2024-11-24 01:34:26 +00:00
19 changed files with 71 additions and 38 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,5 @@
 # pancap

-<img alt="pancap logo" src="pancap.png" width="250px" height="250px">
-
 ## Idea

 If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for example during a CTF or captured on your own, you usually have the problem of overlooking all the relevant information to get a basic idea of the capture file. This gets worse if the capture file includes lots of white noise or irrelevant traffic - often included in the capture file to cloak *interesting* packets in a bunch of packets to YouTube, Reddit, Twitter and others.
@ -12,7 +10,7 @@ If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for exam

 Simply run

-`go get github.com/maride/pancap`
+`go get git.darknebu.la/maride/pancap`

 This will also build `pancap` and place it into your `GOBIN` directory - means you can directly execute it!

--- a/analyze/analyzer.go
+++ b/analyze/analyzer.go
@ -2,8 +2,8 @@ package analyze

 import (
 	"fmt"
-	"github.com/maride/pancap/output"
-	"github.com/maride/pancap/protocol"
+	"git.darknebu.la/maride/pancap/output"
+	"git.darknebu.la/maride/pancap/protocol"
 	"github.com/google/gopacket"
 	"log"
 )
--- a/analyzer_test.go
+++ b/analyzer_test.go
@ -0,0 +1,42 @@
+package main
+
+import (
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"testing"
+)
+
+func Test_analyzePCAP(t *testing.T) {
+	type args struct {
+		source   *gopacket.PacketSource
+		linkType layers.LinkType
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "Faulty link type",
+			args: args{
+				source: &gopacket.PacketSource{
+					DecodeOptions: gopacket.DecodeOptions{
+						Lazy:                     false,
+						NoCopy:                   false,
+						SkipDecodeRecovery:       false,
+						DecodeStreamsAsDatagrams: false,
+					},
+				},
+				linkType: 2,
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := analyzePCAP(tt.args.source, tt.args.linkType); (err != nil) != tt.wantErr {
+				t.Errorf("analyzePCAP() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
--- a/go.mod
+++ b/go.mod
@ -1,4 +1,4 @@
-module github.com/maride/pancap
+module git.darknebu.la/maride/pancap

 go 1.13

--- a/main.go
+++ b/main.go
@ -3,8 +3,8 @@ package main
 import (
 	"flag"
 	"fmt"
-	"github.com/maride/pancap/analyze"
-	"github.com/maride/pancap/output"
+	"git.darknebu.la/maride/pancap/analyze"
+	"git.darknebu.la/maride/pancap/output"
 	"log"
 	"math/rand"
 	"time"
@ -53,13 +53,13 @@ func printMOTD() {
 		"PanCAP: Analyzer for pancake files",
 		"You want some syrup with these packets?",
 		"Check out CONTRIBUTORS.md!",
-		"Push your commits to github.com/maride/pancap",
+		"Push your commits to git.darknebu.la/maride/pancap",
 		"Don't let the white noise traffic confuse you.",
 		"Grab a Club Mate if you don't have one yet.",
 		"In Soviet Russia, traffic analyzes you.",
 		"Who captures the captors?",
 		"Respect other's privacy. Always.",
-		"Make public data available, protect private data.",   // https://www.ccc.de/en/hackerethik
+		"Make public data available, protect private data.", // https://www.ccc.de/en/hackerethik
 		"Most traffic is just there to confuse the russians.", // hat-tip to twitter.com/_harryr_
 	}

--- a/output/filemanager.go
+++ b/output/filemanager.go
@ -2,18 +2,17 @@ package output

 import (
 	"fmt"
+	"git.darknebu.la/maride/pancap/common"
 	"io/ioutil"
 	"log"
 	"os"
 	"strings"
-
-	"github.com/maride/pancap/common"
 )

 var (
 	registeredFiles []File
-	notFound        []string
-	extractedFiles  int
+	notFound []string
+	extractedFiles int
 )

 // Registers a file with the given name and content.
@ -21,18 +20,12 @@ var (
 // This means that a module should _always_ call this function when a file is encountered.
 // origin is a descriptive string where the file comes from, e.g. the module name.
 func RegisterFile(filename string, content []byte, origin string) {
-	// Check if there even is anything to register
-	if len(content) == 0 {
-		// File is empty, won't register the void
-		log.Printf("Avoided registering file from %s because it is empty.", origin)
-		return
-	}
 	thisFile := NewFile(filename, content, origin)
 	// To avoid doubles, we need to check if that hash is already present
 	for _, f := range registeredFiles {
 		if f.hash == thisFile.hash {
 			// Found - stop here
-			log.Printf("Avoided registering file from %s because it has the same content as an already registered file ", origin)
+			log.Printf("Avoided registering file '%s' because it has the same content as an already registered file ", f.name)
 			return
 		}
 	}
--- a/pancap.png
+++ b/pancap.png
--- a/protocol/arp/arp.go
+++ b/protocol/arp/arp.go
@ -2,8 +2,8 @@ package arp

 import (
 	"fmt"
-	"github.com/maride/pancap/common"
-	"github.com/maride/pancap/output"
+	"git.darknebu.la/maride/pancap/common"
+	"git.darknebu.la/maride/pancap/output"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 	"log"
--- a/protocol/dhcpv4/dhcp.go
+++ b/protocol/dhcpv4/dhcp.go
@ -1,7 +1,7 @@
 package dhcpv4

 import (
-	"github.com/maride/pancap/output"
+	"git.darknebu.la/maride/pancap/output"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 )
--- a/protocol/dhcpv4/hostnames.go
+++ b/protocol/dhcpv4/hostnames.go
@ -2,7 +2,7 @@ package dhcpv4

 import (
 	"fmt"
-	"github.com/maride/pancap/common"
+	"git.darknebu.la/maride/pancap/common"
 	"github.com/google/gopacket/layers"
 	"log"
 )
--- a/protocol/dhcpv4/request.go
+++ b/protocol/dhcpv4/request.go
@ -2,7 +2,7 @@ package dhcpv4

 import (
 	"fmt"
-	"github.com/maride/pancap/common"
+	"git.darknebu.la/maride/pancap/common"
 	"github.com/google/gopacket/layers"
 )

--- a/protocol/dhcpv4/response.go
+++ b/protocol/dhcpv4/response.go
@ -2,7 +2,7 @@ package dhcpv4

 import (
 	"fmt"
-	"github.com/maride/pancap/common"
+	"git.darknebu.la/maride/pancap/common"
 	"github.com/google/gopacket/layers"
 	"log"
 )
--- a/protocol/dns/answer.go
+++ b/protocol/dns/answer.go
@ -2,7 +2,7 @@ package dns

 import (
 	"fmt"
-	"github.com/maride/pancap/common"
+	"git.darknebu.la/maride/pancap/common"
 	"github.com/google/gopacket/layers"
 	"golang.org/x/net/publicsuffix"
 	"log"
--- a/protocol/dns/dns.go
+++ b/protocol/dns/dns.go
@ -1,7 +1,7 @@
 package dns

 import (
-	"github.com/maride/pancap/output"
+	"git.darknebu.la/maride/pancap/output"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 )
--- a/protocol/dns/question.go
+++ b/protocol/dns/question.go
@ -2,7 +2,7 @@ package dns

 import (
 	"fmt"
-	"github.com/maride/pancap/common"
+	"git.darknebu.la/maride/pancap/common"
 	"github.com/google/gopacket/layers"
 	"golang.org/x/net/publicsuffix"
 	"log"
--- a/protocol/http/http.go
+++ b/protocol/http/http.go
@ -1,8 +1,8 @@
 package http

 import (
-	"github.com/maride/pancap/common"
-	"github.com/maride/pancap/output"
+	"git.darknebu.la/maride/pancap/common"
+	"git.darknebu.la/maride/pancap/output"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 	"github.com/google/gopacket/tcpassembly"
--- a/protocol/http/httpResponseFactory.go
+++ b/protocol/http/httpResponseFactory.go
@ -3,7 +3,7 @@ package http
 import (
 	"bufio"
 	"fmt"
-	"github.com/maride/pancap/output"
+	"git.darknebu.la/maride/pancap/output"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/tcpassembly"
 	"github.com/google/gopacket/tcpassembly/tcpreader"
--- a/protocol/index.go
+++ b/protocol/index.go
@ -1,10 +1,10 @@
 package protocol

 import (
-	"github.com/maride/pancap/protocol/arp"
-	"github.com/maride/pancap/protocol/dhcpv4"
-	"github.com/maride/pancap/protocol/dns"
-	"github.com/maride/pancap/protocol/http"
+	"git.darknebu.la/maride/pancap/protocol/arp"
+	"git.darknebu.la/maride/pancap/protocol/dhcpv4"
+	"git.darknebu.la/maride/pancap/protocol/dns"
+	"git.darknebu.la/maride/pancap/protocol/http"
 )

 var (