hidden-hippo 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 723e65ca63ec61202d7e3ba1c8e4097a418ad5c4
-  data.tar.gz: d60d6875a2378c997e3ec2b68a8cf5637640ea72
+  metadata.gz: ccb9f7869a3c37fb7c556f6e0fb4e7e06f5e664b
+  data.tar.gz: a17f144d14ce85b30982a3aa0c7a3923346618de
 SHA512:
-  metadata.gz: a7a3c6d86d8f8a72ad5880728d5fc8248a914f1c0f2363f52f5fad85d5ec51067752843e8c763afa16c71eff71acd4cdce5c39f0590d0afab2661c21bb3625e0
-  data.tar.gz: 6235f7eadc6ab0bbcb22ab3f9e24d2165440e195a8c984911988b3d3cf9e90d684ac12bc8106f790df923d2cf21e3e20b055132b129ee73fe6d5b519a5593c08
+  metadata.gz: 63fe3e5700e5ee644177a7b1d00232ac21034cc4d632f76d3e10d70517f6449c7324d9b614ace7b651016528e26d2309b02cfcef3b67c71eb6a2b05901594cbc
+  data.tar.gz: 30fe38b33df3f9d567196f10dcf544c900fa6183d1659366a8503398cc45601f8bbcd3ee9d6074196ea07c300de8bc5832b2f8a086216fa3a175713f9749be74

data/gui/views/dossier.rhtml

@@ -5,8 +5,12 @@
     <%= erb :possibilities, locals: {name: 'Host name', possibilities: dossier.hostname} %>
     <%= erb :possibilities, locals: {name: 'User name', possibilities: dossier.username} %>
     <%= erb :possibilities, locals: {name: 'Email', possibilities: dossier.email} %>
-    <%= erb :possibilities, locals: {name: 'Device', possibilities: dossier.device} %>
     <%= erb :possibilities, locals: {name: 'Gender', possibilities: dossier.gender} %>
     <%= erb :possibilities, locals: {name: 'Age', possibilities: dossier.age} %>
     <%= erb :possibilities, locals: {name: 'History', possibilities: dossier.history} %>
+    <%= erb :possibilities, locals: {name: 'Device Name', possibilities: dossier.device_name} %>
+    <%= erb :possibilities, locals: {name: 'Model Number', possibilities: dossier.device_model_number} %>
+    <%= erb :possibilities, locals: {name: 'Model Name', possibilities: dossier.device_model_name} %>
+    <%= erb :possibilities, locals: {name: 'Device Manufacturer', possibilities: dossier.device_manufacturer} %>
+    <%= erb :possibilities, locals: {name: 'OUIs', possibilities: dossier.device_oui} %>
 </div>

data/lib/hidden_hippo/dossier.rb

@@ -15,9 +15,13 @@ module HiddenHippo
     field :hostname, type: Possibilities, default: ->{ Possibilities.new }
     field :username, type: Possibilities, default: ->{ Possibilities.new }
     field :email, type: Possibilities, default: ->{ Possibilities.new }
-    field :device, type: Possibilities, default: ->{ Possibilities.new }
     field :gender, type: Possibilities, default: ->{ Possibilities.new }
     field :age, type: Possibilities, default: ->{ Possibilities.new }
     field :history, type: Possibilities, default: ->{ Possibilities.new }
+    field :device_name, type: Possibilities, default: ->{ Possibilities.new }
+    field :device_model_number, type: Possibilities, default: ->{ Possibilities.new }
+    field :device_model_name, type: Possibilities, default: ->{ Possibilities.new }
+    field :device_manufacturer, type: Possibilities, default: ->{ Possibilities.new }
+    field :device_oui, type: Possibilities, default: ->{ Possibilities.new }
   end
 end

data/lib/hidden_hippo/extractors/wps_extractor.rb

@@ -0,0 +1,23 @@
+require 'hidden_hippo/update'
+
+module HiddenHippo
+  module Extractors
+    class WpsExtractor
+      def initialize(queue)
+        @queue = queue
+      end
+
+      def call(packet)
+        fields = {
+          device_name: packet.device_name,
+          device_model_name: packet.device_model_number,
+          device_model_number: packet.device_model_number,
+          device_manufacturer: packet.device_manufacturer,
+          device_oui: packet.device_oui
+        }
+   
+        @queue << Update.new(packet.mac_src, fields.delete_if{|_, v| v.nil?})
+      end
+    end
+  end
+end

data/lib/hidden_hippo/packets/wps.rb

@@ -0,0 +1,15 @@
+require 'hidden_hippo/packets/packet'
+
+module HiddenHippo
+  module Packets
+    class Wps < Packet
+      filter 'wps.device_name!="" and wps.device_name!=" " and wps.model_number!="" and wps.model_number != " " and wps.manufacturer!="" and wps.manufacturer != " " and wlan_mgt.ssid==""'
+
+      field :device_model_number, tshark: 'wps.model_number'
+      field :device_model_name, tshark: 'wps.model_name'
+      field :device_manufacturer, tshark: 'wps.manufacturer'
+      field :device_name, tshark: 'wps.device_name'
+      field :device_oui, tshark: 'wlan_mgt.tag.oui'
+    end
+  end
+end

data/lib/hidden_hippo/reader.rb

@@ -4,11 +4,14 @@ require 'hidden_hippo/updator'
 require 'hidden_hippo/packets/dns'
 require 'hidden_hippo/packets/dhcp'
 require 'hidden_hippo/packets/http'
+require 'hidden_hippo/packets/wps'
 
 require 'hidden_hippo/extractors/mdns_hostname_extractor'
 require 'hidden_hippo/extractors/dhcp_hostname_extractor'
 require 'hidden_hippo/extractors/http_request_url_extractor'
 require 'hidden_hippo/extractors/dns_llmnr_extractor'
+require 'hidden_hippo/extractors/dns_history_extractor'
+require 'hidden_hippo/extractors/wps_extractor'
 require 'thread'
 
 module HiddenHippo
@@ -20,11 +23,14 @@ module HiddenHippo
       @scanners = []
       @scanners << Scanner.new(file, Packets::Dns,
                                Extractors::MdnsHostnameExtractor.new(updator_queue),
+                               Extractors::DnsHistoryExtractor.new(updator_queue),
                                Extractors::DnsLlmnrExtractor.new(updator_queue))
       @scanners << Scanner.new(file, Packets::Dhcp,
                                Extractors::DhcpHostnameExtractor.new(updator_queue))
       @scanners << Scanner.new(file, Packets::Http,
                                Extractors::HttpRequestUrlExtractor.new(updator_queue))
+      @scanners << Scanner.new(file, Packets::Wps,
+                               Extractors::WpsExtractor.new(updator_queue))
     end
 
     def call

data/lib/hidden_hippo/scanner.rb

@@ -30,7 +30,9 @@ module HiddenHippo
             next
           end
 
-          split_line = line.chomp.split("\t").map {|f| f.empty? ? nil : f}
+          split_line = line.chomp.split("\t")
+                       .map(&:rstrip).map(&:lstrip)
+                       .map {|f| f.empty? ? nil : f}
 
           assoc = tshark_fields.zip split_line
           packet = @packet_class.parse Hash[*assoc.flatten]
@@ -48,4 +50,4 @@ module HiddenHippo
       end
     end
   end
-end
+end

data/lib/hidden_hippo/version.rb

@@ -1,3 +1,3 @@
 module HiddenHippo
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

data/spec/dns_scanner_spec.rb

@@ -38,4 +38,4 @@ describe 'HiddenHippo::Scanner(Dns)' do
       scanner.call
     end
   end
-end
+end

data/spec/scanner_spec.rb

@@ -0,0 +1,30 @@
+require 'hidden_hippo/scanner'
+
+describe HiddenHippo::Scanner do
+  let(:extractor) {double 'extractor', call: nil}
+  let(:packet_class) {double 'packet_class', filter: '', tshark_fields: []}
+
+  def make_scanner(file)
+    HiddenHippo::Scanner.new file, packet_class, extractor
+  end
+  
+  describe '#call' do
+    it 'should ignore fields that are only whitespace' do
+      scanner = make_scanner 'spec/fixtures/blank_wps.pcap'
+
+      allow(packet_class).to receive(:tshark_fields).and_return(%w{wps.device_name})
+      expect(packet_class).to receive(:parse).with({'wps.device_name' => nil})
+
+      scanner.call
+    end
+
+    it 'should ignore empty fields' do
+      scanner = make_scanner 'spec/fixtures/tcp_noise.pcap'
+
+      allow(packet_class).to receive(:tshark_fields).and_return(%w{udp.srcport})
+      expect(packet_class).to receive(:parse).with({'udp.srcport' => nil}).at_least(:once)
+
+      scanner.call
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hidden-hippo
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Boris Bera
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-28 00:00:00.000000000 Z
+date: 2015-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -198,11 +198,13 @@ files:
 - lib/hidden_hippo/extractors/dns_llmnr_extractor.rb
 - lib/hidden_hippo/extractors/http_request_url_extractor.rb
 - lib/hidden_hippo/extractors/mdns_hostname_extractor.rb
+- lib/hidden_hippo/extractors/wps_extractor.rb
 - lib/hidden_hippo/gui.rb
 - lib/hidden_hippo/packets/dhcp.rb
 - lib/hidden_hippo/packets/dns.rb
 - lib/hidden_hippo/packets/http.rb
 - lib/hidden_hippo/packets/packet.rb
+- lib/hidden_hippo/packets/wps.rb
 - lib/hidden_hippo/paths.rb
 - lib/hidden_hippo/possibilities.rb
 - lib/hidden_hippo/reader.rb
@@ -218,6 +220,7 @@ files:
 - spec/extractors/dns_llmnr_extractor_spec.rb
 - spec/extractors/http_request_url_extractor_spec.rb
 - spec/extractors/mdns_hostname_extractor_spec.rb
+- spec/fixtures/blank_wps.pcap
 - spec/fixtures/dns_elise.pcap
 - spec/fixtures/dns_reddit_eth.pcap
 - spec/fixtures/tcp_noise.pcap
@@ -225,6 +228,7 @@ files:
 - spec/hidden_hippo_spec.rb
 - spec/packet_spec.rb
 - spec/possibilities_spec.rb
+- spec/scanner_spec.rb
 - spec/spec_helper.rb
 - spec/support/cli_controller_examples.rb
 - spec/updator_spec.rb
@@ -262,6 +266,7 @@ test_files:
 - spec/extractors/dns_llmnr_extractor_spec.rb
 - spec/extractors/http_request_url_extractor_spec.rb
 - spec/extractors/mdns_hostname_extractor_spec.rb
+- spec/fixtures/blank_wps.pcap
 - spec/fixtures/dns_elise.pcap
 - spec/fixtures/dns_reddit_eth.pcap
 - spec/fixtures/tcp_noise.pcap
@@ -269,6 +274,7 @@ test_files:
 - spec/hidden_hippo_spec.rb
 - spec/packet_spec.rb
 - spec/possibilities_spec.rb
+- spec/scanner_spec.rb
 - spec/spec_helper.rb
 - spec/support/cli_controller_examples.rb
 - spec/updator_spec.rb