anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b0b08754d0a7f0052122a0552a3a3d0c5b8f793d
DECNET/decnet
History
anti b0b08754d0 feat(fingerprint): ToS/DSCP/ECN extraction in active + passive TCP fingerprint 
Active prober now reads ip.tos from the SYN-ACK and emits tos/dscp/ecn
alongside the existing TTL/window/options fields. dscp is folded into the
fingerprint hash so different DSCP markings produce distinct signatures.

Passive sniffer logs the same three fields on tcp_syn_fingerprint events;
profiler rollup carries them into the attacker tcp_fingerprint snapshot;
AttackerDetail's TCP STACK panel now surfaces DSCP and ECN cells.
2026-04-26 20:25:37 -04:00
..
agent
feat(agent,forwarder,updater): publish system.<worker>.health heartbeats (DEBT-031 workers 7-9)
2026-04-21 17:02:10 -04:00
asn
feat(asn): IP→ASN enrichment via iptoasn.com bulk dump
2026-04-25 03:58:58 -04:00
bus
refactor(bus): rename ORCHESTRATOR_ACTIVITY → ORCHESTRATOR_TRAFFIC
2026-04-26 19:53:40 -04:00
cli
feat(orchestrator): MVP synthetic life-injection worker (SSH only)
2026-04-26 19:43:20 -04:00
clustering
test(clustering): full-bound passes through production campaign clusterer
2026-04-26 09:13:59 -04:00
collector
fix(collector): label-based fleet container discovery
2026-04-25 08:11:21 -04:00
correlation
feat(correlation): credential-reuse engine + reuse-correlate worker
2026-04-26 03:37:49 -04:00
engine
feat(creds): DEBT-040 Phase 1 — SMB NTLMSSP framer
2026-04-25 07:31:41 -04:00
geoip
feat(attackers): PTR record (reverse DNS) enrichment
2026-04-24 17:26:40 -04:00
intel
refactor(intel): re-key attacker_intel on attacker_uuid (closes DEBT-041)
2026-04-26 05:35:29 -04:00
logging
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
mutator
fix(topology/allocator): widen default subnet base to /12 for mass-scale
2026-04-24 18:57:55 -04:00
net
feat(net): stealth-egress httpx client factory
2026-04-26 04:59:34 -04:00
orchestrator
feat(orchestrator): periodic prune of orchestrator_events
2026-04-26 19:58:43 -04:00
prober
feat(fingerprint): ToS/DSCP/ECN extraction in active + passive TCP fingerprint
2026-04-26 20:25:37 -04:00
profiler
feat(fingerprint): ToS/DSCP/ECN extraction in active + passive TCP fingerprint
2026-04-26 20:25:37 -04:00
services
feat(creds): DEBT-040 Phase 3 — RDP NLA / CredSSP NTLMv2 capture
2026-04-25 07:42:52 -04:00
sniffer
feat(fingerprint): ToS/DSCP/ECN extraction in active + passive TCP fingerprint
2026-04-26 20:25:37 -04:00
swarm
feat(swarm): pin worker cert SHA-256 fingerprint per host
2026-04-25 03:01:15 -04:00
templates
feat(creds): DEBT-040 Phase 3 — RDP NLA / CredSSP NTLMv2 capture
2026-04-25 07:42:52 -04:00
topology
Revert "feat(mazenet): host resolution + cross-host bridge guard"
2026-04-25 03:26:19 -04:00
updater
feat(agent,forwarder,updater): publish system.<worker>.health heartbeats (DEBT-031 workers 7-9)
2026-04-21 17:02:10 -04:00
vectorstore
feat(creds): cred-reuse foundation + vectorstore scaffold
2026-04-26 03:18:34 -04:00
web
feat(web): orchestrator events read API + SSE stream
2026-04-26 19:58:12 -04:00
webhook
fix(webhook/worker): self-heal when bus starts late or restarts
2026-04-24 16:39:38 -04:00
__init__.py
feat(env): run decnet.ini loader at package import; expose DECNET_MODE
2026-04-19 03:17:25 -04:00
archetypes.py
refactor(ssh): consolidate real_ssh into ssh, remove duplication
2026-04-11 19:51:41 -04:00
composer.py
fix(collector): label-based fleet container discovery
2026-04-25 08:11:21 -04:00
config_ini.py
feat(config): promote /etc/decnet/decnet.ini to real config with domain sections
2026-04-23 18:21:00 -04:00
config.py
fix(logging): don't crash the process if the system log can't be opened
2026-04-24 01:00:42 -04:00
custom_service.py
Add per-service customization, stealth hardening, and BYOS support
2026-04-04 04:08:27 -03:00
distros.py
fix: stabilize tests with synchronous DB init and handle Bandit security findings
2026-04-09 01:33:15 -04:00
env.py
fix(api): gate embedded Docker-log collector on DECNET_EMBED_COLLECTOR
2026-04-24 00:47:37 -04:00
fleet.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
ini_loader.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
models.py
feat(swarm): DeckyConfig.host_uuid + fix agent log/status field refs
2026-04-18 19:10:25 -04:00
network.py
fix(network): sweep orphan Docker bridges that squat on our subnet
2026-04-20 23:19:42 -04:00
os_fingerprint.py
feat(os_fingerprint): Phase 2 — add icmp_ratelimit + icmp_ratemask sysctls
2026-04-10 16:41:23 -04:00
privdrop.py
fix: chown log files to sudo-invoking user so non-root API can append
2026-04-17 13:39:09 -04:00
telemetry.py
fix: resolve all ruff and bandit lint/security issues
2026-04-16 01:04:57 -04:00