From 6efcbbbf59e4285a5374ca2072ee76ffdfabce74 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Thu, 9 Dec 2021 15:11:36 +0100 Subject: [PATCH] Tests: add Zeek to get passiverecon logs --- test/test_masscanned.py | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/test/test_masscanned.py b/test/test_masscanned.py index f719007..42f9e8f 100755 --- a/test/test_masscanned.py +++ b/test/test_masscanned.py @@ -43,6 +43,8 @@ def setup_logs(): LOG = setup_logs() IFACE = "tap0" +TCPDUMP = bool(os.environ.get("USE_TCPDUMP")) +ZEEK_PASSIVERECON = bool(os.environ.get("USE_ZEEK")) conf.verb = 0 # prepare configuration file for masscanned @@ -61,9 +63,27 @@ subprocess.check_call(["ip", "route", "add", "1.2.3.4/32", "via", IPV4_ADDR]) conf.route.resync() # start capture -tcpdump = subprocess.Popen( - ["tcpdump", "-enli", IFACE, "-w", os.path.join(OUTDIR, "test_capture.pcap")] -) +if TCPDUMP: + tcpdump = subprocess.Popen( + ["tcpdump", "-enli", IFACE, "-w", os.path.join(OUTDIR, "test_capture.pcap")] + ) +if ZEEK_PASSIVERECON: + zeek = subprocess.Popen( + [ + "zeek", + "-C", + "-b", + "-i", + IFACE, + "/usr/share/ivre/zeek/ivre/passiverecon/bare.zeek", + "-e", + "redef tcp_content_deliver_all_resp = T; " + "redef tcp_content_deliver_all_orig = T; " + f"redef PassiveRecon::HONEYPOTS += {{ {IPV4_ADDR}, [{IPV6_ADDR}] }}", + ], + stdout=open("test/res/zeek_passiverecon.stdout", "w"), + stderr=open("test/res/zeek_passiverecon.stderr", "w"), + ) # run masscanned masscanned = subprocess.Popen( [ @@ -93,6 +113,10 @@ except AssertionError: masscanned.kill() masscanned.wait() # terminate capture -tcpdump.kill() -tcpdump.wait() +if TCPDUMP: + tcpdump.kill() + tcpdump.wait() +if ZEEK_PASSIVERECON: + zeek.kill() + zeek.wait() sys.exit(result)