Permalink
Browse files

initial commit, moving to git

  • Loading branch information...
dakrone committed Oct 8, 2008
0 parents commit 6fffc6f7cc6b0134be33f1de56f736a27528a112
Showing with 27,519 additions and 0 deletions.
  1. +130 −0 CHANGELOG
  2. +150 −0 LGPL.license
  3. +18 −0 LICENSE
  4. +1 −0 README
  5. +96 −0 TODO
  6. BIN docs/NSM-Console.pdf
  7. +15 −0 files
  8. +6 −0 gentags
  9. +16 −0 lib/colors.rb
  10. +55 −0 lib/command_manager.rb
  11. +912 −0 lib/commands.rb
  12. +137 −0 lib/encodelib.rb
  13. +18 −0 lib/history.rb
  14. +63 −0 lib/logging.rb
  15. +65 −0 lib/nsm_alias.rb
  16. +43 −0 lib/nsm_category.rb
  17. +157 −0 lib/nsm_console.rb
  18. +361 −0 lib/nsm_helper.rb
  19. +156 −0 lib/nsm_module.rb
  20. +174 −0 lib/pcaplib.rb
  21. +173 −0 lib/pcapparser.rb
  22. +1 −0 logs/logsgohere
  23. +57 −0 logs/nsm-log.2008107.log
  24. +4 −0 logs/nsm-log.2008828.log
  25. +43 −0 modules/README
  26. +1 −0 modules/aimsnarf.module/aimsnarf
  27. +1 −0 modules/aimsnarf.module/defaults
  28. +1 −0 modules/aimsnarf.module/description
  29. +7 −0 modules/aimsnarf.module/info
  30. +5 −0 modules/argus-basic.module/argus-basic
  31. +10 −0 modules/argus-basic.module/defaults
  32. +1 −0 modules/argus-basic.module/description
  33. +22 −0 modules/argus-basic.module/info
  34. +2 −0 modules/argus3-pcap2flow.module/argus3-pcap2flow
  35. +6 −0 modules/argus3-pcap2flow.module/defaults
  36. +1 −0 modules/argus3-pcap2flow.module/description
  37. +12 −0 modules/argus3-pcap2flow.module/info
  38. +14 −0 modules/argus3-ramon.module/argus3-ramon
  39. +11 −0 modules/argus3-ramon.module/defaults
  40. +1 −0 modules/argus3-ramon.module/description
  41. +23 −0 modules/argus3-ramon.module/info
  42. +4 −0 modules/argus3-ramon.module/racluster-HostProto.conf
  43. +4 −0 modules/argus3-ramon.module/racluster-HostSvc.conf
  44. +4 −0 modules/argus3-ramon.module/racluster-Matrix.conf
  45. +4 −0 modules/argus3-ramon.module/racluster-Svc.conf
  46. +4 −0 modules/argus3-ramon.module/racluster-TopN.conf
  47. +2 −0 modules/bro-ids-conn.module/bro-ids-conn
  48. +171 −0 modules/bro-ids-conn.module/bro.cfg
  49. 0 modules/bro-ids-conn.module/defaults
  50. +1 −0 modules/bro-ids-conn.module/description
  51. +4 −0 modules/bro-ids-conn.module/info
  52. +1 −0 modules/bro-ids-protocol.module/bro-ids-protocol
  53. +171 −0 modules/bro-ids-protocol.module/bro.cfg
  54. +1 −0 modules/bro-ids-protocol.module/defaults
  55. +1 −0 modules/bro-ids-protocol.module/description
  56. +6 −0 modules/bro-ids-protocol.module/info
  57. +2 −0 modules/bro-ids-stream.module/bro-ids-stream
  58. +171 −0 modules/bro-ids-stream.module/bro.cfg
  59. 0 modules/bro-ids-stream.module/defaults
  60. +1 −0 modules/bro-ids-stream.module/description
  61. +4 −0 modules/bro-ids-stream.module/info
  62. +1 −0 modules/capinfos.module/capinfos
  63. +1 −0 modules/capinfos.module/defaults
  64. +1 −0 modules/capinfos.module/description
  65. +7 −0 modules/capinfos.module/info
  66. +3 −0 modules/categories/IDS
  67. +7 −0 modules/categories/flow
  68. +10 −0 modules/categories/forensics
  69. 0 modules/categories/nsm
  70. +5 −0 modules/categories/statistics
  71. +1 −0 modules/chaosreader.module/chaosreader
  72. +1 −0 modules/chaosreader.module/defaults
  73. +1 −0 modules/chaosreader.module/description
  74. +8 −0 modules/chaosreader.module/info
  75. +1 −0 modules/clamscan.module/clamscan
  76. +2 −0 modules/clamscan.module/defaults
  77. +1 −0 modules/clamscan.module/description
  78. +10 −0 modules/clamscan.module/info
  79. +4 −0 modules/dnstop.module/defaults
  80. +1 −0 modules/dnstop.module/description
  81. +1 −0 modules/dnstop.module/dnstop
  82. +9 −0 modules/dnstop.module/info
  83. +2 −0 modules/fl0p.module/defaults
  84. +1 −0 modules/fl0p.module/description
  85. +1 −0 modules/fl0p.module/fl0p
  86. +7 −0 modules/fl0p.module/info
  87. 0 modules/flowtag.module/defaults
  88. +1 −0 modules/flowtag.module/description
  89. +1 −0 modules/flowtag.module/flowtag
  90. +5 −0 modules/flowtag.module/info
  91. +3 −0 modules/flowtime.module/defaults
  92. +1 −0 modules/flowtime.module/description
  93. +1 −0 modules/flowtime.module/flowtime
  94. +12 −0 modules/flowtime.module/info
  95. +2 −0 modules/foremost.module/defaults
  96. +1 −0 modules/foremost.module/description
  97. +1 −0 modules/foremost.module/foremost
  98. +7 −0 modules/foremost.module/info
  99. +1 −0 modules/harimau.module/defaults
  100. +1 −0 modules/harimau.module/description
  101. +1 −0 modules/harimau.module/harimau
  102. +59 −0 modules/harimau.module/harimau.rb
  103. +7 −0 modules/harimau.module/info
  104. +106 −0 modules/harimau.module/pcapparser.rb
  105. 0 modules/hash.module/defaults
  106. +1 −0 modules/hash.module/description
  107. +2 −0 modules/hash.module/hash
  108. +4 −0 modules/hash.module/info
  109. +2 −0 modules/honeysnap.module/defaults
  110. +1 −0 modules/honeysnap.module/description
  111. +1 −0 modules/honeysnap.module/honeysnap
  112. +87 −0 modules/honeysnap.module/honeysnap.cfg
  113. +8 −0 modules/honeysnap.module/info
  114. +1 −0 modules/httpry.module/defaults
  115. +1 −0 modules/httpry.module/description
  116. +1 −0 modules/httpry.module/httpry
  117. +7 −0 modules/httpry.module/info
  118. +1 −0 modules/ip2asn.module/defaults
  119. +1 −0 modules/ip2asn.module/description
  120. +6 −0 modules/ip2asn.module/info
  121. +1 −0 modules/ip2asn.module/ip2asn
  122. +53 −0 modules/ip2asn.module/ip2asn.rb
  123. +172 −0 modules/ip2asn.module/pcapparser.rb
  124. +1 −0 modules/iploc.module/defaults
  125. +1 −0 modules/iploc.module/description
  126. +11 −0 modules/iploc.module/info
  127. +1 −0 modules/iploc.module/iploc
  128. +1 −0 modules/ngrep.module/description
  129. +3 −0 modules/ngrep.module/info
  130. +9 −0 modules/ngrep.module/ngrep
  131. +2 −0 modules/p0f.module/defaults
  132. +1 −0 modules/p0f.module/description
  133. +8 −0 modules/p0f.module/info
  134. +1 −0 modules/p0f.module/p0f
  135. +1 −0 modules/pads.module/defaults
  136. +1 −0 modules/pads.module/description
  137. +6 −0 modules/pads.module/info
  138. +1 −0 modules/pads.module/pads
  139. +66 −0 modules/snort.module/classification.config
  140. +3 −0 modules/snort.module/defaults
  141. +1 −0 modules/snort.module/description
  142. +8 −0 modules/snort.module/info
  143. +14 −0 modules/snort.module/reference.config
  144. +340 −0 modules/snort.module/rules/LICENSE
  145. +128 −0 modules/snort.module/rules/bleeding-attack_response.rules
  146. +58 −0 modules/snort.module/rules/bleeding-botcc-BLOCK.rules
  147. +22 −0 modules/snort.module/rules/bleeding-botcc.excluded
  148. +58 −0 modules/snort.module/rules/bleeding-botcc.rules
  149. +40 −0 modules/snort.module/rules/bleeding-compromised-BLOCK.rules
  150. +40 −0 modules/snort.module/rules/bleeding-compromised.rules
  151. +106 −0 modules/snort.module/rules/bleeding-dos.rules
  152. +47 −0 modules/snort.module/rules/bleeding-drop-BLOCK.rules
  153. +47 −0 modules/snort.module/rules/bleeding-drop.rules
  154. +35 −0 modules/snort.module/rules/bleeding-dshield-BLOCK.rules
  155. +35 −0 modules/snort.module/rules/bleeding-dshield.rules
  156. +751 −0 modules/snort.module/rules/bleeding-exploit.rules
  157. +98 −0 modules/snort.module/rules/bleeding-game.rules
  158. +66 −0 modules/snort.module/rules/bleeding-inappropriate.rules
  159. +1,586 −0 modules/snort.module/rules/bleeding-malware.rules
  160. +155 −0 modules/snort.module/rules/bleeding-p2p.rules
  161. +1,358 −0 modules/snort.module/rules/bleeding-policy.rules
  162. +92 −0 modules/snort.module/rules/bleeding-rbn-BLOCK.rules
  163. +91 −0 modules/snort.module/rules/bleeding-rbn.rules
  164. +130 −0 modules/snort.module/rules/bleeding-scan.rules
  165. +6,274 −0 modules/snort.module/rules/bleeding-sid-msg.map
  166. +1,138 −0 modules/snort.module/rules/bleeding-virus.rules
  167. +49 −0 modules/snort.module/rules/bleeding-voip.rules
  168. +332 −0 modules/snort.module/rules/bleeding-web.rules
  169. +4,572 −0 modules/snort.module/rules/bleeding-web_sql_injection.rules
  170. +55 −0 modules/snort.module/rules/bleeding.conf
  171. +82 −0 modules/snort.module/rules/bleeding.rules
  172. +117 −0 modules/snort.module/rules/community-bot.rules
  173. +7 −0 modules/snort.module/rules/community-deleted.rules
  174. +16 −0 modules/snort.module/rules/community-dos.rules
  175. +11 −0 modules/snort.module/rules/community-exploit.rules
  176. +4 −0 modules/snort.module/rules/community-ftp.rules
  177. +10 −0 modules/snort.module/rules/community-game.rules
  178. +8 −0 modules/snort.module/rules/community-icmp.rules
  179. +15 −0 modules/snort.module/rules/community-imap.rules
  180. +8 −0 modules/snort.module/rules/community-inappropriate.rules
  181. +4 −0 modules/snort.module/rules/community-mail-client.rules
  182. +48 −0 modules/snort.module/rules/community-misc.rules
  183. +6 −0 modules/snort.module/rules/community-nntp.rules
  184. +6 −0 modules/snort.module/rules/community-oracle.rules
  185. +11 −0 modules/snort.module/rules/community-policy.rules
  186. +19 −0 modules/snort.module/rules/community-sip.rules
  187. +13 −0 modules/snort.module/rules/community-smtp.rules
  188. +15 −0 modules/snort.module/rules/community-sql-injection.rules
  189. +21 −0 modules/snort.module/rules/community-virus.rules
  190. +10 −0 modules/snort.module/rules/community-web-attacks.rules
  191. +22 −0 modules/snort.module/rules/community-web-cgi.rules
  192. +25 −0 modules/snort.module/rules/community-web-client.rules
  193. +5 −0 modules/snort.module/rules/community-web-dos.rules
  194. +10 −0 modules/snort.module/rules/community-web-iis.rules
  195. +215 −0 modules/snort.module/rules/community-web-misc.rules
  196. +474 −0 modules/snort.module/rules/community-web-php.rules
  197. +1 −0 modules/snort.module/snort
  198. +1,035 −0 modules/snort.module/snort.conf
  199. +104 −0 modules/snort.module/unicode.map
  200. +1 −0 modules/tcpdstat.module/defaults
  201. +1 −0 modules/tcpdstat.module/description
  202. +7 −0 modules/tcpdstat.module/info
  203. +1 −0 modules/tcpdstat.module/tcpdstat
  204. +1 −0 modules/tcpflow.module/defaults
  205. +1 −0 modules/tcpflow.module/description
  206. +7 −0 modules/tcpflow.module/info
  207. +1 −0 modules/tcpflow.module/tcpflow
  208. +4 −0 modules/tcpick.module/defaults
  209. +1 −0 modules/tcpick.module/description
  210. +9 −0 modules/tcpick.module/info
  211. +3 −0 modules/tcpick.module/tcpick
  212. +4 −0 modules/tcptrace.module/defaults
  213. +1 −0 modules/tcptrace.module/description
  214. +15 −0 modules/tcptrace.module/info
  215. +5 −0 modules/tcptrace.module/tcptrace
  216. +1 −0 modules/tcpxtract.module/defaults
  217. +1 −0 modules/tcpxtract.module/description
  218. +6 −0 modules/tcpxtract.module/info
  219. +122 −0 modules/tcpxtract.module/rp-tcpxtract.conf
  220. +1 −0 modules/tcpxtract.module/tcpxtract
  221. +95 −0 modules/tcpxtract.module/tcpxtract.conf
  222. +2 −0 modules/trace-summary.module/defaults
  223. +1 −0 modules/trace-summary.module/description
  224. +7 −0 modules/trace-summary.module/info
  225. +1 −0 modules/trace-summary.module/trace-summary
  226. +884 −0 modules/trace-summary.module/trace-summary.py
  227. +2 −0 modules/tshark.module/defaults
  228. +1 −0 modules/tshark.module/description
  229. +8 −0 modules/tshark.module/info
  230. +1 −0 modules/tshark.module/tshark
  231. +1 −0 modules/yahsnarf.module/defaults
  232. +1 −0 modules/yahsnarf.module/description
  233. +6 −0 modules/yahsnarf.module/info
  234. +12 −0 modules/yahsnarf.module/lib/bit-struct.rb
  235. +515 −0 modules/yahsnarf.module/lib/bit-struct/bit-struct.rb
  236. +68 −0 modules/yahsnarf.module/lib/bit-struct/char-field.rb
  237. +82 −0 modules/yahsnarf.module/lib/bit-struct/float-field.rb
  238. +36 −0 modules/yahsnarf.module/lib/bit-struct/hex-octet-field.rb
  239. +125 −0 modules/yahsnarf.module/lib/bit-struct/nested-field.rb
  240. +61 −0 modules/yahsnarf.module/lib/bit-struct/octet-field.rb
  241. +32 −0 modules/yahsnarf.module/lib/bit-struct/pad-field.rb
  242. +283 −0 modules/yahsnarf.module/lib/bit-struct/signed-field.rb
  243. +63 −0 modules/yahsnarf.module/lib/bit-struct/text-field.rb
  244. +273 −0 modules/yahsnarf.module/lib/bit-struct/unsigned-field.rb
  245. +70 −0 modules/yahsnarf.module/lib/bit-struct/yaml.rb
  246. +1 −0 modules/yahsnarf.module/yahsnarf
  247. +104 −0 modules/yahsnarf.module/yahsnarf.rb
  248. +136 −0 nsm
  249. +119 −0 tags
130 CHANGELOG
@@ -0,0 +1,130 @@
+Version 0.7
+DONE - \x33\x55 etc, done - decode hex now supports this automatically
+DONE - Allow encode/decode to work on files instead of just a textstring
+DONE - From Scholar: IP->ASN mapping, a module (ip2asn)
+DONE - From Scholar: IP->ASN mapping, a command (ip2asn)
+DONE - Upgrade revision of pcapparser library (support flags)
+DONE - 'print' command should print TCP flags using newer revision of pcapparser library
+SEMI-DONE - From Scholar: Some way to extract a list of IPs from a pcap (iplist)
+DONE - Change "run" so you can use "run aimsnarf" to run the aimsnarf module without toggling, etc
+DONE - Path error for modules when relative path is used, the full path to a file is now used (Grzegorz)
+DONE - add 'iplist' command to get a list of IP addresses, sorted by numbers
+DONE - Add yahsnarf module (extract yahoo IM conversations)
+DONE - Need pipes into commands and files, this includes but is not limited to: > < >> | (All except for < are done)
+DONE - Pipe redirection requires an extra enter to get a prompt, figure out why and fix it.
+DONE - Tempfile problems with gzip'd pcap files, use a regular file instead
+DONE - Add encoding method of just "hex" instead of hex_LSB and hex_MSB
+DONE - 'decode hex' should work on space delineated strings
+DONE - Default encode/decode for 'binary' is little-endian
+DONE - geek00l committed bro-ids-connection information module
+DONE - Automatic updating over SVN of NSM-Console
+
+Version 0.6
+DONE - rot13 encode/decode
+DONE - Fix error with an alias handling arguments
+DONE - Add 'dump' command, similar to print, dump binary payload of packet(s) to a file
+DONE - Warning when file doesn't exist
+DONE - Harimau attempts to use wget if it can, since it's about 10 times faster than Net::HTTP
+DONE - Argus rdns lookups were killing the speed. Added '-n' so it doesn't do that by default
+DONE - checkip tried to use wget if it's installed, should be much much faster
+DONE - tcptrace doesn't do rdns lookups because it was dying, -n is the default now
+DONE - fixed a typo in urlescape (en|de)coding, thanks John!
+DONE - Add clamscan module
+DONE - Use rawpacket's tcpxtract.conf instead of the regular one. (extract many many more types)
+DONE - Add foremost module
+DONE - let the clamscan module select which extraction dir it wants to look in (foremost? tcpxtract?)
+DONE - Need to add "color on", instead of just off and toggle
+DONE - Auto gunzip pcap files on the fly (only for .gz extensions) (doesn't work for directories)
+DONE - Clean up the autogunzipping
+DONE - Create the temp file in the NSM-Console directory, file is cleaned up on exit
+DONE - Directories support gzip'd files for modules, print and dump
+DONE (N/A)- dump doesn't like temp files, fix this -- doesn't matter any more, since gunzip the file once by default
+DONE - gunzip once, not every time, silly me.
+DONE - Separate the bro alarms and extracting the bro contents
+DONE - Update Snort rules (community and emerging)
+DONE - add "-f" tag to dump command to allow for full dumping of selected packets
+DONE - Add the trace-summary module (http://www.icir.org/robin/trace-summary/)
+DONE - Fixed a serious bug with argument parsing for dump -f
+
+
+Version 0.5
+DONE - Alias command!
+DONE - Change license of pcapparser
+DONE - Add flowtime module
+DONE - Make 'help' more readable
+DONE - Allow 'help' to take argument so you specify help for what you want
+DONE - Redirect error output to STDERR
+DONE - Read ~/.nsmcrc much quieter :)
+DONE - Alias handles concatinating of arguments (bugfix)
+DONE - Add license to header in nsm file
+DONE - Add aliases to tab completion without killing current completion
+DONE - (bugfix) Aliases without arguments casting nil to string
+DONE - Integrate IP checking with Mel's http://watchlist.security.org.my/ inline (instead of scriptable)
+DONE - Add the 'checkip' command (check the Harimau watchlist)
+DONE - Add harimau module
+DONE - Make checkip command use Ruby modules (Net::HTTP) instead of wget
+DONE - Give bro-ids option for user-settable cfg file
+DONE - Make bro-ids do more things (like actually produce alerts :P)
+DONE - Add some modules to better categories
+DONE - Toggle handle space-separated module names
+
+
+Version 0.4
+DONE - uuencode/decode
+DONE - Octal (just decoding so far)
+DONE - Char # encoding
+DONE - 'print #' shows packet # in tcpdump -X format, specify range, etc lots of options
+DONE - print support directories
+DONE - Fix "~" support (file support ~)
+DONE - 'output' command support ~ also
+DONE - Color terminal text whee!
+DONE - Read .nsmcrc on startup
+DONE - Fixed ^C usable for long packet prints works
+DONE - Finally caught ^C at the command line, so it doesn't die like crazy
+DONE - Trap SIGTERM
+DONE - print supports commas: p 1,20-25,101
+DONE - Add tcptrace module
+DONE - 'color' command to toggle color on and off
+DONE - Add tcpick module
+DONE - Screencast: creating a module for nsm-console
+
+
+Version 0.3
+DONE - Strip whitespace from the end of the command
+DONE - Allow "set" to handle whitespace between words/characters
+DONE (NoMethodFound error caught)- Better handling of "Command not found"
+DONE - Ability to specify a different log file
+DONE - Category dies completely if it can't read the file (fix this)
+DONE (I think) - Better error catching
+DONE - Fix 'help' command spacing
+DONE - "exec" command logs
+DONE - "exec" command will do replacement for ${PCAP_FILE}, ${PCAP_BASE}, ${MODULE_DIR} and ${OUTPUT_DIR}
+DONE - Add iploc module
+DONE - fl0p module
+DONE - Add website reference to each module's info file
+DONE - Log regular nsm-console commands
+DONE - Add "history" command
+DONE - Transition into a more OO-based structure to promote future development
+DONE - Log exit status of modules running
+DONE - Do replacement in outputdir (so ${PCAP_FILE} can be used)
+DONE - Add 'argus' module with many ra commands from the flow
+DONE - Snort emerging-threats rules? Should I replace the community rules with these?
+DONE - Default output ${PCAP_BASE}-output
+DONE - Licensing BSD vs GPLv2, BSD
+DONE - Add "e" command as shortcut for exec
+DONE - Add eval command to eval line of ruby
+DONE - Add encode/decode methods to tab completion
+DONE - Add PCAP_* to tab completion
+DONE - Add 'credits' command :)
+DONE - "encode" command
+DONE - "decode" command
+DONE - base64
+DONE - md5
+DONE - sha256
+DONE - url escape
+DONE - hex? LSB and MSB
+DONE - binary? LSB and MSB
+
+
+Version 0.2
+No changelog before this
Oops, something went wrong.

0 comments on commit 6fffc6f

Please sign in to comment.