Compare commits

...

4 Commits

19 changed files with 38 additions and 71 deletions

View File

@ -1,5 +1,7 @@
# pancap
<img alt="pancap logo" src="pancap.png" width="250px" height="250px">
## Idea
If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for example during a CTF or captured on your own, you usually have the problem of overlooking all the relevant information to get a basic idea of the capture file. This gets worse if the capture file includes lots of white noise or irrelevant traffic - often included in the capture file to cloak *interesting* packets in a bunch of packets to YouTube, Reddit, Twitter and others.
@ -10,7 +12,7 @@ If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for exam
Simply run
`go get git.darknebu.la/maride/pancap`
`go get github.com/maride/pancap`
This will also build `pancap` and place it into your `GOBIN` directory - means you can directly execute it!

View File

@ -2,8 +2,8 @@ package analyze
import (
"fmt"
"git.darknebu.la/maride/pancap/output"
"git.darknebu.la/maride/pancap/protocol"
"github.com/maride/pancap/output"
"github.com/maride/pancap/protocol"
"github.com/google/gopacket"
"log"
)

View File

@ -1,42 +0,0 @@
package main
import (
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"testing"
)
func Test_analyzePCAP(t *testing.T) {
type args struct {
source *gopacket.PacketSource
linkType layers.LinkType
}
tests := []struct {
name string
args args
wantErr bool
}{
{
name: "Faulty link type",
args: args{
source: &gopacket.PacketSource{
DecodeOptions: gopacket.DecodeOptions{
Lazy: false,
NoCopy: false,
SkipDecodeRecovery: false,
DecodeStreamsAsDatagrams: false,
},
},
linkType: 2,
},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := analyzePCAP(tt.args.source, tt.args.linkType); (err != nil) != tt.wantErr {
t.Errorf("analyzePCAP() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}

2
go.mod
View File

@ -1,4 +1,4 @@
module git.darknebu.la/maride/pancap
module github.com/maride/pancap
go 1.13

View File

@ -3,8 +3,8 @@ package main
import (
"flag"
"fmt"
"git.darknebu.la/maride/pancap/analyze"
"git.darknebu.la/maride/pancap/output"
"github.com/maride/pancap/analyze"
"github.com/maride/pancap/output"
"log"
"math/rand"
"time"
@ -53,7 +53,7 @@ func printMOTD() {
"PanCAP: Analyzer for pancake files",
"You want some syrup with these packets?",
"Check out CONTRIBUTORS.md!",
"Push your commits to git.darknebu.la/maride/pancap",
"Push your commits to github.com/maride/pancap",
"Don't let the white noise traffic confuse you.",
"Grab a Club Mate if you don't have one yet.",
"In Soviet Russia, traffic analyzes you.",

View File

@ -2,11 +2,12 @@ package output
import (
"fmt"
"git.darknebu.la/maride/pancap/common"
"io/ioutil"
"log"
"os"
"strings"
"github.com/maride/pancap/common"
)
var (
@ -20,12 +21,18 @@ var (
// This means that a module should _always_ call this function when a file is encountered.
// origin is a descriptive string where the file comes from, e.g. the module name.
func RegisterFile(filename string, content []byte, origin string) {
// Check if there even is anything to register
if len(content) == 0 {
// File is empty, won't register the void
log.Printf("Avoided registering file from %s because it is empty.", origin)
return
}
thisFile := NewFile(filename, content, origin)
// To avoid doubles, we need to check if that hash is already present
for _, f := range registeredFiles {
if f.hash == thisFile.hash {
// Found - stop here
log.Printf("Avoided registering file '%s' because it has the same content as an already registered file ", f.name)
log.Printf("Avoided registering file from %s because it has the same content as an already registered file ", origin)
return
}
}

BIN
pancap.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 434 KiB

View File

@ -2,8 +2,8 @@ package arp
import (
"fmt"
"git.darknebu.la/maride/pancap/common"
"git.darknebu.la/maride/pancap/output"
"github.com/maride/pancap/common"
"github.com/maride/pancap/output"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"log"

View File

@ -1,7 +1,7 @@
package dhcpv4
import (
"git.darknebu.la/maride/pancap/output"
"github.com/maride/pancap/output"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)

View File

@ -2,7 +2,7 @@ package dhcpv4
import (
"fmt"
"git.darknebu.la/maride/pancap/common"
"github.com/maride/pancap/common"
"github.com/google/gopacket/layers"
"log"
)

View File

@ -2,7 +2,7 @@ package dhcpv4
import (
"fmt"
"git.darknebu.la/maride/pancap/common"
"github.com/maride/pancap/common"
"github.com/google/gopacket/layers"
)

View File

@ -2,7 +2,7 @@ package dhcpv4
import (
"fmt"
"git.darknebu.la/maride/pancap/common"
"github.com/maride/pancap/common"
"github.com/google/gopacket/layers"
"log"
)

View File

@ -2,7 +2,7 @@ package dns
import (
"fmt"
"git.darknebu.la/maride/pancap/common"
"github.com/maride/pancap/common"
"github.com/google/gopacket/layers"
"golang.org/x/net/publicsuffix"
"log"

View File

@ -1,7 +1,7 @@
package dns
import (
"git.darknebu.la/maride/pancap/output"
"github.com/maride/pancap/output"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)

View File

@ -2,7 +2,7 @@ package dns
import (
"fmt"
"git.darknebu.la/maride/pancap/common"
"github.com/maride/pancap/common"
"github.com/google/gopacket/layers"
"golang.org/x/net/publicsuffix"
"log"

View File

@ -1,8 +1,8 @@
package http
import (
"git.darknebu.la/maride/pancap/common"
"git.darknebu.la/maride/pancap/output"
"github.com/maride/pancap/common"
"github.com/maride/pancap/output"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/tcpassembly"

View File

@ -3,7 +3,7 @@ package http
import (
"bufio"
"fmt"
"git.darknebu.la/maride/pancap/output"
"github.com/maride/pancap/output"
"github.com/google/gopacket"
"github.com/google/gopacket/tcpassembly"
"github.com/google/gopacket/tcpassembly/tcpreader"

View File

@ -1,10 +1,10 @@
package protocol
import (
"git.darknebu.la/maride/pancap/protocol/arp"
"git.darknebu.la/maride/pancap/protocol/dhcpv4"
"git.darknebu.la/maride/pancap/protocol/dns"
"git.darknebu.la/maride/pancap/protocol/http"
"github.com/maride/pancap/protocol/arp"
"github.com/maride/pancap/protocol/dhcpv4"
"github.com/maride/pancap/protocol/dns"
"github.com/maride/pancap/protocol/http"
)
var (