Proto commits in dreadl0ck/netcap

These 97 commits are when the Protocol Buffers files have changed:

2021-07-06

connection proto updates

The documentation is generated from this commit.

2021-06-13

update proto defs for connection flow volume tracking

2021-06-09

modeled alerts, field type updates

2021-06-06

formatting, renamed field for Ja3 hashmap on profile audit records

2021-01-05

move port stats into dedicated structure to avoid alignment issues on ARM

2020-10-04

pop3: save command sequence

bootstrapped SMTP stream parser

2020-09-27

removed flow audit records, fixed lookup DHCP fingerprints transforms

2020-09-23

added to contacted ports transform

2020-09-19

add open in disassembler transform, fixed to cookie and to params transforms on host entities, added support to show all http headers and values for a given host

2020-09-16

use cookie for frontend framework detection, cleanup

2020-09-12

improved build process, added option to compile without dynamically linked dpi libs

2020-09-09

fmt

2020-08-30

added a service port to name mapping for service probe matching, to make an educated guess which signatures to try first

2020-08-27

improved port modeling on ipprofiles

2020-08-25

POP3: move mails into dedicated audit record file and cross reference via IDs

write IP profile into dedicated audit record file

added command to format the protobuf definitions

removed Context from structures, added fields directly

made all timestamps numeric

2020-08-22

changed dhcp type for option data field to string

2020-08-21

store service banners as strings

dns audit records: change name fields to type string

2020-07-12

added support to capture payloads for http requests and responses, return an error for ReadHeader(), added packets per second to progress log, added profiling with fgprof, added zeus commands for profiling, move membuffer before the compression step, since pgzip acts as a buffer as well, graphics update, allow to ignore custom encoder init errors in config, rename NoDefrag config Option to DefragIPv4

2020-05-25

refactored service probe matching and added unit tests

2020-05-24

added exploit audit records and refactored queries for bleve databases

2020-05-23

enrich software and vuln maltego entities

2020-05-20

maltego iteration, added support for vulnerability audit records

added vulnerability audit records, go fmt project

prepare dhcp fingerprinting, add option to resolve service ips to hostnames via dns lookup with -reverse-dns flag

2020-05-17

deduplicate services and store all flows towards a service

2020-05-16

bootstrapped SSH audit records

2020-05-11

service audit records: save num bytes seen for server and client

2020-05-06

bootstrapped credentials audit records and use it to capture http basic auth and pop3 credentials

2020-05-04

testing and fixes for the service banner regexes, added support for using a different RE engine that supports backtracking

2020-05-03

software audit records: collect flows when updating a record

updated software fields, preserve full parsed client info for debugging

2020-05-02

extended service, cleanup and roadmap

added service audit record for banner grabbing

2020-04-30

testing, notes and fixed race in tcp stream reader

cleanup

2020-04-29

bootstrapped software audit records

2020-04-27

removed layer flows

2020-04-26

testing and cleanup

2020-04-10

added TLSServerHello audit records and renamed TLS records to TLSClientHello

2020-04-04

cleanup

2020-03-25

pop3 attachments, version bump

HTTP POST parameter extraction, add host to file info, added URL reference to file source field, match file types on the part before the semicolon, to avoid exotic encodings breaking the matching

2020-03-22

stream reassembly refactoring: switched to using on assembler per worker with a shared stream pool

2020-03-21

implemented GetApplicationCategories and GetApplicationsForCategory

2020-03-19

added POP3 support and first experimental mail extraction plugin for maltego

added experimental POP3 parsing support

2020-03-18

implemented diameter decoder

added SMTP decoding support

2020-03-16

modeled http cookies and addeed maltego plugin

cleanup

implement CSV generation for DeviceProfile, added File audit record type

http: added fields for detected content type, added file extraction for http POST, fix files being saved outside of files folder when generating paths for existing targets, improved mapping of content types to file extensions

2020-03-10

implemented service lookups for ports

2020-03-09

added more stats and bootstrapped maltego integration

2020-03-05

added nDPI

added cached ja3 lookups, added caching for DNS lookups, added timestamps to profiles

2020-03-01

added descriptive comments about protocols to proto defs

added type definitions for DeviceProfile and IPProfile

2020-01-14

implemented ENIP

implemented support for Common Industrial Protocol

2020-01-13

updated modbus

2019-11-12

implemented adding context information to audit records

2019-05-08

added comment to http audit record enhanced fields

2019-05-02

added new HTTP fields

2019-01-18

added optional payloads for modbusTCP

2019-01-17

added gogo proto gode generator for faster protobuf serialization, renamed Size field from several audit records to TotalSize to resolve conflict with generated Size() func

2019-01-13

implemented suport for NortelDiscovery

added ContainsPayloads field to Header and Batch structs

added payload flag to preserve payloads for TCP, UDP and USB packets

2019-01-12

implemented support for USBRequestBlockSetup

added OSPF LSA data to audit records

2019-01-11

implemented merged LayerEncoders to deal with protocols with multiple versions but one gopacket.LayerType (such as OSPF), LSA type definitions, GRE hotfix, LLDI unified string format

2019-01-09

implemented support for CiscoDiscovery protocol

2019-01-04

implemented support for EAPOL and EAPOLKey

2018-12-31

implemented VRRPv2 encoder

implemented support for EAP protocol

implemented support for FDDI

implemented support for GRE protocol

2018-12-30

implemented BFD encoder

implemented ospf v2 and v3 encoders

implemented modbusTCP encoder

implemented MPLS encoder

implemented LCM encoder

2018-12-29

implemented support for USB

2018-12-28

VXLAN support

added support for ipv6 fragments

added support for geneve protocol

2018-12-26

added basic ipsec support

2018-12-08

added extensions for tls audit record

copyright header fix

2018-11-28

hello github