viewer

package
v5.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 10, 2024 License: GPL-3.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DebugMode bool

Functions

func BuildResultsQuery 

func BuildResultsQuery(filter Filter, currentPage, pageSize int, minTimestamp time.Time) (string, clickhouse.Parameters, bool)

func CreateUI 

func CreateUI(cfg *config.Config, db *database.DB, useCurrentTime bool, maxTimestamp time.Time, minTimestamp time.Time) error

CreateUI creates the terminal UI

func FormatToCSV 

func FormatToCSV(items []list.Item, relativeTimestamp time.Time) (string, error)

func GetCSVOutput 

func GetCSVOutput(db *database.DB, minTimestamp, relativeTimestamp time.Time, search string, limit int) (string, error)

can pass in filter here so that users can pass in a search as a cmdline flag func GetCSVOutput(items []list.Item, relativeTimestamp time.Time) string {

func GetResults 

func GetResults(db *database.DB, filter Filter, currentPage, pageSize int, minTimestamp time.Time) ([]list.Item, bool, error)

func MakeList 

func MakeList(items []list.Item, columns []column, width int, height int) listModel

func NewFooterModel 

func NewFooterModel(dbName string) footerModel

func NewSearchModel 

func NewSearchModel(initialValue string, width int) searchModel

func NewSidebarModel 

func NewSidebarModel(maxTS time.Time, useCurrentTime bool, initialData Item) sidebarModel

func Truncate 

func Truncate(str string, style lipgloss.Style) string

Types

type Filter 

type Filter struct {
	Src            string
	Dst            string
	Fqdn           string
	Severity       []OperatorFilter
	Count          OperatorFilter
	Beacon         OperatorFilter
	Duration       OperatorFilter
	Subdomains     OperatorFilter
	ThreatIntel    string
	SortSeverity   string
	SortBeacon     string
	SortDuration   string
	SortSubdomains string
	// For testing
	LastSeen     time.Time
	SortLastSeen string
}

func ParseSearchInput 

func ParseSearchInput(input string) (Filter, string)

ParseSearchInput parses the search input and returns a filter struct

type FinishedLoadingResults 

type FinishedLoadingResults string

type FooterFlash 

type FooterFlash string

type Item 

type Item MixtapeResult

func (Item) FilterValue 

func (i Item) FilterValue() string

func (Item) GetBeacon 

func (i Item) GetBeacon() string

func (i item) FQDN() string { return i.fqdn }

func (Item) GetDst 

func (i Item) GetDst() string

func (Item) GetFirstSeen 

func (i Item) GetFirstSeen(relativeTimestamp time.Time) string

func (Item) GetPortProtoService 

func (i Item) GetPortProtoService() []string

func (Item) GetPrevalence 

func (i Item) GetPrevalence() string

func (Item) GetSeverity 

func (i Item) GetSeverity(color bool) string

func (Item) GetSrc 

func (i Item) GetSrc() string

func (Item) GetSubdomains 

func (i Item) GetSubdomains() string

func (Item) GetThreatIntel 

func (i Item) GetThreatIntel() string

func (Item) GetTotalDuration 

func (i Item) GetTotalDuration() string

type MixtapeResult 

type MixtapeResult struct {
	Src                      net.IP              `ch:"src" json:"src"`
	Dst                      net.IP              `ch:"dst" json:"dst"`
	FQDN                     string              `ch:"fqdn"`
	FinalScore               float32             `ch:"final_score"`
	Count                    uint64              `ch:"count"`
	ProxyCount               uint64              `ch:"proxy_count"`
	BeaconScore              float32             `ch:"beacon_score"`
	StrobeScore              float32             `ch:"strobe_score"`
	BeaconThreatScore        float32             `ch:"beacon_threat_score"`
	TotalDuration            float32             `ch:"total_duration"`
	LongConnScore            float32             `ch:"long_conn_score"`
	FirstSeen                time.Time           `ch:"first_seen_historical"`
	FirstSeenScore           float32             `ch:"first_seen_score"`
	Prevalence               float32             `ch:"prevalence"`
	PrevalenceScore          float32             `ch:"prevalence_score"`
	Subdomains               uint64              `ch:"subdomains"`
	PortProtoService         []string            `ch:"port_proto_service"`
	C2OverDNSScore           float32             `ch:"c2_over_dns_score"`
	C2OverDNSDirectConnScore float32             `ch:"c2_over_dns_direct_conn_score"`
	ThreatIntelScore         float32             `ch:"threat_intel_score"`
	ThreatIntelDataSizeScore float32             `ch:"threat_intel_data_size_score"`
	TotalBytes               uint64              `ch:"total_bytes"`
	TotalBytesFormatted      string              `ch:"total_bytes_formatted"`
	MissingHostHeaderScore   float32             `ch:"missing_host_header_score"`
	MissingHostCount         uint64              `ch:"missing_host_count"`
	ProxyIPs                 []net.IP            `ch:"proxy_ips"`
	Modifiers                []map[string]string `ch:"modifiers"`
	TotalModifierScore       float32             `ch:"total_modifier_score"`
}

type Model 

type Model struct {
	SearchBar searchModel
	SideBar   sidebarModel
	List      listModel

	Footer footerModel

	ViewSearchHelp bool
	ViewHelp       bool
	// contains filtered or unexported fields
}

func NewModel 

func NewModel(maxTimestamp, minTimestamp time.Time, useCurrentTime bool, db *database.DB) (*Model, error)

func (*Model) Init 

func (m *Model) Init() tea.Cmd

func (*Model) Update 

func (m *Model) Update(msg tea.Msg) (tea.Model, tea.Cmd)

func (*Model) View 

func (m *Model) View() string

View renders the model to the terminal

type OperatorFilter 

type OperatorFilter struct {
	Operator string
	Value    string
}

type StillLoadingResults 

type StillLoadingResults string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.