Skip to content

mailprotector/snifferfy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
assets
assets
 
 
tests/ab
tests/ab
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

snifferfy

A simple web proxy for sniffer written in go

How it works

Snifferfy sets up a web server that translates HTTP calls into sniffer XCI calls and returns json-formatted results to the web client.

alt text

Build

env GOOS=linux GOARCH=amd64 go build -o bin/snifferfy_0.0.1_linux_amd64

Run

Configuration

  • SNFPORT (default: 9001)
  • HTTPPORT (default: 8080)
  • WORKINGDIR (default: /usr/share/snf-server/storage/)
  • LOGLEVEL (default: info)

Endpoints

  • /health : health check endpoint for snifferfy / sniffer. returns 500 if there's an error while connecting to sniffer on xci
  • /status : translates the report xci interface:
    • internal: interval
    • accepted values: second, minute, hour
  • /scan : translates the scanner xci interface
    • input: file, ip (optional), requestId (optional), logEnable [yes/no (default: yes)], xhdrEnable [yes/no (default: no)]
  • /testip : translates the gbudb testip xci interface
    • input: ip, requestId (optional)

Example Output

health

curl -s http://localhost/health

{"result": alive}

status

curl -H 'interval:minute' -s http://localhost/status

{"Stats":{"NodeId":"ouqpmlwq","Basetime":20210226151406,"Elapsed":1000,"Class":"second","Version":{"Engine":"SNFMulti Engine Version 3.2.1 Build: Apr 18 2016 18:17:39","Platform":"SNF Server Version 3.2.0 Build: Apr 18 2016 18:17:21"},"Timers":{"Run":{"Started":20210226150724,"Elapsed":403},"Sync":{"Latest":19700101000000,"Elapsed":1614352447},"Save":{"Latest":19700101000000,"Elapsed":1614352447},"Condense":{"Latest":19700101000000,"Elapsed":1614352447}},"Gbudb":{"Size":{"Bytes":8388608},"Records":{"Count":3},"Utilization":{"Percent":0.0488281}},"Rules":{"Rulesbase":{"Utc":0},"Active":{"Utc":20210226150715},"Update":{"Ready":"no","Utc":0},"Latest":{"Rule":"1607360"}}}}

scan

Scan requests are sent by sending the email contents to be scanned as the request body. Optional paramaters (listed above) are set in the HTTP header.

curl --data-binary @- -H 'xhdrenable:yes' -s http://localhost/scan < /tmp/000012AC-3C32-4AD7-804C-AF2B416835A2.1 | jq

{"Code":52,"Xhdr":"","Log":{"Scan":{"TimeStamp":20210226150740,"Message":"/usr/share/snf-server/storage/489960822","Result":52,"RuleId":1607360,"Performance":{"SetupTime":0,"ScanTime":11,"Bytes":2112,"Evaluators":211},"Gbudb":{"Ordinal":1,"Ip":"45.143.80.23","Flag":"u","Confidence":0,"Probability":0,"Result":"New"}}}}

testip

curl -H 'ip:19.1.1.1' -s http://localhost/testip

{"Ip":"19.1.1.1","Type":"ugly","Range":"new","Code":0,"Probability":0,"Confidence":0,"Bad":0,"Good":0}

Resources

http://www.armresearch.com/Documentation/index.jsp

About

A simple web proxy for sniffer

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 4

v1.3 Latest
Jan 5, 2024
+ 3 releases

Packages

No packages published

Languages