def test_udp_severe(self, mock_nmap, mock_alert):
mock_nmap.return_value = {
"scan": {
"8.8.8.8": {
"udp": {
69: {
"state": "filtered"
}
}
}
}
}
ScanningPrivacyNmapPassive()(self.ip_to_mac)
self.assertEqual(2, mock_alert.call_count)
def test_tcp_severe(self, mock_nmap, mock_alert):
ports_scanned = 1
mock_nmap.return_value = {
"scan": {
"8.8.8.8": {
"tcp": {
21: {
"state": "filtered"
}
}
}
}
}
ScanningPrivacyNmapPassive()(self.ip_to_mac)
self.assertEqual(2, mock_alert.call_count - ports_scanned)
def test_tcp_udp_good(self, mock_nmap, mock_alert):
tcp_ports_scanned = 1
mock_nmap.return_value = {
"scan": {
"8.8.8.8": {
"tcp": {
7: {
"state": "filtered"
}
},
"udp": {
7: {
"state": "filtered"
}
}
}
}
}
ScanningPrivacyNmapPassive()(self.ip_to_mac)
self.assertEqual(0, mock_alert.call_count - tcp_ports_scanned)
from src.privacy_analysis.scanning_analysis.scanning_privacy_nmap_passive import ScanningPrivacyNmapPassive
from src.signature_detection.ip_signature import IPSignature
from src.signature_detection.mac_address_signature import MACAddressSignature
from src.signature_detection.signature_detector import SignatureDetector
from src.dashboard.alerts.alert import Alert, Severity, AlertType
from src.anamoly_detection.anomaly_engine import AnomalyEngine
# TODO: Allow user to enable/disable certain rules
rules_packet_privacy = [PacketPrivacyPort()]
rules_system_privacy = [
SystemPrivacyDropbearConfig(),
SystemPrivacyEncryption(),
SystemPrivacyPackageUpgrades(),
SystemPrivacyRootPassword()
]
rules_scanning_privacy = [ScanningPrivacyNmapPassive()]
ids_signatures = [IPSignature("192.168.1.0/24"), MACAddressSignature()]
signature_detector = SignatureDetector(ids_signatures)
# Number of packets to capture, 0 is infinite
num_packets = 0
anomaly_engine = AnomalyEngine(db)
def main():
"""
Main loop of the program, does the following
1. Runs system privacy checks
2. Runs scanning analysis of the IoT devices
3. Sniffs packets on "br-lan" and analyzes the packet against signatures and privacy rules
:return: nothing
"""