diff --git a/analyze/analyzer.go b/analyze/analyzer.go index 4bcd79d..6790a3c 100644 --- a/analyze/analyzer.go +++ b/analyze/analyzer.go @@ -2,15 +2,16 @@ package analyze import ( "fmt" + "log" + + "github.com/google/gopacket" "github.com/maride/pancap/output" "github.com/maride/pancap/protocol" - "github.com/google/gopacket" - "log" ) var ( // Store total amount and amount of visited packets - totalPackets int + totalPackets int processedPackets int ) @@ -71,4 +72,3 @@ func handleErr(err error) { log.Printf("Encountered error while examining packets, continuing anyway. Error: %s", err.Error()) } } - diff --git a/common/common.go b/common/common.go index 64c85a2..0b06f1a 100644 --- a/common/common.go +++ b/common/common.go @@ -23,10 +23,10 @@ func GenerateTree(strarr []string) string { // iterate over each element for iter, elem := range strarr { // check if we got the last element - if iter < len(strarr) - 1 { + if iter < len(strarr)-1 { tmpstr = fmt.Sprintf("%s├ %s\n", tmpstr, elem) } else { - tmpstr = fmt.Sprintf( "%s╰ %s\n", tmpstr, elem) + tmpstr = fmt.Sprintf("%s╰ %s\n", tmpstr, elem) } } diff --git a/file.go b/file.go index a693db8..281ad68 100644 --- a/file.go +++ b/file.go @@ -3,29 +3,30 @@ package main import ( "flag" "fmt" + "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" ) var ( - filenameFlag *string + filenameFlag string ) // Registers the flag --file func registerFileFlags() { - filenameFlag = flag.String("file", "", "PCAP file to base analysis on") + flag.StringVar(&filenameFlag, "file", "", "PCAP file to base analysis on") } // Opens the PCAP, returns its packets and the link type or an error func openPCAP() (*gopacket.PacketSource, layers.LinkType, error) { // Check if we even got a file. - if *filenameFlag == "" { + if filenameFlag == "" { return nil, 0, fmt.Errorf("missing file to analyze. Please specifiy it with --file") } // Open specified file - handle, openErr := pcap.OpenOffline(*filenameFlag) + handle, openErr := pcap.OpenOffline(filenameFlag) if openErr != nil { // There were some problems opening the file return nil, 0, openErr diff --git a/main.go b/main.go index fb2a944..1bdf355 100644 --- a/main.go +++ b/main.go @@ -3,11 +3,12 @@ package main import ( "flag" "fmt" - "github.com/maride/pancap/analyze" - "github.com/maride/pancap/output" "log" "math/rand" "time" + + "github.com/maride/pancap/analyze" + "github.com/maride/pancap/output" ) func main() { diff --git a/output/file.go b/output/file.go index cb1ab3e..8cbe463 100644 --- a/output/file.go +++ b/output/file.go @@ -6,10 +6,10 @@ import ( ) type File struct { - name string + name string content []byte - origin string - hash string + origin string + hash string } // Creates a new file object and calculates the hash of the given content @@ -21,4 +21,4 @@ func NewFile(name string, content []byte, origin string) File { origin: origin, hash: hash, } -} \ No newline at end of file +} diff --git a/output/filemanager.go b/output/filemanager.go index 5da3b13..c45fecf 100644 --- a/output/filemanager.go +++ b/output/filemanager.go @@ -46,12 +46,12 @@ func StoreFiles() { var filesToExtract []File // Check different flag scenarios - if *targetAllFiles { + if targetAllFiles { // We should extract all files. filesToExtract = registeredFiles } else { // We should extract only a given set of files - fileList := strings.Split(*targetFiles, ",") + fileList := strings.Split(targetFiles, ",") for _, f := range fileList { // Iterate over desired files found := false @@ -80,7 +80,7 @@ func StoreFiles() { // Writes the given file object to disk, along with a stats file placed next to it. func writeOut(f File) { - targetName := fmt.Sprintf("%s%c%s", *targetOutput, os.PathSeparator, f.hash) + targetName := fmt.Sprintf("%s%c%s", targetOutput, os.PathSeparator, f.hash) targetDescName := fmt.Sprintf("%s.info", targetName) targetDescription := fmt.Sprintf("Filename: %s\nHash: %s\nOrigin: %s\nSize: %d", f.name, f.hash, f.origin, len(f.content)) diff --git a/output/flag.go b/output/flag.go index d553348..b40d8f4 100644 --- a/output/flag.go +++ b/output/flag.go @@ -3,19 +3,19 @@ package output import "flag" var ( - fullOutput *bool - printEmptyBlocks *bool - targetFiles *string - targetAllFiles *bool - targetOutput *string - graphOutput *string + fullOutput bool + printEmptyBlocks bool + targetFiles string + targetAllFiles bool + targetOutput string + graphOutput string ) func RegisterFlags() { - fullOutput = flag.Bool("full-output", false, "Show full output instead of limiting submodule output") - printEmptyBlocks = flag.Bool("print-empty-blocks", false, "Prints blocks (submodule output) even if the submodule doesn't have any content to print.") - targetFiles = flag.String("extract-these", "", "Comma-separated list of files to extract.") - targetAllFiles = flag.Bool("extract-all", false, "Extract all files found.") - targetOutput = flag.String("extract-to", "./extracted", "Directory to store extracted files in.") - graphOutput = flag.String("create-graph", "", "Create a Graphviz graph out of collected communication") + flag.BoolVar(&fullOutput, "full-output", false, "Show full output instead of limiting submodule output") + flag.BoolVar(&printEmptyBlocks, "print-empty-blocks", false, "Prints blocks (submodule output) even if the submodule doesn't have any content to print.") + flag.StringVar(&targetFiles, "extract-these", "", "Comma-separated list of files to extract.") + flag.BoolVar(&targetAllFiles, "extract-all", false, "Extract all files found.") + flag.StringVar(&targetOutput, "extract-to", "./extracted", "Directory to store extracted files in.") + flag.StringVar(&graphOutput, "create-graph", "", "Create a Graphviz graph out of collected communication") } diff --git a/output/graph.go b/output/graph.go index 61ae4df..e01f18b 100644 --- a/output/graph.go +++ b/output/graph.go @@ -1,11 +1,10 @@ package output import ( + "crypto/sha256" "fmt" "io/ioutil" - "crypto/sha256" - "github.com/google/gopacket" ) @@ -40,13 +39,13 @@ func AddPkgToGraph(pkg gopacket.Packet) { // CreateGraph writes out a Graphviz digraph func CreateGraph() { - if *graphOutput == "" { + if graphOutput == "" { // No graph requested return } // Start with the Graphviz-specific header - dot := fmt.Sprintf("# Compile with `neato -Tpng %s > %s.png`\n", *graphOutput, *graphOutput) + dot := fmt.Sprintf("# Compile with `neato -Tpng %s > %s.png`\n", graphOutput, graphOutput) dot += "digraph pancap {\n\toverlap = false;\n" // First, gather all nodes as-is and write them out @@ -61,7 +60,7 @@ func CreateGraph() { dot += "}\n" // Write out - ioutil.WriteFile(*graphOutput, []byte(dot), 0644) + ioutil.WriteFile(graphOutput, []byte(dot), 0644) } // Creates a list of distinct nodes, Graphviz-compatible diff --git a/output/output.go b/output/output.go index 793b2b1..3772383 100644 --- a/output/output.go +++ b/output/output.go @@ -25,7 +25,7 @@ func Finalize() { } // Check if something graph-worthy was collected - if *graphOutput == "" && len(graphPkgs) > 0 { + if graphOutput == "" && len(graphPkgs) > 0 { // User didn't want a graph printer.Println("To summarize the communcation flow with a Graphviz graph, specify --create-graph .") } diff --git a/output/printer.go b/output/printer.go index 46f87eb..5820b81 100644 --- a/output/printer.go +++ b/output/printer.go @@ -2,17 +2,18 @@ package output import ( "fmt" - "github.com/fatih/color" "strings" + + "github.com/fatih/color" ) const ( MaxContentLines = 50 - SnipMark = "----- cut at 50 entries -----" + SnipMark = "----- cut at 50 entries -----" ) var ( - DidSnip bool + DidSnip bool DidAvoidEmptyBlock bool ) @@ -21,7 +22,7 @@ var ( // If the content is longer than MaxContentLines, content is cut. func PrintBlock(headline string, content string) { // Avoid printing empty blocks - at least if user didn't specify it otherwise - if len(content) == 0 && !*printEmptyBlocks { + if len(content) == 0 && !printEmptyBlocks { // No content and we are not forced to print empty blocks, return DidAvoidEmptyBlock = true return @@ -38,7 +39,7 @@ func PrintBlock(headline string, content string) { } // Cut to MaxContentLines if required - if !(*fullOutput) { + if !(fullOutput) { // User states that they don't want to see the whole output - cut content. content = cutContent(content) } diff --git a/protocol/arp/arp.go b/protocol/arp/arp.go index dc3fd74..a070d41 100644 --- a/protocol/arp/arp.go +++ b/protocol/arp/arp.go @@ -2,24 +2,24 @@ package arp import ( "fmt" - "github.com/maride/pancap/common" - "github.com/maride/pancap/output" "github.com/google/gopacket" "github.com/google/gopacket/layers" + "github.com/maride/pancap/common" + "github.com/maride/pancap/output" "log" "net" ) var ( - arpStatsList []arpStats - devices []arpDevice + arpStatsList []arpStats + devices []arpDevice linkLocalBlock = net.IPNet{ IP: net.IPv4(169, 254, 0, 0), Mask: net.IPv4Mask(255, 255, 0, 0), } ) -type Protocol struct {} +type Protocol struct{} // Checks if the given packet is an ARP packet we can process func (p *Protocol) CanAnalyze(packet gopacket.Packet) bool { @@ -118,7 +118,7 @@ func (p *Protocol) getStatOrCreate(macaddr string) *arpStats { // None found yet, we need to create a new one arpStatsList = append(arpStatsList, arpStats{ - macaddr: macaddr, + macaddr: macaddr, }) // And return it diff --git a/protocol/arp/arpDevice.go b/protocol/arp/arpDevice.go index dd6b89f..4f74ed1 100644 --- a/protocol/arp/arpDevice.go +++ b/protocol/arp/arpDevice.go @@ -2,5 +2,5 @@ package arp type arpDevice struct { macaddr string - ipaddr string + ipaddr string } diff --git a/protocol/arp/arpStats.go b/protocol/arp/arpStats.go index d10666d..9a0519a 100644 --- a/protocol/arp/arpStats.go +++ b/protocol/arp/arpStats.go @@ -1,9 +1,9 @@ package arp type arpStats struct { - macaddr string - asked int - answered int - askedList []string + macaddr string + asked int + answered int + askedList []string answeredList []string } diff --git a/protocol/dhcpv4/dhcp.go b/protocol/dhcpv4/dhcp.go index 2a95e70..eaa4866 100644 --- a/protocol/dhcpv4/dhcp.go +++ b/protocol/dhcpv4/dhcp.go @@ -1,16 +1,16 @@ package dhcpv4 import ( - "github.com/maride/pancap/output" "github.com/google/gopacket" "github.com/google/gopacket/layers" + "github.com/maride/pancap/output" ) type Protocol struct { - hostnames []hostname + hostnames []hostname networkSetup map[layers.DHCPOpt][]byte - requestMAC []string - responses []dhcpResponse + requestMAC []string + responses []dhcpResponse } // Checks if the given packet is a DHCP packet we can process diff --git a/protocol/dhcpv4/dhcpResponse.go b/protocol/dhcpv4/dhcpResponse.go index 077eb43..7c74675 100644 --- a/protocol/dhcpv4/dhcpResponse.go +++ b/protocol/dhcpv4/dhcpResponse.go @@ -1,9 +1,8 @@ package dhcpv4 type dhcpResponse struct { - destMACAddr string - newIPAddr string + destMACAddr string + newIPAddr string serverMACAddr string - askedFor bool + askedFor bool } - diff --git a/protocol/dhcpv4/hostname.go b/protocol/dhcpv4/hostname.go index 5e64443..f3c944f 100644 --- a/protocol/dhcpv4/hostname.go +++ b/protocol/dhcpv4/hostname.go @@ -1,8 +1,8 @@ package dhcpv4 type hostname struct { - hostname string + hostname string requestedByMAC string - granted bool + granted bool deniedHostname string } diff --git a/protocol/dhcpv4/hostnames.go b/protocol/dhcpv4/hostnames.go index 5ab3039..f078250 100644 --- a/protocol/dhcpv4/hostnames.go +++ b/protocol/dhcpv4/hostnames.go @@ -2,8 +2,8 @@ package dhcpv4 import ( "fmt" - "github.com/maride/pancap/common" "github.com/google/gopacket/layers" + "github.com/maride/pancap/common" "log" ) diff --git a/protocol/dhcpv4/network.go b/protocol/dhcpv4/network.go index bfdc474..53d4d77 100644 --- a/protocol/dhcpv4/network.go +++ b/protocol/dhcpv4/network.go @@ -12,13 +12,13 @@ import ( var ( watchedOpts = []layers.DHCPOpt{ - layers.DHCPOptSubnetMask, // Option 1 - layers.DHCPOptRouter, // Option 3 - layers.DHCPOptDNS, // Option 6 + layers.DHCPOptSubnetMask, // Option 1 + layers.DHCPOptRouter, // Option 3 + layers.DHCPOptDNS, // Option 6 layers.DHCPOptBroadcastAddr, // Option 28 - layers.DHCPOptNTPServers, // Option 42 - layers.DHCPOptLeaseTime, // Option 51 - layers.DHCPOptT1, // Option 58 + layers.DHCPOptNTPServers, // Option 42 + layers.DHCPOptLeaseTime, // Option 51 + layers.DHCPOptT1, // Option 58 } ) @@ -126,7 +126,7 @@ func formatDate(rawDate []byte) (string, bool) { intDate := binary.LittleEndian.Uint32(rawDate) seconds := intDate % 60 minutes := intDate / 60 % 60 - hours := intDate / 60 / 60 % 60 + hours := intDate / 60 / 60 % 60 formattedDate := "" // Check which words we need to pick diff --git a/protocol/dhcpv4/request.go b/protocol/dhcpv4/request.go index fb8bdd1..9ca832a 100644 --- a/protocol/dhcpv4/request.go +++ b/protocol/dhcpv4/request.go @@ -2,8 +2,8 @@ package dhcpv4 import ( "fmt" - "github.com/maride/pancap/common" "github.com/google/gopacket/layers" + "github.com/maride/pancap/common" ) // Processes the DHCP request packet handed over diff --git a/protocol/dhcpv4/response.go b/protocol/dhcpv4/response.go index 1ad001d..0297618 100644 --- a/protocol/dhcpv4/response.go +++ b/protocol/dhcpv4/response.go @@ -2,8 +2,8 @@ package dhcpv4 import ( "fmt" - "github.com/maride/pancap/common" "github.com/google/gopacket/layers" + "github.com/maride/pancap/common" "log" ) diff --git a/protocol/dns/answer.go b/protocol/dns/answer.go index ae8056a..55bf9b0 100644 --- a/protocol/dns/answer.go +++ b/protocol/dns/answer.go @@ -2,20 +2,20 @@ package dns import ( "fmt" - "github.com/maride/pancap/common" "github.com/google/gopacket/layers" + "github.com/maride/pancap/common" "golang.org/x/net/publicsuffix" "log" ) var ( - numAnswers int - answerDomains []string - answerBaseDomains []string + numAnswers int + answerDomains []string + answerBaseDomains []string answerPrivateDomains []string - answerType = make(map[layers.DNSType]int) - answerPublicIPv4 []string - answerPrivateIPv4 []string + answerType = make(map[layers.DNSType]int) + answerPublicIPv4 []string + answerPrivateIPv4 []string ) // Called on every DNS packet to process response(s) diff --git a/protocol/dns/common.go b/protocol/dns/common.go index 21fb960..98ed3e2 100644 --- a/protocol/dns/common.go +++ b/protocol/dns/common.go @@ -8,7 +8,7 @@ import ( var ( privateBlocks = []net.IPNet{ - {net.IPv4(10, 0, 0, 0), net.IPv4Mask(255, 0, 0, 0)}, // 10.0.0.0/8 + {net.IPv4(10, 0, 0, 0), net.IPv4Mask(255, 0, 0, 0)}, // 10.0.0.0/8 {net.IPv4(172, 16, 0, 0), net.IPv4Mask(255, 240, 0, 0)}, // 172.16.0.0/12 {net.IPv4(192, 168, 0, 0), net.IPv4Mask(255, 255, 0, 0)}, // 192.168.0.0/24 {net.IPv4(100, 64, 0, 0), net.IPv4Mask(255, 192, 0, 0)}, // 100.64.0.0/10 @@ -58,7 +58,7 @@ func (p *Protocol) generateDNSTypeSummary(typearr map[layers.DNSType]int) string if iter == 0 { // We don't need to append yet answerstr = elem - } else if iter == len(answerarr) - 1 { + } else if iter == len(answerarr)-1 { // Last element, use "and" instead of a comma answerstr = fmt.Sprintf("%s and %s", answerstr, elem) } else { @@ -68,4 +68,4 @@ func (p *Protocol) generateDNSTypeSummary(typearr map[layers.DNSType]int) string } return answerstr -} \ No newline at end of file +} diff --git a/protocol/dns/dns.go b/protocol/dns/dns.go index b16306c..ec5d191 100644 --- a/protocol/dns/dns.go +++ b/protocol/dns/dns.go @@ -1,12 +1,12 @@ package dns import ( - "github.com/maride/pancap/output" "github.com/google/gopacket" "github.com/google/gopacket/layers" + "github.com/maride/pancap/output" ) -type Protocol struct {} +type Protocol struct{} func (p *Protocol) CanAnalyze(packet gopacket.Packet) bool { return packet.Layer(layers.LayerTypeDNS) != nil diff --git a/protocol/dns/question.go b/protocol/dns/question.go index 66a146d..802e1c1 100644 --- a/protocol/dns/question.go +++ b/protocol/dns/question.go @@ -2,18 +2,18 @@ package dns import ( "fmt" - "github.com/maride/pancap/common" "github.com/google/gopacket/layers" + "github.com/maride/pancap/common" "golang.org/x/net/publicsuffix" "log" ) var ( - numQuestions int - questionDomains []string - questionBaseDomains []string + numQuestions int + questionDomains []string + questionBaseDomains []string questionPrivateDomains []string - questionType = make(map[layers.DNSType]int) + questionType = make(map[layers.DNSType]int) ) // Called on every DNS packet to process questions @@ -72,4 +72,4 @@ func (p *Protocol) generateDNSQuestionSummary() string { // And return summary return summary -} \ No newline at end of file +} diff --git a/protocol/http/http.go b/protocol/http/http.go index 159105f..00c4304 100644 --- a/protocol/http/http.go +++ b/protocol/http/http.go @@ -1,20 +1,20 @@ package http import ( - "github.com/maride/pancap/common" - "github.com/maride/pancap/output" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/tcpassembly" + "github.com/maride/pancap/common" + "github.com/maride/pancap/output" ) type Protocol struct { - initialized bool - requestFactory *httpRequestFactory - responseFactory *httpResponseFactory - requestPool *tcpassembly.StreamPool - responsePool *tcpassembly.StreamPool - requestAssembler *tcpassembly.Assembler + initialized bool + requestFactory *httpRequestFactory + responseFactory *httpResponseFactory + requestPool *tcpassembly.StreamPool + responsePool *tcpassembly.StreamPool + requestAssembler *tcpassembly.Assembler responseAssembler *tcpassembly.Assembler } diff --git a/protocol/http/httpResponseFactory.go b/protocol/http/httpResponseFactory.go index 6d15a8b..d1e70d5 100644 --- a/protocol/http/httpResponseFactory.go +++ b/protocol/http/httpResponseFactory.go @@ -3,17 +3,17 @@ package http import ( "bufio" "fmt" - "github.com/maride/pancap/output" "github.com/google/gopacket" "github.com/google/gopacket/tcpassembly" "github.com/google/gopacket/tcpassembly/tcpreader" + "github.com/maride/pancap/output" "io" "io/ioutil" "net/http" ) var ( - responseSummaryLines []string + responseSummaryLines []string ) type httpResponseFactory struct{}