thm 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.1ST +31 -22
- data/README.md +8 -2
- data/bin/thm-consumer +2 -3
- data/bin/thm-pcap +2 -3
- data/bin/thm-producer +2 -3
- data/bin/thm-session +6 -1
- data/lib/thm/fileservices.rb +50 -0
- data/lib/thm/producer.rb +12 -12
- data/lib/thm/version.rb +2 -2
- data/lib/thm.rb +6 -10
- data/thm-authentication.rb +3 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa7c387a68e5840edc14a7629620e22abb9ccb07
|
|
4
|
+
data.tar.gz: 9330f2f74820536f0b951bb2985076cceb7b691a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 215c395d5b190ca1f5fd6c2475e7f6799011fb098dea268904d3c57149369fa804a3dbf31a3c11a4829610f67dfd703cb1e5d0e433e4f04c70f654d422650466
|
|
7
|
+
data.tar.gz: 4cc76204aa3a73b7b0733026a2ee2f5e468672c7b4285aaa15acf3165be744cc0976dc6d027ca9b783bb67a6ba2094b25a267b2f0574cba8360a47733eb4bdf9
|
data/README.1ST
CHANGED
|
@@ -1,38 +1,47 @@
|
|
|
1
|
-
Threatmonitor
|
|
2
|
-
|
|
1
|
+
Threatmonitor Packet Analysis Suite HOWTO
|
|
2
|
+
=========================================
|
|
3
3
|
|
|
4
|
+
To import example data.
|
|
4
5
|
|
|
5
|
-
|
|
6
|
+
mclient -u monetdb -d threatmonitor < threatmonitor-exampledata.sql
|
|
6
7
|
|
|
7
|
-
|
|
8
|
+
password same as username per monetdb default admin user setup.
|
|
8
9
|
|
|
9
|
-
|
|
10
|
+
Will also need to import the GeoIP Data.
|
|
10
11
|
|
|
11
|
-
|
|
12
|
+
The web interface admin login is admin - default password goblin
|
|
12
13
|
|
|
13
|
-
You
|
|
14
|
+
You will also need the GeoIP Data importing as well for the Web interface Dashboard the operate
|
|
14
15
|
|
|
15
|
-
|
|
16
|
-
obj.queueprefix = "wifi"
|
|
17
|
-
obj.tblname_ippacket = "wifi_ippacket"
|
|
18
|
-
obj.tblname_tcppacket = "wifi_tcppacket"
|
|
19
|
-
obj.tblname_udppacket = "wifi_udppacket"
|
|
16
|
+
mclient -u monetdb -d threatmonitor < geoip-import.sql
|
|
20
17
|
|
|
21
|
-
|
|
18
|
+
Web Interface
|
|
22
19
|
|
|
23
|
-
|
|
20
|
+
http://172.17.0.1:4567/dashboard
|
|
24
21
|
|
|
25
|
-
|
|
26
|
-
obj.tblname_ippacket = "wifi_ippacket"
|
|
27
|
-
obj.tblname_tcppacket = "wifi_tcppacket"
|
|
28
|
-
obj.tblname_udppacket = "wifi_udppacket"
|
|
29
|
-
obj.dbconnect
|
|
22
|
+
Your defaults file is the config.rb in the gem directory for now.
|
|
30
23
|
|
|
31
|
-
ruby
|
|
24
|
+
/usr/local/lib/ruby/gems/2.1.0/gems/thm-0.1.9/config.rb
|
|
25
|
+
|
|
26
|
+
To Capture data:
|
|
27
|
+
|
|
28
|
+
thm-producer -m capture -i eth0
|
|
29
|
+
|
|
30
|
+
To Consume data into the Database
|
|
31
|
+
|
|
32
|
+
thm-consumer -r
|
|
33
|
+
|
|
34
|
+
For the RabbitMQ Admin http://172.17.0.1:15672 - admin password goblin
|
|
35
|
+
|
|
36
|
+
Please note
|
|
37
|
+
|
|
38
|
+
gem install thm
|
|
39
|
+
|
|
40
|
+
To Keep everything upto date with the current release.
|
|
41
|
+
|
|
42
|
+
Have fun!
|
|
32
43
|
|
|
33
|
-
Thats really all the is to it.
|
|
34
44
|
|
|
35
|
-
Enjoy!
|
|
36
45
|
|
|
37
46
|
Brian Hood
|
|
38
47
|
|
data/README.md
CHANGED
|
@@ -11,11 +11,17 @@ RabbitMQ
|
|
|
11
11
|
|
|
12
12
|
MonetDB or MySQL
|
|
13
13
|
|
|
14
|
-
Ruby
|
|
14
|
+
Ruby 2.1.x ( 2.2 we have a issue building eventmachine native )
|
|
15
|
+
|
|
16
|
+
Libpcap 1.5.3 ( For pcaplet to build )
|
|
15
17
|
|
|
16
18
|
Pcaplet - https://github.com/ahobson/ruby-pcap
|
|
17
19
|
|
|
18
|
-
PCAPRUB - https://github.com/puppetpies/pcaprub - For Interface Realtime capture / dumping to disk
|
|
20
|
+
PCAPRUB - https://github.com/puppetpies/pcaprub - For Interface Realtime capture / dumping to disk ( Comming soon )
|
|
21
|
+
|
|
22
|
+
Docker Image ( https://hub.docker.com/u/puppetpies ( docker pull puppetpies/threatmonitor-suite ) )
|
|
23
|
+
|
|
24
|
+
Rubygem released 0.1.9 at time of writing ( gem install thm ) https://rubygems.org/gems/thm
|
|
19
25
|
|
|
20
26
|
|
|
21
27
|
|
data/bin/thm-consumer
CHANGED
data/bin/thm-pcap
CHANGED
data/bin/thm-producer
CHANGED
data/bin/thm-session
CHANGED
|
@@ -21,7 +21,10 @@ require File.expand_path(File.join(
|
|
|
21
21
|
File.dirname(__FILE__),
|
|
22
22
|
"../thm-authentication.rb"))
|
|
23
23
|
|
|
24
|
-
|
|
24
|
+
require File.expand_path(File.join(
|
|
25
|
+
File.dirname(__FILE__),
|
|
26
|
+
"../lib/version.rb"))
|
|
27
|
+
|
|
25
28
|
|
|
26
29
|
class Sinatra::Base
|
|
27
30
|
|
|
@@ -60,6 +63,8 @@ class Geocounter
|
|
|
60
63
|
# Compile in array with the totals of all instance variables
|
|
61
64
|
def geocount_compile
|
|
62
65
|
countrycounts = Array.new
|
|
66
|
+
# You can't really inherit this class as the other class may also contain instance variables
|
|
67
|
+
# its not really an exact logic this class only works alone.
|
|
63
68
|
instance_variables.each {|n|
|
|
64
69
|
t = n.to_s.gsub("@", "")
|
|
65
70
|
countrycounts << ["#{t}", instance_variable_get("#{n}")]
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
|
|
2
|
+
module Thm
|
|
3
|
+
|
|
4
|
+
class FileServices
|
|
5
|
+
|
|
6
|
+
def initialize
|
|
7
|
+
@fdata = String.new
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def conf_loader(file="config.rb", loadswitch=true)
|
|
11
|
+
file ||= file
|
|
12
|
+
if !File.exists?("#{Dir.home}/.thm/#{file}")
|
|
13
|
+
File.open("#{Dir.home}/.thm/#{file}", 'w') {|n|
|
|
14
|
+
n.write(@fdata)
|
|
15
|
+
}
|
|
16
|
+
end
|
|
17
|
+
begin
|
|
18
|
+
if loadswitch == true
|
|
19
|
+
require Dir.home+"/.thm/#{file}"
|
|
20
|
+
end
|
|
21
|
+
rescue
|
|
22
|
+
puts "Failed to load something went wrong check permissions !"
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def thmhome?(file="config.rb")
|
|
27
|
+
file ||= file
|
|
28
|
+
if Dir.exists?("#{Dir.home}/.thm") == false
|
|
29
|
+
Dir.mkdir("#{Dir.home}/.thm")
|
|
30
|
+
puts "Creating .thm home subfolder copying config.rb"
|
|
31
|
+
#puts "#{File.getwd}"
|
|
32
|
+
File.open(File.expand_path(File.join(File.dirname(__FILE__), "../../#{file}")), 'r') {|n|
|
|
33
|
+
n.each_line {|l|
|
|
34
|
+
@fdata << l
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
end
|
|
38
|
+
begin
|
|
39
|
+
#puts "FDATA: #{@fdata}"
|
|
40
|
+
#puts "Begin"
|
|
41
|
+
conf_loader("#{file}")
|
|
42
|
+
conf_loader("config-original.rb", false)
|
|
43
|
+
rescue
|
|
44
|
+
puts "Error loading config from home directory"
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
end
|
data/lib/thm/producer.rb
CHANGED
|
@@ -163,18 +163,18 @@ module Thm
|
|
|
163
163
|
udppacketsql = "SELECT * FROM #{@tblname_udppacket} WHERE guid = '#{guid}'"
|
|
164
164
|
res3 = @conn.query("#{udppacketsql}")
|
|
165
165
|
while row3 = res3.fetch_hash do
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
166
|
+
if v == 100
|
|
167
|
+
puts "UDP: MSGID: #{n} GUID: #{guid}"
|
|
168
|
+
v = 0
|
|
169
|
+
end
|
|
170
|
+
v = v + 1 unless v == 100
|
|
171
|
+
pcktdata = { 'udppacket' => {
|
|
172
|
+
'guid' => row3["guid"],
|
|
173
|
+
'recv_date' => row3["recv_date"],
|
|
174
|
+
'udp_dport' => row3["udp_dport"],
|
|
175
|
+
'udp_len' => row3["udp_len"],
|
|
176
|
+
'udp_sum' => row3["udp_sum"],
|
|
177
|
+
'udp_sport' => row3["udp_sport"]
|
|
178
178
|
}
|
|
179
179
|
}
|
|
180
180
|
pcktyaml = pcktdata.to_yaml
|
data/lib/thm/version.rb
CHANGED
data/lib/thm.rb
CHANGED
|
@@ -16,7 +16,6 @@ require 'guid'
|
|
|
16
16
|
require 'yaml'
|
|
17
17
|
require 'pcaplet'
|
|
18
18
|
require 'pcaprub' # For Live capture / write
|
|
19
|
-
#require '../datalayerlight.rb'
|
|
20
19
|
require File.expand_path(File.join(
|
|
21
20
|
File.dirname(__FILE__),
|
|
22
21
|
"../datalayerlight.rb"))
|
|
@@ -38,7 +37,7 @@ module Tools
|
|
|
38
37
|
end
|
|
39
38
|
|
|
40
39
|
end
|
|
41
|
-
|
|
40
|
+
|
|
42
41
|
# Load Datasources
|
|
43
42
|
require File.expand_path(File.join(
|
|
44
43
|
File.dirname(__FILE__),
|
|
@@ -56,14 +55,11 @@ require File.expand_path(File.join(
|
|
|
56
55
|
File.dirname(__FILE__),
|
|
57
56
|
"../lib/thm/localmachine.rb"))
|
|
58
57
|
|
|
58
|
+
require File.expand_path(File.join(
|
|
59
|
+
File.dirname(__FILE__),
|
|
60
|
+
"../lib/thm/fileservices.rb"))
|
|
61
|
+
|
|
62
|
+
# Versioning information
|
|
59
63
|
require File.expand_path(File.join(
|
|
60
64
|
File.dirname(__FILE__),
|
|
61
65
|
"../lib/thm/version.rb"))
|
|
62
|
-
|
|
63
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
64
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
65
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
66
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
67
|
-
#require "#{File.dirname(__FILE__)}/"
|
|
68
|
-
|
|
69
|
-
|
data/thm-authentication.rb
CHANGED
|
@@ -10,9 +10,11 @@
|
|
|
10
10
|
########################################################################
|
|
11
11
|
|
|
12
12
|
require "#{File.dirname(__FILE__)}/lib/thm.rb"
|
|
13
|
-
require "#{File.dirname(__FILE__)}/config.rb"
|
|
14
13
|
require "#{File.dirname(__FILE__)}/thm-privileges.rb"
|
|
15
14
|
|
|
15
|
+
conf = Thm::FileServices.new
|
|
16
|
+
conf.thmhome?
|
|
17
|
+
|
|
16
18
|
#require File.expand_path(File.join(
|
|
17
19
|
# File.dirname(__FILE__),
|
|
18
20
|
# "/lib/thm.rb")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: thm
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- puppetpies
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-07-
|
|
11
|
+
date: 2015-07-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -196,6 +196,7 @@ files:
|
|
|
196
196
|
- lib/thm.rb
|
|
197
197
|
- lib/thm/consumer.rb
|
|
198
198
|
- lib/thm/dataservices.rb
|
|
199
|
+
- lib/thm/fileservices.rb
|
|
199
200
|
- lib/thm/localmachine.rb
|
|
200
201
|
- lib/thm/producer.rb
|
|
201
202
|
- lib/thm/version.rb
|