anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e9324acac737cfcd4f7df266da98db9fd2676f58
DECNET/tests
History
anti e9324acac7 feat(smtp): emit X-Mailer / Return-Path / dkim+spf / URLs on message_stored 
The EmailLifter (R0041–R0048) keys on header-derived signals that the
v0 _summarize_message did not extract. Add cheap Layer 2 projections
inside the existing single-pass parse:

* return_path / x_mailer — direct header reads, decoded RFC 2047
* dkim_signed / spf_pass — booleans derived from any
  Authentication-Results header (multiple lines tolerated; positive
  verdict on any line wins)
* urls — http(s) URLs lifted from text/* body parts via a tight
  regex, deduplicated first-seen-wins, capped at 64 in the wire
  payload to bound the syslog SD value

Heavyweight extraction (body simhash, office-macro detection,
HTML-smuggling, password-protected archives, mal-hash-match,
body_text projection) stays deferred per the EmailLifter heavyweight
DEBT entry — those rules need privacy / extractor decisions before
they ship.
2026-05-02 18:37:11 -04:00
..
agent
fix(agent): pass --always-recreate-deps so service netns shares stay fresh
2026-04-27 22:55:48 -04:00
api
feat(ttp): inspector drawer surfaces evidence + rule_id behind each technique
2026-05-02 02:55:05 -04:00
asn
feat(profiler): write ASN + AS name onto attacker rows
2026-04-25 04:01:28 -04:00
bus
feat(ttp): E.3.5 FilesystemRuleStore — inotify hot-reload + per-rule events
2026-05-01 08:31:05 -04:00
canary
feat(canary): auto-deregister fingerprint slug after first valid beacon
2026-04-29 17:49:31 -04:00
cli
fix(web): proxy follows DECNET_API_HOST instead of hardcoding 127.0.0.1
2026-04-27 22:55:25 -04:00
clustering
test(bus): pin scope-(2) producer wiring for reuse / clusterer / intel
2026-05-02 02:38:24 -04:00
collector
feat(ttp): split bash CMD evidence into structured uid/user/src/pwd/cmd rows
2026-05-02 03:20:53 -04:00
config
feat(config): add swarmctl-host to INI, env, CLI; drop hardcoded bind from systemd unit
2026-04-30 22:16:00 -04:00
core
fix(network): accept CAP_NET_ADMIN in lieu of euid==0 for macvlan setup
2026-04-29 11:56:40 -04:00
correlation
test(bus): pin scope-(2) producer wiring for reuse / clusterer / intel
2026-05-02 02:38:24 -04:00
db
test(db): cover BaseRepository.update_identity_fingerprints
2026-04-28 13:01:37 -04:00
decky_io
feat(deckies): generic file drops on fleet + MazeNET deckies
2026-04-28 22:43:34 -04:00
deploy
tests: realism migration regression coverage
2026-04-27 17:29:25 -04:00
docker
test: fix templates paths, CLI gating, and stress-suite harness
2026-04-19 23:50:53 -04:00
engine
fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests
2026-05-01 02:07:53 -04:00
factories
test(clustering): fixture 4 paused_campaign + active_days/time_window
2026-04-26 07:39:46 -04:00
fixtures/campaigns
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
fleet
feat(fleet): systemd unit + bus signal for fleet reconciler
2026-04-26 21:21:36 -04:00
geoip
feat(attackers): PTR record (reverse DNS) enrichment
2026-04-24 17:26:40 -04:00
intel
feat(intel): project per-provider taxonomy into attacker.intel.enriched payload
2026-05-02 18:08:29 -04:00
live
fix(tests): align stale tests with current behavior
2026-04-28 00:44:40 -04:00
logging
refactor(tests): move flat tests/*.py into per-subsystem subfolders
2026-04-23 21:34:25 -04:00
mutator
fix(types): T3 — narrow str|None at 12 sites; fix LANRow/DeckyRow subscript in mutator tests
2026-05-01 01:47:04 -04:00
orchestrator
feat(deckies): generic file drops on fleet + MazeNET deckies
2026-04-28 22:43:34 -04:00
perf
added: scripts/profile/view.sh — auto-pick newest artifact and open viewer
2026-04-17 13:20:05 -04:00
prober
feat(prober-cert): capture leaf TLS cert after successful JARM
2026-04-28 11:14:44 -04:00
profiler
feat(prober-cert): roll up fingerprints onto AttackerIdentity
2026-04-28 11:28:54 -04:00
realism
fix(realism): use minute-precision datetime in in_active_hours
2026-04-30 21:14:36 -04:00
service_testing
feat(smtp): emit X-Mailer / Return-Path / dkim+spf / URLs on message_stored
2026-05-02 18:37:11 -04:00
services
fix(smtp_relay): emit service=smtp_relay in syslog so ingester can gate probe publish
2026-04-30 12:31:29 -04:00
sniffer
feat(sniffer): ISN sequence classifier (reuses seq_class helper)
2026-04-26 20:30:24 -04:00
stress
fix(tests/stress): eliminate 0-request flakes in locust runs
2026-04-28 13:01:11 -04:00
swarm
fix(tests): align stale tests with current behavior
2026-04-28 00:44:40 -04:00
telemetry
refactor(tests): move flat tests/*.py into per-subsystem subfolders
2026-04-23 21:34:25 -04:00
topology
refactor(topology): introduce TopologyRepository protocol with DTO return types
2026-04-30 23:51:41 -04:00
ttp
fix(ttp): correct intel_lifter mappings + repoint ThreatFox to threat_type
2026-05-02 18:08:48 -04:00
updater
sec(updater): harden tarball extraction and verify sha256 before extract
2026-04-27 21:14:48 -04:00
vectorstore
feat(creds): cred-reuse foundation + vectorstore scaffold
2026-04-26 03:18:34 -04:00
web
feat(ttp): E.3.3 repository — insert_tags + listing rollups (dual backend)
2026-05-01 08:04:46 -04:00
webhook
fix(webhook/worker): self-heal when bus starts late or restarts
2026-04-24 16:39:38 -04:00
__init__.py
fix(tests+mutator): unbreak the docker-shadow test env + let mutator delete from active
2026-04-29 00:24:17 -04:00
conftest.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
mysql_spinup.sh
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00