Compare commits

..

4 Commits

19 changed files with 38 additions and 71 deletions

View File

@ -1,5 +1,7 @@
# pancap # pancap
<img alt="pancap logo" src="pancap.png" width="250px" height="250px">
## Idea ## Idea
If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for example during a CTF or captured on your own, you usually have the problem of overlooking all the relevant information to get a basic idea of the capture file. This gets worse if the capture file includes lots of white noise or irrelevant traffic - often included in the capture file to cloak *interesting* packets in a bunch of packets to YouTube, Reddit, Twitter and others. If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for example during a CTF or captured on your own, you usually have the problem of overlooking all the relevant information to get a basic idea of the capture file. This gets worse if the capture file includes lots of white noise or irrelevant traffic - often included in the capture file to cloak *interesting* packets in a bunch of packets to YouTube, Reddit, Twitter and others.
@ -10,7 +12,7 @@ If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for exam
Simply run Simply run
`go get git.darknebu.la/maride/pancap` `go get github.com/maride/pancap`
This will also build `pancap` and place it into your `GOBIN` directory - means you can directly execute it! This will also build `pancap` and place it into your `GOBIN` directory - means you can directly execute it!

View File

@ -2,8 +2,8 @@ package analyze
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/output" "github.com/maride/pancap/output"
"git.darknebu.la/maride/pancap/protocol" "github.com/maride/pancap/protocol"
"github.com/google/gopacket" "github.com/google/gopacket"
"log" "log"
) )

View File

@ -1,42 +0,0 @@
package main
import (
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"testing"
)
func Test_analyzePCAP(t *testing.T) {
type args struct {
source *gopacket.PacketSource
linkType layers.LinkType
}
tests := []struct {
name string
args args
wantErr bool
}{
{
name: "Faulty link type",
args: args{
source: &gopacket.PacketSource{
DecodeOptions: gopacket.DecodeOptions{
Lazy: false,
NoCopy: false,
SkipDecodeRecovery: false,
DecodeStreamsAsDatagrams: false,
},
},
linkType: 2,
},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := analyzePCAP(tt.args.source, tt.args.linkType); (err != nil) != tt.wantErr {
t.Errorf("analyzePCAP() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}

2
go.mod
View File

@ -1,4 +1,4 @@
module git.darknebu.la/maride/pancap module github.com/maride/pancap
go 1.13 go 1.13

View File

@ -3,8 +3,8 @@ package main
import ( import (
"flag" "flag"
"fmt" "fmt"
"git.darknebu.la/maride/pancap/analyze" "github.com/maride/pancap/analyze"
"git.darknebu.la/maride/pancap/output" "github.com/maride/pancap/output"
"log" "log"
"math/rand" "math/rand"
"time" "time"
@ -53,7 +53,7 @@ func printMOTD() {
"PanCAP: Analyzer for pancake files", "PanCAP: Analyzer for pancake files",
"You want some syrup with these packets?", "You want some syrup with these packets?",
"Check out CONTRIBUTORS.md!", "Check out CONTRIBUTORS.md!",
"Push your commits to git.darknebu.la/maride/pancap", "Push your commits to github.com/maride/pancap",
"Don't let the white noise traffic confuse you.", "Don't let the white noise traffic confuse you.",
"Grab a Club Mate if you don't have one yet.", "Grab a Club Mate if you don't have one yet.",
"In Soviet Russia, traffic analyzes you.", "In Soviet Russia, traffic analyzes you.",

View File

@ -2,11 +2,12 @@ package output
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/common"
"io/ioutil" "io/ioutil"
"log" "log"
"os" "os"
"strings" "strings"
"github.com/maride/pancap/common"
) )
var ( var (
@ -20,12 +21,18 @@ var (
// This means that a module should _always_ call this function when a file is encountered. // This means that a module should _always_ call this function when a file is encountered.
// origin is a descriptive string where the file comes from, e.g. the module name. // origin is a descriptive string where the file comes from, e.g. the module name.
func RegisterFile(filename string, content []byte, origin string) { func RegisterFile(filename string, content []byte, origin string) {
// Check if there even is anything to register
if len(content) == 0 {
// File is empty, won't register the void
log.Printf("Avoided registering file from %s because it is empty.", origin)
return
}
thisFile := NewFile(filename, content, origin) thisFile := NewFile(filename, content, origin)
// To avoid doubles, we need to check if that hash is already present // To avoid doubles, we need to check if that hash is already present
for _, f := range registeredFiles { for _, f := range registeredFiles {
if f.hash == thisFile.hash { if f.hash == thisFile.hash {
// Found - stop here // Found - stop here
log.Printf("Avoided registering file '%s' because it has the same content as an already registered file ", f.name) log.Printf("Avoided registering file from %s because it has the same content as an already registered file ", origin)
return return
} }
} }

BIN
pancap.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 434 KiB

View File

@ -2,8 +2,8 @@ package arp
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/common" "github.com/maride/pancap/common"
"git.darknebu.la/maride/pancap/output" "github.com/maride/pancap/output"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
"log" "log"

View File

@ -1,7 +1,7 @@
package dhcpv4 package dhcpv4
import ( import (
"git.darknebu.la/maride/pancap/output" "github.com/maride/pancap/output"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
) )

View File

@ -2,7 +2,7 @@ package dhcpv4
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/common" "github.com/maride/pancap/common"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
"log" "log"
) )

View File

@ -2,7 +2,7 @@ package dhcpv4
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/common" "github.com/maride/pancap/common"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
) )

View File

@ -2,7 +2,7 @@ package dhcpv4
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/common" "github.com/maride/pancap/common"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
"log" "log"
) )

View File

@ -2,7 +2,7 @@ package dns
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/common" "github.com/maride/pancap/common"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
"golang.org/x/net/publicsuffix" "golang.org/x/net/publicsuffix"
"log" "log"

View File

@ -1,7 +1,7 @@
package dns package dns
import ( import (
"git.darknebu.la/maride/pancap/output" "github.com/maride/pancap/output"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
) )

View File

@ -2,7 +2,7 @@ package dns
import ( import (
"fmt" "fmt"
"git.darknebu.la/maride/pancap/common" "github.com/maride/pancap/common"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
"golang.org/x/net/publicsuffix" "golang.org/x/net/publicsuffix"
"log" "log"

View File

@ -1,8 +1,8 @@
package http package http
import ( import (
"git.darknebu.la/maride/pancap/common" "github.com/maride/pancap/common"
"git.darknebu.la/maride/pancap/output" "github.com/maride/pancap/output"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
"github.com/google/gopacket/tcpassembly" "github.com/google/gopacket/tcpassembly"

View File

@ -3,7 +3,7 @@ package http
import ( import (
"bufio" "bufio"
"fmt" "fmt"
"git.darknebu.la/maride/pancap/output" "github.com/maride/pancap/output"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/tcpassembly" "github.com/google/gopacket/tcpassembly"
"github.com/google/gopacket/tcpassembly/tcpreader" "github.com/google/gopacket/tcpassembly/tcpreader"

View File

@ -1,10 +1,10 @@
package protocol package protocol
import ( import (
"git.darknebu.la/maride/pancap/protocol/arp" "github.com/maride/pancap/protocol/arp"
"git.darknebu.la/maride/pancap/protocol/dhcpv4" "github.com/maride/pancap/protocol/dhcpv4"
"git.darknebu.la/maride/pancap/protocol/dns" "github.com/maride/pancap/protocol/dns"
"git.darknebu.la/maride/pancap/protocol/http" "github.com/maride/pancap/protocol/http"
) )
var ( var (