anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
b0e00a6cc453a34db7f93eb4636b92a3e283ef88
DECNET/tests
History
anti b0e00a6cc4 fix(ssh-capture): drop relay FIFO, rsyslog→/proc/1/fd/1 direct 
The named pipe at /run/systemd/journal/syslog-relay had two problems
beyond its argv leak: any root-in-container process could (a) `cat`
the pipe and watch the live SIEM feed, and (b) write to it and inject
forged log lines. Since an attacker with a shell is already root
inside the honeypot, file permissions can't fix it.

Point rsyslog's auth/user actions directly at /proc/1/fd/1 — the
container-stdout fd Docker attached to PID 1 — and delete the
mkfifo + cat relay from the entrypoint. No pipe on disk, nothing to
read, nothing to inject, and one fewer cloaked process in `ps`.
2026-04-18 02:12:32 -04:00
..
api
perf: cache auth user-lookup and admin list_users
2026-04-17 19:56:39 -04:00
live
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
perf
added: scripts/profile/view.sh — auto-pick newest artifact and open viewer
2026-04-17 13:20:05 -04:00
service_testing
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
stress
perf(locust): skip change-password in on_start when not required
2026-04-17 15:15:59 -04:00
__init__.py
Add 20 honeypot services: email, DB, ICS, cloud, IoT, network protocols
2026-04-03 23:07:44 -03:00
conftest.py
fix: dynamic TracedRepository proxy + disable tracing in test suite
2026-04-15 23:46:46 -04:00
mysql_spinup.sh
test: add MySQL backend integration tests
2026-04-15 12:51:33 -04:00
test_admin_seed.py
fix: re-seed admin password when still unfinalized (must_change_password=True)
2026-04-17 14:49:13 -04:00
test_api_attackers.py
perf(api): TTL-cache /stats + unfiltered pagination counts
2026-04-17 19:09:15 -04:00
test_archetypes.py
refactor: separate engine, collector, mutator, and fleet into independent subpackages
2026-04-12 00:26:22 -04:00
test_attacker_worker.py
fix: persist ingester position and profiler cursor across restarts
2026-04-15 13:58:12 -04:00
test_auth_async.py
perf: run bcrypt on a thread so it doesn't block the event loop
2026-04-17 14:52:22 -04:00
test_base_repo.py
fix: remove event-loop-blocking cold start; unify profiler to cursor-based incremental
2026-04-15 13:46:42 -04:00
test_bounty_dedup.py
feat: deduplicate bounties on (bounty_type, attacker_ip, payload)
2026-04-15 18:02:52 -04:00
test_build.py
refactor: separate engine, collector, mutator, and fleet into independent subpackages
2026-04-12 00:26:22 -04:00
test_cli_db_reset.py
test: add repository factory and CLI db-reset tests
2026-04-15 12:51:29 -04:00
test_cli_service_pool.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
test_cli.py
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
test_collector_thread_pool.py
fix: use dedicated thread pools for collector and sniffer workers
2026-04-15 22:57:03 -04:00
test_collector.py
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
test_composer.py
fix(telnet): replace Cowrie with real busybox telnetd + rsyslog logging
2026-04-12 00:34:45 -04:00
test_config.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
test_correlation.py
revert: undo service badge filter, parser normalization, and SSH relay
2026-04-14 02:14:46 -04:00
test_custom_service.py
Implement ICS/SCADA and IMAP Bait features
2026-04-10 01:50:08 -04:00
test_decnet.db-shm
fix: stabilize test suite by ensuring proper test DB isolation and initialization
2026-04-09 02:31:14 -04:00
test_decnet.db-wal
fix: stabilize test suite by ensuring proper test DB isolation and initialization
2026-04-09 02:31:14 -04:00
test_deployer.py
chore: fix unused imports in tests and update development roadmap
2026-04-12 03:46:23 -04:00
test_embedded_workers.py
fix: gate embedded sniffer behind DECNET_EMBED_SNIFFER (default off)
2026-04-17 13:35:43 -04:00
test_factory.py
test: add repository factory and CLI db-reset tests
2026-04-15 12:51:29 -04:00
test_file_handler.py
Add RFC 5424 syslog logging to all service templates
2026-04-04 04:31:00 -03:00
test_fingerprinting.py
feat: JA4/JA4S/JA4L fingerprints, TLS session resumption, certificate extraction
2026-04-13 23:20:37 -04:00
test_fleet_singleton.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
test_fleet.py
fix: align tests with model validation and API error reporting
2026-04-13 01:43:52 -04:00
test_health_config_cache.py
perf: 1s TTL cache for /health DB probe and /config state reads
2026-04-17 15:05:18 -04:00
test_ingester.py
perf(ingester): batch log writes into bulk commits
2026-04-17 16:37:34 -04:00
test_ini_loader.py
Fix all ruff lint errors across decnet/, templates/, and tests/
2026-04-04 17:36:16 -03:00
test_ini_spaces.py
fix: stabilize test suite by ensuring proper test DB isolation and initialization
2026-04-09 02:31:14 -04:00
test_ini_validation.py
feat: add server-side validation for web-based INI deployments
2026-04-08 01:04:59 -04:00
test_inode_aware_handler.py
fix: logging handler must not crash its caller on reopen failure
2026-04-17 14:01:36 -04:00
test_log_file_mount.py
feat: replace bind-mount log pipeline with Docker log streaming
2026-04-10 00:14:14 -04:00
test_logging_forwarder.py
Implement ICS/SCADA and IMAP Bait features
2026-04-10 01:50:08 -04:00
test_logging.py
feat: add component-aware RFC 5424 application logging system
2026-04-13 07:39:01 -04:00
test_mutator.py
Refactor: implemented Repository Factory and Async Mutator Engine. Decoupled storage logic and enforced Dependency Injection across CLI and Web API. Updated documentation.
2026-04-12 07:48:17 -04:00
test_mysql_histogram_sql.py
test: add MySQL backend integration tests
2026-04-15 12:51:33 -04:00
test_mysql_migration.py
fix: migrate TEXT→MEDIUMTEXT for attacker/state columns on MySQL
2026-04-15 12:59:54 -04:00
test_mysql_url_builder.py
fix: mysql url builder tests expect asyncmy, not aiomysql
2026-04-17 13:13:36 -04:00
test_network.py
test: expand coverage 64%→76%; add BUGS.md for Gemini migration issues
2026-04-09 12:55:52 -04:00
test_os_fingerprint.py
refactor: separate engine, collector, mutator, and fleet into independent subpackages
2026-04-12 00:26:22 -04:00
test_privdrop.py
fix: chown log files to sudo-invoking user so non-root API can append
2026-04-17 13:39:09 -04:00
test_prober_bounty.py
feat: add HASSHServer and TCP/IP stack fingerprinting to DECNET-PROBER
2026-04-14 12:53:55 -04:00
test_prober_hassh.py
feat: add HASSHServer and TCP/IP stack fingerprinting to DECNET-PROBER
2026-04-14 12:53:55 -04:00
test_prober_jarm.py
refactor: prober auto-discovers attackers from log stream
2026-04-14 12:22:20 -04:00
test_prober_tcpfp.py
feat: add HASSHServer and TCP/IP stack fingerprinting to DECNET-PROBER
2026-04-14 12:53:55 -04:00
test_prober_worker.py
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
test_profiler_behavioral.py
fix: wire prober tcpfp_fingerprint events into sniffer_rollup for OS/hop detection
2026-04-15 17:36:40 -04:00
test_router_cache.py
perf(api): TTL-cache /stats + unfiltered pagination counts
2026-04-17 19:09:15 -04:00
test_service_isolation.py
perf(ingester): batch log writes into bulk commits
2026-04-17 16:37:34 -04:00
test_services.py
fix(telnet): replace Cowrie with real busybox telnetd + rsyslog logging
2026-04-12 00:34:45 -04:00
test_smtp_relay.py
Refactor: implemented Repository Factory and Async Mutator Engine. Decoupled storage logic and enforced Dependency Injection across CLI and Web API. Updated documentation.
2026-04-12 07:48:17 -04:00
test_sniffer_ja3.py
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
test_sniffer_p0f.py
test: add fingerprinting and TCP analysis tests
2026-04-15 12:51:35 -04:00
test_sniffer_retransmit.py
test: add fingerprinting and TCP analysis tests
2026-04-15 12:51:35 -04:00
test_sniffer_tcp_fingerprint.py
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
test_sniffer_worker.py
feat: fleet-wide MACVLAN sniffer microservice
2026-04-14 15:02:34 -04:00
test_ssh.py
fix(ssh-capture): drop relay FIFO, rsyslog→/proc/1/fd/1 direct
2026-04-18 02:12:32 -04:00
test_syslog_formatter.py
refactor: strip DECNET tokens from container-visible surface
2026-04-17 22:57:53 -04:00
test_telemetry.py
feat: add OpenTelemetry distributed tracing across all DECNET services
2026-04-15 23:23:13 -04:00
test_web_api.py
feat: Phase 1 — JA3/JA3S sniffer, Attacker model, profile worker
2026-04-13 20:22:08 -04:00