Tests: add Zeek to get passiverecon logs

2025-10-01 22:28:20 +00:00 · 2021-12-09 15:11:36 +01:00 · 2021-12-09 15:11:36 +01:00 · 6efcbbbf59
commit 6efcbbbf59
parent 1619261ebf
1 changed files with 29 additions and 5 deletions
--- a/test/test_masscanned.py
+++ b/test/test_masscanned.py
@ -43,6 +43,8 @@ def setup_logs():

 LOG = setup_logs()
 IFACE = "tap0"
+TCPDUMP = bool(os.environ.get("USE_TCPDUMP"))
+ZEEK_PASSIVERECON = bool(os.environ.get("USE_ZEEK"))
 conf.verb = 0

 # prepare configuration file for masscanned
@ -61,9 +63,27 @@ subprocess.check_call(["ip", "route", "add", "1.2.3.4/32", "via", IPV4_ADDR])
 conf.route.resync()

 # start capture
-tcpdump = subprocess.Popen(
-    ["tcpdump", "-enli", IFACE, "-w", os.path.join(OUTDIR, "test_capture.pcap")]
-)
+if TCPDUMP:
+    tcpdump = subprocess.Popen(
+        ["tcpdump", "-enli", IFACE, "-w", os.path.join(OUTDIR, "test_capture.pcap")]
+    )
+if ZEEK_PASSIVERECON:
+    zeek = subprocess.Popen(
+        [
+            "zeek",
+            "-C",
+            "-b",
+            "-i",
+            IFACE,
+            "/usr/share/ivre/zeek/ivre/passiverecon/bare.zeek",
+            "-e",
+            "redef tcp_content_deliver_all_resp = T; "
+            "redef tcp_content_deliver_all_orig = T; "
+            f"redef PassiveRecon::HONEYPOTS += {{ {IPV4_ADDR}, [{IPV6_ADDR}] }}",
+        ],
+        stdout=open("test/res/zeek_passiverecon.stdout", "w"),
+        stderr=open("test/res/zeek_passiverecon.stderr", "w"),
+    )
 # run masscanned
 masscanned = subprocess.Popen(
    [
@ -93,6 +113,10 @@ except AssertionError:
 masscanned.kill()
 masscanned.wait()
 # terminate capture
-tcpdump.kill()
-tcpdump.wait()
+if TCPDUMP:
+    tcpdump.kill()
+    tcpdump.wait()
+if ZEEK_PASSIVERECON:
+    zeek.kill()
+    zeek.wait()
 sys.exit(result)