README
¶
Netcap Web UI
A web-based user interface for exploring Netcap packet capture data in real-time.
For comprehensive documentation of the frontend tech stack, architecture, and development workflow, see docs/frontend.md.
Quick Start
Start a capture with the -http flag to enable the web interface:
# Process a PCAP file with web UI
net capture -read traffic.pcap -out output -http localhost:8080
# Process multiple files
net capture -read "*.pcap" -out output -http localhost:8080
The web UI will be available at http://localhost:8080. After processing completes, the server continues running so you can explore the results. Press Ctrl+C to stop.
Building
# Build the frontend (requires Node.js 18+ and pnpm)
cd frontend
pnpm install
pnpm build
# Then build the Go binary (from repo root)
go build -o net ./cmd/
The frontend is built with Vite and output to frontend/dist/, which is embedded into the Go binary via //go:embed.
Development
# Start the frontend dev server with hot reload
cd frontend
pnpm dev
# In another terminal, start the Go backend
net capture -read traffic.pcap -out output -http localhost:8080
The Vite dev server runs at http://localhost:5173 and proxies /api/* to the Go backend at localhost:8080.
Architecture
- Backend: Go HTTP server with REST API, gzip compression, and CORS support
- Frontend: React 19 SPA with Vite, React Router 7, MUI 7, and SWR
- Embedding: Frontend
dist/is embedded in the Go binary with SPA fallback routing
API Endpoints
The backend exposes 80+ REST endpoints. Key categories:
/api/status— Capture status and metadata/api/files/*— Input files, audit files, logs/api/hosts,/api/connections,/api/services— Network data/api/certificates,/api/fingerprints— TLS analysis/api/rules,/api/alerts— Detection and alerting/api/chart/*,/api/visualize/*— Charting data
See server.go for the complete route list.
Documentation
¶
Index ¶
- Variables
- func CountRecords(filePath string) int64
- func CountRecordsWithCommunityIDFilter(filePath string, communityIDs map[string]bool) int64
- func CountUniqueCertificates(outDir string) int64
- func CountUniqueCertificatesWithCommunityIDFilter(outDir string, communityIDs map[string]bool) int64
- func GetLayerName(layer LayerType) string
- func GetServerStartTime() time.Time
- func GetTypeValue(name string) (int32, bool)
- func HandleAuditFieldValues(w http.ResponseWriter, r *http.Request, filePath, recordTypeName string)
- func HandleAuditFields(w http.ResponseWriter, r *http.Request, recordTypeName string)
- func HandleAuditFiles(outputDir string) http.HandlerFunc
- func HandleAuditFilesFiltered(outputDir string) http.HandlerFunc
- func HandleAuditMeta(w http.ResponseWriter, r *http.Request, filePath, auditType string)
- func HandleAuditRecords(outputDir string) http.HandlerFunc
- func HandleAuditStats(outputDir string) http.HandlerFunc
- func HandleAuditStream(w http.ResponseWriter, r *http.Request, filePath, auditType string)
- func HandleChartData(outDir string) http.HandlerFunc
- func HandleChartFields(outDir string) http.HandlerFunc
- func HandleLogContent(outputDir string) http.HandlerFunc
- func HandleLogFiles(outputDir string) http.HandlerFunc
- func HandleProtocolHierarchy(outDir string) http.HandlerFunc
- func HandleVisualizeBar3D(outDir string) http.HandlerFunc
- func HandleVisualizeGeo(outDir string) http.HandlerFunc
- func HandleVisualizeGeoAll() http.HandlerFunc
- func HandleVisualizeGraph(outDir string) http.HandlerFunc
- func HandleVisualizeHostsGraph(outDir string) http.HandlerFunc
- func HandleVisualizeSankey(outDir string) http.HandlerFunc
- func HandleVisualizeScatter3D(outDir string) http.HandlerFunc
- func HandleVisualizeTreemap(outDir string) http.HandlerFunc
- func InitRecordForDecoder(decoderName string) any
- func RecordInjectionEvent(ruleName, ruleAction, recordType, srcIP, dstIP string, srcPort, dstPort int, ...)
- func RespondJSON(w http.ResponseWriter, status int, data any)
- func SortAuditFiles(files []AuditFileInfo)
- type AggregatedError
- type AlertResponse
- type AlertsResponse
- type AnalysisJob
- type AuditFileInfo
- type AuditRecordReader
- type AuditStatsResponse
- type AuthActivityEvent
- type AuthActivityResponse
- type BPFConfig
- type BPFExample
- type BPFInfoResponse
- type CertificateSummary
- type CertificatesResponse
- type ChartDataPoint
- type ChartDataResponse
- type ChartFieldInfo
- type ChartFieldsResponse
- type ChartGenerator
- type CollectorInterface
- type ConfigOption
- type ConnectionSummary
- type ConnectionsResponse
- type ConversationDataResponse
- type CreateInjectionRuleRequest
- type CreateRuleRequest
- type CreateServiceProbeRequest
- type CredentialSummary
- type CredentialsResponse
- type DPIInfo
- type DecoderConfig
- type DecoderConfigFile
- type DecoderFieldsResponse
- type DecoderInfo
- type DecodersResponse
- type DeviceProfileSummary
- type DevicesResponse
- type DomainSummary
- type DomainsResponse
- type ExecuteAllRulesResponse
- type ExecuteRuleRequest
- type ExecuteRuleResponse
- type ExploitSummary
- type FieldInfo
- type FieldValuesResponse
- type FieldsResponse
- type FileError
- type FileInfo
- type FilteredAuditFileInfo
- type FingerprintSummary
- type FingerprintsResponse
- type GroupedAlert
- type GroupedAlertsResponse
- type HTTPResponse
- type HTTPSummary
- type HarvesterInfo
- type HarvesterPresetInfo
- type HarvesterPresetListResponse
- type HarvestersResponse
- type HostVulnerabilitySummary
- type HostsResponse
- type IPProfileSummary
- type IPTracker
- type InjectionEvent
- type InjectionEventsResponse
- type InjectionRuleResponse
- type InjectionRulesResponse
- type InjectionStatsResponse
- type LayerType
- type MenuCountsResponse
- type NetworkConversationDataResponse
- type NetworkInterfaceInfo
- type PortInfo
- type ProcessingStats
- type ProgressInfo
- type ProtocolHierarchyNode
- type ProtocolHierarchyResponse
- type ProtocolInfo
- type ProtocolStats
- type ReportIssueRequest
- type ReportIssueResponse
- type ResolveAlertRequest
- type ResolveAlertResponse
- type ResolvedAlert
- type ResolvedAlertsStore
- type ResponseActionAPI
- type RuleExecResult
- type RuleResponse
- type RuleSetInfo
- type RuleSetsResponse
- type RulesConfigResponse
- type RuntimeConfig
- type SankeyLink
- type Server
- func (s *Server) AddInputFile(filePath string)
- func (s *Server) GetCompletedFiles() map[string]bool
- func (s *Server) GetDPIPreferences(userIP string) *UserDPIPreferences
- func (s *Server) GetDebugLogging() bool
- func (s *Server) GetFileError(inputFile string) (FileError, bool)
- func (s *Server) GetFileOutputDir(inputFile string) (string, bool)
- func (s *Server) GetFileProcessingTime(inputFile string) (float64, bool)
- func (s *Server) GetOutputDir() string
- func (s *Server) GetPayloadCapture() bool
- func (s *Server) GetURL() string
- func (s *Server) IsFileCompleted(inputFile string) bool
- func (s *Server) IsLiveMode() bool
- func (s *Server) IsProcessing() bool
- func (s *Server) MarkFileCompleted(inputFile string)
- func (s *Server) SetCollector(collector CollectorInterface)
- func (s *Server) SetDPIPreferences(userIP string, prefs *UserDPIPreferences)
- func (s *Server) SetDebugLogging(enabled bool)
- func (s *Server) SetFileBPFFilter(inputFile, bpfFilter string)
- func (s *Server) SetFileError(inputFile, errorMsg, errorLogPath string)
- func (s *Server) SetFileOutputDir(inputFile, outputDir string)
- func (s *Server) SetFileProcessingTime(inputFile string, durationSeconds float64)
- func (s *Server) SetLiveMode(isLive bool)
- func (s *Server) SetPayloadCapture(enabled bool)
- func (s *Server) SetProcessingComplete()
- func (s *Server) SetStopCapture(cancel context.CancelFunc)
- func (s *Server) SetUploadCallback(callback UploadCallbackFunc)
- func (s *Server) Start() error
- func (s *Server) Stop(ctx context.Context) error
- func (s *Server) UpdateOutputDir(outDir string)
- func (s *Server) UpdateProcessingStats(stats ProcessingStats)
- type ServiceConfig
- type ServiceProbeInfo
- type ServiceProbesResponse
- type ServiceSummary
- type ServicesResponse
- type SessionInfo
- type SessionManager
- func (sm *SessionManager) AddSession(session *SessionInfo)
- func (sm *SessionManager) CheckIssueReportLimit(ip string) (allowed bool, remaining int)
- func (sm *SessionManager) CheckRateLimit(ip string) (allowed bool, remaining int)
- func (sm *SessionManager) CleanupExpiredSessions() []string
- func (sm *SessionManager) GetAllSessions() []*SessionInfo
- func (sm *SessionManager) GetSession(sessionID string) (*SessionInfo, bool)
- func (sm *SessionManager) GetSessionForIP(sessionID, ip string) (*SessionInfo, bool)
- func (sm *SessionManager) GetSessionsForIP(ip string) []*SessionInfo
- func (sm *SessionManager) GetStorageUsageForIP(ip string) int64
- func (sm *SessionManager) MarkSessionIssueReported(sessionID string)
- func (sm *SessionManager) RecordIssueReport(ip string)
- func (sm *SessionManager) RestoreSessionsFromDisk(resultsDir, pcapsDir, uploadsDir string) error
- func (sm *SessionManager) SaveSessionMetadata(sessionID string) error
- func (sm *SessionManager) UpdateSessionPacketCount(sessionID string, count int64)
- func (sm *SessionManager) UpdateSessionProcessingTime(sessionID string, durationSeconds float64)
- func (sm *SessionManager) UpdateSessionStatus(sessionID string, status SessionStatus, errorMsg string, errorLogPath string)
- type SessionStatus
- type SoftwareInfo
- type SoftwareResponse
- type SoftwareSummary
- type StatsResponse
- type StatusResponse
- type SystemInfo
- type TestProbeRequest
- type TestProbeResponse
- type ToggleInjectionRuleRequest
- type ToggleServiceProbeRequest
- type UpdateInjectionRuleRequest
- type UpdateRuleRequest
- type UpdateRuleSetRequest
- type UploadCallbackFunc
- type UserDPIPreferences
- type VulnerabilitiesResponse
- type VulnerabilitySummary
- type YaraRuleInfo
- type YaraScanResponse
- type YaraScanResult
- type YaraStatusResponse
Constants ¶
This section is empty.
Variables ¶
var EmbeddedAssets embed.FS
Embed the frontend assets (Vite build output in frontend/dist/). The "all:" prefix includes dotfiles. The frontend must be built before compiling.
Functions ¶
func CountRecords ¶
CountRecords counts the number of records in an audit file
func CountRecordsWithCommunityIDFilter ¶
CountRecordsWithCommunityIDFilter counts records that match any of the given community IDs
func CountUniqueCertificates ¶
CountUniqueCertificates counts deduplicated certificates by SHA256 fingerprint. This matches the deduplication logic used by readCertificates / the certificates table.
func CountUniqueCertificatesWithCommunityIDFilter ¶
func CountUniqueCertificatesWithCommunityIDFilter(outDir string, communityIDs map[string]bool) int64
CountUniqueCertificatesWithCommunityIDFilter counts deduplicated certificates that match any of the given community IDs.
func GetLayerName ¶
GetLayerName returns a human-readable name for the layer type
func GetServerStartTime ¶
GetServerStartTime returns the time when the server was started
func GetTypeValue ¶
GetTypeValue checks if a decoder name has a corresponding type value
func HandleAuditFieldValues ¶
func HandleAuditFieldValues(w http.ResponseWriter, r *http.Request, filePath, recordTypeName string)
HandleAuditFieldValues returns sample values for fields in a specific audit record type
func HandleAuditFields ¶
func HandleAuditFields(w http.ResponseWriter, r *http.Request, recordTypeName string)
HandleAuditFields returns field information for a specific audit record type
func HandleAuditFiles ¶
func HandleAuditFiles(outputDir string) http.HandlerFunc
HandleAuditFiles returns list of audit record files for a given output directory
func HandleAuditFilesFiltered ¶
func HandleAuditFilesFiltered(outputDir string) http.HandlerFunc
HandleAuditFilesFiltered returns list of audit record files with counts filtered by community IDs
func HandleAuditMeta ¶
func HandleAuditMeta(w http.ResponseWriter, r *http.Request, filePath, auditType string)
HandleAuditMeta returns metadata for an audit file
func HandleAuditRecords ¶
func HandleAuditRecords(outputDir string) http.HandlerFunc
HandleAuditRecords streams audit records from a file
func HandleAuditStats ¶
func HandleAuditStats(outputDir string) http.HandlerFunc
HandleAuditStats returns statistics for specific audit record types
func HandleAuditStream ¶
func HandleAuditStream(w http.ResponseWriter, r *http.Request, filePath, auditType string)
HandleAuditStream streams audit records via Server-Sent Events
func HandleChartData ¶
func HandleChartData(outDir string) http.HandlerFunc
HandleChartData returns a handler that generates charts for a specific output directory (for service mode)
func HandleChartFields ¶
func HandleChartFields(outDir string) http.HandlerFunc
HandleChartFields returns a handler that returns available fields for a specific output directory (for service mode)
func HandleLogContent ¶
func HandleLogContent(outputDir string) http.HandlerFunc
HandleLogContent returns the content of a log file
func HandleLogFiles ¶
func HandleLogFiles(outputDir string) http.HandlerFunc
HandleLogFiles returns list of log files for a given output directory
func HandleProtocolHierarchy ¶
func HandleProtocolHierarchy(outDir string) http.HandlerFunc
HandleProtocolHierarchy is an exported handler factory for service mode
func HandleVisualizeBar3D ¶
func HandleVisualizeBar3D(outDir string) http.HandlerFunc
HandleVisualizeBar3D is an exported handler factory for service mode
func HandleVisualizeGeo ¶
func HandleVisualizeGeo(outDir string) http.HandlerFunc
HandleVisualizeGeo is an exported handler factory for service mode
func HandleVisualizeGeoAll ¶
func HandleVisualizeGeoAll() http.HandlerFunc
HandleVisualizeGeoAll is an exported handler factory for service mode
func HandleVisualizeGraph ¶
func HandleVisualizeGraph(outDir string) http.HandlerFunc
HandleVisualizeGraph is an exported handler factory for service mode
func HandleVisualizeHostsGraph ¶
func HandleVisualizeHostsGraph(outDir string) http.HandlerFunc
HandleVisualizeHostsGraph is an exported handler factory for service mode
func HandleVisualizeSankey ¶
func HandleVisualizeSankey(outDir string) http.HandlerFunc
HandleVisualizeSankey is an exported handler factory for service mode
func HandleVisualizeScatter3D ¶
func HandleVisualizeScatter3D(outDir string) http.HandlerFunc
HandleVisualizeScatter3D is an exported handler factory for service mode
func HandleVisualizeTreemap ¶
func HandleVisualizeTreemap(outDir string) http.HandlerFunc
HandleVisualizeTreemap is an exported handler factory for service mode
func InitRecordForDecoder ¶
InitRecordForDecoder initializes an audit record for the given decoder name
func RecordInjectionEvent ¶
func RecordInjectionEvent(ruleName, ruleAction, recordType, srcIP, dstIP string, srcPort, dstPort int, result string, err error, actionData map[string]any)
RecordInjectionEvent records an injection event (called from the injection engine)
func RespondJSON ¶
func RespondJSON(w http.ResponseWriter, status int, data any)
RespondJSON writes a JSON response with the given status code and data
func SortAuditFiles ¶
func SortAuditFiles(files []AuditFileInfo)
SortAuditFiles sorts audit files hierarchically by layer type Link → Network → Transport → Application → Stream → Abstract → Unknown
Types ¶
type AggregatedError ¶
type AggregatedError struct {
ErrorMessage string `json:"errorMessage"`
Count int `json:"count"`
FirstSeen string `json:"firstSeen"`
}
AggregatedError represents an error message with its occurrence count
type AlertResponse ¶
type AlertResponse struct {
Timestamp int64 `json:"timestamp"`
Name string `json:"name"`
Description string `json:"description"`
RuleName string `json:"ruleName"`
RecordType string `json:"recordType"`
Severity string `json:"severity"`
Tags []string `json:"tags"`
MITRE string `json:"mitre"`
SrcIP string `json:"srcIP"`
DstIP string `json:"dstIP"`
MatchedRecord string `json:"matchedRecord"`
RuleExpression string `json:"ruleExpression"`
Threshold int32 `json:"threshold"`
ThresholdWindow int32 `json:"thresholdWindow"`
Resolved bool `json:"resolved"`
ResolvedAt int64 `json:"resolvedAt,omitempty"`
AlertID string `json:"alertId"` // Unique identifier for the alert
}
AlertResponse represents an alert for the API
type AlertsResponse ¶
type AlertsResponse struct {
Alerts []AlertResponse `json:"alerts"`
TotalCount int `json:"totalCount"`
}
AlertsResponse represents the response containing multiple alerts
type AnalysisJob ¶
type AnalysisJob struct {
SessionID string
InputFile string
OutputDir string
EnableDPI bool
BPFFilter string // BPF filter to apply during capture
IncludeDecoders string // Decoders to include
ExcludeDecoders string // Decoders to exclude
}
AnalysisJob represents a job in the analysis queue (service mode only)
type AuditFileInfo ¶
type AuditFileInfo struct {
FileInfo
Type string `json:"type"`
RecordCount int64 `json:"recordCount,omitempty"`
Layer string `json:"layer"`
}
AuditFileInfo extends FileInfo with audit record specific metadata
func ListAuditFiles ¶
func ListAuditFiles(outputDir string) ([]AuditFileInfo, error)
ListAuditFiles returns a list of audit files in the given directory
type AuditRecordReader ¶
type AuditRecordReader struct {
// contains filtered or unexported fields
}
AuditRecordReader reads audit records from .ncap files
func NewAuditRecordReader ¶
func NewAuditRecordReader(filePath string) (*AuditRecordReader, error)
NewAuditRecordReader creates a new audit record reader
func (*AuditRecordReader) Close ¶
func (r *AuditRecordReader) Close() error
Close closes the reader and underlying file
func (*AuditRecordReader) NextAsJSON ¶
func (r *AuditRecordReader) NextAsJSON() (string, error)
NextAsJSON reads the next audit record and returns it as JSON
func (*AuditRecordReader) NextRecord ¶
func (r *AuditRecordReader) NextRecord() (proto.Message, error)
NextRecord reads the next audit record as a proto.Message The caller needs to type assert to the appropriate type
func (*AuditRecordReader) ReadHeader ¶
func (r *AuditRecordReader) ReadHeader() (*types.Header, error)
ReadHeader reads the audit record file header
func (*AuditRecordReader) Skip ¶
func (r *AuditRecordReader) Skip(n int) error
Skip skips n records from the current position
type AuditStatsResponse ¶
type AuditStatsResponse struct {
TotalRecords int64 `json:"totalRecords"`
ExploitCount int64 `json:"exploitCount"`
VulnerabilityCount int64 `json:"vulnerabilityCount"`
CredentialsCount int64 `json:"credentialsCount"`
SoftwareCount int64 `json:"softwareCount"`
}
AuditStatsResponse represents the audit record statistics response
type AuthActivityEvent ¶
type AuthActivityEvent struct {
Timestamp int64 `json:"timestamp"`
Protocol string `json:"protocol"` // "Credentials", "TACACS", "Kerberos"
User string `json:"user"`
Service string `json:"service"`
Action string `json:"action"`
Status string `json:"status"`
SrcIP string `json:"srcIP"`
DstIP string `json:"dstIP"`
Details string `json:"details"`
}
AuthActivityEvent represents a unified authentication event from any protocol
type AuthActivityResponse ¶
type AuthActivityResponse struct {
Events []AuthActivityEvent `json:"events"`
TotalCount int `json:"totalCount"`
}
AuthActivityResponse contains all authentication events
type BPFConfig ¶
type BPFConfig struct {
Filter string `json:"filter"`
}
BPFConfig represents the BPF filter configuration
type BPFExample ¶
type BPFExample struct {
Name string `json:"name"`
Filter string `json:"filter"`
Description string `json:"description"`
}
BPFExample represents a BPF filter example
type BPFInfoResponse ¶
type BPFInfoResponse struct {
CurrentFilter string `json:"currentFilter"`
Examples []BPFExample `json:"examples"`
DocsURL string `json:"docsUrl"`
}
BPFInfoResponse contains BPF configuration and examples
type CertificateSummary ¶
type CertificateSummary struct {
Timestamp int64 `json:"timestamp"`
SrcIP string `json:"srcIP"`
SrcPort int32 `json:"srcPort"`
DstIP string `json:"dstIP"`
DstPort int32 `json:"dstPort"`
SrcMAC string `json:"srcMAC"`
DstMAC string `json:"dstMAC"`
ChainIndex int32 `json:"chainIndex"`
SubjectCommonName string `json:"subjectCommonName"`
SubjectAltNames []string `json:"subjectAltNames"`
SubjectOrganization string `json:"subjectOrganization"`
SubjectCountry string `json:"subjectCountry"`
SubjectLocality string `json:"subjectLocality"`
SubjectProvince string `json:"subjectProvince"`
IssuerCommonName string `json:"issuerCommonName"`
IssuerOrganization string `json:"issuerOrganization"`
IssuerCountry string `json:"issuerCountry"`
NotBefore int64 `json:"notBefore"`
NotAfter int64 `json:"notAfter"`
IsExpired bool `json:"isExpired"`
IsSelfSigned bool `json:"isSelfSigned"`
DaysUntilExpiration int64 `json:"daysUntilExpiration"`
IsNotYetValid bool `json:"isNotYetValid"`
HasWeakSignature bool `json:"hasWeakSignature"`
HasShortKeySize bool `json:"hasShortKeySize"`
SignatureAlgorithm string `json:"signatureAlgorithm"`
PublicKeyAlgorithm string `json:"publicKeyAlgorithm"`
PublicKeySize int32 `json:"publicKeySize"`
SerialNumber string `json:"serialNumber"`
Version int32 `json:"version"`
SHA256Fingerprint string `json:"sha256Fingerprint"`
SHA1Fingerprint string `json:"sha1Fingerprint"`
KeyUsage []string `json:"keyUsage"`
ExtKeyUsage []string `json:"extKeyUsage"`
IsCA bool `json:"isCA"`
MaxPathLen int32 `json:"maxPathLen"`
FirstSeen int64 `json:"firstSeen"`
LastSeen int64 `json:"lastSeen"`
SeenCount int64 `json:"seenCount"`
// JA4X certificate fingerprinting
Ja4x string `json:"ja4x"`
Ja4xRaw string `json:"ja4xRaw"`
Ja4xDescription string `json:"ja4xDescription"`
// Community ID for cross-tool correlation
CommunityID string `json:"communityId"`
}
CertificateSummary represents aggregated information for a single TLS certificate
type CertificatesResponse ¶
type CertificatesResponse struct {
Certificates []CertificateSummary `json:"certificates"`
TotalCount int `json:"totalCount"`
}
CertificatesResponse contains the list of certificates
type ChartDataPoint ¶
ChartDataPoint represents a single data point in a chart
type ChartDataResponse ¶
type ChartDataResponse struct {
Type string `json:"type"`
Field string `json:"field"`
Interval string `json:"interval"`
Data []ChartDataPoint `json:"data"`
Count int `json:"count"`
MinValue float64 `json:"minValue"`
MaxValue float64 `json:"maxValue"`
AvgValue float64 `json:"avgValue"`
}
ChartDataResponse contains the chart data and metadata
type ChartFieldInfo ¶
type ChartFieldInfo struct {
Name string `json:"name"`
Type string `json:"type"`
Description string `json:"description"`
}
ChartFieldInfo represents metadata about a field for charting
type ChartFieldsResponse ¶
type ChartFieldsResponse struct {
Type string `json:"type"`
Fields []ChartFieldInfo `json:"fields"`
TotalFields int `json:"totalFields"` // Total possible fields including empty ones
FilteredCount int `json:"filteredCount"` // Number of fields filtered out due to no data
}
ChartFieldsResponse lists available numeric fields for charting
type ChartGenerator ¶
type ChartGenerator struct {
// contains filtered or unexported fields
}
ChartGenerator handles chart generation from audit records
func NewChartGenerator ¶
func NewChartGenerator(auditType, field, chartType, interval string, showLegend bool, maxDataPoints int) *ChartGenerator
NewChartGenerator creates a new chart generator
func (*ChartGenerator) GenerateChart ¶
func (cg *ChartGenerator) GenerateChart(outDir string) (io.Reader, error)
GenerateChart generates a chart and returns it as HTML
type CollectorInterface ¶
type CollectorInterface interface {
SetLogLevel(debug bool)
ReloadRulesEngine() error
// Live statistics methods
GetCurrentPacketCount() int64
GetTotalPacketCount() int64
GetPacketsPerSecond() int64
GetProfilesCount() int
GetServicesCount() int
}
CollectorInterface defines the methods we need from the Collector
type ConfigOption ¶
type ConfigOption struct {
Name string `json:"name"`
Value any `json:"value"`
Default any `json:"default"`
Type string `json:"type"`
Description string `json:"description"`
Category string `json:"category"`
IsEditable bool `json:"isEditable"`
}
ConfigOption represents a configuration option
type ConnectionSummary ¶
type ConnectionSummary struct {
TimestampFirst int64 `json:"timestampFirst"`
TimestampLast int64 `json:"timestampLast"`
LinkProto string `json:"linkProto"`
NetworkProto string `json:"networkProto"`
TransportProto string `json:"transportProto"`
ApplicationProto string `json:"applicationProto"`
SrcMAC string `json:"srcMAC"`
DstMAC string `json:"dstMAC"`
SrcIP string `json:"srcIP"`
SrcPort string `json:"srcPort"`
DstIP string `json:"dstIP"`
DstPort string `json:"dstPort"`
TotalSize int32 `json:"totalSize"`
AppPayloadSize int32 `json:"appPayloadSize"`
NumPackets int32 `json:"numPackets"`
Duration int64 `json:"duration"`
BytesClientToServer int64 `json:"bytesClientToServer"`
BytesServerToClient int64 `json:"bytesServerToClient"`
NumFINFlags int32 `json:"numFINFlags"`
NumRSTFlags int32 `json:"numRSTFlags"`
NumACKFlags int32 `json:"numACKFlags"`
NumSYNFlags int32 `json:"numSYNFlags"`
NumURGFlags int32 `json:"numURGFlags"`
NumECEFlags int32 `json:"numECEFlags"`
NumPSHFlags int32 `json:"numPSHFlags"`
NumCWRFlags int32 `json:"numCWRFlags"`
NumNSFlags int32 `json:"numNSFlags"`
MeanWindowSize int32 `json:"meanWindowSize"`
Applications []string `json:"applications"`
ServerPortName string `json:"serverPortName"`
DetectedProtocolName string `json:"detectedProtocolName"`
// JA4L timing fields
TcpRttNanos int64 `json:"tcpRttNanos"`
TlsHandshakeNanos int64 `json:"tlsHandshakeNanos"`
Ja4lClient string `json:"ja4lClient"`
Ja4lServer string `json:"ja4lServer"`
SynTtl int32 `json:"synTtl"`
// Security behavioral analysis fields
PacketsClientToServer int64 `json:"packetsClientToServer"`
PacketsServerToClient int64 `json:"packetsServerToClient"`
ByteRatio float64 `json:"byteRatio"`
PacketRatio float64 `json:"packetRatio"`
AvgPacketSizeClientToServer int32 `json:"avgPacketSizeClientToServer"`
AvgPacketSizeServerToClient int32 `json:"avgPacketSizeServerToClient"`
IsExternal bool `json:"isExternal"`
IsBroadcast bool `json:"isBroadcast"`
IsMulticast bool `json:"isMulticast"`
// TLS SNI
Sni string `json:"sni"`
// Community ID for cross-tool correlation
CommunityID string `json:"communityId"`
}
ConnectionSummary represents aggregated information for a single connection
type ConnectionsResponse ¶
type ConnectionsResponse struct {
Connections []ConnectionSummary `json:"connections"`
TotalCount int `json:"totalCount"`
}
ConnectionsResponse contains the list of connections
type ConversationDataResponse ¶
type ConversationDataResponse struct {
SrcIP string `json:"srcIP"`
SrcPort string `json:"srcPort"`
DstIP string `json:"dstIP"`
DstPort string `json:"dstPort"`
Protocol string `json:"protocol"`
ConversationData string `json:"conversationData"` // base64-encoded chunk
Exists bool `json:"exists"`
FilePath string `json:"filePath"`
TotalSize int64 `json:"totalSize"` // Total file size in bytes
ChunkSize int `json:"chunkSize"` // Size of this chunk
Offset int64 `json:"offset"` // Current offset
HasMore bool `json:"hasMore"` // Whether there's more data
ErrorMessage string `json:"errorMessage,omitempty"`
}
ConversationDataResponse contains the raw conversation data for a connection
type CreateInjectionRuleRequest ¶
type CreateInjectionRuleRequest struct {
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Expression string `json:"expression"`
Action string `json:"action"`
ActionConfig map[string]any `json:"actionConfig,omitempty"`
Enabled bool `json:"enabled"`
Priority int `json:"priority,omitempty"`
StopOnMatch bool `json:"stopOnMatch,omitempty"`
Tags []string `json:"tags,omitempty"`
}
CreateInjectionRuleRequest represents a request to create a new injection rule
type CreateRuleRequest ¶
type CreateRuleRequest struct {
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Expression string `json:"expression"`
Severity string `json:"severity"`
MITRE []string `json:"mitre"`
Tags []string `json:"tags"`
Enabled bool `json:"enabled"`
Threshold int `json:"threshold,omitempty"`
ThresholdWindow int `json:"thresholdWindow,omitempty"`
Actions []ResponseActionAPI `json:"actions,omitempty"`
}
CreateRuleRequest represents a request to create a new rule
type CreateServiceProbeRequest ¶
type CreateServiceProbeRequest struct {
Service string `json:"service"`
Pattern string `json:"pattern"`
Product string `json:"product"`
Version string `json:"version"`
Info string `json:"info"`
Hostname string `json:"hostname"`
OS string `json:"os"`
DeviceType string `json:"deviceType"`
Protocol string `json:"protocol"`
ProbeName string `json:"probeName"`
Enabled bool `json:"enabled"`
}
CreateServiceProbeRequest represents a request to create a new service probe
type CredentialSummary ¶
type CredentialSummary struct {
Timestamp int64 `json:"timestamp"`
Service string `json:"service"`
Flow string `json:"flow"`
User string `json:"user"`
Password string `json:"password"`
Notes string `json:"notes"`
// Hash-based credentials
Hash string `json:"hash"`
HashType string `json:"hashType"`
Domain string `json:"domain"`
Realm string `json:"realm"`
Challenge string `json:"challenge"`
ServiceName string `json:"serviceName"`
Etype int32 `json:"etype"`
HashcatFormat string `json:"hashcatFormat"`
// HTTP Digest specific
Method string `json:"method"`
Nonce string `json:"nonce"`
Uri string `json:"uri"`
Qop string `json:"qop"`
Nc string `json:"nc"`
Cnonce string `json:"cnonce"`
// NTLM specific
Workstation string `json:"workstation"`
LmHash string `json:"lmHash"`
NtHash string `json:"ntHash"`
// Authentication result tracking
AuthSuccess bool `json:"authSuccess"`
AuthSuccessSet bool `json:"authSuccessSet"`
AuthAttempts int32 `json:"authAttempts"`
// RADIUS specific
MacAddress string `json:"macAddress"`
FramedAddress string `json:"framedAddress"`
ConnectInfo string `json:"connectInfo"`
ReplyMessage string `json:"replyMessage"`
// SOCKS specific
SocksVersion int32 `json:"socksVersion"`
SocksStatus string `json:"socksStatus"`
// SIP specific
SipMethod string `json:"sipMethod"`
SipCallId string `json:"sipCallId"`
SipFrom string `json:"sipFrom"`
SipTo string `json:"sipTo"`
// Community ID for cross-tool correlation
CommunityID string `json:"communityId"`
}
CredentialSummary represents a captured credential
type CredentialsResponse ¶
type CredentialsResponse struct {
Credentials []CredentialSummary `json:"credentials"`
TotalCount int `json:"totalCount"`
}
CredentialsResponse contains the list of credentials
type DPIInfo ¶
type DPIInfo struct {
Enabled bool `json:"enabled"`
HasSupport bool `json:"hasSupport"`
NDPIVersion string `json:"ndpiVersion"`
LibprotoidentVersion string `json:"libprotoidentVersion"`
GoDPIVersion string `json:"goDpiVersion"`
ActiveModules []string `json:"activeModules"`
AvailableModules []string `json:"availableModules"`
ModuleProtocols map[string][]string `json:"moduleProtocols"` // New: protocols supported by each module
// External documentation links for supported protocols
NDPIProtocolsURL string `json:"ndpiProtocolsUrl"`
LibprotoidentProtocolsURL string `json:"libprotoidentProtocolsUrl"`
}
DPIInfo represents DPI configuration and version information
type DecoderConfig ¶
type DecoderConfig struct {
IncludeDecoders string `json:"includeDecoders"`
ExcludeDecoders string `json:"excludeDecoders"`
EnabledDecoders []string `json:"enabledDecoders"`
}
DecoderConfig represents the decoder configuration that can be saved
type DecoderConfigFile ¶
type DecoderConfigFile struct {
Name string `json:"name"`
Path string `json:"path"`
ModifiedTime int64 `json:"modifiedTime"`
Size int64 `json:"size"`
}
DecoderConfigFile represents metadata about a saved decoder configuration file
type DecoderFieldsResponse ¶
type DecoderFieldsResponse struct {
DecoderName string `json:"decoderName"`
Fields []FieldInfo `json:"fields"`
}
DecoderFieldsResponse represents the response with field information for a decoder
type DecoderInfo ¶
type DecoderInfo struct {
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Layer string `json:"layer,omitempty"`
Port int32 `json:"port,omitempty"`
Enabled bool `json:"enabled"`
}
DecoderInfo represents information about a decoder
type DecodersResponse ¶
type DecodersResponse struct {
Packet []DecoderInfo `json:"packet"`
GoPacket []DecoderInfo `json:"gopacket"`
Stream []DecoderInfo `json:"stream"`
Abstract []DecoderInfo `json:"abstract"`
}
DecodersResponse represents the response with all decoder information
type DeviceProfileSummary ¶
type DeviceProfileSummary struct {
MacAddr string `json:"macAddr"`
DeviceManufacturer string `json:"deviceManufacturer"`
NumDeviceIPs int `json:"numDeviceIPs"`
NumContacts int `json:"numContacts"`
NumPackets int64 `json:"numPackets"`
Bytes uint64 `json:"bytes"`
Timestamp int64 `json:"timestamp"`
Applications []string `json:"applications"`
Devices []string `json:"devices"`
DeviceIPs []string `json:"deviceIPs"`
Contacts []string `json:"contacts"`
Hostnames []string `json:"hostnames"`
DeviceTypes []string `json:"deviceTypes"`
OS string `json:"os"`
Roles []string `json:"roles"`
}
DeviceProfileSummary represents aggregated information for a single device
type DevicesResponse ¶
type DevicesResponse struct {
Devices []DeviceProfileSummary `json:"devices"`
TotalCount int `json:"totalCount"`
}
DevicesResponse contains the list of device profiles
type DomainSummary ¶
type DomainSummary struct {
Domain string `json:"domain"`
QueryCount int `json:"queryCount"`
UniqueClients int `json:"uniqueClients"`
RecordTypes []string `json:"recordTypes"`
ResponseCodes []int32 `json:"responseCodes"`
FirstSeen int64 `json:"firstSeen"`
LastSeen int64 `json:"lastSeen"`
IsSubdomain bool `json:"isSubdomain"`
ParentDomain string `json:"parentDomain"`
ResolvedIPs []string `json:"resolvedIPs"`
Source string `json:"source"` // "DNS" or "TLS SNI"
CommunityIDs []string `json:"communityIds"` // Community IDs for cross-tool correlation
}
DomainSummary represents aggregated information for a single domain
type DomainsResponse ¶
type DomainsResponse struct {
Domains []DomainSummary `json:"domains"`
TotalCount int `json:"totalCount"`
}
DomainsResponse contains the list of domains
type ExecuteAllRulesResponse ¶
type ExecuteAllRulesResponse struct {
Success bool `json:"success"`
Message string `json:"message"`
TotalAlerts int `json:"totalAlerts"`
TotalRecords int `json:"totalRecords"`
ExecutionTime int64 `json:"executionTimeMs"`
RuleResults []RuleExecResult `json:"ruleResults"`
}
ExecuteAllRulesResponse represents the response from executing all rules
type ExecuteRuleRequest ¶
type ExecuteRuleRequest struct {
RuleID string `json:"ruleId"`
}
ExecuteRuleRequest represents a request to execute a rule on demand
type ExecuteRuleResponse ¶
type ExecuteRuleResponse struct {
Success bool `json:"success"`
Message string `json:"message"`
AlertsCount int `json:"alertsCount"`
RecordsRead int `json:"recordsRead"`
ExecutionTime int64 `json:"executionTimeMs"`
}
ExecuteRuleResponse represents the response from executing a rule
type ExploitSummary ¶
type ExploitSummary struct {
ID string `json:"id"`
Description string `json:"description"`
File string `json:"file"`
Date string `json:"date"`
Author string `json:"author"`
Type string `json:"type"`
Platform string `json:"platform"`
Port string `json:"port"`
Count int `json:"count"`
Software *SoftwareInfo `json:"software"` // Software details including flows
Affected int `json:"affected"` // Number of affected hosts
CommunityIDs []string `json:"communityIds"` // Community IDs for cross-tool correlation
}
ExploitSummary represents aggregated exploit information
type FieldInfo ¶
FieldInfo represents information about a field in an audit record
func GetRecordFields ¶
GetRecordFields extracts field information from an audit record This includes nested fields using dot notation (e.g., "ReqCookies.Name")
type FieldValuesResponse ¶
type FieldValuesResponse struct {
RecordType string `json:"recordType"`
FieldValues map[string][]string `json:"fieldValues"`
SampleSize int `json:"sampleSize"`
MaxPerField int `json:"maxPerField"`
RecordScanned int `json:"recordsScanned"`
}
FieldValuesResponse is the API response for field values
type FieldsResponse ¶
type FieldsResponse struct {
RecordType string `json:"recordType"`
Fields []FieldInfo `json:"fields"`
Helpers []string `json:"helpers"`
}
FieldsResponse is the API response for field information
type FileError ¶
type FileError struct {
InputFile string `json:"inputFile"`
Error string `json:"error"`
Timestamp int64 `json:"timestamp"`
ErrorLogPath string `json:"errorLogPath,omitempty"` // Path to detailed error log file
}
FileError represents an error that occurred during file processing
type FileInfo ¶
type FileInfo struct {
ID string `json:"id"` // Unique identifier for the file (used for API calls)
Name string `json:"name"`
Path string `json:"path"`
Size int64 `json:"size"`
ModifiedTime int64 `json:"modifiedTime"`
IsCompleted bool `json:"isCompleted"`
Error *string `json:"error,omitempty"`
ErrorLogPath *string `json:"errorLogPath,omitempty"` // Path to detailed error log file
BPFFilter string `json:"bpfFilter,omitempty"` // BPF filter used during capture
ProcessingTime float64 `json:"processingTime,omitempty"` // Processing duration in seconds
Hash string `json:"hash,omitempty"` // SHA256 hash of the file
HasReportedIssue bool `json:"hasReportedIssue"` // Whether an issue report has been submitted for this file
SessionID string `json:"sessionId,omitempty"` // Session ID (service mode only)
}
FileInfo represents file metadata
type FilteredAuditFileInfo ¶
type FilteredAuditFileInfo struct {
AuditFileInfo
FilteredCount int64 `json:"filteredCount"`
}
FilteredAuditFileInfo extends AuditFileInfo with filtered count
func ListAuditFilesWithCommunityIDFilter ¶
func ListAuditFilesWithCommunityIDFilter(outputDir string, communityIDs map[string]bool) ([]FilteredAuditFileInfo, error)
ListAuditFilesWithCommunityIDFilter returns audit files with filtered counts by community IDs
type FingerprintSummary ¶
type FingerprintSummary struct {
Fingerprint string `json:"fingerprint"`
Type string `json:"type"` // JA4, JA4S, JA4H, JA4X, JA4T, JA4TS, JA4SSH, or DHCP
Count int `json:"count"`
Hosts []string `json:"hosts"`
Description string `json:"description"`
FirstSeen int64 `json:"firstSeen"`
LastSeen int64 `json:"lastSeen"`
CommunityIDs []string `json:"communityIds"`
}
FingerprintSummary represents aggregated fingerprint information
type FingerprintsResponse ¶
type FingerprintsResponse struct {
Fingerprints []FingerprintSummary `json:"fingerprints"`
TotalCount int `json:"totalCount"`
}
FingerprintsResponse contains the list of fingerprints
type GroupedAlert ¶
type GroupedAlert struct {
RuleName string `json:"ruleName"`
Description string `json:"description"`
Severity string `json:"severity"`
RecordType string `json:"recordType"`
Tags []string `json:"tags"`
MITRE string `json:"mitre"`
RuleExpression string `json:"ruleExpression"`
Threshold int32 `json:"threshold"`
ThresholdWindow int32 `json:"thresholdWindow"`
Count int `json:"count"`
FirstSeen int64 `json:"firstSeen"`
LastSeen int64 `json:"lastSeen"`
UniqueSrcIPs []string `json:"uniqueSrcIPs"`
UniqueDstIPs []string `json:"uniqueDstIPs"`
UniqueSrcPorts []string `json:"uniqueSrcPorts"`
UniqueDstPorts []string `json:"uniqueDstPorts"`
SampleAlerts []AlertResponse `json:"sampleAlerts"` // Keep a few samples for detail view
Resolved bool `json:"resolved"` // True if all alerts in this group are resolved
ResolvedCount int `json:"resolvedCount"` // Number of resolved alerts in this group
GroupID string `json:"groupId"` // Unique identifier for the group
}
GroupedAlert represents a deduplicated/grouped alert
type GroupedAlertsResponse ¶
type GroupedAlertsResponse struct {
Groups []GroupedAlert `json:"groups"`
TotalCount int `json:"totalCount"` // Total individual alerts
GroupCount int `json:"groupCount"` // Number of unique groups
}
GroupedAlertsResponse represents the response containing grouped/deduplicated alerts
type HTTPResponse ¶
type HTTPResponse struct {
HTTP []HTTPSummary `json:"http"`
TotalCount int `json:"totalCount"`
}
HTTPResponse contains the list of HTTP records
type HTTPSummary ¶
type HTTPSummary struct {
Timestamp int64 `json:"timestamp"`
Proto string `json:"proto"`
Method string `json:"method"`
Host string `json:"host"`
URL string `json:"url"`
UserAgent string `json:"userAgent"`
Referer string `json:"referer"`
ReqContentLength int32 `json:"reqContentLength"`
ResContentLength int32 `json:"resContentLength"`
ContentType string `json:"contentType"`
StatusCode int32 `json:"statusCode"`
SrcIP string `json:"srcIP"`
DstIP string `json:"dstIP"`
SrcPort int32 `json:"srcPort"`
DstPort int32 `json:"dstPort"`
Flow string `json:"flow"`
ReqContentEncoding string `json:"reqContentEncoding"`
ResContentEncoding string `json:"resContentEncoding"`
ServerName string `json:"serverName"`
ResContentType string `json:"resContentType"`
ContentTypeDetected string `json:"contentTypeDetected"`
ResContentTypeDetected string `json:"resContentTypeDetected"`
DoneAfter int64 `json:"doneAfter"`
DNSDoneAfter int64 `json:"dnsDoneAfter"`
FirstByteAfter int64 `json:"firstByteAfter"`
TLSDoneAfter int64 `json:"tlsDoneAfter"`
RequestHeader map[string]string `json:"requestHeader"`
ResponseHeader map[string]string `json:"responseHeader"`
Parameters map[string]string `json:"parameters"`
// Security headers
StrictTransportSecurity string `json:"strictTransportSecurity"`
ContentSecurityPolicy string `json:"contentSecurityPolicy"`
XContentTypeOptions string `json:"xContentTypeOptions"`
XFrameOptions string `json:"xFrameOptions"`
XXSSProtection string `json:"xXSSProtection"`
ReferrerPolicy string `json:"referrerPolicy"`
AccessControlAllowOrigin string `json:"accessControlAllowOrigin"`
HasServerTiming bool `json:"hasServerTiming"`
// Authentication and server info
AuthorizationType string `json:"authorizationType"`
XForwardedFor string `json:"xForwardedFor"`
XRealIP string `json:"xRealIP"`
Server string `json:"server"`
XPoweredBy string `json:"xPoweredBy"`
// JA4H fingerprinting
Ja4h string `json:"ja4h"`
Ja4hDescription string `json:"ja4hDescription"`
// Community ID for cross-tool correlation
CommunityID string `json:"communityId"`
}
HTTPSummary represents HTTP request/response information
type HarvesterInfo ¶
type HarvesterInfo struct {
Name string `json:"name"`
Description string `json:"description"`
Ports []int `json:"ports"`
}
HarvesterInfo represents information about a credential harvester
type HarvesterPresetInfo ¶
type HarvesterPresetInfo struct {
Name string `json:"name"`
Description string `json:"description"`
CreatedAt time.Time `json:"created_at"`
ModifiedAt time.Time `json:"modified_at"`
HarvesterCount int `json:"harvester_count"`
}
HarvesterPresetInfo represents metadata about a saved harvester configuration preset
type HarvesterPresetListResponse ¶
type HarvesterPresetListResponse struct {
Presets []HarvesterPresetInfo `json:"presets"`
}
HarvesterPresetListResponse represents the response with all saved presets
type HarvestersResponse ¶
type HarvestersResponse struct {
Harvesters []HarvesterInfo `json:"harvesters"`
}
HarvestersResponse represents the response with all harvester information
type HostVulnerabilitySummary ¶
type HostVulnerabilitySummary struct {
Host string `json:"host"`
Vulnerabilities int `json:"vulnerabilities"`
Exploits int `json:"exploits"`
TopSeverity string `json:"topSeverity"`
SoftwareCount int `json:"softwareCount"`
}
HostVulnerabilitySummary represents a host and its vulnerabilities
type HostsResponse ¶
type HostsResponse struct {
Hosts []IPProfileSummary `json:"hosts"`
TotalCount int `json:"totalCount"`
}
HostsResponse contains the list of IP profiles
type IPProfileSummary ¶
type IPProfileSummary struct {
Addr string `json:"addr"`
NumPackets int64 `json:"numPackets"`
Bytes uint64 `json:"bytes"`
Geolocation string `json:"geolocation"`
DNSNames []string `json:"dnsNames"`
TimestampFirst int64 `json:"timestampFirst"`
TimestampLast int64 `json:"timestampLast"`
Applications []string `json:"applications"`
Ja4Fingerprints []string `json:"ja4Fingerprints"`
Ja4SFingerprints []string `json:"ja4sFingerprints"`
ProtocolsCount int `json:"protocolsCount"`
SNIsCount int `json:"snisCount"`
SrcPortsCount int `json:"srcPortsCount"`
DstPortsCount int `json:"dstPortsCount"`
ContactedPortsCount int `json:"contactedPortsCount"`
TopProtocols []ProtocolInfo `json:"topProtocols"`
TopSrcPorts []PortInfo `json:"topSrcPorts"`
TopDstPorts []PortInfo `json:"topDstPorts"`
TopContactedPorts []PortInfo `json:"topContactedPorts"`
IsInternal bool `json:"isInternal"`
}
IPProfileSummary represents aggregated information for a single IP address
type IPTracker ¶
type IPTracker struct {
IP string
AnalysisTimes []time.Time
Sessions []string // Session IDs
IssueReportTimes []time.Time // Timestamps of issue reports for rate limiting
}
IPTracker tracks analysis attempts per IP for rate limiting
type InjectionEvent ¶
type InjectionEvent struct {
ID string `json:"id"`
Timestamp int64 `json:"timestamp"`
RuleName string `json:"ruleName"`
RuleAction string `json:"ruleAction"`
RecordType string `json:"recordType"`
SrcIP string `json:"srcIP,omitempty"`
DstIP string `json:"dstIP,omitempty"`
SrcPort int `json:"srcPort,omitempty"`
DstPort int `json:"dstPort,omitempty"`
Result string `json:"result"` // "success", "failed", "skipped"
Error string `json:"error,omitempty"`
ActionData map[string]any `json:"actionData,omitempty"`
}
InjectionEvent represents an event when an injection rule is triggered
type InjectionEventsResponse ¶
type InjectionEventsResponse struct {
Events []InjectionEvent `json:"events"`
TotalCount int `json:"totalCount"`
}
InjectionEventsResponse represents the response containing injection events
type InjectionRuleResponse ¶
type InjectionRuleResponse struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Expression string `json:"expression"`
Action string `json:"action"`
ActionConfig map[string]any `json:"actionConfig,omitempty"`
Enabled bool `json:"enabled"`
Priority int `json:"priority"`
StopOnMatch bool `json:"stopOnMatch"`
Tags []string `json:"tags"`
}
InjectionRuleResponse represents an injection rule for the API
type InjectionRulesResponse ¶
type InjectionRulesResponse struct {
Rules []InjectionRuleResponse `json:"rules"`
Description string `json:"description"`
}
InjectionRulesResponse represents the response containing all injection rules
type InjectionStatsResponse ¶
type InjectionStatsResponse struct {
TotalRules int `json:"totalRules"`
EnabledRules int `json:"enabledRules"`
TotalEvents int `json:"totalEvents"`
EventsByRule map[string]int `json:"eventsByRule"`
EventsByResult map[string]int `json:"eventsByResult"`
EventsByAction map[string]int `json:"eventsByAction"`
LastEventTime int64 `json:"lastEventTime,omitempty"`
}
InjectionStatsResponse represents statistics about injection rules and events
type LayerType ¶
type LayerType int
LayerType represents the encapsulation layer of a protocol
func GetLayerType ¶
GetLayerType returns the layer type for a given audit record type
type MenuCountsResponse ¶
type MenuCountsResponse struct {
HostsCount int64 `json:"hostsCount"`
DevicesCount int64 `json:"devicesCount"`
ConnectionsCount int64 `json:"connectionsCount"`
HTTPCount int64 `json:"httpCount"`
CertificatesCount int64 `json:"certificatesCount"`
CredentialsCount int64 `json:"credentialsCount"`
DomainsCount int64 `json:"domainsCount"`
FingerprintsCount int64 `json:"fingerprintsCount"`
SoftwareCount int64 `json:"softwareCount"`
VulnerabilitiesCount int64 `json:"vulnerabilitiesCount"`
AuditRecordsCount int64 `json:"auditRecordsCount"`
ServicesCount int64 `json:"servicesCount"`
LogsCount int64 `json:"logsCount"`
AlertsGroupCount int64 `json:"alertsGroupCount"`
ExtractedFilesCount int64 `json:"extractedFilesCount"`
}
MenuCountsResponse contains all menu badge counts for efficient loading
type NetworkConversationDataResponse ¶
type NetworkConversationDataResponse struct {
SrcIP string `json:"srcIP"`
DstIP string `json:"dstIP"`
Protocol string `json:"protocol"`
ConversationData string `json:"conversationData"` // base64-encoded chunk
Exists bool `json:"exists"`
FilePath string `json:"filePath"`
TotalSize int64 `json:"totalSize"` // Total file size in bytes
ChunkSize int `json:"chunkSize"` // Size of this chunk
Offset int64 `json:"offset"` // Current offset
HasMore bool `json:"hasMore"` // Whether there's more data
ErrorMessage string `json:"errorMessage,omitempty"`
}
NetworkConversationDataResponse contains the raw conversation data for a network-layer connection
type NetworkInterfaceInfo ¶
type NetworkInterfaceInfo struct {
Index int `json:"index"`
Name string `json:"name"`
Flags string `json:"flags"`
HardwareAddr string `json:"hardwareAddr"`
MTU int `json:"mtu"`
Addrs []string `json:"addrs"`
}
NetworkInterfaceInfo represents a network interface
type PortInfo ¶
type PortInfo struct {
Port int32 `json:"port"`
Protocol string `json:"protocol"`
Packets uint64 `json:"packets"`
Bytes uint64 `json:"bytes"`
}
PortInfo represents port statistics
type ProcessingStats ¶
type ProcessingStats struct {
CurrentFile string `json:"currentFile"`
FileIndex int `json:"fileIndex"`
TotalFiles int `json:"totalFiles"`
PacketsProcessed int64 `json:"packetsProcessed"`
TotalPackets int64 `json:"totalPackets"`
ProgressPercent float64 `json:"progressPercent"`
PacketsPerSecond int64 `json:"packetsPerSecond"`
ProfilesCount int `json:"profilesCount"`
ServicesCount int `json:"servicesCount"`
LastUpdate int64 `json:"lastUpdate"`
// Service mode specific fields
QueueLength int `json:"queueLength"` // Number of jobs waiting in queue
JobsScheduled int64 `json:"jobsScheduled"` // Total jobs scheduled
JobsProcessed int64 `json:"jobsProcessed"` // Total jobs completed
}
ProcessingStats represents live processing statistics
type ProgressInfo ¶
type ProgressInfo struct {
SessionID string `json:"sessionId"`
Status string `json:"status"`
ProgressPercent float64 `json:"progressPercent"`
Message string `json:"message"`
ErrorMessage string `json:"errorMessage,omitempty"`
}
ProgressInfo represents the progress of an analysis job
type ProtocolHierarchyNode ¶
type ProtocolHierarchyNode struct {
Name string `json:"name"`
Layer string `json:"layer"`
Count int64 `json:"count"`
Bytes int64 `json:"bytes"`
Children []ProtocolHierarchyNode `json:"children"`
}
ProtocolHierarchyNode represents a node in the protocol hierarchy
type ProtocolHierarchyResponse ¶
type ProtocolHierarchyResponse struct {
Links []SankeyLink `json:"links"`
Nodes []string `json:"nodes"`
Stats map[string]ProtocolStats `json:"stats"`
}
ProtocolHierarchyResponse is the API response
type ProtocolInfo ¶
type ProtocolInfo struct {
Name string `json:"name"`
Packets uint64 `json:"packets"`
Category string `json:"category"`
}
ProtocolInfo represents protocol statistics
type ProtocolStats ¶
type ProtocolStats struct {
Count int64 `json:"count"`
Bytes int64 `json:"bytes"`
Layer string `json:"layer"`
}
ProtocolStats contains statistics for a protocol
type ReportIssueRequest ¶
type ReportIssueRequest struct {
SessionID string `json:"sessionId"`
Description string `json:"description"`
}
ReportIssueRequest represents the request body for reporting an issue
type ReportIssueResponse ¶
type ReportIssueResponse struct {
Success bool `json:"success"`
IssueID string `json:"issueId"`
Message string `json:"message"`
}
ReportIssueResponse represents the response for reporting an issue
type ResolveAlertRequest ¶
type ResolveAlertRequest struct {
AlertID string `json:"alertId"`
GroupID string `json:"groupId"` // Optional: resolve entire group
}
ResolveAlertRequest represents a request to resolve an alert
type ResolveAlertResponse ¶
type ResolveAlertResponse struct {
Success bool `json:"success"`
Message string `json:"message"`
ResolvedAt int64 `json:"resolvedAt"`
ResolvedIDs []string `json:"resolvedIds,omitempty"` // IDs that were resolved
}
ResolveAlertResponse represents the response to a resolve request
type ResolvedAlert ¶
ResolvedAlert represents a resolved alert entry
type ResolvedAlertsStore ¶
type ResolvedAlertsStore struct {
Alerts map[string]ResolvedAlert `json:"alerts"` // Map of alertId -> ResolvedAlert
}
ResolvedAlertsStore manages the resolved alerts
type ResponseActionAPI ¶
type ResponseActionAPI struct {
Type string `json:"type"`
Config map[string]any `json:"config,omitempty"`
Enabled *bool `json:"enabled,omitempty"`
}
ResponseActionAPI represents a response action for the API
type RuleExecResult ¶
type RuleExecResult struct {
RuleName string `json:"ruleName"`
AlertsCount int `json:"alertsCount"`
RecordsRead int `json:"recordsRead"`
Success bool `json:"success"`
Error string `json:"error,omitempty"`
ExecutionTime int64 `json:"executionTimeMs"`
}
RuleExecResult represents the result of executing a single rule
type RuleResponse ¶
type RuleResponse struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Expression string `json:"expression"`
Severity string `json:"severity"`
MITRE []string `json:"mitre"`
Tags []string `json:"tags"`
Enabled bool `json:"enabled"`
Threshold int `json:"threshold,omitempty"`
ThresholdWindow int `json:"thresholdWindow,omitempty"`
Actions []ResponseActionAPI `json:"actions,omitempty"`
}
RuleResponse represents a rule for the API
type RuleSetInfo ¶
type RuleSetInfo struct {
Name string `json:"name"` // Filename without .yml extension
Filename string `json:"filename"` // Full filename with extension
RuleCount int `json:"ruleCount"` // Number of rules in this set
Enabled bool `json:"enabled"` // Whether the rule set is enabled
Description string `json:"description"` // Optional description from first rule or filename
IsEmbedded bool `json:"isEmbedded"` // Whether this is an embedded default rule set
IsOverridden bool `json:"isOverridden"` // Whether this embedded rule set has been overridden by a file
}
RuleSetInfo represents information about a rule set (YAML file)
type RuleSetsResponse ¶
type RuleSetsResponse struct {
RuleSets []RuleSetInfo `json:"ruleSets"`
}
RuleSetsResponse represents the response with all rule sets
type RulesConfigResponse ¶
type RulesConfigResponse struct {
Rules []RuleResponse `json:"rules"`
}
RulesConfigResponse represents the full rules configuration
type RuntimeConfig ¶
type RuntimeConfig struct {
// Branding
LogoSubText string // Custom label shown below NETCAP logo (overrides LOCAL/SERVICE)
// Input/Output
Compress bool
Buffer bool
// Performance
Workers int
PacketBuffer int
MemBufSize int
// Network Capture
Interface string
PromiscMode bool
SnapLen int
// Decoders
BaseLayer string
DecodeOptions string
Payload bool
Context bool
// Database/Enrichment
MacDB bool
ServiceDB bool
GeoDB bool
ReverseDNS bool
LocalDNS bool
// TCP Reassembly
ReassembleConnections bool
FlushEvery int
Checksum bool
NoOptCheck bool
IgnoreFSMErr bool
AllowMissingInit bool
ClosePendingTimeout time.Duration
CloseInactiveTimeout time.Duration
// Output Format
Proto bool
JSON bool
CSV bool
// Elastic
Elastic bool
ElasticAddrs string
ElasticUser string
// Advanced
IgnoreUnknown bool
FreeOSMemory int
ConnFlushInterval int
ConnTimeout time.Duration
FlowFlushInterval int
FlowTimeout time.Duration
// Stream processing
Entropy bool
TCPDebug bool
SaveConns bool
DefragIPv4 bool
HexDump bool
BannerSize int
}
RuntimeConfig holds the actual runtime configuration values passed from the capture package This allows the webUI to display the actual values the application was started with
type SankeyLink ¶
type SankeyLink struct {
Source string `json:"source"`
Target string `json:"target"`
Value int64 `json:"value"`
}
SankeyLink represents a link for Sankey diagram
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server represents the web UI HTTP server
func NewServer ¶
func NewServer(addr, outDir string, inputFiles []string, assetsPath string, debugLogging bool, dpiConfigured bool, isServiceMode bool, serviceConfig *ServiceConfig, runtimeConfig *RuntimeConfig, devMode bool) *Server
NewServer creates a new web UI server
func (*Server) AddInputFile ¶
AddInputFile adds a new input file to be processed (for "Open With" functionality on macOS) This creates a session and queues a job for the file
func (*Server) GetCompletedFiles ¶
GetCompletedFiles returns a copy of the completed files map
func (*Server) GetDPIPreferences ¶
func (s *Server) GetDPIPreferences(userIP string) *UserDPIPreferences
GetDPIPreferences retrieves DPI preferences for a user
func (*Server) GetDebugLogging ¶
GetDebugLogging returns the current debug logging state
func (*Server) GetFileError ¶
GetFileError returns the error for a specific file, if any
func (*Server) GetFileOutputDir ¶
GetFileOutputDir retrieves the output directory for a specific input file
func (*Server) GetFileProcessingTime ¶
GetFileProcessingTime retrieves the processing time for a specific input file
func (*Server) GetOutputDir ¶
GetOutputDir returns the current output directory
func (*Server) GetPayloadCapture ¶
GetPayloadCapture returns the current payload capture state
func (*Server) IsFileCompleted ¶
IsFileCompleted checks if a file has completed processing
func (*Server) IsLiveMode ¶
IsLiveMode returns whether the server is in live capture mode
func (*Server) IsProcessing ¶
IsProcessing returns whether capture is still processing
func (*Server) MarkFileCompleted ¶
MarkFileCompleted marks a specific input file as completed
func (*Server) SetCollector ¶
func (s *Server) SetCollector(collector CollectorInterface)
SetCollector sets the collector reference for runtime configuration changes
func (*Server) SetDPIPreferences ¶
func (s *Server) SetDPIPreferences(userIP string, prefs *UserDPIPreferences)
SetDPIPreferences sets DPI preferences for a user
func (*Server) SetDebugLogging ¶
SetDebugLogging sets the debug logging state
func (*Server) SetFileBPFFilter ¶
SetFileBPFFilter stores the BPF filter used for a specific input file
func (*Server) SetFileError ¶
SetFileError records an error for a specific file
func (*Server) SetFileOutputDir ¶
SetFileOutputDir stores the actual output directory for a specific input file and updates the active output directory to point to this location
func (*Server) SetFileProcessingTime ¶
SetFileProcessingTime stores the processing time for a specific input file
func (*Server) SetLiveMode ¶
SetLiveMode sets whether the server is in live capture mode
func (*Server) SetPayloadCapture ¶
SetPayloadCapture sets the payload capture state for future analysis
func (*Server) SetProcessingComplete ¶
func (s *Server) SetProcessingComplete()
SetProcessingComplete marks capture processing as complete
func (*Server) SetStopCapture ¶
func (s *Server) SetStopCapture(cancel context.CancelFunc)
SetStopCapture sets the cancel function for stopping live capture
func (*Server) SetUploadCallback ¶
func (s *Server) SetUploadCallback(callback UploadCallbackFunc)
SetUploadCallback sets the callback function for file uploads
func (*Server) UpdateOutputDir ¶
UpdateOutputDir updates the output directory (useful for multi-file processing)
func (*Server) UpdateProcessingStats ¶
func (s *Server) UpdateProcessingStats(stats ProcessingStats)
UpdateProcessingStats updates the live processing statistics
type ServiceConfig ¶
type ServiceConfig struct {
DataDir string
MaxFileSize int64
MaxAnalysisHour int
SessionExpiry int
CleanupInterval int
MaxStorageBytes int64
MaxIssueReportsPerDay int // Maximum number of issue reports per IP per day
PreloadLargestN int // Load only the N largest files from pcaps folder (0 = all files)
EnforceMaxSizePreload bool // Enforce service max file size for preloaded pcaps
}
ServiceConfig holds the service mode configuration
func DefaultServiceConfig ¶
func DefaultServiceConfig() *ServiceConfig
DefaultServiceConfig returns the default service configuration
type ServiceProbeInfo ¶
type ServiceProbeInfo struct {
ID string `json:"id"` // Unique identifier (generated)
Protocol string `json:"protocol"` // TCP or UDP
ProbeName string `json:"probeName"` // e.g., "GetRequest", "NULL"
Service string `json:"service"` // e.g., "http", "ssh"
Pattern string `json:"pattern"` // Regex pattern
Product string `json:"product"` // p/ field
Version string `json:"version"` // v/ field
Info string `json:"info"` // i/ field
Hostname string `json:"hostname"` // h/ field
OS string `json:"os"` // o/ field
DeviceType string `json:"deviceType"` // d/ field
CPEs []string `json:"cpes"` // cpe:/ fields
Ports []int `json:"ports"` // Port numbers
SSLPorts []int `json:"sslPorts"` // SSL port numbers
Rarity int `json:"rarity"` // 1-9
IsSoftMatch bool `json:"isSoftMatch"` // match vs softmatch
SendString string `json:"sendString"` // Probe send string
RawLine string `json:"rawLine"` // Original line from file
LineNumber int `json:"lineNumber"` // Line number in file
ProbeProtocol string `json:"probeProtocol"` // Protocol from Probe directive
Enabled bool `json:"enabled"` // Whether the probe is enabled (not commented out)
}
ServiceProbeInfo represents a parsed service probe entry
type ServiceProbesResponse ¶
type ServiceProbesResponse struct {
Probes []ServiceProbeInfo `json:"probes"`
TotalCount int `json:"totalCount"`
}
ServiceProbesResponse represents the response with all service probe information
type ServiceSummary ¶
type ServiceSummary struct {
Timestamp int64 `json:"timestamp"`
IP string `json:"ip"`
Port int32 `json:"port"`
Name string `json:"name"`
Banner string `json:"banner"`
Protocol string `json:"protocol"`
NumFlows int `json:"numFlows"`
Product string `json:"product"`
Vendor string `json:"vendor"`
Version string `json:"version"`
Notes string `json:"notes"`
BytesServer int32 `json:"bytesServer"`
BytesClient int32 `json:"bytesClient"`
Hostname string `json:"hostname"`
OS string `json:"os"`
Applications []string `json:"applications"`
PortName string `json:"portName"`
DetectedProtocolName string `json:"detectedProtocolName"`
MatchedProbeID string `json:"matchedProbeID"`
}
ServiceSummary represents aggregated information for a single service
type ServicesResponse ¶
type ServicesResponse struct {
Services []ServiceSummary `json:"services"`
TotalCount int `json:"totalCount"`
}
ServicesResponse contains the list of services
type SessionInfo ¶
type SessionInfo struct {
SessionID string `json:"sessionId"`
IP string `json:"ip"`
UploadTimestamp time.Time `json:"uploadTimestamp"`
InputFile string `json:"inputFile"`
InputFilename string `json:"inputFilename"`
InputFileSize int64 `json:"inputFileSize"`
OutputDir string `json:"outputDir"`
Status SessionStatus `json:"status"`
ErrorMessage string `json:"errorMessage,omitempty"`
ErrorLogPath string `json:"errorLogPath,omitempty"` // Path to detailed error log file
StartTime time.Time `json:"startTime"`
CompletionTime time.Time `json:"completionTime"`
ProcessingTime float64 `json:"processingTime,omitempty"` // Processing duration in seconds
PacketsTotal int64 `json:"packetsTotal,omitempty"`
ResultsReady bool `json:"resultsReady"`
IsPreloaded bool `json:"isPreloaded"` // True if this is a preloaded system pcap
BPFFilter string `json:"bpfFilter"` // BPF filter applied during capture
IncludeDecoders string `json:"includeDecoders"` // Decoders included during capture
ExcludeDecoders string `json:"excludeDecoders"` // Decoders excluded during capture
HasReportedIssue bool `json:"hasReportedIssue"` // True if an issue has been reported for this session
}
SessionInfo tracks information about an upload and analysis session
type SessionManager ¶
type SessionManager struct {
// contains filtered or unexported fields
}
SessionManager manages all active sessions and IP tracking
func NewSessionManager ¶
func NewSessionManager(maxAnalysisHour, sessionExpiryMin, maxIssueReportsPerDay int) *SessionManager
NewSessionManager creates a new session manager
func (*SessionManager) AddSession ¶
func (sm *SessionManager) AddSession(session *SessionInfo)
AddSession adds a new session and tracks it for the IP
func (*SessionManager) CheckIssueReportLimit ¶
func (sm *SessionManager) CheckIssueReportLimit(ip string) (allowed bool, remaining int)
CheckIssueReportLimit checks if an IP has exceeded the issue report rate limit (3 per hour)
func (*SessionManager) CheckRateLimit ¶
func (sm *SessionManager) CheckRateLimit(ip string) (allowed bool, remaining int)
CheckRateLimit checks if an IP has exceeded the rate limit
func (*SessionManager) CleanupExpiredSessions ¶
func (sm *SessionManager) CleanupExpiredSessions() []string
CleanupExpiredSessions removes expired sessions and their data
func (*SessionManager) GetAllSessions ¶
func (sm *SessionManager) GetAllSessions() []*SessionInfo
GetAllSessions returns all sessions (for debugging/monitoring)
func (*SessionManager) GetSession ¶
func (sm *SessionManager) GetSession(sessionID string) (*SessionInfo, bool)
GetSession retrieves a session by ID
func (*SessionManager) GetSessionForIP ¶
func (sm *SessionManager) GetSessionForIP(sessionID, ip string) (*SessionInfo, bool)
GetSessionForIP checks if a session belongs to a specific IP
func (*SessionManager) GetSessionsForIP ¶
func (sm *SessionManager) GetSessionsForIP(ip string) []*SessionInfo
GetSessionsForIP returns all sessions for a specific IP
func (*SessionManager) GetStorageUsageForIP ¶
func (sm *SessionManager) GetStorageUsageForIP(ip string) int64
GetStorageUsageForIP calculates storage usage for a specific IP This includes both the user's own sessions and preloaded/system pcaps
func (*SessionManager) MarkSessionIssueReported ¶
func (sm *SessionManager) MarkSessionIssueReported(sessionID string)
MarkSessionIssueReported marks a session as having an issue reported
func (*SessionManager) RecordIssueReport ¶
func (sm *SessionManager) RecordIssueReport(ip string)
RecordIssueReport records an issue report for an IP
func (*SessionManager) RestoreSessionsFromDisk ¶
func (sm *SessionManager) RestoreSessionsFromDisk(resultsDir, pcapsDir, uploadsDir string) error
RestoreSessionsFromDisk scans the results directory and restores session information This allows sessions to persist across server restarts
func (*SessionManager) SaveSessionMetadata ¶
func (sm *SessionManager) SaveSessionMetadata(sessionID string) error
SaveSessionMetadata is a public method to save session metadata Call this after creating or updating a session to persist it to disk
func (*SessionManager) UpdateSessionPacketCount ¶
func (sm *SessionManager) UpdateSessionPacketCount(sessionID string, count int64)
UpdateSessionPacketCount updates the packet count for a session
func (*SessionManager) UpdateSessionProcessingTime ¶
func (sm *SessionManager) UpdateSessionProcessingTime(sessionID string, durationSeconds float64)
UpdateSessionProcessingTime updates the processing time for a session
func (*SessionManager) UpdateSessionStatus ¶
func (sm *SessionManager) UpdateSessionStatus(sessionID string, status SessionStatus, errorMsg string, errorLogPath string)
UpdateSessionStatus updates the status of a session
type SessionStatus ¶
type SessionStatus string
SessionStatus represents the current status of an analysis session
const ( StatusQueued SessionStatus = "queued" StatusProcessing SessionStatus = "processing" StatusCompleted SessionStatus = "completed" StatusFailed SessionStatus = "failed" )
type SoftwareInfo ¶
type SoftwareInfo struct {
Product string `json:"product"`
Vendor string `json:"vendor"`
Version string `json:"version"`
Flows []string `json:"flows"`
CommunityIDs []string `json:"communityIds"` // Community IDs for cross-tool correlation
}
SoftwareInfo contains software details including flows and community IDs
type SoftwareResponse ¶
type SoftwareResponse struct {
Software []SoftwareSummary `json:"software"`
TotalCount int `json:"totalCount"`
}
SoftwareResponse contains the list of software
type SoftwareSummary ¶
type SoftwareSummary struct {
Product string `json:"product"`
Vendor string `json:"vendor"`
Version string `json:"version"`
OS string `json:"os"`
Count int `json:"count"`
Devices []string `json:"devices"`
Services []string `json:"services"`
DPIResults []string `json:"dpiResults"`
FirstSeen int64 `json:"firstSeen"`
LastSeen int64 `json:"lastSeen"`
SourceNames []string `json:"sourceNames"`
Flows []string `json:"flows"`
// Detection context
DetectionMethod string `json:"detectionMethod"`
ConfidenceLevel string `json:"confidenceLevel"`
// Behavioral fingerprint
BehaviorProfile string `json:"behaviorProfile"`
IsHeadless bool `json:"isHeadless"`
IsEmulated bool `json:"isEmulated"`
IsAutomated bool `json:"isAutomated"`
// Risk indicators
HasKnownVulnerabilities bool `json:"hasKnownVulnerabilities"`
IsEndOfLife bool `json:"isEndOfLife"`
SupportStatus string `json:"supportStatus"`
// Community ID v1 for cross-tool correlation (Zeek, Suricata, etc.)
CommunityIDs []string `json:"communityIds"`
}
SoftwareSummary represents aggregated information for software
type StatsResponse ¶
type StatsResponse struct {
ProcessingStats ProcessingStats `json:"processingStats"`
FileErrors map[string]FileError `json:"fileErrors"`
}
StatsResponse represents the processing statistics response
type StatusResponse ¶
type StatusResponse struct {
IsProcessing bool `json:"isProcessing"`
OutputDir string `json:"outputDir"`
InputFiles []string `json:"inputFiles"`
ServerStarted time.Time `json:"serverStarted"`
ActiveInputFile string `json:"activeInputFile"`
IsMultiFile bool `json:"isMultiFile"`
IsServiceMode bool `json:"isServiceMode,omitempty"`
IsLiveMode bool `json:"isLiveMode"`
SessionID string `json:"sessionId,omitempty"` // Current session ID (service mode only)
LogoSubText string `json:"logoSubText,omitempty"` // Custom label shown below NETCAP logo
}
StatusResponse represents the capture status
type SystemInfo ¶
type SystemInfo struct {
NumCPU int `json:"numCPU"`
NumGoroutine int `json:"numGoroutine"`
TotalMemory uint64 `json:"totalMemory"`
FreeMemory uint64 `json:"freeMemory"`
UsedMemory uint64 `json:"usedMemory"`
GOOS string `json:"goos"`
GOARCH string `json:"goarch"`
}
SystemInfo represents system hardware information
type TestProbeRequest ¶
type TestProbeRequest struct {
Pattern string `json:"pattern"`
SampleInput string `json:"sampleInput"`
Flags string `json:"flags,omitempty"`
}
TestProbeRequest represents a request to test a probe regex
type TestProbeResponse ¶
type TestProbeResponse struct {
Matches bool `json:"matches"`
CapturedGroups map[string]string `json:"capturedGroups"`
Error string `json:"error,omitempty"`
}
TestProbeResponse represents the result of testing a probe regex
type ToggleInjectionRuleRequest ¶
type ToggleInjectionRuleRequest struct {
Enabled bool `json:"enabled"`
}
ToggleInjectionRuleRequest represents a request to toggle a rule's enabled state
type ToggleServiceProbeRequest ¶
type ToggleServiceProbeRequest struct {
Enabled bool `json:"enabled"`
}
ToggleServiceProbeRequest represents a request to toggle a probe's enabled state
type UpdateInjectionRuleRequest ¶
type UpdateInjectionRuleRequest struct {
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Expression string `json:"expression"`
Action string `json:"action"`
ActionConfig map[string]any `json:"actionConfig,omitempty"`
Enabled bool `json:"enabled"`
Priority int `json:"priority,omitempty"`
StopOnMatch bool `json:"stopOnMatch,omitempty"`
Tags []string `json:"tags,omitempty"`
}
UpdateInjectionRuleRequest represents a request to update an injection rule
type UpdateRuleRequest ¶
type UpdateRuleRequest struct {
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Expression string `json:"expression"`
Severity string `json:"severity"`
MITRE []string `json:"mitre"`
Tags []string `json:"tags"`
Enabled bool `json:"enabled"`
Threshold int `json:"threshold,omitempty"`
ThresholdWindow int `json:"thresholdWindow,omitempty"`
Actions []ResponseActionAPI `json:"actions,omitempty"`
}
UpdateRuleRequest represents a request to update a rule
type UpdateRuleSetRequest ¶
type UpdateRuleSetRequest struct {
Enabled bool `json:"enabled"`
}
UpdateRuleSetRequest represents a request to enable/disable a rule set
type UploadCallbackFunc ¶
UploadCallbackFunc is called when files are uploaded via the web UI
type UserDPIPreferences ¶
type UserDPIPreferences struct {
EnabledModules []string `json:"enabledModules"`
LastUpdated time.Time `json:"lastUpdated"`
}
UserDPIPreferences represents user-specific DPI module preferences
type VulnerabilitiesResponse ¶
type VulnerabilitiesResponse struct {
Vulnerabilities []VulnerabilitySummary `json:"vulnerabilities"`
Exploits []ExploitSummary `json:"exploits"`
AffectedHosts []HostVulnerabilitySummary `json:"affectedHosts"`
TotalVulns int `json:"totalVulns"`
TotalExploits int `json:"totalExploits"`
}
VulnerabilitiesResponse contains the aggregated data
type VulnerabilitySummary ¶
type VulnerabilitySummary struct {
ID string `json:"id"`
Description string `json:"description"`
Severity string `json:"severity"`
V2Score string `json:"v2Score"`
AccessVector string `json:"accessVector"`
Versions []string `json:"versions"`
Count int `json:"count"`
Software *SoftwareInfo `json:"software"` // Software details including flows
Affected int `json:"affected"` // Number of affected hosts
CommunityIDs []string `json:"communityIds"` // Community IDs for cross-tool correlation
}
VulnerabilitySummary represents aggregated vulnerability information
type YaraRuleInfo ¶
type YaraRuleInfo struct {
Name string `json:"name"`
Filename string `json:"filename"`
Size int64 `json:"size"`
Enabled bool `json:"enabled"`
ModifiedAt int64 `json:"modifiedAt"`
RuleCount int `json:"ruleCount"`
Description string `json:"description"`
}
YaraRuleInfo represents metadata about a YARA rule file.
type YaraScanResponse ¶
type YaraScanResponse struct {
Results []YaraScanResult `json:"results"`
TotalFiles int `json:"totalFiles"`
FilesScanned int `json:"filesScanned"`
TotalMatches int `json:"totalMatches"`
ScanTimeMs int64 `json:"scanTimeMs"`
}
YaraScanResponse represents the response from a YARA scan operation.
Source Files
¶
- alerts_handlers.go
- audit_stats_handler.go
- bpf.go
- certificates_charts.go
- certificates_handlers.go
- chart_generator.go
- chart_handler.go
- connections_charts.go
- connections_handlers.go
- credentials_charts.go
- credentials_handlers.go
- decoders.go
- devices_charts.go
- devices_handlers.go
- domains_charts.go
- domains_handlers.go
- echarts_config.go
- embed.go
- fingerprints_charts.go
- fingerprints_handlers.go
- handlers.go
- harvesters.go
- harvesters_handlers.go
- hosts_charts.go
- hosts_handlers.go
- http_charts.go
- http_handlers.go
- injection_handlers.go
- progress_handler.go
- reader.go
- rules_handlers.go
- rules_handlers_rulesets.go
- server.go
- service_config.go
- service_handlers.go
- service_probes.go
- services_charts.go
- services_handlers.go
- session.go
- shared_handlers.go
- software_charts.go
- software_handlers.go
- sorting.go
- stats_handler.go
- system.go
- system_linux.go
- types.go
- utils.go
- visualize.go
- visualize_charts.go
- vulnerabilities_charts.go
- vulnerabilities_handlers.go
- yara_handlers.go