Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-04-26 15:39:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat: show rayhunter version/os/arch in pcap, ndjson, qmdl manifest

Browse Source 
Create a util mod to provide information about the rayhunter binary and
system.
This commit is contained in:
oopsbagel
2025-03-18 00:43:03 -07:00
committed by Will Greenberg
parent b785a7f21c
commit f2b5aa2743
7 changed files with 67 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/src/analysis/analyzer.rs
View File

@@ -70,9 +70,18 @@ pub struct AnalyzerMetadata {
pub description: String,
}
#[derive(Serialize, Debug)]
pub struct RayhunterMetadata {
pub version: String,
pub os: String,
pub arch: String,
pub hardware: String,
}
#[derive(Serialize, Debug)]
pub struct ReportMetadata {
pub analyzers: Vec<AnalyzerMetadata>,
pub rayhunter: RayhunterMetadata,
}
#[derive(Serialize, Debug, Clone)]
@@ -205,8 +214,18 @@ impl Harness {
});
}
let metadata = crate::util::RayhunterMetadata::new();
let rayhunter = RayhunterMetadata {
version: metadata.version,
os: metadata.os,
arch: metadata.arch,
hardware: metadata.hardware,
};
ReportMetadata {
analyzers,
rayhunter,
}
}
}

1
lib/src/lib.rs
View File

@@ -7,6 +7,7 @@ pub mod gsmtap;
pub mod gsmtap_parser;
pub mod pcap;
pub mod analysis;
pub mod util;
// re-export telcom_parser, since we use its types in our API
pub use telcom_parser;

21
lib/src/pcap.rs
View File

@@ -7,13 +7,11 @@ use tokio::io::AsyncWrite;
use std::borrow::Cow;
use chrono::prelude::*;
use deku::prelude::*;
use nix::sys::utsname::uname;
use pcap_file_tokio::pcapng::blocks::enhanced_packet::EnhancedPacketBlock;
use pcap_file_tokio::pcapng::blocks::interface_description::InterfaceDescriptionBlock;
use pcap_file_tokio::pcapng::blocks::section_header::{SectionHeaderBlock, SectionHeaderOption};
use pcap_file_tokio::pcapng::PcapNgWriter;
use pcap_file_tokio::{Endianness, PcapError};
use std::env::consts::OS;
use thiserror::Error;
#[derive(Error, Debug)]
@@ -63,23 +61,18 @@ struct UdpHeader {
impl<T> GsmtapPcapWriter<T> where T: AsyncWrite + Unpin + Send {
pub async fn new(writer: T) -> Result<Self, GsmtapPcapError> {
let package = format!("{} {}", env!("CARGO_PKG_NAME"), env!("CARGO_PKG_VERSION"));
let application = SectionHeaderOption::UserApplication(Cow::from(package));
let operating_system = match uname() {
Ok(utsname) => format!(
"{} {}",
utsname.sysname().to_string_lossy(),
utsname.release().to_string_lossy()
),
Err(_) => OS.to_owned(),
};
let os = SectionHeaderOption::OS(Cow::from(operating_system));
let metadata = crate::util::RayhunterMetadata::new();
let package = format!("{} {}", metadata.name, metadata.version);
let section = SectionHeaderBlock {
endianness: Endianness::Big,
major_version: 1,
minor_version: 0,
section_length: -1,
options: vec![os, application],
options: vec![
SectionHeaderOption::Hardware(Cow::from(metadata.arch)),
SectionHeaderOption::OS(Cow::from(metadata.os)),
SectionHeaderOption::UserApplication(Cow::from(package)),
],
};
let writer = PcapNgWriter::with_section_header(writer, section).await?;
Ok(GsmtapPcapWriter { writer, ip_id: 0 })

35
lib/src/util.rs Normal file
View File

@@ -0,0 +1,35 @@
use nix::sys::utsname::uname;
/// Expose binary and system information.
pub struct RayhunterMetadata {
pub name: String,
pub version: String,
pub os: String,
pub arch: String,
pub hardware: String,
}
impl RayhunterMetadata {
pub fn new() -> Self {
match uname() {
Ok(utsname) => RayhunterMetadata {
name: env!("CARGO_PKG_NAME").to_owned(),
version: env!("CARGO_PKG_VERSION").to_owned(),
arch: format!("{}", utsname.machine().to_string_lossy()),
os: format!(
"{} {}",
utsname.sysname().to_string_lossy(),
utsname.release().to_string_lossy(),
),
hardware: String::from("unknown"),
},
Err(_) => RayhunterMetadata {
name: env!("CARGO_PKG_NAME").to_owned(),
version: env!("CARGO_PKG_VERSION").to_owned(),
arch: std::env::consts::ARCH.to_string(),
os: std::env::consts::OS.to_string(),
hardware: String::from("unknown"),
},
}
}
}