def test_udp_severe(self, mock_nmap, mock_alert): mock_nmap.return_value = { "scan": { "8.8.8.8": { "udp": { 69: { "state": "filtered" } } } } } ScanningPrivacyNmapPassive()(self.ip_to_mac) self.assertEqual(2, mock_alert.call_count)
def test_tcp_severe(self, mock_nmap, mock_alert): ports_scanned = 1 mock_nmap.return_value = { "scan": { "8.8.8.8": { "tcp": { 21: { "state": "filtered" } } } } } ScanningPrivacyNmapPassive()(self.ip_to_mac) self.assertEqual(2, mock_alert.call_count - ports_scanned)
def test_tcp_udp_good(self, mock_nmap, mock_alert): tcp_ports_scanned = 1 mock_nmap.return_value = { "scan": { "8.8.8.8": { "tcp": { 7: { "state": "filtered" } }, "udp": { 7: { "state": "filtered" } } } } } ScanningPrivacyNmapPassive()(self.ip_to_mac) self.assertEqual(0, mock_alert.call_count - tcp_ports_scanned)
from src.privacy_analysis.scanning_analysis.scanning_privacy_nmap_passive import ScanningPrivacyNmapPassive from src.signature_detection.ip_signature import IPSignature from src.signature_detection.mac_address_signature import MACAddressSignature from src.signature_detection.signature_detector import SignatureDetector from src.dashboard.alerts.alert import Alert, Severity, AlertType from src.anamoly_detection.anomaly_engine import AnomalyEngine # TODO: Allow user to enable/disable certain rules rules_packet_privacy = [PacketPrivacyPort()] rules_system_privacy = [ SystemPrivacyDropbearConfig(), SystemPrivacyEncryption(), SystemPrivacyPackageUpgrades(), SystemPrivacyRootPassword() ] rules_scanning_privacy = [ScanningPrivacyNmapPassive()] ids_signatures = [IPSignature("192.168.1.0/24"), MACAddressSignature()] signature_detector = SignatureDetector(ids_signatures) # Number of packets to capture, 0 is infinite num_packets = 0 anomaly_engine = AnomalyEngine(db) def main(): """ Main loop of the program, does the following 1. Runs system privacy checks 2. Runs scanning analysis of the IoT devices 3. Sniffs packets on "br-lan" and analyzes the packet against signatures and privacy rules :return: nothing """