anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd4700770bba6f5fdd668461358a0b6e96fe735b
DECNET/decnet/prober/probes/tcpfp.py
anti bd4700770b refactor(prober): generalise ActiveProbe registry to absorb Ipv6LeakProbe 
ActiveProbe.run/syslog_fields/publish_payload now accept port=None so
non-port-iterating probes can live in the registry. Ipv6LeakProbe replaces
the hand-rolled _ipv6_leak_phase special case in worker.py; it runs last
via priority=999. _probe_cycle no longer has an ad-hoc phase call.

Fixes three stale test files (test_prober_bus, test_prober_rotation,
test_prober_worker) that were broken since the 916b21b6 registry refactor.
2026-05-21 14:27:48 -04:00

53 lines
1.8 KiB
Python
Raw Blame History

from __future__ import annotations
from typing import Any
from decnet.prober.base import ActiveProbe
from decnet.prober.tcpfp import tcp_fingerprint
from decnet.telemetry import traced as _traced
DEFAULT_PORTS: list[int | None] = [22, 80, 443, 8080, 8443, 445, 3389]
class TcpfpProbe(ActiveProbe):
probe_name = "tcpfp"
default_ports: list[int | None] = DEFAULT_PORTS
event_type = "tcpfp_fingerprint"
rotation_type = "tcpfp"
rotation_hash_key = "tcpfp_hash"
priority = 100
@_traced("prober.tcpfp_probe")
def run(self, ip: str, port: int | None, timeout: float) -> dict[str, Any] | None:
if port is None:
return None
return tcp_fingerprint(ip, port, timeout=timeout)
def syslog_fields(self, ip: str, port: int | None, result: dict[str, Any]) -> tuple[dict[str, Any], str]:
fields = {
"tcpfp_hash": result["tcpfp_hash"],
"tcpfp_raw": result["tcpfp_raw"],
"ttl": str(result["ttl"]),
"window_size": str(result["window_size"]),
"df_bit": str(result["df_bit"]),
"mss": str(result["mss"]),
"window_scale": str(result["window_scale"]),
"sack_ok": str(result["sack_ok"]),
"timestamp": str(result["timestamp"]),
"options_order": result["options_order"],
"tos": str(result["tos"]),
"dscp": str(result["dscp"]),
"ecn": str(result["ecn"]),
"server_isn": str(result["server_isn"]),
}
return fields, f"TCPFP {ip}:{port} = {result['tcpfp_hash']}"
def publish_payload(self, ip: str, port: int | None, result: dict[str, Any]) -> dict[str, Any]:
return {
"attacker_ip": ip,
"port": port,
"tcpfp_hash": result["tcpfp_hash"],
"ttl": result["ttl"],
"mss": result["mss"],
}
Reference in New Issue View Git Blame Copy Permalink