def search_service(self, pkg):
"""This method will return a Service that is involved with that pkg.
Priority to search:
1) From destiny IP. For example 50.22.198.206 -> WhatsApp
2) From URL (because of previous DNS query)
2.1) Absolute URL match with DB
2.2) URL relative match with DB (fb.com matches with xxx.ssss.dddd.fff.fb.com)
2.3) Name from URL
"""
service = self.environment.service_analyzer.find_service_from_ip(
pkg.ip.dst)
if service:
service.ips.add(pkg.ip.dst)
return service
else:
host = self.environment.find_host(pkg.ip.dst)
if host:
name = get_significant_name_from_url(host)
ret_service = self.environment.service_analyzer.find_service_from_absolute_url(
host
) or self.environment.service_analyzer.find_service_from_url(
host) or Service.from_name(name)
ret_service.hosts.add(host)
return ret_service
else:
return None
def search_service(self, pkg):
"""For HTTP, a service if not found by conventional method,
the 'host' header can be used to determine destiny URL.
The Service from 'host' header is searched the same way as a DNS cache answered.
"""
service = super().search_service(pkg)
if service:
return service
if hasattr(pkg.http, 'host'):
# When header host is IP addr, create service 'Unknown (IP)'.
# If not, service will have name of the IP
# The name must have info of the IP for the equals btw services
if is_ipaddress(pkg.http.host):
return Service.from_ip_only(pkg.http.host)
else:
name = get_significant_name_from_url(pkg.http.host)
service = self.environment.service_analyzer.find_service_from_absolute_url(
pkg.http.host
) or self.environment.service_analyzer.find_service_from_url(
pkg.http.host) or Service.from_name(name)
service.hosts.add(pkg.http.host)
return service
else:
return None