noon/noon.go at main · dusbot/noon · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
package main

import (
	"fmt"
	"github.com/olekukonko/tablewriter"
	"net"
	"os"
	"os/signal"
	"strings"

	"github.com/dusbot/maxx/libs/slog"
	"github.com/dusbot/noon/run"
	"github.com/google/gopacket/pcap"
	"github.com/urfave/cli/v2"
)

var (
	interfaces         []string
	listInterface      bool
	bpfFilter          string
	saveTo, writeTo    string
	verbose, printHTTP bool
)

func main() {
	app := cli.NewApp()
	app.HelpName = "Noon IDS sensor"
	app.Usage = "A modular network intrusion detection system (IDS) sensor"
	app.Name = "noon"
	app.EnableBashCompletion = true
	app.Authors = []*cli.Author{
		{Name: "1DK", Email: "3520124658@qq.com"},
	}
	app.Version = "v0.0.1"
	app.Description = `A modular network intrusion detection system (IDS) sensor`
	app.Flags = []cli.Flag{
		&cli.BoolFlag{
			Name:    "list-interface",
			Usage:   "List all the interfaces available on this system",
			Aliases: []string{"l"},
		},
		&cli.StringSliceFlag{
			Name:    "interface",
			Usage:   "interfaces to listen",
			Aliases: []string{"i"},
		},
		&cli.StringFlag{
			Name:    "filter",
			Usage:   "BPF filter string, e.g. 'tcp port 80'",
			Aliases: []string{"f"},
		},
		&cli.StringFlag{
			Name:    "save-to",
			Usage:   "File to save the captured packets to (json format)",
			Aliases: []string{"s"},
		},
		&cli.StringFlag{
			Name:    "write-to",
			Usage:   "File to write the captured packets to (pcap format)",
			Aliases: []string{"w"},
		},
		&cli.BoolFlag{
			Name:    "verbose",
			Usage:   "Enable verbose output",
			Aliases: []string{"V"},
		},
		&cli.BoolFlag{
			Name:    "httpprint",
			Usage:   "Print HTTP requests and responses",
			Aliases: []string{"ph"},
		},
	}
	app.Action = func(c *cli.Context) error {
		listInterface = c.Bool("list-interface")
		if listInterface {
			devs, err := pcap.FindAllDevs()
			if err != nil {
				return fmt.Errorf("could not list interfaces: %v", err)
			}
			table := tablewriter.NewWriter(os.Stdout)
			table.Header([]string{"Name", "IP(s)", "Description"})
			for _, dev := range devs {
				desc := dev.Description
				if desc == "" {
					desc = "-"
				}
				ips := "-"
				if len(dev.Addresses) > 0 {
					ipList := make([]string, 0, len(dev.Addresses))
					for _, addr := range dev.Addresses {
						ipList = append(ipList, addr.IP.String())
					}
					ips = strings.Join(ipList, ", ")
				}
				table.Append([]string{dev.Name, ips, desc})
			}
			table.Render()
			return nil
		}
		bpfFilter = c.String("filter")
		saveTo = c.String("save-to")
		writeTo = c.String("write-to")
		interfaces = c.StringSlice("interface")
		verbose = c.Bool("verbose")
		printHTTP = c.Bool("httpprint")
		if len(interfaces) == 0 {
			devs, err := pcap.FindAllDevs()
			if err != nil {
				return fmt.Errorf("could not list interfaces: %v", err)
			}
			for _, dev := range devs {
				if dev.Flags&uint32(net.FlagUp) == 0 {
					continue
				}
				interfaces = append(interfaces, dev.Name)
			}
		}
		fmt.Printf("Listening on interfaces: %v\n", interfaces)

		stop := make(chan os.Signal, 1)
		signal.Notify(stop, os.Interrupt)

		for _, iface := range interfaces {
			go run.ListenOnInterface(iface, bpfFilter, saveTo, writeTo, verbose, printHTTP)
		}
		<-stop
		slog.Println(slog.INFO, "Stopped listening.")
		return nil
	}
	app.Run(os.Args)
}