hidden-hippo 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/gui/views/dossier.rhtml +5 -1
- data/lib/hidden_hippo/dossier.rb +5 -1
- data/lib/hidden_hippo/extractors/wps_extractor.rb +23 -0
- data/lib/hidden_hippo/packets/wps.rb +15 -0
- data/lib/hidden_hippo/reader.rb +6 -0
- data/lib/hidden_hippo/scanner.rb +4 -2
- data/lib/hidden_hippo/version.rb +1 -1
- data/spec/dns_scanner_spec.rb +1 -1
- data/spec/fixtures/blank_wps.pcap +0 -0
- data/spec/scanner_spec.rb +30 -0
- metadata +8 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ccb9f7869a3c37fb7c556f6e0fb4e7e06f5e664b
|
4
|
+
data.tar.gz: a17f144d14ce85b30982a3aa0c7a3923346618de
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 63fe3e5700e5ee644177a7b1d00232ac21034cc4d632f76d3e10d70517f6449c7324d9b614ace7b651016528e26d2309b02cfcef3b67c71eb6a2b05901594cbc
|
7
|
+
data.tar.gz: 30fe38b33df3f9d567196f10dcf544c900fa6183d1659366a8503398cc45601f8bbcd3ee9d6074196ea07c300de8bc5832b2f8a086216fa3a175713f9749be74
|
data/gui/views/dossier.rhtml
CHANGED
@@ -5,8 +5,12 @@
|
|
5
5
|
<%= erb :possibilities, locals: {name: 'Host name', possibilities: dossier.hostname} %>
|
6
6
|
<%= erb :possibilities, locals: {name: 'User name', possibilities: dossier.username} %>
|
7
7
|
<%= erb :possibilities, locals: {name: 'Email', possibilities: dossier.email} %>
|
8
|
-
<%= erb :possibilities, locals: {name: 'Device', possibilities: dossier.device} %>
|
9
8
|
<%= erb :possibilities, locals: {name: 'Gender', possibilities: dossier.gender} %>
|
10
9
|
<%= erb :possibilities, locals: {name: 'Age', possibilities: dossier.age} %>
|
11
10
|
<%= erb :possibilities, locals: {name: 'History', possibilities: dossier.history} %>
|
11
|
+
<%= erb :possibilities, locals: {name: 'Device Name', possibilities: dossier.device_name} %>
|
12
|
+
<%= erb :possibilities, locals: {name: 'Model Number', possibilities: dossier.device_model_number} %>
|
13
|
+
<%= erb :possibilities, locals: {name: 'Model Name', possibilities: dossier.device_model_name} %>
|
14
|
+
<%= erb :possibilities, locals: {name: 'Device Manufacturer', possibilities: dossier.device_manufacturer} %>
|
15
|
+
<%= erb :possibilities, locals: {name: 'OUIs', possibilities: dossier.device_oui} %>
|
12
16
|
</div>
|
data/lib/hidden_hippo/dossier.rb
CHANGED
@@ -15,9 +15,13 @@ module HiddenHippo
|
|
15
15
|
field :hostname, type: Possibilities, default: ->{ Possibilities.new }
|
16
16
|
field :username, type: Possibilities, default: ->{ Possibilities.new }
|
17
17
|
field :email, type: Possibilities, default: ->{ Possibilities.new }
|
18
|
-
field :device, type: Possibilities, default: ->{ Possibilities.new }
|
19
18
|
field :gender, type: Possibilities, default: ->{ Possibilities.new }
|
20
19
|
field :age, type: Possibilities, default: ->{ Possibilities.new }
|
21
20
|
field :history, type: Possibilities, default: ->{ Possibilities.new }
|
21
|
+
field :device_name, type: Possibilities, default: ->{ Possibilities.new }
|
22
|
+
field :device_model_number, type: Possibilities, default: ->{ Possibilities.new }
|
23
|
+
field :device_model_name, type: Possibilities, default: ->{ Possibilities.new }
|
24
|
+
field :device_manufacturer, type: Possibilities, default: ->{ Possibilities.new }
|
25
|
+
field :device_oui, type: Possibilities, default: ->{ Possibilities.new }
|
22
26
|
end
|
23
27
|
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'hidden_hippo/update'
|
2
|
+
|
3
|
+
module HiddenHippo
|
4
|
+
module Extractors
|
5
|
+
class WpsExtractor
|
6
|
+
def initialize(queue)
|
7
|
+
@queue = queue
|
8
|
+
end
|
9
|
+
|
10
|
+
def call(packet)
|
11
|
+
fields = {
|
12
|
+
device_name: packet.device_name,
|
13
|
+
device_model_name: packet.device_model_number,
|
14
|
+
device_model_number: packet.device_model_number,
|
15
|
+
device_manufacturer: packet.device_manufacturer,
|
16
|
+
device_oui: packet.device_oui
|
17
|
+
}
|
18
|
+
|
19
|
+
@queue << Update.new(packet.mac_src, fields.delete_if{|_, v| v.nil?})
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'hidden_hippo/packets/packet'
|
2
|
+
|
3
|
+
module HiddenHippo
|
4
|
+
module Packets
|
5
|
+
class Wps < Packet
|
6
|
+
filter 'wps.device_name!="" and wps.device_name!=" " and wps.model_number!="" and wps.model_number != " " and wps.manufacturer!="" and wps.manufacturer != " " and wlan_mgt.ssid==""'
|
7
|
+
|
8
|
+
field :device_model_number, tshark: 'wps.model_number'
|
9
|
+
field :device_model_name, tshark: 'wps.model_name'
|
10
|
+
field :device_manufacturer, tshark: 'wps.manufacturer'
|
11
|
+
field :device_name, tshark: 'wps.device_name'
|
12
|
+
field :device_oui, tshark: 'wlan_mgt.tag.oui'
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
data/lib/hidden_hippo/reader.rb
CHANGED
@@ -4,11 +4,14 @@ require 'hidden_hippo/updator'
|
|
4
4
|
require 'hidden_hippo/packets/dns'
|
5
5
|
require 'hidden_hippo/packets/dhcp'
|
6
6
|
require 'hidden_hippo/packets/http'
|
7
|
+
require 'hidden_hippo/packets/wps'
|
7
8
|
|
8
9
|
require 'hidden_hippo/extractors/mdns_hostname_extractor'
|
9
10
|
require 'hidden_hippo/extractors/dhcp_hostname_extractor'
|
10
11
|
require 'hidden_hippo/extractors/http_request_url_extractor'
|
11
12
|
require 'hidden_hippo/extractors/dns_llmnr_extractor'
|
13
|
+
require 'hidden_hippo/extractors/dns_history_extractor'
|
14
|
+
require 'hidden_hippo/extractors/wps_extractor'
|
12
15
|
require 'thread'
|
13
16
|
|
14
17
|
module HiddenHippo
|
@@ -20,11 +23,14 @@ module HiddenHippo
|
|
20
23
|
@scanners = []
|
21
24
|
@scanners << Scanner.new(file, Packets::Dns,
|
22
25
|
Extractors::MdnsHostnameExtractor.new(updator_queue),
|
26
|
+
Extractors::DnsHistoryExtractor.new(updator_queue),
|
23
27
|
Extractors::DnsLlmnrExtractor.new(updator_queue))
|
24
28
|
@scanners << Scanner.new(file, Packets::Dhcp,
|
25
29
|
Extractors::DhcpHostnameExtractor.new(updator_queue))
|
26
30
|
@scanners << Scanner.new(file, Packets::Http,
|
27
31
|
Extractors::HttpRequestUrlExtractor.new(updator_queue))
|
32
|
+
@scanners << Scanner.new(file, Packets::Wps,
|
33
|
+
Extractors::WpsExtractor.new(updator_queue))
|
28
34
|
end
|
29
35
|
|
30
36
|
def call
|
data/lib/hidden_hippo/scanner.rb
CHANGED
@@ -30,7 +30,9 @@ module HiddenHippo
|
|
30
30
|
next
|
31
31
|
end
|
32
32
|
|
33
|
-
split_line = line.chomp.split("\t")
|
33
|
+
split_line = line.chomp.split("\t")
|
34
|
+
.map(&:rstrip).map(&:lstrip)
|
35
|
+
.map {|f| f.empty? ? nil : f}
|
34
36
|
|
35
37
|
assoc = tshark_fields.zip split_line
|
36
38
|
packet = @packet_class.parse Hash[*assoc.flatten]
|
@@ -48,4 +50,4 @@ module HiddenHippo
|
|
48
50
|
end
|
49
51
|
end
|
50
52
|
end
|
51
|
-
end
|
53
|
+
end
|
data/lib/hidden_hippo/version.rb
CHANGED
data/spec/dns_scanner_spec.rb
CHANGED
Binary file
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'hidden_hippo/scanner'
|
2
|
+
|
3
|
+
describe HiddenHippo::Scanner do
|
4
|
+
let(:extractor) {double 'extractor', call: nil}
|
5
|
+
let(:packet_class) {double 'packet_class', filter: '', tshark_fields: []}
|
6
|
+
|
7
|
+
def make_scanner(file)
|
8
|
+
HiddenHippo::Scanner.new file, packet_class, extractor
|
9
|
+
end
|
10
|
+
|
11
|
+
describe '#call' do
|
12
|
+
it 'should ignore fields that are only whitespace' do
|
13
|
+
scanner = make_scanner 'spec/fixtures/blank_wps.pcap'
|
14
|
+
|
15
|
+
allow(packet_class).to receive(:tshark_fields).and_return(%w{wps.device_name})
|
16
|
+
expect(packet_class).to receive(:parse).with({'wps.device_name' => nil})
|
17
|
+
|
18
|
+
scanner.call
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should ignore empty fields' do
|
22
|
+
scanner = make_scanner 'spec/fixtures/tcp_noise.pcap'
|
23
|
+
|
24
|
+
allow(packet_class).to receive(:tshark_fields).and_return(%w{udp.srcport})
|
25
|
+
expect(packet_class).to receive(:parse).with({'udp.srcport' => nil}).at_least(:once)
|
26
|
+
|
27
|
+
scanner.call
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hidden-hippo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Boris Bera
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2015-
|
14
|
+
date: 2015-04-09 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: bundler
|
@@ -198,11 +198,13 @@ files:
|
|
198
198
|
- lib/hidden_hippo/extractors/dns_llmnr_extractor.rb
|
199
199
|
- lib/hidden_hippo/extractors/http_request_url_extractor.rb
|
200
200
|
- lib/hidden_hippo/extractors/mdns_hostname_extractor.rb
|
201
|
+
- lib/hidden_hippo/extractors/wps_extractor.rb
|
201
202
|
- lib/hidden_hippo/gui.rb
|
202
203
|
- lib/hidden_hippo/packets/dhcp.rb
|
203
204
|
- lib/hidden_hippo/packets/dns.rb
|
204
205
|
- lib/hidden_hippo/packets/http.rb
|
205
206
|
- lib/hidden_hippo/packets/packet.rb
|
207
|
+
- lib/hidden_hippo/packets/wps.rb
|
206
208
|
- lib/hidden_hippo/paths.rb
|
207
209
|
- lib/hidden_hippo/possibilities.rb
|
208
210
|
- lib/hidden_hippo/reader.rb
|
@@ -218,6 +220,7 @@ files:
|
|
218
220
|
- spec/extractors/dns_llmnr_extractor_spec.rb
|
219
221
|
- spec/extractors/http_request_url_extractor_spec.rb
|
220
222
|
- spec/extractors/mdns_hostname_extractor_spec.rb
|
223
|
+
- spec/fixtures/blank_wps.pcap
|
221
224
|
- spec/fixtures/dns_elise.pcap
|
222
225
|
- spec/fixtures/dns_reddit_eth.pcap
|
223
226
|
- spec/fixtures/tcp_noise.pcap
|
@@ -225,6 +228,7 @@ files:
|
|
225
228
|
- spec/hidden_hippo_spec.rb
|
226
229
|
- spec/packet_spec.rb
|
227
230
|
- spec/possibilities_spec.rb
|
231
|
+
- spec/scanner_spec.rb
|
228
232
|
- spec/spec_helper.rb
|
229
233
|
- spec/support/cli_controller_examples.rb
|
230
234
|
- spec/updator_spec.rb
|
@@ -262,6 +266,7 @@ test_files:
|
|
262
266
|
- spec/extractors/dns_llmnr_extractor_spec.rb
|
263
267
|
- spec/extractors/http_request_url_extractor_spec.rb
|
264
268
|
- spec/extractors/mdns_hostname_extractor_spec.rb
|
269
|
+
- spec/fixtures/blank_wps.pcap
|
265
270
|
- spec/fixtures/dns_elise.pcap
|
266
271
|
- spec/fixtures/dns_reddit_eth.pcap
|
267
272
|
- spec/fixtures/tcp_noise.pcap
|
@@ -269,6 +274,7 @@ test_files:
|
|
269
274
|
- spec/hidden_hippo_spec.rb
|
270
275
|
- spec/packet_spec.rb
|
271
276
|
- spec/possibilities_spec.rb
|
277
|
+
- spec/scanner_spec.rb
|
272
278
|
- spec/spec_helper.rb
|
273
279
|
- spec/support/cli_controller_examples.rb
|
274
280
|
- spec/updator_spec.rb
|