Documentation
¶
Index ¶
- Variables
- func AddressCountFromCIDR(cidr string) (uint64, error)
- func AddressesFromCIDR(cidr string, out chan string, quit chan int) error
- func Bytes2IPv4(ipb []byte) string
- func BytesToTimestamp(b []byte) time.Time
- func CrackPorts(pspec string) ([]int, error)
- func EnsureTrailingDot(s string) string
- func GetEgressAddress(dst string) string
- func IPv42Bytes(ips string) ([]byte, error)
- func IPv42UInt(ips string) (uint32, error)
- func IPv42UIntLE(ips string) (uint32, error)
- func ObfuscateBytes4(b []byte) []byte
- func ObfuscateBytes8(b []byte) []byte
- func ObfuscateIPv4FromBytesToBytes(ipb []byte) []byte
- func ObfuscateIPv4FromBytesToString(ipb []byte) string
- func ObfuscateIPv4FromStringToBytes(ip string) []byte
- func ObfuscateIPv4FromStringToString(ip string) string
- func RandomBytes(numbytes int) []byte
- func RandomizeObfuscationKeys()
- func SMB1ExtractNativeFieldsFromSessionSetupReply(blob []byte, info map[string]string)
- func SMB2ExtractFieldsFromNegotiateReply(blob []byte, info map[string]string)
- func SMB2ExtractSIDFromSessionSetupReply(blob []byte, info map[string]string)
- func SMB2NegotiateProtocolRequest(dst string) []byte
- func SMB2ParseNegotiateContext(t int, data []byte, info map[string]string)
- func SMBExtractFieldsFromSecurityBlob(blob []byte, info map[string]string)
- func SMBExtractValueFromOffset(blob []byte, idx int) ([]byte, int, error)
- func SMBReadFrame(conn net.Conn, t time.Duration) ([]byte, error)
- func SMBSendData(conn net.Conn, data []byte) error
- func SanitizeStringForJSON(str string) string
- func SeedMathRand()
- func TimestampToBytes(t time.Time) []byte
- func TrimName(name string) string
- func U64SliceToSeq(s []uint64) string
- func UInt2IPv4(ipi uint32) string
- func ValidIP(addr string) bool
- func ValidIP4(addr string) bool
- func ValidIP6(addr string) bool
- func ValidPort(pnum int) bool
- func XorBytesWithBytes(src []byte, key []byte) []byte
- type CounterPredictor
- func (c *CounterPredictor) Check(v uint64) ([]uint64, error)
- func (c *CounterPredictor) GetCycle() []uint64
- func (c *CounterPredictor) GetSampleCount() int
- func (c *CounterPredictor) Previous(v uint64) (uint64, error)
- func (c *CounterPredictor) Ready() bool
- func (c *CounterPredictor) SubmitSample(v uint64) bool
Constants ¶
This section is empty.
Variables ¶
var EgressDestinationIPv4 = "1.1.1.1"
EgressDestinationIPv4 defines an internet-reachable IPv4 address (currently cloudflare)
var EgressDestinationIPv6 = "[2606:4700:4700::1111]"
EgressDestinationIPv6 defines an internet-reachable IPv6 address (currently cloudflare)
var MatchHostname = regexp.MustCompile(`^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`)
MatchHostname is a regular expression for validating hostnames
var MatchIPv4 = regexp.MustCompile(`^(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))$`)
MatchIPv4 is a regular expression for validating IPv4 addresses
var MatchIPv6 = regexp.MustCompile(`^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?$`)
MatchIPv6 is a regular expression for validating IPv6 addresses
var ObfuscationKey32 uint32 = 0x50505050
ObfuscationKey32 provides an XOR key for encoding
var ObfuscationKey32Bytes = [4]byte{}
ObfuscationKey32Bytes are the 32-bit XOR key as a byte array
var ObfuscationKey64 uint64 = 0x5050505050505050
ObfuscationKey64 provides an XOR key for encoding
var ObfuscationKey64Bytes = [8]byte{}
ObfuscationKey64Bytes are the 64-bit XOR key as a byte array
var SMB1NegotiateProtocolRequest = []byte{}/* 216 elements not displayed */
SMB1NegotiateProtocolRequest is a SMB1 request that advertises support for SMB2
var SMB1OnlyNegotiateProtocolRequest = []byte{}/* 194 elements not displayed */
SMB1OnlyNegotiateProtocolRequest is a SMB1 request
var SMB1SessionSetupNTLMSSP = []byte{}/* 160 elements not displayed */
SMB1SessionSetupNTLMSSP is a SMB1 SessionSetup NTLMSSP request
var SMB2SessionSetupNTLMSSP = []byte{}/* 166 elements not displayed */
SMB2SessionSetupNTLMSSP is a SMB2 SessionSetup NTLMSSP request
var SMBReadTimeout = time.Second * 2
SMBReadTimeout sets a default timeout for read operations
Functions ¶
func AddressCountFromCIDR ¶
AddressCountFromCIDR parses a CIDR and returns the numnber of included IP addresses
func AddressesFromCIDR ¶
AddressesFromCIDR parses a CIDR and writes individual IPs to a channel
func Bytes2IPv4 ¶
Bytes2IPv4 converts a byte array to an IPv4 addresse
func BytesToTimestamp ¶
BytesToTimestamp converts an 8-byte array to a timestamp
func CrackPorts ¶
CrackPorts turns a comma-delimited port list into an array
func EnsureTrailingDot ¶
EnsureTrailingDot returns a copy of the string with a trailing dot, if one does not exist
func GetEgressAddress ¶
GetEgressAddress return the IPv4 or IPv6 address used to route to the specified destination
func IPv42Bytes ¶
IPv42Bytes converts an IPv4 address to a byte array
func IPv42UIntLE ¶
IPv42UIntLE converts IPv4 addresses to unsigned integers (little endian)
func ObfuscateBytes4 ¶
ObfuscateBytes4 XORs a 4-byte array with the obfuscation key
func ObfuscateBytes8 ¶
ObfuscateBytes8 XORs a 8-byte array with the obfuscation key
func ObfuscateIPv4FromBytesToBytes ¶
ObfuscateIPv4FromBytesToBytes XORs an IPv4 byte array with the obfuscation key
func ObfuscateIPv4FromBytesToString ¶
ObfuscateIPv4FromBytesToString XORs an IPv4 string with the obfuscation key, returning a string
func ObfuscateIPv4FromStringToBytes ¶
ObfuscateIPv4FromStringToBytes XORs an IPv4 string with the obfuscation key, returning bytes
func ObfuscateIPv4FromStringToString ¶
ObfuscateIPv4FromStringToString XORs an IPv4 string with the obfuscation key, returning a string
func RandomBytes ¶
RandomBytes generates a random byte sequence of the requested length
func RandomizeObfuscationKeys ¶
func RandomizeObfuscationKeys()
RandomizeObfuscationKeys resets the default obfuscation keys
func SMB1ExtractNativeFieldsFromSessionSetupReply ¶
SMB1ExtractNativeFieldsFromSessionSetupReply tries to extract NativeOS/NativeLM fields from a SMB1 session setup response
func SMB2ExtractFieldsFromNegotiateReply ¶
SMB2ExtractFieldsFromNegotiateReply extracts useful fields from the SMB2 negotiate response
func SMB2ExtractSIDFromSessionSetupReply ¶
SMB2ExtractSIDFromSessionSetupReply tries to extract the SessionID and Signature from a SMB2 reply
func SMB2NegotiateProtocolRequest ¶
SMB2NegotiateProtocolRequest generates a new Negotiate request with the specified target name
func SMB2ParseNegotiateContext ¶
SMB2ParseNegotiateContext decodes fields from the SMB2 Negotiate Context values
func SMBExtractFieldsFromSecurityBlob ¶
SMBExtractFieldsFromSecurityBlob extracts fields from the NTLMSSP response
func SMBExtractValueFromOffset ¶
SMBExtractValueFromOffset peels a field out of a SMB buffer
func SMBReadFrame ¶
SMBReadFrame reads the netbios header then the full response
func SMBSendData ¶
SMBSendData writes a SMB request to a socket
func SanitizeStringForJSON ¶
SanitizeStringForJSON scrubs a given string of invalid UTF8 for JSON encoding
func TimestampToBytes ¶
TimestampToBytes converts a timestamp to an 8-byte array
func U64SliceToSeq ¶
U64SliceToSeq turns an array of ints into a hex string
func XorBytesWithBytes ¶
XorBytesWithBytes xor encodes a byte array with another byte array
Types ¶
type CounterPredictor ¶
CounterPredictor tries to predict the next sequence based on a detected cyclical pattern
func NewCounterPredictor ¶
func NewCounterPredictor(rep int, len int) *CounterPredictor
NewCounterPredictor returns a new instance of the predictor
func (*CounterPredictor) Check ¶
func (c *CounterPredictor) Check(v uint64) ([]uint64, error)
Check submits a new value and returns the list of missing sequences if any
func (*CounterPredictor) GetCycle ¶
func (c *CounterPredictor) GetCycle() []uint64
GetCycle returns the predicted cycle
func (*CounterPredictor) GetSampleCount ¶
func (c *CounterPredictor) GetSampleCount() int
GetSampleCount returns the number of samples stored
func (*CounterPredictor) Previous ¶
func (c *CounterPredictor) Previous(v uint64) (uint64, error)
Previous rolls back to the prior session ID using the predicted counter
func (*CounterPredictor) Ready ¶
func (c *CounterPredictor) Ready() bool
Ready indicates if the predictor has calculted the cycle
func (*CounterPredictor) SubmitSample ¶
func (c *CounterPredictor) SubmitSample(v uint64) bool
SubmitSample is used to train the predictor
Source Files