Proto commits in dreadl0ck/netcap

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

Commit:f187618
Author:Philipp Mieden

refactor: rename IPProfile audit record to Host Rename audit record type IPProfile -> Host across the codebase. To free up the Host name (previously used for HTTP Hostname Maltego entity), also rename the existing netcap.Host entity to netcap.HTTPHost. IPProfile -> Host: - proto: NC_IPProfile -> NC_Host, message IPProfile -> Host - types/ip_profile.go -> types/host.go (type, vars, methods) - decoder/packet/ip_profile.go -> decoder/packet/host.go (atomicIPProfileMap -> atomicHostMap, ipProfiles -> hosts, ipProfile wrapper -> hostEntry, ResetIPProfiles -> ResetHosts, updateIPProfile -> updateHost, etc.) - on-disk filename IPProfile.ncap.gz -> Host.ncap.gz - io/elastic.go switch case IPProfile -> Host - maltego/ip_profile.go -> maltego/host.go (LoadIPProfiles -> LoadHosts, IPProfileTransform -> HostTransform, IPProfileTransformationFunc -> HostTransformationFunc, ipProfileCountFunc -> hostCountFunc) - Maltego entity netcap.IPProfile -> netcap.Host (InternalIPProfile -> InternalHost, ExternalIPProfile -> ExternalHost, IPProfileAuditRecords -> HostAuditRecords) - Maltego transforms ToIPProfiles* -> ToHosts* - Webui: IPProfileSummary -> HostSummary, readIPProfiles -> readHosts, getIPProfileGeolocations -> getHostGeolocations, getIPProfileScatter3DData -> getHostScatter3DData, readJA4FromIPProfile -> readJA4FromHost - Frontend: value="IPProfile" -> value="Host" in MenuItem, chart map keys, dashboard text Conflict resolution (existing netcap.Host -> netcap.HTTPHost): - maltego/entity_generation_test.go: "Host" -> "HTTPHost" - maltego/transform_generation_test.go: netcap.Host -> netcap.HTTPHost - cmd/transform/ToHTTPHostNames.go: netcap.Host -> netcap.HTTPHost - cmd/transform/ToHTTPHostsFiltered.go: netcap.Host -> netcap.HTTPHost - New maltego/netcap/Entities/netcap.HTTPHost.entity for the renamed entity (parent type netcap.IPAddr, icon web_black) Also rename existing toHosts (POP3-specific filter) -> toPOP3Hosts to free up the toHosts function name for the new Hosts list transform. Breaking changes: - old IPProfile.ncap.gz files cannot be read by the new code - existing Maltego installations need .mtz archives regenerated via 'zeus gen-maltego-config' (env-dependent, not run here) - proto bindings for cpp/csharp/swift/js were not regenerated; only Go binding was updated via 'protoc --gogofaster_out=types/. netcap.proto'

Commit:db7ca93
Author:Philipp Mieden

refactor: rename Credentials audit record to Secret Rename audit record type Credentials -> Secret across the codebase: - proto: NC_Credentials -> NC_Secret, message Credentials -> Secret - types/credentials.go -> types/secret.go (type, vars, methods) - decoder/stream/credentials/ -> decoder/stream/secret/ (package + dir) - on-disk filename Credentials.ncap.gz -> Secret.ncap.gz - WriteCredentials -> WriteSecret, ResetCredStore -> ResetSecretStore - Maltego entity netcap.Credentials -> netcap.Secret - Maltego entity netcap.CredentialsAuditRecords -> netcap.SecretAuditRecords - HTTP API /api/credentials/* -> /api/secrets/* - Frontend route /credentials -> /secrets - Frontend page CredentialsPage -> SecretsPage - Test fixture renamed (existing data needs regeneration) - Maltego icons regenerated separately via 'zeus gen-icons' Breaking changes: - old Credentials.ncap.gz files cannot be read by the new code - existing Maltego installations need .mtz archives regenerated via 'zeus gen-maltego-config' (env-dependent, not run here) - proto bindings for cpp/csharp/swift/js were not regenerated; only Go binding was updated via 'protoc --gogofaster_out=types/. netcap.proto'

Commit:5cfdbc8
Author:Philipp Mieden

protobuf support in ui

Commit:dfa4415
Author:Philipp Mieden

Add generic protobuf wire format stream decoder Detect and decode arbitrary Protocol Buffer messages on the wire without requiring a schema. The decoder uses heuristic detection (wire type distribution, varint patterns, Shannon entropy) and parses all six wire types including recursive nested message support. - New stream decoder registered on ports 9090 and 50051 (gRPC) - Fields keyed as type_fieldnum (e.g. varint_1, string_2) with wire order preserved in FieldOrder - Entropy calculation respects CalculateEntropy config flag - Proto type NC_Protobuf = 145 with map<string,string> Fields - Unit tests (11 suites) and integration tests (6 suites, 3 benchmarks) - No false positives on HTTP, CIP, S7Comm test PCAPs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Commit:6e3f02e
Author:Philipp Mieden

yara and magika support

Commit:a028e80
Author:Philipp Mieden

support for additional protocols

Commit:09c3a97
Author:Philipp Mieden

device enrichment with discovery fields, refined credential harvesters

Commit:09c2630
Author:Philipp Mieden

fix: ensure CommunityID is set on all fingerprint records (JA4T, JA4, JA4S) Three issues prevented CommunityID from appearing on fingerprint records: 1. CommunityID computation in the worker was gated behind the AddContext config flag — moved it outside so it's always calculated. 2. Packet decoders (TLS, TCP) didn't receive PacketContext. Extended DecoderAPI.Decode to accept *PacketContext and apply it via SetPacketContext, matching what GoPacketDecoder already does. Removed redundant per-packet CalcCommunityID calls from TLS decoders. 3. Added CommunityID field to TCP proto message and updated SetPacketContext, CSV, and Encode methods. Fixed the webui JA4T/JA4TS fingerprint handler to populate communityIDs on the aggregator. Includes integration test that processes https.pcap with AddContext=false and verifies all TCP/JA4T, TLSClientHello, and TLSServerHello records have non-empty CommunityIDs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Commit:80f1d6c
Author:Philipp Mieden

ui improvements

Commit:361f791
Author:Philipp Mieden

file extraction engine, dedup and decompress

Commit:f57e6fc
Author:Philipp Mieden

feat: corelight community ids

Commit:798f470
Author:Philipp Mieden

various ui improvements

Commit:19c7c12
Author:Philipp Mieden

feat: quic support and ja4

Commit:724359a
Author:Philipp Mieden

sip improvements

Commit:fcd4c01
Author:Philipp Mieden

improve ethernetctp, ui improvements

Commit:c4c9399
Author:Philipp Mieden

feat: more industrial protocols

Commit:2f94822
Author:Philipp Mieden

more credential harvesters

Commit:11e8364
Author:Philipp Mieden

feat: more protos, more fields

Commit:116bce4
Author:Philipp Mieden

feat: new file extraction framework and additional audit record types

Commit:f4b153c
Author:Philipp Mieden

feat: TLSCertificate audit records and new pages

Commit:a2e95a9
Author:Philipp Mieden

ui fixes

Commit:7d08e3a
Author:Philipp Mieden

extending credential harvesters

Commit:2d1cf58
Author:Philipp Mieden

feat: ui view raw conversation streams and download pcap, services page

Commit:665bfa1
Author:Philipp Mieden

wip: webUI and rules + alerting engine

Commit:8c19644
Author:Philipp Mieden

fix: various issues, roadmap, upgrade gopacket, enable cip,enip again, default decode opt datagrams in capture mode

Commit:e58ad21
Author:Philipp Mieden

feat: dpi results for additional audit record types

The documentation is generated from this commit.

Commit:9bb050d
Author:Philipp Mieden

chore: switch to new releases of deps ja3,go-dpi and tlsx that use gopacket/gopacket, disable modbus,cip,enip,diameter decoders until they are available in gopacket/gopacket

Commit:4e8216f
Author:Cursor Agent

Changes from background composer bc-dfb12fc6-3a7c-4e86-9fef-32ba6a758f76

Commit:dcf3741
Author:Philipp Mieden

connection proto updates

Commit:e313e97
Author:Philipp Mieden

update proto defs for connection flow volume tracking

Commit:e33f53b
Author:Philipp Mieden

modeled alerts, field type updates

Commit:d66ea7f
Author:Philipp Mieden

formatting, renamed field for Ja3 hashmap on profile audit records

Commit:58a7518
Author:Philipp Mieden

move port stats into dedicated structure to avoid alignment issues on ARM

Commit:61a3f39
Author:Philipp Mieden

pop3: save command sequence

Commit:d028984
Author:Philipp Mieden

bootstrapped SMTP stream parser

Commit:3a6b981
Author:Philipp Mieden

removed flow audit records, fixed lookup DHCP fingerprints transforms

Commit:39a4b08
Author:Philipp Mieden

added to contacted ports transform

Commit:56c4a65
Author:Philipp Mieden

add open in disassembler transform, fixed to cookie and to params transforms on host entities, added support to show all http headers and values for a given host

Commit:a086072
Author:Philipp Mieden

use cookie for frontend framework detection, cleanup

Commit:c2d3049
Author:Philipp Mieden

improved build process, added option to compile without dynamically linked dpi libs

Commit:f2ea4c2
Author:Philipp Mieden

fmt

Commit:42e2a56
Author:Philipp Mieden

added a service port to name mapping for service probe matching, to make an educated guess which signatures to try first

Commit:6c5b279
Author:Philipp Mieden

improved port modeling on ipprofiles

Commit:a4dea8c
Author:Philipp Mieden

POP3: move mails into dedicated audit record file and cross reference via IDs

Commit:a13b54b
Author:Philipp Mieden

write IP profile into dedicated audit record file

Commit:a4fe5ef
Author:Philipp Mieden

added command to format the protobuf definitions

Commit:e4051c8
Author:Philipp Mieden

removed Context from structures, added fields directly

Commit:cb91b10
Author:Philipp Mieden

made all timestamps numeric

Commit:0572f97
Author:Philipp Mieden

changed dhcp type for option data field to string

Commit:72bbeaf
Author:Philipp Mieden

store service banners as strings

Commit:0d06a5e
Author:Philipp Mieden

dns audit records: change name fields to type string

Commit:0d78caf
Author:Philipp Mieden

added support to capture payloads for http requests and responses, return an error for ReadHeader(), added packets per second to progress log, added profiling with fgprof, added zeus commands for profiling, move membuffer before the compression step, since pgzip acts as a buffer as well, graphics update, allow to ignore custom encoder init errors in config, rename NoDefrag config Option to DefragIPv4

Commit:17a6f73
Author:Philipp Mieden

refactored service probe matching and added unit tests

Commit:278ebaa
Author:Philipp Mieden

added exploit audit records and refactored queries for bleve databases

Commit:2fc7213
Author:Philipp Mieden

enrich software and vuln maltego entities

Commit:79b4792
Author:Philipp Mieden

maltego iteration, added support for vulnerability audit records

Commit:6b45e2c
Author:Philipp Mieden

added vulnerability audit records, go fmt project

Commit:773a5a0
Author:Philipp Mieden

prepare dhcp fingerprinting, add option to resolve service ips to hostnames via dns lookup with -reverse-dns flag

Commit:a04c767
Author:Philipp Mieden

deduplicate services and store all flows towards a service

Commit:f200bb5
Author:Philipp Mieden

bootstrapped SSH audit records

Commit:78d7490
Author:Philipp Mieden

service audit records: save num bytes seen for server and client

Commit:765857e
Author:Philipp Mieden

bootstrapped credentials audit records and use it to capture http basic auth and pop3 credentials

Commit:04b4cb0
Author:Philipp Mieden

testing and fixes for the service banner regexes, added support for using a different RE engine that supports backtracking

Commit:ee586c0
Author:Philipp Mieden

software audit records: collect flows when updating a record

Commit:9bc4875
Author:Philipp Mieden

updated software fields, preserve full parsed client info for debugging

Commit:2765357
Author:Philipp Mieden

extended service, cleanup and roadmap

Commit:a8c1d2c
Author:Philipp Mieden

added service audit record for banner grabbing

Commit:520dd7a
Author:Philipp Mieden

testing, notes and fixed race in tcp stream reader

Commit:84ef4e1
Author:Philipp Mieden

cleanup

Commit:984f87c
Author:Philipp Mieden

bootstrapped software audit records

Commit:4f833d8
Author:Philipp Mieden

removed layer flows

Commit:c23ff7b
Author:Philipp Mieden

testing and cleanup

Commit:0368d11
Author:Philipp Mieden

added TLSServerHello audit records and renamed TLS records to TLSClientHello

Commit:75c051d
Author:Philipp Mieden

cleanup

Commit:deaa52d
Author:Philipp Mieden

pop3 attachments, version bump

Commit:2ec21cc
Author:Philipp Mieden

HTTP POST parameter extraction, add host to file info, added URL reference to file source field, match file types on the part before the semicolon, to avoid exotic encodings breaking the matching

Commit:2ddc3e0
Author:Philipp Mieden

stream reassembly refactoring: switched to using on assembler per worker with a shared stream pool

Commit:5905d33
Author:Philipp Mieden

implemented GetApplicationCategories and GetApplicationsForCategory

Commit:aeb225f
Author:Philipp Mieden

added POP3 support and first experimental mail extraction plugin for maltego

Commit:49969f5
Author:Philipp Mieden

added experimental POP3 parsing support

Commit:b7c39fd
Author:Philipp Mieden

implemented diameter decoder

Commit:6b5bd9e
Author:Philipp Mieden

added SMTP decoding support

Commit:e49e2bb
Author:Philipp Mieden

modeled http cookies and addeed maltego plugin

Commit:d932559
Author:Philipp Mieden

cleanup

Commit:775a01f
Author:Philipp Mieden

implement CSV generation for DeviceProfile, added File audit record type

Commit:557f8fc
Author:Philipp Mieden

http: added fields for detected content type, added file extraction for http POST, fix files being saved outside of files folder when generating paths for existing targets, improved mapping of content types to file extensions

Commit:1461527
Author:Philipp Mieden

implemented service lookups for ports

Commit:ace955d
Author:Philipp Mieden

added more stats and bootstrapped maltego integration

Commit:697cef0
Author:Philipp Mieden

added nDPI

Commit:2046a94
Author:Philipp Mieden

added cached ja3 lookups, added caching for DNS lookups, added timestamps to profiles

Commit:a1dadea
Author:Philipp Mieden

added descriptive comments about protocols to proto defs

Commit:b109cb9
Author:Philipp Mieden

added type definitions for DeviceProfile and IPProfile

Commit:2e4b029
Author:dreadl0ck

implemented ENIP

Commit:2d4e502
Author:dreadl0ck

implemented support for Common Industrial Protocol

Commit:22132f5
Author:dreadl0ck

updated modbus

Commit:eb7de3f
Author:Philipp Mieden

implemented adding context information to audit records

Commit:bd9d4d1
Author:Philipp Mieden

added comment to http audit record enhanced fields

Commit:3828193
Author:Philipp Mieden

added new HTTP fields

Commit:7eb4b36
Author:Philipp Mieden

added optional payloads for modbusTCP

Commit:abb2158
Author:Philipp Mieden

added gogo proto gode generator for faster protobuf serialization, renamed Size field from several audit records to TotalSize to resolve conflict with generated Size() func