cybermaggedon / cyberprobe Goto Github PK
View Code? Open in Web Editor NEWCapturing, analysing and responding to cyber attacks
Home Page: https://cybermaggedon.github.io/cyberprobe-docs/
License: Other
Capturing, analysing and responding to cyber attacks
Home Page: https://cybermaggedon.github.io/cyberprobe-docs/
License: Other
1-the new version of elastic-search doesn't support ttl version 2.3.5 does how you will update that in the new version since the old versions are ugly very much.
2-https-server in the visualization what does it means
3-Dns -QUERY HOW CAN I GET IT
4-the packets bring to me ipv4:192.222.1.50 , i dont want to show ipv4 in the kibana please answer my questions
cyberprobe.texi:4332: warning: @table has text but no @item
For some reason packet capture seems to be high latency. Looks like a PCAP buffer. Has settings changed?
ip.C: In static member function 'static void cybermon::ip::handle_nxt_proto(cybermon::manager&, cybermon::context_ptr, uint8_t, const cybermon::pdu_slice&, uint16_t, uint8_t)':
ip.C:21:14: warning: variable 'e' set but not used [-Wunused-but-set-variable]
pdu_iter e = sl.end;
Errors from import pika
.
The port to AMQP was never quite finished.
Exception: Error running script: /etc/cyberprobe/mime.lua:12 module 'mime.core' not found
Sometimes thread stop() methods call join(), sometimes not. Is this a problem?
socket.C: In member function 'virtual int tcpip::tcp_socket::read(char*, int)':
socket.C:456:12: warning: unused variable 'then' [-Wunused-variable]
time_t then = time(0);
^~~~
socket.C: In constructor 'tcpip::ssl_socket::ssl_socket()':
socket.C:855:42: warning: 'const SSL_METHOD* TLSv1_2_method()' is deprecated [-Wdeprecated-declarations]
context = SSL_CTX_new(TLSv1_2_method());
^
In file included from /usr/include/openssl/opensslconf.h:42,
from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:45,
from ../include/cybermon/socket.h:5,
from socket.C:2:
/usr/include/openssl/ssl.h:1644:1: note: declared here
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
^~~~~~~~~~~~~~~~~~
socket.C:855:42: warning: 'const SSL_METHOD* TLSv1_2_method()' is deprecated [-Wdeprecated-declarations]
context = SSL_CTX_new(TLSv1_2_method());
^
In file included from /usr/include/openssl/opensslconf.h:42,
from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:45,
from ../include/cybermon/socket.h:5,
from socket.C:2:
/usr/include/openssl/ssl.h:1644:1: note: declared here
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
^~~~~~~~~~~~~~~~~~
socket.C: In constructor 'tcpip::ssl_socket::ssl_socket(int)':
socket.C:932:42: warning: 'const SSL_METHOD* TLSv1_2_method()' is deprecated [-Wdeprecated-declarations]
context = SSL_CTX_new(TLSv1_2_method());
^
In file included from /usr/include/openssl/opensslconf.h:42,
from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:45,
from ../include/cybermon/socket.h:5,
from socket.C:2:
/usr/include/openssl/ssl.h:1644:1: note: declared here
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
^~~~~~~~~~~~~~~~~~
socket.C:932:42: warning: 'const SSL_METHOD* TLSv1_2_method()' is deprecated [-Wdeprecated-declarations]
context = SSL_CTX_new(TLSv1_2_method());
^
In file included from /usr/include/openssl/opensslconf.h:42,
from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:45,
from ../include/cybermon/socket.h:5,
from socket.C:2:
/usr/include/openssl/ssl.h:1644:1: note: declared here
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
iwant to know can we use cyberprobe as SIEM and ifnot are you going to intergrate the plugins of the SIEM project into cyberprobe and how can i use it as SIEM project in my company or anything else ?
# -*- compilation -*-
12. testsuite.at:114: testing tls.pcap ...
./testsuite.at:119: diff output1 output2
--- /dev/null 2019-07-04 04:50:59.260698767 +0000
+++ /usr/local/src/cyberprobe/cyberprobe-2.0.2/cyberprobe-2.0.2/tests/testsuite.dir/at-groups/12/stdout 2019-07-04 04:57:13.309990192 +0000
@@ -0,0 +1,4 @@
+56c56
+< data -> 0x8BF58C92B8EBB92669CDCFEBEBD6A992CE88EF536198FCD81C646B96
+---
+> data -> 0x8BF58C92B8EBB92669CDCFEBEBD6A992CE88EF536198FCD81C646B00
./testsuite.at:119: exit code was 1, expected 0
12. testsuite.at:114: 12. tls.pcap (testsuite.at:114): FAILED (testsuite.at:119)
When any endpoint is trying to connect (say the receiver is down), the endpoint lock remains locked. Don't know what this locks out. One thing that definitely blocks is the get-endpoints management API call.
iwant to know the best example on how to make to project simple deplyment and running up am now at the step of gaffer database and accumlu and zookeeper and hadoop ..... do i need to work to docker or how ? any answers to help me
libtool: compile: g++ -DHAVE_CONFIG_H -I. -I.. -I../include -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -c protocol/tls.C -o protocol/tls.o >/dev/null 2>&1
In file included from ../include/cyberprobe/event/event_protobuf.h:10,
from event/event_protobuf.C:7:
./cyberprobe.pb.h: In function 'void cyberprobe::event::protobufify(cyberprobe::event::proto_addr&, cyberprobe::ProtocolAddress*)':
./cyberprobe.pb.h:11617:13: warning: 'prot' may be used uninitialized in this function [-Wmaybe-uninitialized]
11617 | protocol_ = value;
| ~~~~~~~~~~^~~~~~~
event/event_protobuf.C:129:34: note: 'prot' was declared here
129 | cyberprobe::Protocol prot;
| ^~~~
cybermon-elasticsearch
elasticsearch: Exception: HTTPConnectionPool(host='localhost', port=9200): Max retries exceeded with url: //cyberprobe (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x7f7cc5ddab50>: Failed to establish a new connection: [Errno 111] Connection refused',))
Traceback (most recent call last):
File "/usr/local/bin/cybermon-elasticsearch", line 204, in
init()
File "/usr/local/bin/cybermon-elasticsearch", line 94, in init
time.sleep(1)
NameError: global name 'time' is not defined
Auto-tests fail for building on some Debian/Ubuntu cases.
tls-with-cert.pcap test case.
< .action tls_handshake_complete 2
---
> .action tls_handshake_complete 1
17c17
< .dest.0 ipv4:93.184.216.34 13
---
> .dest.0 ipv4:93.184.216.34 12
19c19
< .dest.1 tcp:443 13
---
> .dest.1 tcp:443 12
23,24c23,24
< .dest.2 tls 25
< .device PCAP 33
---
> .dest.2 tls 24
> .device PCAP 32
37c37
< .src.0 ipv4:172.17.0.2 15
---
> .src.0 ipv4:172.17.0.2 14
40c40
< .src.1 tcp:43258 13
---
> .src.1 tcp:43258 12
45c45
< .src.2 tls 25
---
> .src.2 tls 24
156c156
< .tls_handshake_complete.tls None 2
---
> .tls_handshake_complete.tls None 1
Hello,
I am getting an error of UUID4 for eleasticSearch script. I have installed Cyberpprobe 1.6.0, NODEJS v6, Node v3, and ELK 6.1.1 on Ubuntu 16.04. I need your help in this regard to fix it.
Thanks.
Have to use latest pcap2etsi instead.
Can this option be fixed or the option removed to prevent confusion?
warning -std=c++11 or -gnu=c++11 how i can solve it ?
I think this project is very interesting and appreciate the great documentation. Do you know if this is deployed on 100+, 1000+ node networks and what specs are required to handle the traffic volume?
Hi , i was compiling your tool on my system but then it stopped , it looks that your tool needs systemd init boot system to work .
My question is : Who to compile it without systemd ?
My linux does not work with the new systemd implementation .
cybermon -p 10000 -c /usr/local/etc/cyberprobe/db.lua
Segmentation fault (core dumped)
target.C: In function 'void target::from_json(const json&, target::spec&)':
target.C:58:13: warning: unused variable 'mask' [-Wunused-variable]
int mask;
^~~~
Crash when processing maccdc2012_00000.pcap to protobuf.
Thread 2 "cybermon" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff6a54700 (LWP 3443)]
cyberprobe::event::protobufify (pe=<optimized out>, ke=...)
at event/event_protobuf.C:848
848 dhanon->set_prime(ke.dhanon->p.data(), ke.dhanon->p.size());
Missing separate debuginfos, use: dnf debuginfo-install boost-program-options-1.69.0-18.fc32.x86_64 c-ares-1.15.0-5.fc32.x86_64 gperftools-libs-2.7-7.fc32.x86_64 libgcc-10.1.1-1.fc32.x86_64 libpcap-1.9.1-3.fc32.x86_64 libstdc++-10.1.1-1.fc32.x86_64 libunwind-1.3.1-5.fc32.x86_64 lua-libs-5.3.5-7.fc32.x86_64 lua-socket-3.0-0.22.rc1.fc32.x86_64 ncurses-libs-6.1-15.20191109.fc32.x86_64 openssl-libs-1.1.1g-1.fc32.x86_64 readline-8.0-4.fc32.x86_64 zlib-1.2.11-21.fc32.x86_64
Stack trace...
#0 cyberprobe::event::protobufify (pe=<optimized out>, ke=...)
at event/event_protobuf.C:848
#1 cyberprobe::event::protobufify (e=..., pe=...)
at event/event_protobuf.C:867
#2 0x00007ffff7e54751 in cyberprobe::event::event::to_protobuf(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) ()
at event/event.C:999
#3 0x00007ffff7e547fd in cyberprobe::event::event::lua_protobuf(lua_State*) ()
at /usr/include/c++/10/bits/shared_ptr_base.h:1324
#4 0x00007ffff7b7721f in luaD_precall () from /lib64/liblua-5.3.so
#5 0x00007ffff7b8e34d in luaV_execute () from /lib64/liblua-5.3.so
#6 0x00007ffff7b775e8 in luaD_callnoyield () from /lib64/liblua-5.3.so
#7 0x00007ffff7b76937 in luaD_rawrunprotected () from /lib64/liblua-5.3.so
#8 0x00007ffff7b7798f in luaD_pcall () from /lib64/liblua-5.3.so
#9 0x00007ffff7b6d5ce in lua_pcallk () from /lib64/liblua-5.3.so
#10 0x00007ffff7e0e15c in cyberprobe::analyser::lua_state::call (res=0,
args=1, this=0x7fffffffb040) at ../include/cyberprobe/analyser/lua.h:293
cybermon-lua.C:242:14: error: call of overloaded 'push(int64_t&)' is ambiguous
push(posn);
^
cybermon-lua.C:242:14: note: candidates are:
In file included from cybermon-lua.C:4:0:
../include/cybermon/cybermon-lua.h:199:7: note: void cybermon::lua_state::push(double)
void push(double num) {
^
../include/cybermon/cybermon-lua.h:194:7: note: void cybermon::lua_state::push(long unsigned int)
void push(unsigned long num) {
^
../include/cybermon/cybermon-lua.h:189:7: note: void cybermon::lua_state::push(unsigned int)
void push(unsigned int num) {
^
../include/cybermon/cybermon-lua.h:184:7: note: void cybermon::lua_state::push(long int)
void push(long num) {
^
../include/cybermon/cybermon-lua.h:179:7: note: void cybermon::lua_state::push(int)
void push(int num) {
^
../include/cybermon/cybermon-lua.h:170:7: note: void cybermon::lua_state::push(const string&) <near match>
void push(const std::string& s) {
^
../include/cybermon/cybermon-lua.h:170:7: note: no known conversion for argument 1 from 'int64_t {aka long long int}' to 'const string& {aka const std::basic_string<char>&}'
Makefile:719: recipe for target 'cybermon-lua.lo' failed
make[2]: *** [cybermon-lua.lo] Error 1
make[2]: Leaving directory '/home/pi/dev/cyberprobe/src'
Makefile:488: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/pi/dev/cyberprobe'
Makefile:394: recipe for target 'all' failed
make: *** [all] Error 2
snort_alert.C: In member function 'virtual void snort_alert::snort_alerter::run()':
snort_alert.C:177:28: warning: 'src' may be used uninitialized in this function [-Wmaybe-uninitialized]
<< ", targeting " << *src
^~~
<!-- filter element is optional. Can be used to make sure you don't
sniff the outbound streams. -->
<interface name="eth0" filter="not port 10001 and not port 10002"/>
<-- The delay attribute can be used to specify a delay before
packets are processed. In seconds. -->
<interface name="eth1" delay="0.5"/>
i find that there is an error when adding this part of the xml.file other are working
File "/usr/local/bin/cybermon-bigquery", line 78, in
scopes=scopes)
File "/usr/local/lib/python2.7/dist-packages/oauth2client/service_account.py", line 219, in from_json_keyfile_name
with open(filename, 'r') as file_obj:
IOError: [Errno 2] No such file or directory: '/etc/cyberprobe/private.json'
Read off end-of-array if port number is 65535.
udp_ports::fn udp_ports::port_handler[65535] = {};
etsi-rcvr 10000 | tcpdump -n -r -
reading from file -, link-type RAW (Raw IP)
Exception: Socket bind failed.
how can i solve it and what is -n -r refere to
the configuration file is c.xml
hi, Can u please give a highlight on how to use cyberprobe with docker.. Thank you
TLS warning:
tls.C: In static member function 'static const cybermon::tls::header* cybermon::tls::verifyHeader(const cybermon::pdu_slice&)':
tls.C:197:41: warning: comparison of integer expressions of different signedness: '__gnu_cxx::__normal_iterator<const unsigned char*, std::vector<unsigned char> >::difference_type' {aka 'long int'} and 'long unsigned int' [-Wsign-compare]
197 | if ((pduSlice.end - pduSlice.start) < sizeof(header))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~
cybermon.C: In constructor 'interface_input::interface_input(const string&, cyberprobe::analyser::engine&, const string&)':
cybermon.C:139:54: warning: base 'cyberprobe::pcap::interface' will be initialized after [-Wreorder]
139 | interface(*this, iface), pcap_input(e, device)
| ^
cybermon.C:139:54: warning: base 'pcap_input' [-Wreorder]
cybermon.C:137:5: warning: when initialized here [-Wreorder]
137 | interface_input(const std::string& iface, engine& e,
| ^~~~~~~~~~~~~~~
cybermon.C: In constructor 'file_input::file_input(const string&, cyberprobe::analyser::engine&, const string&)':
cybermon.C:168:50: warning: base 'cyberprobe::pcap::reader' will be initialized after [-Wreorder]
168 | reader(*this, file), pcap_input(e, device)
| ^
cybermon.C:168:50: warning: base 'pcap_input' [-Wreorder]
cybermon.C:166:5: warning: when initialized here [-Wreorder]
166 | file_input(const std::string& file, engine& e,
| ^~~~~~~~~~
Observing 100% CPU and failure to initialise when using gRPC. Both:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.