGS = %W{ geoip_org.dat IP_V4_ORG.dat  }
+  GEOIP_ORGS = %W{ geoip_org.dat IP_V4_ORG.dat }
+  GEOIP_ASN = %W{ GeoIPASNum.dat }
 
   @@geo_city = nil
   @@geo_orgs = nil
+  @@geo_asn = nil
 
   GEOIP_DIRS.each do |d|
     GEOIP_CITY.each do |f|
@@ -28,7 +30,14 @@ module GeoIPLibrary
         @@geo_orgs = GeoIP::Organization.new(path)
         break
       end
-    end  
+    end
+    GEOIP_ASN.each do |f|
+      path = File.join(d, f)
+      if ::File.exist?(path)
+        @@geo_asn = GeoIP::Organization.new(path)
+        break
+      end
+    end
   end  
 end
 
@@ -67,6 +76,19 @@ class FilterGeoIPOrg
   end
 end
 
+#
+# Add GeoIP ASN tags using the MaxMind GeoIP::ASN database
+# 
+class FilterGeoIPAsn
+  include BaseDecoder
+  include GeoIPLibrary
+  def decode(ip)
+    return unless @@geo_asn
+    geo_hash = @@geo_asn.look_up(ip)
+    return unless (geo_hash and geo_hash[:name])
+    { :asn => geo_hash[:name].split(' ')[0] }
+  end
+end
 
 end
-end
+end

data/lib/dap/version.rb

@@ -1,3 +1,3 @@
 module Dap
-  VERSION = "0.1.6"
+  VERSION = "0.1.7"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dap
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.7
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-07 00:00:00.000000000 Z
+date: 2017-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec