patronus_fati 0.9.22 → 0.9.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/patronus_fati.rb +6 -0
- data/lib/patronus_fati/consts.rb +5 -0
- data/lib/patronus_fati/data_models/common.rb +1 -1
- data/lib/patronus_fati/message_parser.rb +4 -0
- data/lib/patronus_fati/message_processor/bssid.rb +4 -2
- data/lib/patronus_fati/message_processor/client.rb +4 -2
- data/lib/patronus_fati/message_processor/ssid.rb +4 -2
- data/lib/patronus_fati/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02b72bd8a2e65ca6d3dbc4ffee2c9382595ae59d
|
|
4
|
+
data.tar.gz: 936150671fe91d3921136531e0f2aa3761af2c56
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5ec75ed1c6efdb7d89c1c2f7426f9f8bf01a0037764db0489254dede3e90ee5553da96597c5970d42bd84abe4e755d0acf912c4a7733e24f0ce326147d8afc9a
|
|
7
|
+
data.tar.gz: 0fc6b36f15b8707e24a236aeeafc7e6607a7c1434f12d34153a57c00441a9de80492709bf993f5ec7c3d9d926c0e7e45aae273962f1be814757ace1f69fb3f2f
|
data/lib/patronus_fati.rb
CHANGED
|
@@ -45,6 +45,8 @@ require 'patronus_fati/data_observers/connection_observer'
|
|
|
45
45
|
require 'patronus_fati/data_observers/ssid_observer'
|
|
46
46
|
|
|
47
47
|
module PatronusFati
|
|
48
|
+
@@startup_time = Time.now.to_i
|
|
49
|
+
|
|
48
50
|
def self.event_handler
|
|
49
51
|
@event_handler ||= PatronusFati::EventHandler.new
|
|
50
52
|
end
|
|
@@ -58,4 +60,8 @@ module PatronusFati
|
|
|
58
60
|
|
|
59
61
|
PatronusFati::Connection.new(kismet_server, kismet_port)
|
|
60
62
|
end
|
|
63
|
+
|
|
64
|
+
def self.startup_time
|
|
65
|
+
@@startup_time
|
|
66
|
+
end
|
|
61
67
|
end
|
data/lib/patronus_fati/consts.rb
CHANGED
|
@@ -79,6 +79,11 @@ module PatronusFati
|
|
|
79
79
|
# consider no longer actively connected.
|
|
80
80
|
CONNECTION_EXPIRATION = 1800
|
|
81
81
|
|
|
82
|
+
# This is how long after startup we trust kismet's timestamps. It apparently
|
|
83
|
+
# does not reliably update it's timestamps so after the initial flood we
|
|
84
|
+
# start ignoring it.
|
|
85
|
+
STARTUP_TRUST_WINDOW = 300
|
|
86
|
+
|
|
82
87
|
# Number of seconds before we consider an access point no longer advertising
|
|
83
88
|
# an SSID. It is safe for this to be longer than the AP expiration; If we
|
|
84
89
|
# think the AP has gone offline we will automatically mark all SSIDs as
|
|
@@ -15,6 +15,10 @@ module PatronusFati
|
|
|
15
15
|
|
|
16
16
|
src_keys = cap.enabled_keys.empty? ? cap.attribute_keys : cap.enabled_keys
|
|
17
17
|
cap.new(Hash[src_keys.zip(raw_data[1])])
|
|
18
|
+
rescue ParseError => e
|
|
19
|
+
# Detected corrupt messages from kismet in the wild, warn about them but
|
|
20
|
+
# don't fail the connection.
|
|
21
|
+
$stderr.puts("Warning: Unable to parse message from kismet: #{e.message}")
|
|
18
22
|
end
|
|
19
23
|
|
|
20
24
|
protected
|
|
@@ -2,8 +2,10 @@ module PatronusFati::MessageProcessor::Bssid
|
|
|
2
2
|
include PatronusFati::MessageProcessor
|
|
3
3
|
|
|
4
4
|
def self.process(obj)
|
|
5
|
-
# We don't care about objects that would have expired already
|
|
6
|
-
|
|
5
|
+
# We don't care about objects that would have expired already but only at
|
|
6
|
+
# the beginning because kismet can't be trusted.
|
|
7
|
+
return if (PatronusFati.startup_time + PatronusFati::STARTUP_TRUST_WINDOW) < Time.now.to_i &&
|
|
8
|
+
obj[:lasttime] < (Time.now.to_i - PatronusFati::AP_EXPIRATION) || obj[:bssid].nil?
|
|
7
9
|
|
|
8
10
|
# Some messages from kismet come in corrupted with partial MACs. We care
|
|
9
11
|
# not for them, just drop the bad data.
|
|
@@ -2,8 +2,10 @@ module PatronusFati::MessageProcessor::Client
|
|
|
2
2
|
include PatronusFati::MessageProcessor
|
|
3
3
|
|
|
4
4
|
def self.process(obj)
|
|
5
|
-
# We don't care about objects that would have expired already
|
|
6
|
-
|
|
5
|
+
# We don't care about objects that would have expired already but only at
|
|
6
|
+
# the beginning because kismet can't be trusted.
|
|
7
|
+
return if (PatronusFati.startup_time + PatronusFati::STARTUP_TRUST_WINDOW) < Time.now.to_i &&
|
|
8
|
+
obj[:lasttime] < PatronusFati::DataModels::Client.current_expiration_threshold
|
|
7
9
|
|
|
8
10
|
# obj[:mac] is the client's MAC address
|
|
9
11
|
# obj[:bssid] is the AP's MAC address
|
|
@@ -2,8 +2,10 @@ module PatronusFati::MessageProcessor::Ssid
|
|
|
2
2
|
include PatronusFati::MessageProcessor
|
|
3
3
|
|
|
4
4
|
def self.process(obj)
|
|
5
|
-
# We don't care about objects that would have expired already
|
|
6
|
-
|
|
5
|
+
# We don't care about objects that would have expired already but only at
|
|
6
|
+
# the beginning because kismet can't be trusted.
|
|
7
|
+
return if (PatronusFati.startup_time + PatronusFati::STARTUP_TRUST_WINDOW) < Time.now.to_i &&
|
|
8
|
+
obj[:lasttime] < PatronusFati::DataModels::Ssid.current_expiration_threshold
|
|
7
9
|
|
|
8
10
|
ssid_info = ssid_data(obj.attributes)
|
|
9
11
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: patronus_fati
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.23
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Stelfox
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-12-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dm-constraints
|