-
Notifications
You must be signed in to change notification settings - Fork 159
/
vulnerability.go
127 lines (102 loc) · 3.48 KB
/
vulnerability.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*
* NETCAP - Traffic Analysis Framework
* Copyright (c) 2017-2020 Philipp Mieden <dreadl0ck [at] protonmail [dot] ch>
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
package maltego
import (
"errors"
"fmt"
"io"
"log"
"os"
"strings"
"github.com/gogo/protobuf/proto"
"github.com/dreadl0ck/maltego"
"github.com/dreadl0ck/netcap/defaults"
netio "github.com/dreadl0ck/netcap/io"
"github.com/dreadl0ck/netcap/types"
)
// vulnerabilityTransformationFunc is a transformation over Vulnerability vulns for a selected Vulnerability.
type vulnerabilityTransformationFunc = func(lt maltego.LocalTransform, trx *maltego.Transform, vuln *types.Vulnerability, min, max uint64, vulnsFile string, mac string, ip string)
// deviceProfileCountFunc is a function that counts something over DeviceProfiles.
type vulnerabilityCountFunc = func(vuln *types.Vulnerability, mac string, min, max *uint64)
// VulnerabilityTransform applies a maltego transformation over Vulnerability vulns seen for a target Vulnerability.
func VulnerabilityTransform(count vulnerabilityCountFunc, transform vulnerabilityTransformationFunc) {
var (
lt = maltego.ParseLocalArguments(os.Args[3:])
path = strings.TrimPrefix(lt.Values["path"], "file://")
mac = lt.Values["mac"]
ipaddr = lt.Values[PropertyIpAddr]
trx = maltego.Transform{}
)
netio.FPrintBuildInfo(os.Stderr)
f, path := openFile(path)
// check if its an audit record file
if !strings.HasSuffix(f.Name(), defaults.FileExtensionCompressed) && !strings.HasSuffix(f.Name(), defaults.FileExtension) {
maltego.Die(errUnexpectedFileType, f.Name())
}
r := openNetcapArchive(path)
// read netcap header
header, errFileHeader := r.ReadHeader()
if errFileHeader != nil {
maltego.Die("failed to read file header", errFileHeader.Error())
}
if header != nil && header.Type != types.Type_NC_Vulnerability {
maltego.Die("file does not contain Vulnerability records", header.Type.String())
}
var (
vuln = new(types.Vulnerability)
pm proto.Message
ok bool
)
pm = vuln
if _, ok = pm.(types.AuditRecord); !ok {
panic("type does not implement types.AuditRecord interface")
}
var (
min uint64 = 10000000
max uint64 = 0
err error
)
if count != nil {
for {
err = r.Next(vuln)
if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
break
} else if err != nil {
maltego.Die(err.Error(), errUnexpectedReadFailure)
}
count(vuln, mac, &min, &max)
}
err = r.Close()
if err != nil {
log.Println("failed to close audit record file: ", err)
}
}
r = openNetcapArchive(path)
// read netcap header - ignore err as it has been checked before
_, _ = r.ReadHeader()
for {
err = r.Next(vuln)
if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
break
} else if err != nil {
panic(err)
}
transform(lt, &trx, vuln, min, max, path, mac, ipaddr)
}
err = r.Close()
if err != nil {
log.Println("failed to close audit record file: ", err)
}
trx.AddUIMessage("completed!", maltego.UIMessageInform)
fmt.Println(trx.ReturnOutput())
}