Merge branch 'master' of https://github.com/eldraco/Sapito

# Conflicts:
#	README.md

.dockerignore

@@ -0,0 +1,6 @@
+videos/
+images/
+.git
+.gitignore
+.github
+__pycache__

.github/workflows/docker-image.yml

@@ -0,0 +1,42 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Docker Login
+      uses: docker/login-action@v1
+      with:
+        username: ${{ secrets.DOCKER_USER }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Docker meta
+      id: docker_meta
+      uses: docker/metadata-action@v4
+      with:
+        images: |
+          ${{ secrets.DOCKER_USER }}/sapito
+        flavor: |
+          latest=true
+        tags: |
+          type=sha
+    - name: Build and push
+      id: docker_build
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        file: Dockerfile
+        tags: ${{ steps.docker_meta.outputs.tags }}
+        labels: ${{ steps.docker_meta.outputs.labels }}
+        push: true

CITATION.cff

@@ -0,0 +1,20 @@
+cff-version: 1.2.0
+title: >-
+  Sapito: a multicast DNS (mDNS) sniffer and interpreter.
+message: 'If you use this software, please cite it as below.'
+type: software
+authors:
+  - given-names: Sebastian
+    family-names: Garcia
+    email: sebastian.garcia@agents.fel.cvut.cz
+    affiliation: >-
+      Stratosphere Laboratory, AIC, FEL, Czech
+      Technical University in Prague
+    orcid: 'https://orcid.org/0000-0001-6238-9910'
+  - given-names: Veronica
+    family-names: Valeros
+    email: vero.valeros@gmail.com
+    affiliation: >-
+      Stratosphere Laboratory, AIC, FEL, Czech
+      Technical University in Prague
+    orcid: 'https://orcid.org/0000-0003-2554-3231'

Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.9-slim
+
+LABEL org.opencontainers.image.authors="vero.valeros@gmail.com,eldraco@gmail.com"
+
+ENV DESTINATION_DIR /sapito
+
+COPY . ${DESTINATION_DIR}/
+
+RUN pip install -r ${DESTINATION_DIR}/requirements.txt
+
+WORKDIR ${DESTINATION_DIR}

README.md

@@ -1,57 +1,68 @@
 # Sapito 
-Sapito is a mDNS (multicast DNS) sniffer and interpreter
+[![Docker Image CI](https://github.com/eldraco/Sapito/actions/workflows/docker-image.yml/badge.svg)](https://github.com/eldraco/Sapito/actions/workflows/docker-image.yml)
+![GitHub last commit (branch)](https://img.shields.io/github/last-commit/eldraco/Sapito/master)
+![Docker Pulls](https://img.shields.io/docker/pulls/stratosphereips/sapito?color=green)
 
-The idea is to sniff packets from a pcap or interface and be able to interpret the findings, not only print them.
+Authors: Sebastian Garcia (eldraco@gmail.com, @eldracote), Veronica Valeros (vero.valeros@gmail.com, @verovaleros)
 
-Sapito is able to understand the questions and answers to make sense to the messages. 
-It can also understand some devices, like finding macos computers and several type of iPads.
+## About Sapito
 
-Sapito uses colors to show important information.
+Sapito is a multicast DNS (mDNS) sniffer and interpreter written in Python. Sapito sniffs packets from a pcap or interface and interprets the findings. This means that Sapito is able to understand the mDNS questions and answers, making sense of the messages. It can also identify certain devices, like finding MacOS computers and several type of iPads. The color-coded output helps to highlight important information.
 
 
-If you find a bug, please report it together with the output of the tool to eldraco@gmail.com. If you send a pcap with the 
-offending packets, better.
 
-![Default Options](https://github.com/eldraco/Sapito/blob/master/sapito-gif.gif?raw=true)
+If you find a bug, please report it along with the output of the tool to eldraco@gmail.com. If you have the pcap with the offending packets, it would be extremely useful if you send it along with the bug report. 
 
-Sapito was made by Sebastian Garcia (eldraco@gmail.com, and @eldracote) and Veronica Valeros (vero.valeros@gmail.com, @verovaleros)
+![Default Options](https://github.com/eldraco/Sapito/blob/master/media/sapito-gif.gif?raw=true)
 
+## Docker Image
+
+Sapito has a public Docker image with the latest version on DockerHub, which runs well on Linux systems (MacOS not supported yet).
+
+To run Sapito:
+
+```bash
+docker run --rm --network host --name sapito -it stratosphereips/sapito:latest  python3 sapito.py -i <interface>
+```
+
+
+# Background Information About Some Services
 
-# Background about some services
 ## About Bonjour Services
 
-    ._airplay._tcp.local
 
-    This is a Bonjour advertisement for the network service that enables AirPlay of video content. I.e. this allows iOS devices to discover the Apple TV as a "remote display" that it can display video on.
+### ._airplay._tcp.local
+
+> This is a Bonjour advertisement for the network service that enables AirPlay of video content. I.e. this allows iOS devices to discover the Apple TV as a "remote display" that it can display video on.
 
-    ._mediaremotetv._tcp.local
+### ._mediaremotetv._tcp.local
 
-    This is one of the network services that makes the Apple TV Remote work - i.e. the app or Control Center built-in feature for remote controlling Apple TV devices from iPhones and iPads. This service is advertised on the network via Bonjour to ensure that iOS devices can discover the AppleTV.
+> This is one of the network services that makes the Apple TV Remote work - i.e. the app or Control Center built-in feature for remote controlling Apple TV devices from iPhones and iPads. This service is advertised on the network via Bonjour to ensure that iOS devices can discover the AppleTV.
 
-    ._companion-link._tcp.local
+### ._companion-link._tcp.local
 
-    This service is seemingly not documented by Apple, but seems involved in making the AirPlay 2 system work.
+> This service is seemingly not documented by Apple, but seems involved in making the AirPlay 2 system work.
 
-    ._raop._tcp.local
+### ._raop._tcp.local
 
-    This network service is called Remote Audio Output Protocol. It is essentially saying that the AppleTV works as an AirPlay audio receiver. This Bonjour advertisement allows iOS devices to discover the Apple TV as a "speaker" that you can send audio to.
+> This network service is called Remote Audio Output Protocol. It is essentially saying that the AppleTV works as an AirPlay audio receiver. This Bonjour advertisement allows iOS devices to discover the Apple TV as a "speaker" that you can send audio to.
 
-    ._sleep-proxy._udp.local
+### ._sleep-proxy._udp.local
 
-    This is a Bonjour Sleep Proxy. The idea is that the AppleTV can respond to various network queries for other devices that are currently in low-power mode to lower energy usage. For example it could be a Mac offering a shared iTunes library or a shared printer. The AppleTV can then answer network requests for these servers while the Mac is in sleep mode - for example allowing the user to list the shared printers available on the network. However, when the user chooses to print something, the AppleTV will wake up the Mac and transfer the request to it.
+> This is a Bonjour Sleep Proxy. The idea is that the AppleTV can respond to various network queries for other devices that are currently in low-power mode to lower energy usage. For example it could be a Mac offering a shared iTunes library or a shared printer. The AppleTV can then answer network requests for these servers while the Mac is in sleep mode - for example allowing the user to list the shared printers available on the network. However, when the user chooses to print something, the AppleTV will wake up the Mac and transfer the request to it.
 
-    _homekit._tcp.local
+### _homekit._tcp.local
 
-    This is a network service regarding HomeKit, Apple's system for communicating with and controlling devices in the home. Think controllable light bulbs, shades, door bells, whatever. The AppleTV works as a proxy in such a setting such that the user can control devices remotely (i.e. while not at home) even though the devices might be Bluetooth only and out of range. Note that ordinary HomeKit devices on the network advertise as _hap._tcp instead.
+> This is a network service regarding HomeKit, Apple's system for communicating with and controlling devices in the home. Think controllable light bulbs, shades, door bells, whatever. The AppleTV works as a proxy in such a setting such that the user can control devices remotely (i.e. while not at home) even though the devices might be Bluetooth only and out of range. Note that ordinary HomeKit devices on the network advertise as _hap._tcp instead.
 
-    ._touch-able._tcp.local
+### ._touch-able._tcp.local
 
-    This is another of the network services that makes the Apple TV Remote work. This service concerns device authentication. I.e. if you want to for example play a Youtube video on the Apple TV, the Apple TV can require that the device is authenticated before being allowed to do so. In practice authentications work by the Apple TV displaying a PIN-code on the TV that the user enters on the iOS device. This PIN-code is transferred using the service advertised as "touch-able" to authenticate the device.
+> This is another of the network services that makes the Apple TV Remote work. This service concerns device authentication. I.e. if you want to for example play a Youtube video on the Apple TV, the Apple TV can require that the device is authenticated before being allowed to do so. In practice authentications work by the Apple TV displaying a PIN-code on the TV that the user enters on the iOS device. This PIN-code is transferred using the service advertised as "touch-able" to authenticate the device.
 
 
 ## Why some packets have a question and answers in the same packet?
 
-Because of Known-Answer suppression (https://tools.ietf.org/html/rfc6762#section-7.1)
+Because of Known-Answer suppression[^1]:
 
     Known-Answer Suppression
 
@@ -70,9 +81,4 @@ Because of Known-Answer suppression (https://tools.ietf.org/html/rfc6762#section
        is beneficial to use the Known-Answer list to suppress repeated
        sending of redundant answers that the querier already knows.
 
-
-# TOFIX
-  File "./sapito.py", line 368, in do
-    print(bcolors.WARNING + '\t\t\tThis host named {} offers the service {} in the MAC {}, IP {}, protocol {}'.format(name, service, macaddr, ipaddr, protocol ) + bcolors.ENDC)
-UnboundLocalError: local variable 'macaddr' referenced before assignment
-
+[^1]: ‘RFC 6762: Multicast DNS’. https://www.rfc-editor.org/rfc/rfc6762#section-7.1 (accessed Oct. 01, 2022).

requirements.txt

@@ -0,0 +1 @@
+scapy

sapito.py

@@ -1,16 +1,18 @@
 #!/usr/bin/env python
-# Seba Garcia whatever
-# Vero Valeros is coauthor
+# Authors:
+# Sebastian Garcia, sebastian.garcia@agents.fel.cvut.cz, eldraco@gmail.com
+# Veronica Valeros, vero.valeros@gmail.com, valerver@fel.cvut.cz
+# Stratosphere Laboratory, Czech Technical University in Prague
 
-from os import listdir
-from os.path import isfile, join
+import re
+import sys
 import pickle
 import argparse
-import sys
-from datetime import datetime
-from scapy.all import *
-import re
 import macvendor
+from os import listdir
+from scapy.all import *
+from datetime import datetime
+from os.path import isfile, join
 
 class bcolors:
     HEADER = '\033[95m'
@@ -24,9 +26,8 @@ class bcolors:
     NORMAL = '\033[8m'
 
 # Store info about the clients
-clients = {}
 # The format of the clients is: {'MAC': 'name'}
-
+clients = {}
 
 def add_client(shw, srcip, name='unknown'):
     """ Add client to our list"""