anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add nmap OS spoof per decky via TCP/IP stack sysctls

Browse Source 
Each decky base container now receives a set of Linux kernel sysctls
(net.ipv4.ip_default_ttl, net.ipv4.tcp_syn_retries, etc.) tuned to
match the claimed OS family, making nmap OS detection return the
expected OS rather than the Linux host.

- decnet/os_fingerprint.py: OS profile table (linux/windows/bsd/embedded/cisco)
  keyed by TTL and TCP tuning knobs
- decnet/archetypes.py: Archetype gains nmap_os field; windows-* → "windows",
  printer/iot/industrial → "embedded", rest → "linux"
- decnet/config.py: DeckyConfig gains nmap_os field (default "linux")
- decnet/cli.py: nmap_os resolved from archetype → DeckyConfig in both CLI
  and INI build paths
- decnet/composer.py: base container gets sysctls + cap_add: [NET_ADMIN];
  service containers inherit via shared network namespace
- tests/test_os_fingerprint.py: 48 new tests covering profiles, compose
  injection, archetype coverage, and CLI propagation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
anti
2026-04-04 13:19:06 -03:00
parent bbb5fa7a7e
commit 6610856749
6 changed files with 329 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
decnet/archetypes.py
View File

@@ -28,6 +28,7 @@ class Archetype:
description: str
services: list[str] # default service set for this machine type
preferred_distros: list[str] # distro slugs to rotate through
nmap_os: str = "linux" # OS family slug for TCP/IP stack spoofing (see os_fingerprint.py)
ARCHETYPES: dict[str, Archetype] = {
@@ -37,6 +38,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Corporate Windows desktop: SMB shares + RDP access",
services=["smb", "rdp"],
preferred_distros=["debian", "ubuntu22"],
nmap_os="windows",
),
"windows-server": Archetype(
slug="windows-server",
@@ -44,6 +46,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Windows domain member: SMB, RDP, and LDAP directory",
services=["smb", "rdp", "ldap"],
preferred_distros=["debian", "ubuntu22"],
nmap_os="windows",
),
"domain-controller": Archetype(
slug="domain-controller",
@@ -51,6 +54,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Active Directory DC: LDAP, SMB, RDP, LLMNR",
services=["ldap", "smb", "rdp", "llmnr"],
preferred_distros=["debian", "ubuntu22"],
nmap_os="windows",
),
"linux-server": Archetype(
slug="linux-server",
@@ -58,6 +62,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="General-purpose Linux host: SSH + HTTP",
services=["ssh", "http"],
preferred_distros=["debian", "ubuntu22", "rocky9", "fedora"],
nmap_os="linux",
),
"web-server": Archetype(
slug="web-server",
@@ -65,6 +70,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Public-facing web host: HTTP + FTP",
services=["http", "ftp"],
preferred_distros=["debian", "ubuntu22", "ubuntu20"],
nmap_os="linux",
),
"database-server": Archetype(
slug="database-server",
@@ -72,6 +78,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Data tier host: MySQL, PostgreSQL, Redis",
services=["mysql", "postgres", "redis"],
preferred_distros=["debian", "ubuntu22"],
nmap_os="linux",
),
"mail-server": Archetype(
slug="mail-server",
@@ -79,6 +86,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="SMTP/IMAP/POP3 mail relay",
services=["smtp", "pop3", "imap"],
preferred_distros=["debian", "ubuntu22"],
nmap_os="linux",
),
"file-server": Archetype(
slug="file-server",
@@ -86,6 +94,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="SMB/FTP/SFTP file storage node",
services=["smb", "ftp", "ssh"],
preferred_distros=["debian", "ubuntu22", "rocky9"],
nmap_os="linux",
),
"printer": Archetype(
slug="printer",
@@ -93,6 +102,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Network-attached printer: SNMP + FTP",
services=["snmp", "ftp"],
preferred_distros=["alpine", "debian"],
nmap_os="embedded",
),
"iot-device": Archetype(
slug="iot-device",
@@ -100,6 +110,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Embedded/IoT device: MQTT, SNMP, Telnet",
services=["mqtt", "snmp", "telnet"],
preferred_distros=["alpine"],
nmap_os="embedded",
),
"industrial-control": Archetype(
slug="industrial-control",
@@ -107,6 +118,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="ICS/SCADA node: Conpot (Modbus/S7/DNP3) + SNMP",
services=["conpot", "snmp"],
preferred_distros=["debian"],
nmap_os="embedded",
),
"voip-server": Archetype(
slug="voip-server",
@@ -114,6 +126,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="SIP PBX / VoIP gateway",
services=["sip"],
preferred_distros=["debian", "ubuntu22"],
nmap_os="linux",
),
"monitoring-node": Archetype(
slug="monitoring-node",
@@ -121,6 +134,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="Infrastructure monitoring host: SNMP + SSH",
services=["snmp", "ssh"],
preferred_distros=["debian", "rocky9"],
nmap_os="linux",
),
"devops-host": Archetype(
slug="devops-host",
@@ -128,6 +142,7 @@ ARCHETYPES: dict[str, Archetype] = {
description="CI/CD or container host: Docker API + SSH + K8s",
services=["docker_api", "ssh", "k8s"],
preferred_distros=["ubuntu22", "debian"],
nmap_os="linux",
),
}