resolvers

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 23 Imported by: 0

Documentation

Overview

Package resolvers implements primitives to resolve various identifiers against external data

Index

Constants

This section is empty.

Variables

View Source 
var (

	// CurrentConfig holds the current configuration.
	CurrentConfig Config

	// ConfigRootPath points to the path for storing the netcap configuration and databases.
	// usually: /usr/local/etc/netcap
	ConfigRootPath string

	// DataBaseFolderPath points to the 'dbs' folder for storing the netcap databases.
	// usually: /usr/local/etc/netcap/dbs
	DataBaseFolderPath string

	// DataBaseBuildPath points to the build folder for db generation artifacts,
	// that are not tracked in version control.
	// usually: /usr/local/etc/netcap/build
	DataBaseBuildPath string
)
View Source 
var DefaultConfig = Config{
	ReverseDNS:    false,
	LocalDNS:      false,
	MACDB:         true,
	ServiceDB:     true,
	GeolocationDB: true,
	DHCPDB:        true,
	JA4DB:         true,
}

DefaultConfig is an example configuration.

Functions

func GetJA4DBSize added in v0.9.0 

func GetJA4DBSize() int

GetJA4DBSize returns the number of entries in the JA4 database

func GetJA4HDBSize added in v0.9.0 

func GetJA4HDBSize() int

GetJA4HDBSize returns the number of entries in the JA4H database

func GetJA4SDBSize added in v0.9.0 

func GetJA4SDBSize() int

GetJA4SDBSize returns the number of entries in the JA4S database

func GetJA4TDBSize added in v0.9.0 

func GetJA4TDBSize() int

GetJA4TDBSize returns the number of entries in the JA4T database

func GetJA4TSDBSize added in v0.9.0 

func GetJA4TSDBSize() int

GetJA4TSDBSize returns the number of entries in the JA4TS database

func GetJA4TScanDBSize added in v0.9.0 

func GetJA4TScanDBSize() int

GetJA4TScanDBSize returns the number of entries in the JA4TScan database

func GetJA4XDBSize added in v0.9.0 

func GetJA4XDBSize() int

GetJA4XDBSize returns the number of entries in the JA4X database

func Init 

func Init(c Config, quietMode bool)

Init can be used to initialize the resolvers package according to the provided configuration.

func InitDHCPFingerprintAPIKey 

func InitDHCPFingerprintAPIKey()

InitDHCPFingerprintAPIKey initializes the DHCP fingerprinting API key

func InitDHCPFingerprintDB 

func InitDHCPFingerprintDB()

InitDHCPFingerprintDB initializes the DHCP fingerprint database from the JSON encoded mapping persisted on disk.

func InitDNSWhitelist 

func InitDNSWhitelist()

InitDNSWhitelist initializes the domain whitelist.

func InitLocalDNS 

func InitLocalDNS()

InitLocalDNS initializes reverse dns resolution via local hosts mapping.

func InitServiceDB 

func InitServiceDB()

InitServiceDB initializes the ports to service names mapping. TODO: include service names for other transport protocols

func IsPrivateIP 

func IsPrivateIP(ip net.IP) bool

IsPrivateIP can be used whether an address belongs to private address space.

func IsWhitelistedDomain 

func IsWhitelistedDomain(domain string) bool

IsWhitelistedDomain checks whether a given domain is whitelisted must be called after calling InitDNSWhitelist().

func LookupDHCPFingerprint 

func LookupDHCPFingerprint(fp, vendor string, userAgents []string) (*dhcpResult, error)

LookupDHCPFingerprint retrieves the data associated with an DHCP fingerprint.

func LookupDHCPFingerprintLocal added in v0.9.0 

func LookupDHCPFingerprintLocal(fp string) string

LookupDHCPFingerprintLocal retrieves the data associated with an DHCP fingerprint from the local database.

func LookupDNSNameLocal 

func LookupDNSNameLocal(ip string) string

LookupDNSNameLocal retrieves the DNS names associated with an IP addr.

func LookupDNSNames 

func LookupDNSNames(ip string) []string

LookupDNSNames retrieves the DNS names associated with an IP address.

func LookupGeolocation 

func LookupGeolocation(addr string) (string, string)

LookupGeolocation returns all associated geolocations for a given address and db handle results are being cached in an atomic map to avoid unnecessary lookups.

func LookupJA4 added in v0.9.0 

func LookupJA4(fingerprint string) string

LookupJA4 looks up a JA4 fingerprint in the database

func LookupJA4H added in v0.9.0 

func LookupJA4H(fingerprint string) string

LookupJA4H looks up a JA4H fingerprint in the database

func LookupJA4S added in v0.9.0 

func LookupJA4S(fingerprint string) string

LookupJA4S looks up a JA4S fingerprint in the database

func LookupJA4T added in v0.9.0 

func LookupJA4T(fingerprint string) string

LookupJA4T looks up a JA4T fingerprint in the database

func LookupJA4TS added in v0.9.0 

func LookupJA4TS(fingerprint string) string

LookupJA4TS looks up a JA4TS fingerprint in the database

func LookupJA4TScan added in v0.9.0 

func LookupJA4TScan(fingerprint string) string

LookupJA4TScan looks up a JA4TScan fingerprint in the database

func LookupJA4X added in v0.9.0 

func LookupJA4X(fingerprint string) string

LookupJA4X looks up a JA4X fingerprint in the database

func LookupManufacturer 

func LookupManufacturer(mac string) string

LookupManufacturer resolves a MAC addr to the manufacturer. It first checks the optional JSON database, then falls back to gopacket's built-in data.

func LookupServiceByPort 

func LookupServiceByPort(port int, protocol string) string

LookupServiceByPort looks up the service name associated with a given port and protocol.

func SaveFingerprintDB 

func SaveFingerprintDB()

SaveFingerprintDB will persist the fingerprint database on disk. TODO: use a boltDB?

func SetLogger 

func SetLogger(lg *zap.Logger)

SetLogger sets the logger for the resolvers package.

func SetPerfTracker added in v0.7.6 

func SetPerfTracker(pt *performance.Tracker)

SetPerfTracker sets the performance tracker for resolver operations

Types

type Config 

type Config struct {

	// Controls whether ip addresses are resolved through the default OS resolver
	ReverseDNS bool

	// Controls if ip addresses are resolved locally through a provided hosts mapping
	LocalDNS bool

	// Enables MAC address vendor lookups
	MACDB bool

	// Enables resolving port numbers to service names
	ServiceDB bool

	// Enables ip to geolocation lookups via MaxMind GeoLite
	GeolocationDB bool

	// Enables DHCP fingerprint lookups
	DHCPDB bool

	// Enables JA4+ fingerprint lookups
	JA4DB bool
}

Config contains settings for the resolvers package.

type JA4Entry added in v0.9.0 

type JA4Entry struct {
	Application          string `json:"application"`
	Library              string `json:"library"`
	Device               string `json:"device"`
	OS                   string `json:"os"`
	UserAgentString      string `json:"user_agent_string"`
	CertificateAuthority string `json:"certificate_authority"`
	ObservationCount     int    `json:"observation_count"`
	Verified             bool   `json:"verified"`
	Notes                string `json:"notes"`
	JA4Fingerprint       string `json:"ja4_fingerprint"`
	JA4FingerprintString string `json:"ja4_fingerprint_string"`
	JA4SFingerprint      string `json:"ja4s_fingerprint"`
	JA4HFingerprint      string `json:"ja4h_fingerprint"`
	JA4XFingerprint      string `json:"ja4x_fingerprint"`
	JA4TFingerprint      string `json:"ja4t_fingerprint"`
	JA4TSFingerprint     string `json:"ja4ts_fingerprint"`
	JA4TScanFingerprint  string `json:"ja4tscan_fingerprint"`
}

JA4Entry represents a single entry from the JA4+ database

func LookupJA4Entry added in v0.9.0 

func LookupJA4Entry(fingerprint string) *JA4Entry

LookupJA4Entry looks up a JA4 fingerprint and returns the full entry

func LookupJA4HEntry added in v0.9.0 

func LookupJA4HEntry(fingerprint string) *JA4Entry

LookupJA4HEntry looks up a JA4H fingerprint and returns the full entry

func LookupJA4SEntry added in v0.9.0 

func LookupJA4SEntry(fingerprint string) *JA4Entry

LookupJA4SEntry looks up a JA4S fingerprint and returns the full entry

func LookupJA4TEntry added in v0.9.0 

func LookupJA4TEntry(fingerprint string) *JA4Entry

LookupJA4TEntry looks up a JA4T fingerprint and returns the full entry

func LookupJA4TSEntry added in v0.9.0 

func LookupJA4TSEntry(fingerprint string) *JA4Entry

LookupJA4TSEntry looks up a JA4TS fingerprint and returns the full entry

func LookupJA4TScanEntry added in v0.9.0 

func LookupJA4TScanEntry(fingerprint string) *JA4Entry

LookupJA4TScanEntry looks up a JA4TScan fingerprint and returns the full entry

func LookupJA4XEntry added in v0.9.0 

func LookupJA4XEntry(fingerprint string) *JA4Entry

LookupJA4XEntry looks up a JA4X fingerprint and returns the full entry

func (*JA4Entry) GetDescription added in v0.9.0 

func (e *JA4Entry) GetDescription() string

GetDescription returns a human-readable description for the entry

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.