thm 0.1.9 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.1ST +31 -22
- data/README.md +8 -2
- data/bin/thm-consumer +2 -3
- data/bin/thm-pcap +2 -3
- data/bin/thm-producer +2 -3
- data/bin/thm-session +6 -1
- data/lib/thm/fileservices.rb +50 -0
- data/lib/thm/producer.rb +12 -12
- data/lib/thm/version.rb +2 -2
- data/lib/thm.rb +6 -10
- data/thm-authentication.rb +3 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa7c387a68e5840edc14a7629620e22abb9ccb07
|
|
4
|
+
data.tar.gz: 9330f2f74820536f0b951bb2985076cceb7b691a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 215c395d5b190ca1f5fd6c2475e7f6799011fb098dea268904d3c57149369fa804a3dbf31a3c11a4829610f67dfd703cb1e5d0e433e4f04c70f654d422650466
|
|
7
|
+
data.tar.gz: 4cc76204aa3a73b7b0733026a2ee2f5e468672c7b4285aaa15acf3165be744cc0976dc6d027ca9b783bb67a6ba2094b25a267b2f0574cba8360a47733eb4bdf9
|
data/README.1ST
CHANGED
|
@@ -1,38 +1,47 @@
|
|
|
1
|
-
Threatmonitor
|
|
2
|
-
|
|
1
|
+
Threatmonitor Packet Analysis Suite HOWTO
|
|
2
|
+
=========================================
|
|
3
3
|
|
|
4
|
+
To import example data.
|
|
4
5
|
|
|
5
|
-
|
|
6
|
+
mclient -u monetdb -d threatmonitor < threatmonitor-exampledata.sql
|
|
6
7
|
|
|
7
|
-
|
|
8
|
+
password same as username per monetdb default admin user setup.
|
|
8
9
|
|
|
9
|
-
|
|
10
|
+
Will also need to import the GeoIP Data.
|
|
10
11
|
|
|
11
|
-
|
|
12
|
+
The web interface admin login is admin - default password goblin
|
|
12
13
|
|
|
13
|
-
You
|
|
14
|
+
You will also need the GeoIP Data importing as well for the Web interface Dashboard the operate
|
|
14
15
|
|
|
15
|
-
|
|
16
|
-
obj.queueprefix = "wifi"
|
|
17
|
-
obj.tblname_ippacket = "wifi_ippacket"
|
|
18
|
-
obj.tblname_tcppacket = "wifi_tcppacket"
|
|
19
|
-
obj.tblname_udppacket = "wifi_udppacket"
|
|
16
|
+
mclient -u monetdb -d threatmonitor < geoip-import.sql
|
|
20
17
|
|
|
21
|
-
|
|
18
|
+
Web Interface
|
|
22
19
|
|
|
23
|
-
|
|
20
|
+
http://172.17.0.1:4567/dashboard
|
|
24
21
|
|
|
25
|
-
|
|
26
|
-
obj.tblname_ippacket = "wifi_ippacket"
|
|
27
|
-
obj.tblname_tcppacket = "wifi_tcppacket"
|
|
28
|
-
obj.tblname_udppacket = "wifi_udppacket"
|
|
29
|
-
obj.dbconnect
|
|
22
|
+
Your defaults file is the config.rb in the gem directory for now.
|
|
30
23
|
|
|
31
|
-
ruby
|
|
24
|
+
/usr/local/lib/ruby/gems/2.1.0/gems/thm-0.1.9/config.rb
|
|
25
|
+
|
|
26
|
+
To Capture data:
|
|
27
|
+
|
|
28
|
+
thm-producer -m capture -i eth0
|
|
29
|
+
|
|
30
|
+
To Consume data into the Database
|
|
31
|
+
|
|
32
|
+
thm-consumer -r
|
|
33
|
+
|
|
34
|
+
For the RabbitMQ Admin http://172.17.0.1:15672 - admin password goblin
|
|
35
|
+
|
|
36
|
+
Please note
|
|
37
|
+
|
|
38
|
+
gem install thm
|
|
39
|
+
|
|
40
|
+
To Keep everything upto date with the current release.
|
|
41
|
+
|
|
42
|
+
Have fun!
|
|
32
43
|
|
|
33
|
-
Thats really all the is to it.
|
|
34
44
|
|
|
35
|
-
Enjoy!
|
|
36
45
|
|
|
37
46
|
Brian Hood
|
|
38
47
|
|
data/README.md
CHANGED
|
@@ -11,11 +11,17 @@ RabbitMQ
|
|
|
11
11
|
|
|
12
12
|
MonetDB or MySQL
|
|
13
13
|
|
|
14
|
-
Ruby
|
|
14
|
+
Ruby 2.1.x ( 2.2 we have a issue building eventmachine native )
|
|
15
|
+
|
|
16
|
+
Libpcap 1.5.3 ( For pcaplet to build )
|
|
15
17
|
|
|
16
18
|
Pcaplet - https://github.com/ahobson/ruby-pcap
|
|
17
19
|
|
|
18
|
-
PCAPRUB - https://github.com/puppetpies/pcaprub - For Interface Realtime capture / dumping to disk
|
|
20
|
+
PCAPRUB - https://github.com/puppetpies/pcaprub - For Interface Realtime capture / dumping to disk ( Comming soon )
|
|
21
|
+
|
|
22
|
+
Docker Image ( https://hub.docker.com/u/puppetpies ( docker pull puppetpies/threatmonitor-suite ) )
|
|
23
|
+
|
|
24
|
+
Rubygem released 0.1.9 at time of writing ( gem install thm ) https://rubygems.org/gems/thm
|
|
19
25
|
|
|
20
26
|
|
|
21
27
|
|
data/bin/thm-consumer
CHANGED
data/bin/thm-pcap
CHANGED
data/bin/thm-producer
CHANGED
data/bin/thm-session
CHANGED
|
@@ -21,7 +21,10 @@ require File.expand_path(File.join(
|
|
|
21
21
|
File.dirname(__FILE__),
|
|
22
22
|
"../thm-authentication.rb"))
|
|
23
23
|
|
|
24
|
-
|
|
24
|
+
require File.expand_path(File.join(
|
|
25
|
+
File.dirname(__FILE__),
|
|
26
|
+
"../lib/version.rb"))
|
|
27
|
+
|
|
25
28
|
|
|
26
29
|
class Sinatra::Base
|
|
27
30
|
|
|
@@ -60,6 +63,8 @@ class Geocounter
|
|
|
60
63
|
# Compile in array with the totals of all instance variables
|
|
61
64
|
def geocount_compile
|
|
62
65
|
countrycounts = Array.new
|
|
66
|
+
# You can't really inherit this class as the other class may also contain instance variables
|
|
67
|
+
# its not really an exact logic this class only works alone.
|
|
63
68
|
instance_variables.each {|n|
|
|
64
69
|
t = n.to_s.gsub("@", "")
|
|
65
70
|
countrycounts << ["#{t}", instance_variable_get("#{n}")]
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
|
|
2
|
+
module Thm
|
|
3
|
+
|
|
4
|
+
class FileServices
|
|
5
|
+
|
|
6
|
+
def initialize
|
|
7
|
+
@fdata = String.new
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def conf_loader(file="config.rb", loadswitch=true)
|
|
11
|
+
file ||= file
|
|
12
|
+
if !File.exists?("#{Dir.home}/.thm/#{file}")
|
|
13
|
+
File.open("#{Dir.home}/.thm/#{file}", 'w') {|n|
|
|
14
|
+
n.write(@fdata)
|
|
15
|
+
}
|
|
16
|
+
end
|
|
17
|
+
begin
|
|
18
|
+
if loadswitch == true
|
|
19
|
+
require Dir.home+"/.thm/#{file}"
|
|
20
|
+
end
|
|
21
|
+
rescue
|
|
22
|
+
puts "Failed to load something went wrong check permissions !"
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def thmhome?(file="config.rb")
|
|
27
|
+
file ||= file
|
|
28
|
+
if Dir.exists?("#{Dir.home}/.thm") == false
|
|
29
|
+
Dir.mkdir("#{Dir.home}/.thm")
|
|
30
|
+
puts "Creating .thm home subfolder copying config.rb"
|
|
31
|
+
#puts "#{File.getwd}"
|
|
32
|
+
File.open(File.expand_path(File.join(File.dirname(__FILE__), "../../#{file}")), 'r') {|n|
|
|
33
|
+
n.each_line {|l|
|
|
34
|
+
@fdata << l
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
end
|
|
38
|
+
begin
|
|
39
|
+
#puts "FDATA: #{@fdata}"
|
|
40
|
+
#puts "Begin"
|
|
41
|
+
conf_loader("#{file}")
|
|
42
|
+
conf_loader("config-original.rb", false)
|
|
43
|
+
rescue
|
|
44
|
+
puts "Error loading config from home directory"
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
end
|
data/lib/thm/producer.rb
CHANGED
|
@@ -163,18 +163,18 @@ module Thm
|
|
|
163
163
|
udppacketsql = "SELECT * FROM #{@tblname_udppacket} WHERE guid = '#{guid}'"
|
|
164
164
|
res3 = @conn.query("#{udppacketsql}")
|
|
165
165
|
while row3 = res3.fetch_hash do
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
166
|
+
if v == 100
|
|
167
|
+
puts "UDP: MSGID: #{n} GUID: #{guid}"
|
|
168
|
+
v = 0
|
|
169
|
+
end
|
|
170
|
+
v = v + 1 unless v == 100
|
|
171
|
+
pcktdata = { 'udppacket' => {
|
|
172
|
+
'guid' => row3["guid"],
|
|
173
|
+
'recv_date' => row3["recv_date"],
|
|
174
|
+
'udp_dport' => row3["udp_dport"],
|
|
175
|
+
'udp_len' => row3["udp_len"],
|
|
176
|
+
'udp_sum' => row3["udp_sum"],
|
|
177
|
+
'udp_sport' => row3["udp_sport"]
|
|
178
178
|
}
|
|
179
179
|
}
|
|
180
180
|
pcktyaml = pcktdata.to_yaml
|
data/lib/thm/version.rb
CHANGED
data/lib/thm.rb
CHANGED
|
@@ -16,7 +16,6 @@ require 'guid'
|
|
|
16
16
|
require 'yaml'
|
|
17
17
|
require 'pcaplet'
|
|
18
18
|
require 'pcaprub' # For Live capture / write
|
|
19
|
-
#require '../datalayerlight.rb'
|
|
20
19
|
require File.expand_path(File.join(
|
|
21
20
|
File.dirname(__FILE__),
|
|
22
21
|
"../datalayerlight.rb"))
|
|
@@ -38,7 +37,7 @@ module Tools
|
|
|
38
37
|
end
|
|
39
38
|
|
|
40
39
|
end
|
|
41
|
-
|
|
40
|
+
|
|
42
41
|
# Load Datasources
|
|
43
42
|
require File.expand_path(File.join(
|
|
44
43
|
File.dirname(__FILE__),
|
|
@@ -56,14 +55,11 @@ require File.expand_path(File.join(
|
|
|
56
55
|
File.dirname(__FILE__),
|
|
57
56
|
"../lib/thm/localmachine.rb"))
|
|
58
57
|
|
|
58
|
+
require File.expand_path(File.join(
|
|
59
|
+
File.dirname(__FILE__),
|
|
60
|
+
"../lib/thm/fileservices.rb"))
|
|
61
|
+
|
|
62
|
+
# Versioning information
|
|
59
63
|
require File.expand_path(File.join(
|
|
60
64
|
File.dirname(__FILE__),
|
|
61
65
|
"../lib/thm/version.rb"))
|
|
62
|
-
|
|
63
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
64
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
65
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
66
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
67
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
68
|
-
|
|
69
|
-
|
data/thm-authentication.rb
CHANGED
|
@@ -10,9 +10,11 @@
|
|
|
10
10
|
########################################################################
|
|
11
11
|
|
|
12
12
|
require "#{File.dirname(__FILE__)}/lib/thm.rb"
|
|
13
|
-
require "#{File.dirname(__FILE__)}/config.rb"
|
|
14
13
|
require "#{File.dirname(__FILE__)}/thm-privileges.rb"
|
|
15
14
|
|
|
15
|
+
conf = Thm::FileServices.new
|
|
16
|
+
conf.thmhome?
|
|
17
|
+
|
|
16
18
|
#require File.expand_path(File.join(
|
|
17
19
|
# File.dirname(__FILE__),
|
|
18
20
|
# "/lib/thm.rb")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: thm
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- puppetpies
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-07-
|
|
11
|
+
date: 2015-07-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -196,6 +196,7 @@ files:
|
|
|
196
196
|
- lib/thm.rb
|
|
197
197
|
- lib/thm/consumer.rb
|
|
198
198
|
- lib/thm/dataservices.rb
|
|
199
|
+
- lib/thm/fileservices.rb
|
|
199
200
|
- lib/thm/localmachine.rb
|
|
200
201
|
- lib/thm/producer.rb
|
|
201
202
|
- lib/thm/version.rb
|