Skip to content
/ caronte Public
forked from eciavatta/caronte

A tool to analyze the network flow during attack/defence capture the flag events

License

GPL-3.0 license
0 stars 85 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

therealbobo/caronte

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
frontend
frontend
 
 
parsers
parsers
 
 
pcaps
pcaps
 
 
scripts
scripts
 
 
shared
shared
 
 
test_data
test_data
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.env
Dockerfile.env
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
application_context.go
application_context.go
 
 
application_context_test.go
application_context_test.go
 
 
application_router.go
application_router.go
 
 
application_router_test.go
application_router_test.go
 
 
caronte.go
caronte.go
 
 
caronte_test.go
caronte_test.go
 
 
connection_handler.go
connection_handler.go
 
 
connection_handler_test.go
connection_handler_test.go
 
 
connection_streams_controller.go
connection_streams_controller.go
 
 
connections_controller.go
connections_controller.go
 
 
docker-compose.testing.yml
docker-compose.testing.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
pcap_importer.go
pcap_importer.go
 
 
pcap_importer_test.go
pcap_importer_test.go
 
 
rules_manager.go
rules_manager.go
 
 
rules_manager_test.go
rules_manager_test.go
 
 
services_controller.go
services_controller.go
 
 
storage.go
storage.go
 
 
storage_test.go
storage_test.go
 
 
stream_handler.go
stream_handler.go
 
 
stream_handler_test.go
stream_handler_test.go
 
 
utils.go
utils.go
 
 

Repository files navigation

[WIP] Caronte

Build Status codecov Codacy Badge

Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence. It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns. The patterns can be defined as regex or using protocol specific rules. The connection flows are saved into a database and can be visualized with the web application. REST API are also provided.

Installation

There are two ways to install Caronte:

  • with Docker and docker-compose, the fastest and easiest way
  • manually installing dependencies and compiling the project

Run with Docker

The only things to do are:

  • clone the repo, with git clone https://github.com/eciavatta/caronte.git
  • inside the caronte folder, run docker-compose up --build -d
  • wait for the image to be compiled and open browser at http://localhost:3333

Manually installation

The first thing to do is to install the dependencies:

Next you need to compile the project, which is composed of two parts:

  • the backend, which can be compiled with go mod download && go build
  • the frontend, which can be compiled with cd frontend && yarn install && yarn build

Before running Caronte starts an instance of MongoDB https://docs.mongodb.com/manual/administration/install-community/ that has no authentication. Be careful not to expose the MongoDB port on the public interface.

Run the binary with ./caronte. The available configuration options are:

-bind-address    address where server is bind (default "0.0.0.0")
-bind-port       port where server is bind (default 3333)
-db-name         name of database to use (default "caronte")
-mongo-host      address of MongoDB (default "localhost")
-mongo-port      port of MongoDB (default 27017)

Configuration

The configuration takes place at runtime on the first start via the graphical interface (TO BE IMPLEMENTED) or via API. It is necessary to setup:

  • the server_address: the ip address of the vulnerable machine. Must be the destination address of all the connections in the pcaps. If each vulnerable service has an own ip, this param accept also a CIDR address. The address can be either IPv4 both IPv6
  • the flag_regex: the regular expression that matches a flag. Usually provided on the competition rules page
  • auth_required: if true a basic authentication is enabled to protect the analyzer
  • an optional accounts array, which contains the credentials of authorized users

Documentation

The backend, written in Go language, it is designed as a service. It exposes REST API that are used by the frontend written using React. The list of available APIs with their explanation is available here: https://app.swaggerhub.com/apis-docs/eciavatta/caronte/WIP

About

A tool to analyze the network flow during attack/defence capture the flag events

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 53.3%
  • JavaScript 38.1%
  • SCSS 5.2%
  • Shell 2.0%
  • Python 0.7%
  • Dockerfile 0.4%
  • HTML 0.3%