Update iocs.json

Update README.md

README.md

@@ -6,6 +6,14 @@ SpyGuard is a forked and enhanced version of [TinyCheck](https://github.com/Kasp
 
 As it uses WiFi, SpyGuard can be used against a wide range of devices, such as smartphones, laptops, IOTs or workstations. To do its job, the analysis engine of SpyGuard is using Indicators of Compromise (IOCs), anomaly detection and is supported by [Suricata](https://suricata.io).
 
+### Examples of use cases
+
+|  📰 Journalists   |     🏦 IT Services      |  🌏 NGOs | 👩 Women's Shelter | 👮‍♂️ LEA |
+|:--------:|:-------------:|:-----:|:-----:|:-----:|
+| As a journalist, I need to test my smartphone's against spyware before or during engagements with confidential informants. |  Working for a public institution, I aim to set up a self-service station where individuals can check their smartphones for spyware. | After traveling overseas, I'm looking to check my phone and laptop quickly. | I seek to examine the smartphones of women upon their arrival for any stalkerware. | I aim to check the communications of a smartphone in response to a complaint, as a preliminary step before proceeding with a full forensic analysis. |
+
+**Note:** *SpyGuard is not a forensic tool*. Therefore, it might miss malware that does not communicate during the analysis. [Please refer to the FAQ for more information](https://github.com/SpyGuard/SpyGuard/wiki/Frequently-Asked-Questions#1-spyguard-hasnt-detected-anything-malicious-im-safe).
+
 ### Installation
 
 You need a debian-like operating system to install it easly by using the provided bash script. Once you've cloned the repository, just launch `install.sh` as root. Here are the command lines to do that:
@@ -17,29 +25,35 @@ cd spyguard && sudo bash install.sh
 
 Once installed, you can go to the backend interface located at `https://localhost:8443` to manage the device and setup the right network interfaces to get it working. Please look at the [dedicated wiki page](https://github.com/SpyGuard/spyguard/wiki/Installing-SpyGuard) to get some tips regarding it.
 
+> [!WARNING]
 > Please check prior the installation that your Linux distribution is using `nmcli` to manage networks. If you want to install it on a Raspberry Pi
-> you need to activate it via the `raspi-config` interface.
+> you need to activate it via the `raspi-config` interface prior Spyguard installation ([See here](https://github.com/SpyGuard/spyguard/wiki/Installing-SpyGuard#common-issues)).
+
+The frontend is available at the URL `https://localhost:8000`.
 
 ### Smartphone analysis best practices 
 
-* Do the interception in a public place (library, restaurant...) or common place (office, home...); 
-* Intercept the network communications of the device for at least 10 minutes; 
-* Interact with the analysed device during the interception (reboot it, take a photo, send a message...);
+* Do the interception in a public place (library, restaurant, train station...) or common place (office, home...); 
+* Intercept the network communications of the device for at least 15 minutes; 
+* Interact with the analysed device during the interception (reboot it, take a photo, send an SMS...);
 
 ### SpyGuard and Stalkerware threat
 
-The indicators of compromise (IOCs) linked to stalkerware are now fully managed by [ECHAP](https://echap.eu.org), a French association working against  cyberviolence. Even though stalkerware still remains a threat, remember that most of digital violence and surveillance is done by using simple means, such as hacking cloud & mail accounts. Therefore, we encourage you to consult the [ECHAP guides](https://echap.eu.org/ressources/) and apply their advice to your digital life alongside of device checks.
+The indicators of compromise (IOCs) linked to stalkerware are now fully managed by [ECHAP](https://echap.eu.org), a French association working against cyberviolence. Even though stalkerware still remains a threat, **remember that most of digital violence and surveillance is done by using simple means**, such as hacking cloud & mail accounts. Therefore, we encourage you to consult the [ECHAP guides](https://echap.eu.org/ressources/) and apply their advice to your digital life alongside of device checks.
 
+> [!IMPORTANT]
 > It is worth mentioning that the IOCs are distributed under the **Creative Common BY-NC-SA** licence.
 > This imply a **non commercial use** of them. Please respect this licence and ask ECHAP for any question related to that.
 
 ### Commercial use
 
-You can use SpyGuard in a commercial product. However, you can't use SpyGuard as the name of your product and you’re still required to follow the terms and conditions that the Apache License imposes, like refering to the SpyGuard project in customer documentation. Moreover, a sweet note to explain your use to the author is always appreciated, please see the contact below. 
+You can use SpyGuard in a commercial product. However, you can't use SpyGuard as the name of your product and you’re still required to follow the terms and conditions that the Apache License imposes, like refering to the SpyGuard project in customer documentation. Moreover, a sweet note to explain your use to the author is always appreciated, please see the contact below. You liked SpyGuard? Do not hesistate to make a donation!
+
+<a href="https://www.paypal.com/donate/?hosted_button_id=V77EASZEVTXKL"><img src="https://raw.githubusercontent.com/aha999/DonateButtons/master/Paypal.png" width="150" /></a>
 
 ### Contact
 
-If you need an express help or have a specific demand/question, do not hesitate to contact [the author](https://twitter.com/felixaime) via Twitter or by sending an email at spyguard@protonmail.com. A bug? Do not hesitate to open a [new issue](https://github.com/SpyGuard/spyguard/issues).
+If you need an express help to understand the results of the analysis or have a specific demand/question, do not hesitate to contact [the author](https://twitter.com/felixaime) via Twitter or by sending an email at spyguard@protonmail.com. A bug? Do not hesitate to open a [new issue](https://github.com/SpyGuard/spyguard/issues).
 
 ### They have contributed to or helped this project
 
@@ -50,6 +64,8 @@ If you need an express help or have a specific demand/question, do not hesitate
 
 </p>
 
+##
+
 To work, Spyguard is using a lot of awesome opensource projects, libraries, and fonts, kudos to them:
 
 [Dumpcap](https://tshark.dev/capture/dumpcap/), 
@@ -80,4 +96,4 @@ To work, Spyguard is using a lot of awesome opensource projects, libraries, and
 [OpenSSL](https://www.openssl.org),
 [Spectre CSS](https://picturepan2.github.io/spectre/).
 
-Icons and design created via [Figma](https://www.figma.com).
+Icons and design created via [Figma](https://www.figma.com), list of active TOR nodes taken from [Dan.me.uk](https://www.dan.me.uk/tornodes)

analysis/classes/engine.py

@@ -6,6 +6,7 @@ import os
 import re
 import subprocess as sp
 import sys
+import time
 from datetime import datetime
 from ipaddress import IPv4Address, IPv6Address
 
@@ -90,17 +91,25 @@ class Engine():
 
     def check_internet(self) -> bool:
         """Check the internet link just with a small http request
-        to an URL present in the configuration
+        to an URL present in the configuration. If the link is down,
+        retry 3 times.
 
         Returns:
             bool: True if everything works.
         """
-        try:
-            url = get_config(("network", "internet_check"))
-            requests.get(url, timeout=3)
-            return True
-        except:
-            return False
+        attempts = 3
+
+        while True:
+            try:
+                url = get_config(("network", "internet_check"))
+                requests.get(url, timeout=3)
+                return True
+            except:
+                if attempts == 0:
+                    return False
+                else:
+                    time.sleep(5)
+                    attempts -= 1
 
     def get_public_ip(self) -> list:
         """Get the public IP address

analysis/locales/de.json

@@ -65,11 +65,11 @@
             "description": "Der Server {} wird als Knoten im TOR-Anonymisierungsnetzwerk referenziert. Das analysierte Gerät scheint TOR zu verwenden oder mit einem Server zu kommunizieren, der als TOR-Eingangs- oder -Ausgangsknoten konfiguriert ist. Einige Angreifer nutzen TOR auf ihren Servern, um ihre Spuren zu verwischen."
         },
         "IOC-12": {
-            "title": "Eine Anwendung fordert einen legitimen Dienst an, der möglicherweise doppelt verwendet wird."
+            "title": "Eine Anwendung fordert einen legitimen Dienst an, der möglicherweise doppelt verwendet wird.",
             "description": "Der Server {} wird für legitime Zwecke verwendet. Einige Angreifer können ihn jedoch verwenden, um mit ihren Implantaten zu interagieren. Es wird empfohlen, zu überprüfen, ob das analysierte Gerät eine legitime Anwendung enthält, die diesen Dienst verwendet."
         },
         "IOC-13": {
-            "title": "Mindestens eine Anwendung verwendet verschlüsselte DNS-Abfragen."
+            "title": "Mindestens eine Anwendung verwendet verschlüsselte DNS-Abfragen.",
             "description": "Der DNS over HTTPs server {} wurde während der Erfassung kontaktiert. Dies scheint darauf hinzuweisen, dass mindestens eine Anwendung diese Technik verwendet, um ihre DNS-Anfragen zu verschlüsseln. Diese Funktion schränkt die Scanfunktionen von SpyGuard ein. Wenn diese Funktion auf dem analysierten Gerät nicht aktiviert ist, kann es sich lohnen, herauszufinden, welche App diese Methode verwendet."
         },
         "ACT-01": {
@@ -93,11 +93,11 @@
             "description": "Die Verwendung von selbstsignierten Zertifikaten ist in der Infrastruktur von Angreifern weit verbreitet. Wir empfehlen, den mit diesem Zertifikat verknüpften Host {} zu überprüfen. Sehen Sie sich dazu seinen Domain-Namen (falls vorhanden), den WHOIS-Eintrag und das Erstellungsdatum an und überprüfen Sie die Reputation des Hosts im Internet."
         },
         "SSL-04": {
-            "title": "Das mit {} verknüpfte Zertifikat ist mit böswilligen Aktivitäten ({})" verknüpft,
+            "title": "Das mit {} verknüpfte Zertifikat ist mit böswilligen Aktivitäten ({})",
             "description": "Das mit server {} verknüpfte Zertifikat wurde explizit als bösartig eingestuft. Ihr Gerät sieht kompromittiert aus und muss von einem professionellen Team weiter untersucht werden."
         },
         "SSL-05": {
-            "title": "Die SSL-Konfiguration von {} ist mit bösartigen Aktivitäten ({})" verknüpft,
+            "title": "Die SSL-Konfiguration von {} ist mit bösartigen Aktivitäten ({})",
             "description": "Der serverbezogene JARM-Hash {} wurde explizit mit bösartigen Aktivitäten verknüpft. Ihr Gerät ist möglicherweise kompromittiert und muss von einem professionellen Team weiter untersucht werden."
         },
         "ADV-01": {
@@ -134,7 +134,7 @@
         "packets_number": "Anzahl der Pakete",
         "capture_sha1": "SHA1-Aufnahme",
         "report_for_the_capture": "Bericht zur Aufnahme",
-        "report_footer": "Dieser Bericht wurde von einem SpyGuard-Gerät automatisch erstellt. Wenn Sie Fragen haben, Bugs melden oder Feedback geben möchten, kontaktieren Sie uns unter contact@spyguard.io.",
+        "report_footer": "Dieser Bericht wurde von einem SpyGuard-Gerät automatisch erstellt. Wenn Sie Fragen haben, Bugs melden oder Feedback geben möchten, kontaktieren Sie uns unter spyguard@protonmail.com.",
         "high_msg": "Ihr Gerät scheint kompromittiert zu sein, da Sie {} Warnung(en) der Stufe \"Hoch\" haben.",
         "moderate_msg": "Sie haben {} Warnungen der Stufe \"Mittel\": Ihr Gerät könnte kompromittiert sein. Bitte sehen Sie sich die Warnungen sorgfältig an.",
         "low_msg": "Sie haben nur {} Warnungen der Stufe \"Niedrig\": Überprüfen Sie sie gerne.",

analysis/locales/en.json

@@ -134,7 +134,7 @@
         "packets_number": "Number of packets",
         "capture_sha1": "Capture SHA1",
         "report_for_the_capture": "Report for the capture",
-        "report_footer": "This report has been autogenerated by a SpyGuard device. For any question, bug report or feedback, please contact contact@spyguard.io.",
+        "report_footer": "This report has been autogenerated by a SpyGuard device. For any question, bug report or feedback, please contact spyguard@protonmail.com.",
         "high_msg": "Your device seems to be compromised as you have {} high alert(s).",
         "moderate_msg": "You have {} moderate alert(s), your device might be compromised. Please look at them carefully.",
         "low_msg": "You have only {} low alert(s), don't hesitate to check them.",

analysis/locales/es.json

@@ -134,7 +134,7 @@
         "packets_number": "Número de paquetes",
         "capture_sha1": "Captura SHA1",
         "report_for_the_capture": "Informe de la captura",
-        "report_footer": "Este informe ha sido autogenerado por un dispositivo SpyGuard. Para cualquier pregunta, informe de fallos o feedback por favor contacte con contact@spyguard.io.",
+        "report_footer": "Este informe ha sido autogenerado por un dispositivo SpyGuard. Para cualquier pregunta, informe de fallos o feedback por favor contacte con spyguard@protonmail.com.",
         "high_msg": "Su dispositivo parece estar comprometido ya que tiene {} alerta(s) de nivel alto.",
         "moderate_msg": "Tienes {} alerta(s) de nivel moderado, su dispositivo podría estar comprometido. Por favor revíselas detenidamente.",
         "low_msg": "Solamente tiene {} alertas(s) de nivel bajo, por favor revíselas.",

analysis/locales/fr.json

@@ -134,7 +134,7 @@
         "packets_number": "Nombre de paquets",
         "capture_sha1": "SHA1 de la capture",
         "report_for_the_capture": "Rapport pour la capture",
-        "report_footer": "Ce rapport a été automatiquement généré par une instance de SpyGuard. Pour toute question et retours, n'hésitez pas à contacter contact@spyguard.io.",
+        "report_footer": "Ce rapport a été automatiquement généré par une instance de SpyGuard. Pour toute question et retours, n'hésitez pas à contacter spyguard@protonmail.com.",
         "high_msg": "Votre appareil semble être compromis car vous avez {} alerte(s) élevée(s).",
         "moderate_msg": "Vous avez {} alerte(s) modérée(s), votre appareil peut être compromis. Regardez ces alertes en détail.",
         "low_msg": "Vous avez uniquement {} alerte(s) faibles, n'hésitez pas à les consulter.",

analysis/locales/it.json

@@ -134,7 +134,7 @@
         "packets_number": "Numero di pacchetti",
         "capture_sha1": "SHA1 acquisizione",
         "report_for_the_capture": "Rapporto relativo all'acquisizione",
-        "report_footer": "Questo rapporto è stato generato automaticamente da un dispositivo SpyGuard. Per eventuali domande, segnalazioni di bug o feedback, contattare contact@spyguard.io.",
+        "report_footer": "Questo rapporto è stato generato automaticamente da un dispositivo SpyGuard. Per eventuali domande, segnalazioni di bug o feedback, contattare spyguard@protonmail.com.",
         "high_msg": "Sembra che il dispositivo sia compromesso poiché sono presenti {} avvisi con priorità elevata.",
         "moderate_msg": "Sono presenti {} avvisi con priorità moderata, è possibile che il dispositivo sia compromesso. Esaminarli con attenzione.",
         "low_msg": "Sono presenti solo {} avvisi con priorità bassa da controllare.",

analysis/locales/pl.json

@@ -0,0 +1,147 @@
+{
+    "alerts": {
+        "PROTO-01": {
+            "title": "Komunikacja {} poza sieć lokalną z {}.",
+            "description": "Protokół {} jest często używany w sieciach lokalnych. Sprawdź, czy host {} jest obecny w innych ostrzeżeniach, co może oznaczać złośliwe zachowanie."
+        },
+        "PROTO-02": {
+            "title": "{} Połączenie z {} do portu większego lub równego {}.",
+            "description": "{}Zaobserwowano połączenie z {} do portu {}. Użycie niestandardowych portów może wskazywać na złośliwą komunikację. Zaleca się sprawdzenie reputacji hosta poprzez przejrzenie innych ostrzeżeń oraz przeszukanie internetu."
+        },
+        "PROTO-03": {
+            "title": "Komunikacja HTTP z hostem {}.",
+            "description": "Twoje urządzenie komunikowało się z hostem {} przy użyciu nieszyfrowanego protokołu HTTP. To niekoniecznie złośliwa komunikacja, rzadko się jednak zdarza nieszyfrowana komunikacja w przypadku aplikacji działających w tle - gdy użytkownik nie odwiedzi samemu nieszyfrowanej strony. Sprawdź reputację hosta w internecie." 
+        },
+        "PROTO-04": {
+            "title": "Komunikacja HTTP z hostem {} na niestandardowym porcie ({}).",
+            "description": "Twoje urządzenie komunikowało się z hostem {} przy użyciu nieszyfrowanego protokołu HTTP na porcie {}. Takie zachowanie jest dosyć nietypowe. Sprawdź reputację hosta w internecie."
+        },
+        "PROTO-05": {
+            "title": "Serwer {} nie został rozwiązany poprzez zapytanie DNS podczas badania.",
+            "description": "Oznacza to, że serwer {} nie został odwzorowany z zapytania o jakąkolwiek domenę lub urzadzenie wykorzystało wartość z cache. Przyjrzyj się temu hostowi jeśli pojawia się w innych ostrzeżeniach."
+        },
+        "IOC-01": {
+            "title": "Nawiązano połączenie z  {} ({}), który jest oznaczony jako {}.",
+            "description": "Serwer {} został dodany na listę podejrzanych adresów w związku ze złośliwym zachowaniem. Prawodpodobnie Twoje urządzenie jest skompromitowane i powinno zostać poddane dokładniejszej analizie przez profesjonalistę od bezpieczeństwa IT."
+        },
+        "IOC-02": {
+            "title": "Komunikacja z {} w sieci  {}, która jest oznaczona jako {}.",
+            "description": "Serwer {} pracuje w obrębie sieci, która jest znana z hostowania złośliwego oprogramowania. To nie musi oznaczać przeprowadzenia złośliwych działań, sprawdź jednak czy ten serwer jest wspomniany w innych ostrzeżeniach. W przypadku wątpliwości przeszukaj internet pod kątem informacji o tym serwerze i jego reputacji."
+        },
+        "IOC-03": {
+            "title": "Zaobserwowano zapytanie DNS o nazwę {}, która jest oznaczona jako {}.",
+            "description": "Nazwa domenowa {} zaobserwowana w ruchu sieciowym została jednoznacznie oznaczona jako złośliwa. Oznacza to, że Twoje urządzenie jest prawdopodobnie skompromitowane i powinno być poddane dokładniejszej analizie."
+        },
+        "IOC-04": {
+            "title": "Zaobserwowano zapytanie DNS o nazwę {}, która jest oznaczona jako {}.",
+            "description": "Nazwa domenowa {} zaobserwowana w ruchu sieciowym została jednoznacznie oznaczona jako śledząca. Oznacza to, że jedna z aplikacji śledzi Twoje położenie geograficzne."
+        },
+        "IOC-05": {
+            "title": "Zaobserwowano zapytanie DNS o nazwę {}, która używa usługi Free DNS.",
+            "description": "Nazwa domenowa {} używa usługi Free DNS. Ten rodzaj jest często używany przez cyberprzestępców lub atakujących sponsorowanych przez państwa podczas ich działań. To bardzo podejrzane, że aplikacja na urządzeniu używa tego rodzaju usługi, należy przeprowadzić śledztwo."
+        },
+        "IOC-06": {
+            "title": "Zaobserwowano zapytanie DNS o nazwę {}, która zawiera podejrzaną domenę najwyższego poziomu (TLD)",
+            "description": "Nazwa domenowa {} używa podejrzanej domeny najwyższego poziomu ({}). Pomimo, że sama w sobie nie złośliwa, ta domena najwyższego poziomu jest regularnie używana przez cyberprzestępców lub atakujących sponsorowanych przez państwa. Sprawdź domenę poprzez wyszukanie informacji o niej. Jeśli inne ostrzeżenia dotyczą tego adresu jest to bardzo podejrzane."
+        },
+        "IOC-07": {
+            "title": "A certificate associated to {} activities have been found in the communication to {}.",
+            "description": "The certificate ({}) associated to {} has been explicitly tagged as malicious. This indicates that your device is likely compromised and need a forensic analysis."
+        },
+        "IOC-08": {
+            "title": "An HTTP request have been done to {} which is tagged as {}.",
+            "description": "The domain name {} seen in the capture has been explicitly tagged as malicious. This indicates that your device is likely compromised and needs to be investigated deeply."
+        },
+        "IOC-09": {
+            "title": "An HTTP request have been done to the domain {} which is a Free DNS.",
+            "description": "The domain name {} is using a Free DNS service. This kind of service is commonly used by cybercriminals or state-sponsored threat actors during their operations. It is very suspicious that an application running in background use this kind of service, please investigate."
+        },
+        "IOC-10": {
+            "title": "An HTTP request have been done to the domain {} which contains a suspect TLD.",
+            "description": "The domain name {} is using a suspect Top Level Domain ({}). Even not malicious, this non-generic TLD is used regularly by cybercrime or state-sponsored operations. Please check this domain by searching it on an internet search engine. If other alerts are related to this host, please consider it as very suspicious."
+        },
+        "IOC-11": {
+            "title": "Połączenie z {} ({}), który jest określany jako węzeł sieci TOR.",
+            "description": "Serwer {} jest określany jako węzeł sieci anonymizującej TOR. Wygląda na to, że analizowane urządzenie używa sieci TOR lub komunikuje się z serwerem, który jest skonfigurowany jako węzeł wejściowy lub wyjściowy sieci TOR. Niektórzy atakujący używają sieci TOR w celu zatarcia śladów."
+        },
+        "IOC-12": {
+            "title": "Aplikacja komunikuje się z usługą, która może być nadużywana.",
+            "description": "Serwer {} jest używany dla uzasadnionych celów . Atakujący może być jednak w stanie komunikować się z implantami poprzez usługę. Zaleca się sprawdzić obecność na urządzenie prawowitej aplikcji przeznaczonej do korzystania z usługi."
+        },
+        "IOC-13": {
+            "title": "Co najmniej jedna aplikacja używa szyfrowania zapytań DNS.",
+            "description": "Skorzystano z serwera {} DNS over HTTPs (DoH) podczas badania. Wygląda na to, że co najmniej jedna aplikacja używa tej metody w celu szyfrowania zapytań DNS. Ogranicza to możliwościa przeglądania ruchu przez SpyGuard. Jeśli ta funkcja nie jest włączona na urządzeniu, warto dowiedzieć się, która aplikaja używa tej metody."
+        },
+        "ACT-01": {
+            "title": "Domena {} używa podejrzanego serwera nazw ({}).",
+            "description": "Nazwa domenowa {} używa serwera nazwa, który został jednoznacznie oznaczony jako skojarzony ze złośliwymi działaniami. Wielu cybeprzestępców oraz atakujących sponsorowanych przez państwa używa tego rodzaju rejestratorów nazw ponieważ pozwalają na płatności kryptowalutami oraz płatności anonimowe. Zaleca się zbadać tą domenę oraz aplikacje, które ją wykorzystują poprzez analizę telefonu metodami informatyki śledczej."
+        },
+        "ACT-02": {
+            "title": "Domena {} został stworzona całkiem niedawno ({} dni temu).",
+            "description": "Nazwa domenowa {} jest relatywnie nowa. Mimo że to samo w sobie nie jest złośliwe, dosyć często atakujący tworzą nową infrastrukturę dla kolejnych kampanii ataków co może objawiać się wykorzystaniem świeżo rejestrowanych domen."
+        },
+        "SSL-01": {
+            "title": "Połączenie TLS/SSL zrealizowane na niestandardowym porcie ({}) do {}",
+            "description": "Urządznie takie jak smartphone rzadko używają niestandardowych portów do połączeń TLS/SSL. Pomimo tego, że to może być całkowicie prawidłowe działanie, zalecamy sprawdzenie reputacji {} poprzez sprawdzenie rekordów WHOIS, skojarzone systemu autonomicznego, czasu utworzenia oraz przeszukanie internetu."
+        },
+        "SSL-02": {
+            "title": "Połączenie TLS/SSL do {} używającego darmowego certyfikatu.",
+            "description": "Darmowe certyfikaty - takie jak Let's Encrypt - są szeroko używane w obrębie serwerów kierowania i kontroli oraz do stron phishingowych. Zaleca się sprawdzić hosta skojarzonego z tym certyfikatem, przyjrzenie się domenie, jej dacie utworzenialub sprawdzenie reputacji hosta."
+        },
+        "SSL-03": {
+            "title": "Certyfikat towarzyszący {} jest z podpisem własnym (self-signed).",
+            "description": "Użycie certyfikatów z podpisem własnym (self-signed) jest częstą praktyką w przypadku infrastruktury atakujących. Zaleca się sprawdzić hosta {}, który jest skojarzony z certyfikatem, przyjrzeć się domenie (jeśli istnieje), rekordowi WHOIS, dacie utworzenia oraz sprawdzić reputację w internecie"
+        },
+        "SSL-04": {
+            "title": "Certyfikat towarzyszący {} jest skojarzony ze złośliwą działalnością ({}).",
+            "description": "Certyfikat wykorzystywany przez serwer {} został jednoznacznie skategoryzowany jako złośliwy. Twoje urządzenie wygląda na skompromitowane i powinno być poddane dalszej analizie przez profesjonalistów."
+        },
+        "SSL-05": {
+            "title": "Konfiguracja TLS/SSL hosta {} jest powiązana ze złośliwą działalnością ({}).",
+            "description": "Hash JARM skojarzony z serwerem {} został jednoznacznie skategoryzowany jako złośliwy. Twoje urządzenie może być skompromitowane i powinno być poddane dalszej analizie przez profesjonalistów."
+        },
+        "ADV-01": {
+            "title": "Check the alerts for {}",
+            "description": "Please, check the reputation of the host {}, this one seems to be malicious as it leveraged {} alerts during the session."
+        },
+        "SNORT-01": {
+            "title": "Zadziałała reguła Suricata: {}",
+            "description": "Reguła wykrywania zdarzeń została aktywowana. Jest prawdopodobne, że Twoje urządznie jest skompromitowane lub wykazuje podejrzane zachowanie."
+        }
+    },
+    "report": {
+        "numbers": [
+            "jeden",
+            "dwa",
+            "trzy",
+            "cztery",
+            "pięć",
+            "sześć",
+            "siedem",
+            "osiem",
+            "dziewięć"
+        ],
+        "suspect_title": "Podejrzana komunikacja",
+        "uncat_title": "Nieskategoryzowana komunikacja",
+        "whitelist_title": "Komunikacja z listy dozwolonej",
+        "protocol": "Protokół",
+        "domain": "Domena",
+        "dst_ip": "Docelowy adres IP",
+        "dst_port": "Docelowy numer portu",
+        "device_mac": "Adres MAC urządzenia",
+        "report_generated_on": "Raport wygenerowano",
+        "capture_duration": "Czas trwania badania",
+        "packets_number": "Liczba pakietów",
+        "capture_sha1": "SHA1 zapisu ruchu",
+        "report_for_the_capture": "Raport dla badania",
+        "report_footer": "Raport został wygenerowany automatycznie przez urządzenie SpyGuard. W sprawie pytań, błędów oraz oceny, kontakt: spyguard@protonmail.com.",
+        "high_msg": "Twoje urządzenie wygląd na skompromitowane, odnotowano {} wysokich ostrzeżeń.",
+        "moderate_msg": "Odntowano {} umiarkowanych ostrzeżeń, Twoje urządzenie może być skompromitowane. Badź czujna(y) używając go.",
+        "low_msg": "Odnotowano tylko niskie ostrzeżenia: {}. Możesz się im przyjrzeć.",
+        "none_msg": "Zero ostrzeżeń, wszystko wygląda dobrze. Możesz się przyjrzeć nieskategoryzowanej komunikacji, jeżeli miała miejsce.",
+        "detection_methods": "Metody detekcji",
+        "analysis_duration": "Czas trwania analizy",
+        "instance_uuid": "Instancja SpyGuard",
+        "seconds" : "sekund(y)"
+    }
+}

analysis/locales/pt.json

@@ -134,7 +134,7 @@
         "packets_number": "Número de pacotes",
         "capture_sha1": "Captura SHA1",
         "report_for_the_capture": "Relatório da captura",
-        "report_footer": "Este relatório foi gerado automaticamente por um dispositivo SpyGuard. Em caso de dúvidas, relatório de erros ou comentários, envie uma mensagem para contact@spyguard.io.",
+        "report_footer": "Este relatório foi gerado automaticamente por um dispositivo SpyGuard. Em caso de dúvidas, relatório de erros ou comentários, envie uma mensagem para spyguard@protonmail.com.",
         "high_msg": "O dispositivo parece estar comprometido porque você tem {} alerta(s) crítico(s).",
         "moderate_msg": "Você tem {} alerta(s) moderado(s), seu dispositivo pode estar comprometido. Analise-os com cuidado.",
         "low_msg": "Você tem apenas {} alerta(s) leve(s), não deixe de verificá-los.",

analysis/locales/ru.json

@@ -134,7 +134,7 @@
         "packets_number": "Количество пакетов",
         "capture_sha1": "Сбор данных SHA1",
         "report_for_the_capture": "Отчет для сбора данных",
-        "report_footer": "Этот отчет был автоматически сформирован устройством SpyGuard. С любыми вопросами, сообщениями об ошибках или отзывами обращайтесь по адресу contact@spyguard.io.",
+        "report_footer": "Этот отчет был автоматически сформирован устройством SpyGuard. С любыми вопросами, сообщениями об ошибках или отзывами обращайтесь по адресу spyguard@protonmail.com.",
         "high_msg": "Вероятно, ваше устройство взломано, поскольку у вас {} предупрежд. высокого уровня.",
         "moderate_msg": "У вас {} предупрежд. среднего уровня. Возможно, ваше устройство взломано. Внимательно изучите их.",
         "low_msg": "У вас {} предупрежд. низкого уровня, проверьте их.",

app/.gitignore

@@ -81,7 +81,7 @@ typings/
 
 # Nuxt.js build / generate output
 .nuxt
-dist
+
 
 # Gatsby files
 .cache/

app/frontend/dist/.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-    "python.pythonPath": "/usr/local/opt/python@3.8/bin/python3.8"
-}

app/frontend/dist/index.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Vue App</title><link href="/css/chunk-0d175fb6.3b87afd9.css" rel="prefetch"><link href="/css/chunk-7cb613d5.030f6319.css" rel="prefetch"><link href="/js/chunk-0d175fb6.56d23ddc.js" rel="prefetch"><link href="/js/chunk-2d0b23b3.3d66404f.js" rel="prefetch"><link href="/js/chunk-2d0b6d35.9c950e8a.js" rel="prefetch"><link href="/js/chunk-2d0baeaa.9d6eca74.js" rel="prefetch"><link href="/js/chunk-2d0cfa15.805b5619.js" rel="prefetch"><link href="/js/chunk-2e6079ad.3b1ceaed.js" rel="prefetch"><link href="/js/chunk-7cb613d5.35dd63f5.js" rel="prefetch"><link href="/css/app.f82c83ee.css" rel="preload" as="style"><link href="/css/chunk-vendors.466ce708.css" rel="preload" as="style"><link href="/js/app.13d7f657.js" rel="preload" as="script"><link href="/js/chunk-vendors.3521aad3.js" rel="preload" as="script"><link href="/css/chunk-vendors.466ce708.css" rel="stylesheet"><link href="/css/app.f82c83ee.css" rel="stylesheet"></head><body><div id="app"></div><script src="/js/chunk-vendors.3521aad3.js"></script><script src="/js/app.13d7f657.js"></script></body></html>
+<!DOCTYPE html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Vue App</title><link href="/css/chunk-0861991e.3b87afd9.css" rel="prefetch"><link href="/css/chunk-20894ada.030f6319.css" rel="prefetch"><link href="/js/chunk-0861991e.9c29cadc.js" rel="prefetch"><link href="/js/chunk-20894ada.5d58a9fc.js" rel="prefetch"><link href="/js/chunk-2d0b23b3.7a92b6b1.js" rel="prefetch"><link href="/js/chunk-2d0b6d35.594f8d0e.js" rel="prefetch"><link href="/js/chunk-2d0baeaa.e5cd247b.js" rel="prefetch"><link href="/js/chunk-2d0cfa15.15a50d26.js" rel="prefetch"><link href="/js/chunk-2e6079ad.09954c81.js" rel="prefetch"><link href="/css/app.9dd9f6a0.css" rel="preload" as="style"><link href="/css/chunk-vendors.466ce708.css" rel="preload" as="style"><link href="/js/app.5d381dba.js" rel="preload" as="script"><link href="/js/chunk-vendors.bad3f814.js" rel="preload" as="script"><link href="/css/chunk-vendors.466ce708.css" rel="stylesheet"><link href="/css/app.9dd9f6a0.css" rel="stylesheet"></head><body><div id="app"></div><script src="/js/chunk-vendors.bad3f814.js"></script><script src="/js/app.5d381dba.js"></script></body></html>

app/frontend/dist/js/chunk-0861991e.9c29cadc.js

@@ -0,0 +1,2 @@
+(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-0861991e"],{5980:function(e,s,t){},9152:function(e,s,t){"use strict";t.r(s);var a=function(){var e=this,s=e._self._c;return s("div",{staticClass:"wrapper"},[e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",{staticClass:"canvas-anim",class:{"anim-connect":!e.saved&&!e.usb},on:{click:function(s){return e.new_capture()}}},[!e.saved&&e.usb?s("div",{staticClass:"icon-spinner"}):e._e(),e.saved?s("div",{staticClass:"icon-success"}):e._e(),s("div",{staticClass:"icon-usb"}),s("div",{staticClass:"icon-usb-plug"})]),e.saved||e.usb?e._e():s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.please_connect")))]),!e.saved&&e.usb?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.we_are_saving")))]):e._e(),e.saved?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.tap_msg")))]):e._e()]):!e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",[s("p",{staticClass:"legend"},[e._v(e._s(e.$t("save-capture.capture_download"))),s("br"),s("br"),s("br")]),s("button",{staticClass:"btn btn-primary",on:{click:function(s){return e.new_capture()}}},[e._v(e._s(e.$t("save-capture.start_capture_btn")))]),s("iframe",{staticClass:"frame-download",attrs:{src:e.download_url}})])]):e._e()])},n=[],c=(t("14d9"),t("bc3a")),i=t.n(c),u=t("a18c"),o={name:"save-capture",components:{},data(){return{usb:!1,saved:!1,save_usb:!1,init:!1}},props:{capture_token:String},methods:{check_usb:function(){console.log("[save-capture.vue] Checking connected USB device..."),i.a.get("/api/save/usb-check",{timeout:3e4}).then(e=>{e.data.status&&(this.usb=!0,clearInterval(this.interval),this.save_capture())})},save_capture:function(){var e=this.capture_token;console.log("[save-capture.vue] Saving the capture on USB"),i.a.get(`/api/save/save-capture/${e}/usb`,{timeout:3e4}).then(e=>{e.data.status&&(this.saved=!0,console.log("[save-capture.vue] Capture saved, going back to main view"),this.timeout=setTimeout(()=>u["a"].push("/"),6e4))})},new_capture:function(){console.log("[save-capture.vue] Capture saved, generating a new access point"),clearTimeout(this.timeout),u["a"].push({name:"generate-ap"})}},created:function(){console.log("[save-capture.vue] Showing save-capture.vue"),window.config.download_links?(console.log("[save-capture.vue] Using download links instead of USB key"),this.init=!0,this.save_usb=!1,this.download_url=`/api/save/save-capture/${this.capture_token}/url`):(console.log("[save-capture.vue] Using USB key to save the capture"),this.init=!0,this.save_usb=!0,this.interval=setInterval(()=>{this.check_usb()},500))}},r=o,v=(t("d12d"),t("2877")),l=Object(v["a"])(r,a,n,!1,null,null,null);s["default"]=l.exports},d12d:function(e,s,t){"use strict";t("5980")}}]);
+//# sourceMappingURL=chunk-0861991e.9c29cadc.js.map

app/frontend/dist/js/chunk-0d175fb6.56d23ddc.js

@@ -1,2 +0,0 @@
-(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-0d175fb6"],{"192d":function(e,s,t){"use strict";t("fd7d")},9152:function(e,s,t){"use strict";t.r(s);var a=function(){var e=this,s=e._self._c;return s("div",{staticClass:"wrapper"},[e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",{staticClass:"canvas-anim",class:{"anim-connect":!e.saved&&!e.usb},on:{click:function(s){return e.new_capture()}}},[!e.saved&&e.usb?s("div",{staticClass:"icon-spinner"}):e._e(),e.saved?s("div",{staticClass:"icon-success"}):e._e(),s("div",{staticClass:"icon-usb"}),s("div",{staticClass:"icon-usb-plug"})]),e.saved||e.usb?e._e():s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.please_connect")))]),!e.saved&&e.usb?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.we_are_saving")))]):e._e(),e.saved?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.tap_msg")))]):e._e()]):!e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",[s("p",{staticClass:"legend"},[e._v(e._s(e.$t("save-capture.capture_download"))),s("br"),s("br"),s("br")]),s("button",{staticClass:"btn btn-primary",on:{click:function(s){return e.new_capture()}}},[e._v(e._s(e.$t("save-capture.start_capture_btn")))]),s("iframe",{staticClass:"frame-download",attrs:{src:e.download_url}})])]):e._e()])},n=[],c=(t("14d9"),t("bc3a")),i=t.n(c),u=t("a18c"),o={name:"save-capture",components:{},data(){return{usb:!1,saved:!1,save_usb:!1,init:!1}},props:{capture_token:String},methods:{check_usb:function(){console.log("[save-capture.vue] Checking connected USB device..."),i.a.get("/api/save/usb-check",{timeout:3e4}).then(e=>{e.data.status&&(this.usb=!0,clearInterval(this.interval),this.save_capture())})},save_capture:function(){var e=this.capture_token;console.log("[save-capture.vue] Saving the capture on USB"),i.a.get(`/api/save/save-capture/${e}/usb`,{timeout:3e4}).then(e=>{e.data.status&&(this.saved=!0,console.log("[save-capture.vue] Capture saved, going back to main view"),this.timeout=setTimeout(()=>u["a"].push("/"),6e4))})},new_capture:function(){console.log("[save-capture.vue] Capture saved, generating a new access point"),clearTimeout(this.timeout),u["a"].push({name:"generate-ap"})}},created:function(){console.log("[save-capture.vue] Showing save-capture.vue"),window.config.download_links?(console.log("[save-capture.vue] Using download links instead of USB key"),this.init=!0,this.save_usb=!1,this.download_url=`/api/save/save-capture/${this.capture_token}/url`):(console.log("[save-capture.vue] Using USB key to save the capture"),this.init=!0,this.save_usb=!0,this.interval=setInterval(()=>{this.check_usb()},500))}},r=o,v=(t("192d"),t("2877")),l=Object(v["a"])(r,a,n,!1,null,null,null);s["default"]=l.exports},fd7d:function(e,s,t){}}]);
-//# sourceMappingURL=chunk-0d175fb6.56d23ddc.js.map

app/frontend/dist/js/chunk-2d0b23b3.7a92b6b1.js

@@ -1,2 +1,2 @@
 (window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0b23b3"],{"22da":function(e,t,a){"use strict";a.r(t);var s=function(){var e=this,t=e._self._c;return t("div",{staticClass:"wrapper"},[t("div",{staticClass:"center"},[t("svg",{staticStyle:{margin:"auto",background:"none",display:"block","shape-rendering":"auto"},attrs:{xmlns:"http://www.w3.org/2000/svg","xmlns:xlink":"http://www.w3.org/1999/xlink",width:"194px",height:"194px",viewBox:"0 0 100 100",preserveAspectRatio:"xMidYMid"}},[t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dfdfdf","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"0s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"0s"}})]),t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dadada","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}})])]),e.long_waiting?e._e():t("p",{staticClass:"legend"},[e._v(e._s(e.$t("analysis.please_wait_msg")))]),e.long_waiting?t("p",{staticClass:"legend fade-in"},[e._v(e._s(e.$t("analysis.some_time_msg")))]):e._e()])])},i=[],n=a("a18c"),l=a("bc3a"),r=a.n(l),o={name:"analysis",data(){return{check_alerts:!1,long_waiting:!1}},props:{capture_token:String},methods:{start_analysis:function(){console.log("[analysis.vue] Starting the analysis..."),setTimeout(function(){this.long_waiting=!0}.bind(this),15e3),r.a.get("/api/analysis/start/"+this.capture_token,{timeout:6e4}).then(e=>{"Analysis started"==e.data.message&&(this.check_alerts=setInterval(()=>{this.get_alerts()},500))}).catch(e=>{console.log(e)})},get_alerts:function(){r.a.get("/api/analysis/report/"+this.capture_token,{timeout:6e4}).then(e=>{"No report yet"!=e.data.message?(console.log("[analysis.vue] Got the results analysis, moving to report view"),clearInterval(this.check_alerts),this.long_waiting=!1,n["a"].replace({name:"report",params:{alerts:e.data.alerts,device:e.data.device,methods:e.data.methods,pcap:e.data.pcap,records:e.data.records,capture_token:this.capture_token}})):console.log("[analysis.vue] No analysis results yet")}).catch(e=>{console.log(e)})}},created:function(){console.log("[analysis.vue] Showing analysis.vue"),this.start_analysis()}},c=o,d=a("2877"),p=Object(d["a"])(c,s,i,!1,null,null,null);t["default"]=p.exports}}]);
-//# sourceMappingURL=chunk-2d0b23b3.3d66404f.js.map
+//# sourceMappingURL=chunk-2d0b23b3.7a92b6b1.js.map

app/frontend/dist/js/chunk-2d0b6d35.594f8d0e.js

@@ -1,2 +1,2 @@
 (window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0b6d35"],{"1f8b":function(e,t,s){"use strict";s.r(t);var n=function(){var e=this,t=e._self._c;return t("div",{staticClass:"wrapper-dark"},[t("div",{staticClass:"center"},[t("h1",{attrs:{id:"title"}},[e._v(e._s(e.title))]),t("span",{staticClass:"loading loading-lg loadingsplash"}),t("span",{staticClass:"message_splash"},[e._v(e._s(e.message))])])])},a=[],o=s("a18c"),i=s("bc3a"),l=s.n(i),c={name:"splash-screen",components:{},data(){return{internet:!1,message:"",title:"SPYGUARD",letters:["SSS§ṠSSSSS","PPPþ⒫PPPP","YYYÿYYYÿYȲYY","GGḠGGGǤG¬G","UÚUUÜUɄUUU","AAAAÄA¬AAA","RЯRɌRRRɌʭR","DD¬DDDDƋDD"]}},methods:{delete_captures:function(){this.message="Doing some cleaning...",console.log("[splash-screen.vue] Deleting previous captures..."),l.a.get("/api/misc/delete-captures",{timeout:3e4}),setTimeout(function(){this.goto_home()}.bind(this),2e3)},goto_home:function(){console.log("[splash-screen.vue] Going to home..."),this.message="Going to home...",o["a"].replace({name:"home"})},generate_random:function(e=0,t=1e3){let s=t-e,n=Math.random();return n=Math.floor(n*s),n+=e,n}},created:function(){window.access_point="",console.log("[splash-screen.vue] Welcome to SPYGUARD"),setInterval(function(){let e="";this.letters.forEach(t=>{e+=t.charAt(this.generate_random(0,9))}),this.title=e,setTimeout(function(){this.title="SPYGUARD"}.bind(this),this.generate_random(30,100))}.bind(this),this.generate_random(500,4e3)),this.delete_captures()}},r=c,h=s("2877"),u=Object(h["a"])(r,n,a,!1,null,null,null);t["default"]=u.exports}}]);
-//# sourceMappingURL=chunk-2d0b6d35.9c950e8a.js.map
+//# sourceMappingURL=chunk-2d0b6d35.594f8d0e.js.map

app/frontend/dist/js/chunk-2d0baeaa.e5cd247b.js

@@ -1,2 +1,2 @@
 (window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0baeaa"],{"38f5":function(e,t,a){"use strict";a.r(t);var s=function(){var e=this,t=e._self._c;return t("div",{staticClass:"wrapper"},[t("div",{staticClass:"center"},[0==e.error?t("div",[e.ssid_name?t("div",[t("div",{staticClass:"card apcard",on:{click:function(t){return e.generate_ap()}}},[t("div",{staticClass:"columns"},[t("div",{staticClass:"column col-5"},[t("center",[t("img",{attrs:{src:e.ssid_qr,id:"qrcode"}})])],1),t("div",{staticClass:"divider-vert white-bg",attrs:{"data-content":"OR"}}),t("div",{staticClass:"column col-5"},[t("br"),t("span",{staticClass:"light-grey"},[e._v(e._s(e.$t("generate-ap.network_name"))+" ")]),t("br"),t("h4",[e._v(e._s(e.ssid_name))]),t("span",{staticClass:"light-grey"},[e._v(e._s(e.$t("generate-ap.network_password"))+" ")]),t("br"),t("h4",[e._v(e._s(e.ssid_password))])])])]),t("br"),t("br"),t("br"),t("br"),e._v(" "),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("span",{staticClass:"legend"},[e._v(e._s(e.$t("generate-ap.tap_msg")))])]):t("div",[t("svg",{staticStyle:{margin:"auto",background:"none",display:"block","shape-rendering":"auto"},attrs:{xmlns:"http://www.w3.org/2000/svg","xmlns:xlink":"http://www.w3.org/1999/xlink",width:"194px",height:"194px",viewBox:"0 0 100 100",preserveAspectRatio:"xMidYMid"}},[t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dfdfdf","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"0s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"0s"}})]),t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dadada","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}})])]),t("p",{staticClass:"legend"},[e._v(e._s(e.$t("generate-ap.generate_ap_msg")))])])]):t("div",[t("p",[t("strong",{domProps:{innerHTML:e._s(e.$t("generate-ap.error_msg1"))}}),t("br"),t("br"),t("span",{domProps:{innerHTML:e._s(e.$t("generate-ap.error_msg2"))}}),t("br"),t("br")])])])])},r=[],n=a("bc3a"),i=a.n(n),o=a("a18c"),c={name:"generate-ap",components:{},data(){return{ssid_name:!1,ssid_qr:!1,ssid_password:!1,capture_token:!1,capture_start:!1,interval:!1,error:!1,reboot_option:window.config.reboot_option,attempts:3}},methods:{generate_ap:function(){console.log("[generate-ap.vue] Trying to start a new access point"),clearInterval(this.interval),this.ssid_name=!1,i.a.get("/api/network/ap/start",{timeout:3e4}).then(e=>this.show_ap(e.data))},show_ap:function(e){e.status?(console.log("[generate-ap.vue] Access point created, showing SSID"),window.access_point=e.ssid,this.ssid_name=e.ssid,this.ssid_password=e.password,this.ssid_qr=e.qrcode,this.start_capture()):(console.log("[generate-ap.vue] Issue when creating AP, let's retry"),0!=this.attempts?(setTimeout(function(){this.generate_ap()}.bind(this),1e4),this.attempts-=1):(console.log("[generate-ap.vue] Fatal error when creating AP, showing the error message"),this.error=!0))},start_capture:function(){console.log("[generate-ap.vue] Starting the capture in background"),i.a.get("/api/capture/start",{timeout:3e4}).then(e=>this.get_capture_token(e.data))},reboot:function(){console.log("[generate-ap.vue] Rebooting the device"),i.a.get("/api/misc/reboot",{timeout:3e4}).then(e=>{console.log(e)})},get_capture_token:function(e){e.status&&(console.log("[generate-ap.vue] Capture token retrieved, waiting a device to connect"),this.capture_token=e.capture_token,this.capture_start=Date.now(),this.get_device())},get_device:function(){this.interval=setInterval(()=>{i.a.get("/api/device/get/"+this.capture_token,{timeout:3e4}).then(e=>this.check_device(e.data))},500)},check_device:function(e){if(e.status){console.log("[generate-ap.vue] Device connected, going to capture view."),clearInterval(this.interval);var t=this.capture_token,a=this.capture_start,s=e.name;o["a"].replace({name:"capture",params:{capture_token:t,capture_start:a,device_name:s}})}}},created:function(){console.log("[generate-ap.vue] Showing generate-ap.vue"),this.generate_ap()}},p=c,d=a("2877"),l=Object(d["a"])(p,s,r,!1,null,null,null);t["default"]=l.exports}}]);
-//# sourceMappingURL=chunk-2d0baeaa.9d6eca74.js.map
+//# sourceMappingURL=chunk-2d0baeaa.e5cd247b.js.map

app/frontend/dist/js/chunk-2d0cfa15.15a50d26.js

@@ -1,2 +1,2 @@
 (window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0cfa15"],{6511:function(t,n,s){"use strict";s.r(n);var e=function(){var t=this,n=t._self._c;return n("div",{staticClass:"wrapper"},[n("div",{staticClass:"center"},[n("h3",{staticClass:"lobster"},[t._v(t._s(t.$t("home.welcome_msg")))]),n("p",[t._v(t._s(t.$t("home.help_msg")))]),n("button",{staticClass:"btn btn-primary",on:{click:function(n){return t.next()}}},[t._v(t._s(t.$t("home.start_btn")))])])])},a=[],c=(s("14d9"),s("a18c")),o={name:"home",methods:{next:function(){c["a"].push({name:"generate-ap"})}}},r=o,i=s("2877"),l=Object(i["a"])(r,e,a,!1,null,null,null);n["default"]=l.exports}}]);
-//# sourceMappingURL=chunk-2d0cfa15.805b5619.js.map
+//# sourceMappingURL=chunk-2d0cfa15.15a50d26.js.map

app/frontend/dist/js/chunk-2d0cfa15.15a50d26.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["webpack:///./src/views/home.vue","webpack:///src/views/home.vue","webpack:///./src/views/home.vue?755c","webpack:///./src/views/home.vue?79fa"],"names":["render","_vm","this","_c","_self","staticClass","_v","_s","$t","on","$event","next","staticRenderFns","name","methods","router","push","component"],"mappings":"uHAAA,IAAIA,EAAS,WAAkB,IAAIC,EAAIC,KAAKC,EAAGF,EAAIG,MAAMD,GAAG,OAAOA,EAAG,MAAM,CAACE,YAAY,WAAW,CAACF,EAAG,MAAM,CAACE,YAAY,UAAU,CAACF,EAAG,KAAK,CAACE,YAAY,WAAW,CAACJ,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,wBAAwBL,EAAG,IAAI,CAACF,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,qBAAqBL,EAAG,SAAS,CAACE,YAAY,kBAAkBI,GAAG,CAAC,MAAQ,SAASC,GAAQ,OAAOT,EAAIU,UAAU,CAACV,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,2BAErXI,EAAkB,G,wBCWP,GACfC,KAAA,OACAC,QAAA,CACAH,KAAA,WACAI,OAAAC,KAAA,CAAAH,KAAA,mBCjB6U,I,YCOzUI,EAAY,eACd,EACAjB,EACAY,GACA,EACA,KACA,KACA,MAIa,aAAAK,E","file":"js/chunk-2d0cfa15.15a50d26.js","sourcesContent":["var render = function render(){var _vm=this,_c=_vm._self._c;return _c('div',{staticClass:\"wrapper\"},[_c('div',{staticClass:\"center\"},[_c('h3',{staticClass:\"lobster\"},[_vm._v(_vm._s(_vm.$t(\"home.welcome_msg\")))]),_c('p',[_vm._v(_vm._s(_vm.$t(\"home.help_msg\")))]),_c('button',{staticClass:\"btn btn-primary\",on:{\"click\":function($event){return _vm.next()}}},[_vm._v(_vm._s(_vm.$t(\"home.start_btn\")))])])])\n}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","<template>\r\n    <div class=\"wrapper\">\r\n        <div class=\"center\">\r\n            <h3 class=\"lobster\">{{ $t(\"home.welcome_msg\") }}</h3>\r\n            <p>{{ $t(\"home.help_msg\") }}</p>\r\n            <button class=\"btn btn-primary\" v-on:click=\"next()\">{{ $t(\"home.start_btn\") }}</button>\r\n        </div>\r\n    </div>\r\n</template>\r\n\r\n<script>\r\nimport router from '../router'\r\n\r\nexport default {\r\n    name: 'home',\r\n    methods: {\r\n        next: function() {\r\n            router.push({ name: 'generate-ap' });\r\n        }\r\n    }\r\n}\r\n</script>\r\n","import mod from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js\"; export default mod; export * from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js\"","import { render, staticRenderFns } from \"./home.vue?vue&type=template&id=66a1090d\"\nimport script from \"./home.vue?vue&type=script&lang=js\"\nexport * from \"./home.vue?vue&type=script&lang=js\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/vue-loader/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n  script,\n  render,\n  staticRenderFns,\n  false,\n  null,\n  null,\n  null\n  \n)\n\nexport default component.exports"],"sourceRoot":""}

app/frontend/dist/js/chunk-2d0cfa15.805b5619.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["webpack:///./src/views/home.vue","webpack:///src/views/home.vue","webpack:///./src/views/home.vue?d449","webpack:///./src/views/home.vue?46ae"],"names":["render","_vm","this","_c","_self","staticClass","_v","_s","$t","on","$event","next","staticRenderFns","name","methods","router","component"],"mappings":"uHAAA,IAAIA,EAAS,WAAkB,IAAIC,EAAIC,KAAKC,EAAGF,EAAIG,MAAMD,GAAG,OAAOA,EAAG,MAAM,CAACE,YAAY,WAAW,CAACF,EAAG,MAAM,CAACE,YAAY,UAAU,CAACF,EAAG,KAAK,CAACE,YAAY,WAAW,CAACJ,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,wBAAwBL,EAAG,IAAI,CAACF,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,qBAAqBL,EAAG,SAAS,CAACE,YAAY,kBAAkBI,GAAG,CAAC,MAAQ,SAASC,GAAQ,OAAOT,EAAIU,UAAU,CAACV,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,2BAErXI,EAAkB,G,wBCWP,GACfC,YACAC,SACAH,gBACAI,aAAAF,wBCjB8U,I,YCO1UG,EAAY,eACd,EACAhB,EACAY,GACA,EACA,KACA,KACA,MAIa,aAAAI,E","file":"js/chunk-2d0cfa15.805b5619.js","sourcesContent":["var render = function render(){var _vm=this,_c=_vm._self._c;return _c('div',{staticClass:\"wrapper\"},[_c('div',{staticClass:\"center\"},[_c('h3',{staticClass:\"lobster\"},[_vm._v(_vm._s(_vm.$t(\"home.welcome_msg\")))]),_c('p',[_vm._v(_vm._s(_vm.$t(\"home.help_msg\")))]),_c('button',{staticClass:\"btn btn-primary\",on:{\"click\":function($event){return _vm.next()}}},[_vm._v(_vm._s(_vm.$t(\"home.start_btn\")))])])])\n}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","<template>\r\n    <div class=\"wrapper\">\r\n        <div class=\"center\">\r\n            <h3 class=\"lobster\">{{ $t(\"home.welcome_msg\") }}</h3>\r\n            <p>{{ $t(\"home.help_msg\") }}</p>\r\n            <button class=\"btn btn-primary\" v-on:click=\"next()\">{{ $t(\"home.start_btn\") }}</button>\r\n        </div>\r\n    </div>\r\n</template>\r\n\r\n<script>\r\nimport router from '../router'\r\n\r\nexport default {\r\n    name: 'home',\r\n    methods: {\r\n        next: function() {\r\n            router.push({ name: 'generate-ap' });\r\n        }\r\n    }\r\n}\r\n</script>\r\n","import mod from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js&\"; export default mod; export * from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js&\"","import { render, staticRenderFns } from \"./home.vue?vue&type=template&id=66a1090d&\"\nimport script from \"./home.vue?vue&type=script&lang=js&\"\nexport * from \"./home.vue?vue&type=script&lang=js&\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/vue-loader/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n  script,\n  render,\n  staticRenderFns,\n  false,\n  null,\n  null,\n  null\n  \n)\n\nexport default component.exports"],"sourceRoot":""}

app/frontend/public/.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-    "python.pythonPath": "/usr/local/opt/python@3.8/bin/python3.8"
-}

app/frontend/src/assets/custom.css

@@ -1100,7 +1100,25 @@ ul {
     color: #cecece;
 }
 
+.no-alerts-to-show {
+    text-align: center;
+    padding: 50px;
+    background-color: #f7f8f9;
+    border: 1px dashed #eee;
+    border-radius: 5px;
+    font-size: 25px;
+    color: #CFCFCF;
+    margin-bottom: 30px;
+    margin-top: 20px;
+}
 
+.no-alerts-to-show>.main-text {
+    color: #CCC;
+}
+
+.no-alerts-to-show>.second-text {
+    font-size: 20px;
+}
 
 .icon-usb {
     background: url('../assets/icon_usb.svg') no-repeat 0 0;

app/frontend/src/locales/de.json

@@ -62,6 +62,9 @@
         "moderate": "Mittel",
         "low": "Niedrig",
         "uncat_coms_table" : "Kommunikation nicht kategorisiert",
+        "whitelisted_coms_table" : "Kommunikation auf der Whitelist",
+        "no_alerts_title" : "Die Analyse der Kommunikation Ihres Geräts hat zu keinen Warnungen geführt.",
+        "no_alerts_subtext" : "Unten können Sie die von ihm während der Erfassung ausgegebenen Mitteilungen sehen.",
         "protocol" : "Protokoll",
         "domain_name" : "Domain",
         "ip_address": "IP-Adresse:",
@@ -77,7 +80,7 @@
         "please_connect": "Bitte schließen Sie einen USB-Stick an, um Ihre Aufnahme zu speichern.",
         "we_are_saving": "Wir speichern Ihre Aufnahme.",
         "tap_msg": "Sie können den USB-Stick antippen, um eine neue Aufnahme zu starten.",
-        "capture_download": "Der Download der Aufnahme beginnt …",
+        "capture_download": "Der Download der Aufnahme beginnt…",
         "start_capture_btn": "Noch eine Aufnahme starten"
     },
     "modals": {

app/frontend/src/locales/en.json

@@ -62,6 +62,9 @@
         "moderate": "moderate",
         "low": "low",
         "uncat_coms_table" : "Uncategorized communications",
+        "whitelisted_coms_table" : "Whitelisted communications",
+        "no_alerts_title" : "Analysis of your smartphone's communications did not cause any alerts.",
+        "no_alerts_subtext" : "You can see below the communications issued by it during the capture.",
         "protocol" : "Protocol",
         "domain_name" : "Domain",
         "ip_address" : "IP Address",

app/frontend/src/locales/es.json

@@ -62,6 +62,9 @@
         "moderate": "moderada",
         "low": "bajo",
         "uncat_coms_table" : "Sin categorizar Comunicaciones",
+        "whitelisted_coms_table": "Comunicaciones incluidas en la lista blanca",
+        "no_alerts_title": "El análisis de las comunicaciones de su dispositivo no generó ninguna alerta.",
+        "no_alerts_subtext": "Puedes ver a continuación las comunicaciones emitidas por éste durante la captura.",
         "protocol" : "Protocolo",
         "domain_name" : "Dominio",
         "ip_address" : "Dirección IP ",

app/frontend/src/locales/fr.json

@@ -62,6 +62,9 @@
         "moderate": "moyenne",
         "low": "basse",
         "uncat_coms_table" : "Communications non catégorisées",
+        "whitelisted_coms_table": "Communications sur liste blanche",
+        "no_alerts_title": "L'analyse des communications de votre appareil n'a provoqué aucune alerte.",
+        "no_alerts_subtext": "Vous pouvez voir ci-dessous les communications émises par celui-ci lors de la capture.",
         "protocol" : "Protocole",
         "domain_name" : "Domaine",
         "ip_address" : "Adresse IP",

app/frontend/src/locales/it.json

@@ -62,6 +62,9 @@
         "moderate": "moderata",
         "low": "bassa",
         "uncat_coms_table" : "Comunicazioni non categorizzate",
+        "whitelisted_coms_table": "Comunicazioni autorizzate",
+        "no_alerts_title": "L'analisi delle comunicazioni del tuo dispositivo non ha causato alcun avviso.",
+        "no_alerts_subtext": "Di seguito puoi vedere le comunicazioni emesse da esso durante la cattura.",
         "protocol" : "Protocollo",
         "domain_name" : "Dominio",
         "ip_address" : "Indirizzo IP",

app/frontend/src/locales/pl.json

@@ -0,0 +1,93 @@
+{
+    "home": {
+        "welcome_msg": "Witaj w SpyGuard.",
+        "help_msg": "Pomożemy Ci sprawdzić Twoje urządzenie.",
+        "start_btn": "Start!"
+    },
+    "analysis": {
+        "question": "Czy chcesz przeanalizować przechwyconą komunikację?",
+        "no_btn": "Nie, tylko zapisz",
+        "yes_btn": "Tak, wykonaj",
+        "please_wait_msg": "Poczekaj na zakończenie analizy...",
+        "some_time_msg": "Tak, to może chwilę potrwać..."
+    },
+    "capture": {
+        "intercept_coms_msg": "Przechwytywanie komunikacji z ",
+        "stop_btn": "Zatrzymaj przechwytywanie"
+    },
+    "generate-ap": {
+        "network_name": "Nazwa sieci",
+        "network_password": "Hasło do sieci",
+        "tap_msg": "Naciśnij białą ramkę aby wygenerować nową sieć.",
+        "generate_ap_msg": "Wygenerujemy tymczasową sieć do wykorzystania.",
+        "error_msg1": "Niestety, wystąpiły problemy <br />podczas tworzenia punktu dostępowego.",
+        "error_msg2": "Sprawdź czy odpowiedni interfejs został skonfigurowany<br /> w ustawieniach zaplecza."
+    },
+    "report": {
+        "show_full_report": "Pokaż pełny raport",
+        "start_new_capture": "Rozpocznij od nowa",
+        "save_capture": "Zachowaj ruch sieciowy",
+        "save": "Zapisz",
+        "print": "Drukuj",
+        "numbers": [
+            "zero",
+            "jeden",
+            "dwa",
+            "trzy",
+            "cztery",
+            "pięć",
+            "sześć",
+            "siedem",
+            "osiem",
+            "dziewięć",
+            "dziesięć",
+            "jedenaście"
+        ],
+        "stalkerware_msg": "Twoje urządzenie jest zagrożone<br />przez stalkerware, zapoznaj się z raportem.",
+        "location_msg": "Aplikacja udostępnia Twoje<br /> bieżące położenie stronie trzeciej.",
+        "fine_msg": "Wszystko wygląda w porządku, zero alarmów.",
+        "high_msg": "Masz {nb} poważnych alarmów,<br />Twoje urządzenie wygląda na zagrożone.",
+        "moderate_msg": "Masz {nb} umiarkowanych alarmów,<br />Twoje urządzenie może być zagrożone.",
+        "low_msg": "Masz tylko {nb} niskich alarmów,<br />nie wahaj się ich sprawdzić.",
+        "save_report": "Zapisz raport",
+        "report_of": "Raport z",
+        "detection_methods": "Metody detekcji:",
+        "indicators": "Wskaźniki",
+        "heuristics": "Heurystyki",
+        "active": "Aktywne",
+        "pcap_sha1": "Suma SHA1 zapisu ruchu:",
+        "capture_started": "Przechwytywanie rozpoczęto o:",
+        "capture_ended": "Przechwytywanie zakończono o:",
+        "high": "wysoki",
+        "moderate": "umiarkowany",
+        "low": "niski",
+        "uncat_coms_table" : "Komunikacja nieskategoryzowana",
+        "whitelisted_coms_table" : "Komunikacja dozwolona",
+        "no_alerts_title" : "Analiza komunikacji z urządzenia nie spowodowała żadnych alarmów.",
+        "no_alerts_subtext" : "Zapoznaj się z komunikacją zaobserwowaną podczas przechwytywania.",
+        "protocol" : "Protokół",
+        "domain_name" : "Domena",
+        "ip_address" : "Adres IP",
+        "port" : "Port"
+    },
+    "wifi-select": {
+        "wifi_connected": "Wi-Fi - podłączono",
+        "wifi_not_connected": "Wi-Fi - nie podłączono. Spróbuj ponownie.",
+        "wifi_password": "Hasło",
+        "connect_to_it": "Podłącz"
+    },
+    "save-capture": {
+        "please_connect": "Podłącz pamięć USB aby zachować przechwycony ruch sieciowy.",
+        "we_are_saving": "Zapisywanie przechwytywania.",
+        "tap_msg": "Dotknij ikony pamięci USB aby rozpocząć nowe przechwytywnie.",
+        "capture_download": "Rozpocznie się pobieranie pliku przechwytywania...",
+        "start_capture_btn": "Rozpocznij kolejne przechwytywanie"
+    },
+    "modals": {
+        "want_to_quit": "Czy chcesz opuścić aplikację?",
+        "no_go_back": "Nie, wróć",
+        "yes_continue": "Tak, kontynuuj",
+        "please_give_the_password": "Podaj hasło do sieci: ",
+        "want_to_whitelist" : "Czy chcesz dodać <i class='ioc'>{host}</i> do listy dozwolonych<br />dla następnych analiz?"
+    }
+}

app/frontend/src/locales/pt.json

@@ -62,6 +62,9 @@
         "moderate": "moderado",
         "low": "leve",
         "uncat_coms_table" : "Comunicações não categorizadas",
+        "whitelisted_coms_table" : "Comunicações na lista branca",
+        "no_alerts_title" : "A análise das comunicações do seu dispositivo não causou nenhum alerta.",
+        "no_alerts_subtext" : "Você pode ver abaixo as comunicações emitidas por ele durante a captura.",
         "protocol" : "Protocolo",
         "domain_name" : "Domínio",
         "ip_address": "Endereço IP:",

app/frontend/src/locales/ru.json

@@ -62,6 +62,9 @@
         "moderate": "средний",
         "low": "низкий",
         "uncat_coms_table" : "Несекретные сообщения",
+        "whitelisted_coms_table": "Связь в белом списке",
+        "no_alerts_title": "Анализ сообщений вашего устройства не вызвал никаких предупреждений.",
+        "no_alerts_subtext": "Ниже вы можете увидеть сообщения, отправленные им во время захвата.",
         "protocol" : "Протокол",
         "domain_name" : "домен",
         "ip_address": "IP-адрес:",

app/frontend/src/plugins/i18n.js

@@ -13,6 +13,7 @@ export const i18n = new VueI18n({
     'ru': require('@/locales/ru.json'),
     'pt': require('@/locales/pt.json'),
     'it': require('@/locales/it.json'),
-    'de': require('@/locales/de.json')
+    'de': require('@/locales/de.json'),
+    'pl': require('@/locales/pl.json')
   }
-})
+})

app/frontend/src/views/report.vue

@@ -29,7 +29,7 @@
                     <button class="btn btn-report-low" @click="show_report=true;results=false;">{{ $t("report.show_full_report") }}</button>
                 </div>
             </div>
-            <div v-else  class="none-wrapper">
+            <div v-else class="none-wrapper">
                 <div class="center">
                     <h1 class="warning-title" v-html="$t('report.fine_msg')"></h1>
                     <button class="btn btn-report-low-light"  @click="show_report=true;results=false;">{{ $t("report.show_full_report") }}</button>
@@ -48,41 +48,47 @@
                         {{ $t("report.detection_methods") }} {{ detection_methods }}
                     </div>
                 </div>
-                <ul class="alerts">
-                    <li class="alert" v-for="alert in alerts.high" :key="alert.message">
-                        <div class="alert-header">
-                            <span class="high-label">{{ $t("report.high") }}</span>
-                            <span class="alert-id">{{ alert.id }}</span> 
-                            <span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
-                        </div>
-                        <div class="alert-body">
-                            <span class="title">{{ alert.title }}</span>
-                            <p class="description">{{ alert.description }}</p>
-                        </div>
-                    </li>
-                    <li class="alert" v-for="alert in alerts.moderate" :key="alert.message">
-                        <div class="alert-header">
-                            <span class="moderate-label">{{ $t("report.moderate") }}</span>
-                            <span class="alert-id">{{ alert.id }}</span> 
-                            <span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
-                        </div>
-                        <div class="alert-body">
-                            <span class="title">{{ alert.title }}</span>
-                            <p class="description">{{ alert.description }}</p>
-                        </div>
-                    </li>
-                    <li class="alert" v-for="alert in alerts.low" :key="alert.message">
-                        <div class="alert-header">
-                            <span class="moderate-label">{{ $t("report.low") }}</span>
-                            <span class="alert-id">{{ alert.id }}</span> 
-                            <span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
-                        </div>
-                        <div class="alert-body">
-                            <span class="title">{{ alert.title }}</span>
-                            <p class="description">{{ alert.description }}</p>
-                        </div>
-                    </li>
-                </ul>
+                <div v-if="alerts">
+                    <ul class="alerts">
+                        <li class="alert" v-for="alert in alerts.high" :key="alert.message">
+                            <div class="alert-header">
+                                <span class="high-label">{{ $t("report.high") }}</span>
+                                <span class="alert-id">{{ alert.id }}</span> 
+                                <span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
+                            </div>
+                            <div class="alert-body">
+                                <span class="title">{{ alert.title }}</span>
+                                <p class="description">{{ alert.description }}</p>
+                            </div>
+                        </li>
+                        <li class="alert" v-for="alert in alerts.moderate" :key="alert.message">
+                            <div class="alert-header">
+                                <span class="moderate-label">{{ $t("report.moderate") }}</span>
+                                <span class="alert-id">{{ alert.id }}</span> 
+                                <span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
+                            </div>
+                            <div class="alert-body">
+                                <span class="title">{{ alert.title }}</span>
+                                <p class="description">{{ alert.description }}</p>
+                            </div>
+                        </li>
+                        <li class="alert" v-for="alert in alerts.low" :key="alert.message">
+                            <div class="alert-header">
+                                <span class="moderate-label">{{ $t("report.low") }}</span>
+                                <span class="alert-id">{{ alert.id }}</span> 
+                                <span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
+                            </div>
+                            <div class="alert-body">
+                                <span class="title">{{ alert.title }}</span>
+                                <p class="description">{{ alert.description }}</p>
+                            </div>
+                        </li>
+                    </ul>
+                </div>
+                <div class="no-alerts-to-show" v-else>
+                    <span class="main-text">{{ $t("report.no_alerts_title") }}</span><br />
+                    <span class="second-text">{{ $t("report.no_alerts_subtext") }}</span>
+                </div>
                 <h5 class="title-report" v-if="uncategorized_records.length>0">{{ $t("report.uncat_coms_table") }}</h5>
                 <div v-if="uncategorized_records.length>0">
                     <table class="table-uncat">
@@ -102,6 +108,25 @@
                         </tr>
                     </table>
                 </div>
+                <h5 class="title-report" v-if="whitelisted_records.length>0">{{ $t("report.whitelisted_coms_table") }}</h5>
+                <div v-if="whitelisted_records.length>0">
+                    <table class="table-uncat">
+                        <thead>
+                            <tr>
+                                <td>{{ $t("report.protocol") }}</td>
+                                <td>{{ $t("report.domain_name") }}</td>
+                                <td>{{ $t("report.ip_address") }}</td>
+                                <td>{{ $t("report.port") }}</td>
+                            </tr>
+                        </thead>
+                        <tr v-for="record in whitelisted_records" :key="record.ip_dst">
+                            <td>{{ Object.keys(record.protocols).map(key => record.protocols[key].name).join(", ") }}</td>
+                            <td>{{ record.domains.join(", ") }}</td>
+                            <td>{{ record.ip_dst }}</td>
+                            <td>{{ Object.keys(record.protocols).map(key => record.protocols[key].port).join(", ") }}</td>
+                        </tr>
+                    </table>
+                </div>
                 <div id="controls-analysis">
                     <div class="column col-6">
                         <button class="btn btn btn-primary width-100" v-on:click="save_capture()">{{ $t("report.save") }}</button>
@@ -133,7 +158,8 @@ export default {
         return {
             results: true,
             detection_methods: "",
-            uncategorized_records: []
+            uncategorized_records: [],
+            whitelisted_records: []
         }
     },
     props: {
@@ -178,10 +204,12 @@ export default {
         add_whitelist: function(host){
             EventBus.$emit("showModal", {"action" : "whitelist", "host" : host})
         },
-        get_uncategorized_records: function(){
+        get_records: function(){
             this.records.forEach( r => {
                 if (!r.suspicious && !r.whitelisted){
                     this.uncategorized_records.push(r);
+                } else if (r.whitelisted){
+                    this.whitelisted_records.push(r);
                 }
             })
         }
@@ -189,7 +217,7 @@ export default {
     created: function() {
         console.log("[report.vue] Showing report.vue");
         this.get_detection_methods();
-        this.get_uncategorized_records();
+        this.get_records();
     }
 }
 </script>

assets/requirements.txt

@@ -1,17 +1,18 @@
-ipwhois
-pydig
-pymisp
-netaddr
-pyyaml
-flask
-flask_httpauth
-pyjwt
-sqlalchemy
-psutil
-pyudev
-qrcode
-netifaces
-weasyprint
-python-whois
-publicsuffix2
-six>=1.13.0
+ipwhois==1.2.0
+pydig==0.4.0
+pymisp==2.4.165.1
+netaddr==0.8.0
+pyyaml==5.3.1
+flask==2.3.3
+flask_httpauth==4.7.0
+pyjwt==1.7.1
+sqlalchemy==1.4.44
+psutil==5.8.0
+pyudev==0.24.0
+qrcode==7.3.1
+netifaces==0.11.0
+weasyprint==57.1
+python-whois==0.8.0
+publicsuffix2==2.20191221
+six==1.16.0
+pyOpenSSL==23.2.0

install.sh

@@ -1,17 +1,16 @@
 #!/bin/bash
-
 CURRENT_USER="${SUDO_USER}"
 SCRIPT_PATH="$( cd "$(dirname "$0")" ; pwd -P )"
 HOST="$( hostname )"
-LOCALES=(en fr es ru pt de it)
+LOCALES=(de en es fr it pl pt ru)
 
 welcome_screen() {
 cat << "EOF"
-   __   _         __              _    _  
-  (_   |_)  \_/  /__  | |   /\   |_)  | \ 
-  __)  |     |   \_|  |_|  /--\  | \  |_/ 
-                                  
-SpyGuard is a fork of TinyCheck, developped by Kaspersky. 
+   __   _         __              _    _
+  (_   |_)  \_/  /__  | |   /\   |_)  | \
+  __)  |     |   \_|  |_|  /--\  | \  |_/
+
+SpyGuard is a fork of TinyCheck, developped by Kaspersky.
 -----
 
 EOF
@@ -66,8 +65,8 @@ set_credentials() {
 }
 
 create_directory() {
-    # Create the Spyguard directory and move the whole stuff there.
-    echo -e "[+] Creating Spyguard folder under /usr/share/"
+    # Create the SpyGuard directory and move the whole stuff there.
+    echo -e "[+] Creating SpyGuard folder under /usr/share/"
     mkdir /usr/share/spyguard
     cp -Rf ./* /usr/share/spyguard
 }
@@ -80,7 +79,6 @@ generate_certificate() {
 
 create_services() {
     # Create services to launch the two servers.
-
     echo -e "\e[39m[+] Creating services\e[39m"
 
     echo -e "\e[92m    [✔] Creating frontend service\e[39m"
@@ -90,7 +88,7 @@ Description=Spyguard frontend service
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/python3 /usr/share/spyguard/server/frontend/main.py
+ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/frontend/main.py
 Restart=on-abort
 KillMode=process
 
@@ -105,7 +103,7 @@ Description=Spyguard backend service
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/python3 /usr/share/spyguard/server/backend/main.py
+ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/backend/main.py
 Restart=on-abort
 KillMode=process
 
@@ -122,7 +120,7 @@ After=network-online.target
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/python3 /usr/share/spyguard/server/backend/watchers.py
+ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/backend/watchers.py
 Restart=on-abort
 KillMode=process
 
@@ -140,7 +138,6 @@ EOL
    systemctl start spyguard-backend
 }
 
-
 change_hostname() {
    # Changing the hostname to spyguard
    echo -e "[+] Changing the hostname to spyguard"
@@ -151,38 +148,39 @@ change_hostname() {
    echo "127.0.0.1  spyguard.local" >> /etc/hosts
 }
 
-install_package() {
-   # Install associated packages by using aptitude.
-    if [[ $1 == "tshark" || $1 == "sqlite3" || $1 == "suricata" ]]; then
-       apt install $1 -y
-    elif [[ $1 == "dig" ]]; then
-       apt-get install -y dnsutils
-    elif [[ $1 == "pip" ]]; then
-       apt-get install -y python3-pip
+install_packages() {
+# Install associated packages by using aptitude.
+packages=("tshark"
+	   "sqlite3"
+	   "suricata"
+	   "dnsutils"
+	   "python3-pip"
+	   "python3-venv"
+	   "net-tools")
+ 
+echo -e "\e[39m[+] Checking dependencies...\e[39m"
+for package in "${packages[@]}"
+do
+    if dpkg-query -W -f='${Status}' "$package" 2>/dev/null | grep -q -P '^install ok installed$'; then
+        echo -e "\e[92m    [✔] $package is already installed\e[39m"
+    else
+        echo -e "\e[93m    [✘] $package is not installed, lets install it\e[39m"
+        apt-get install -y "$package"
+        if [ $? -eq 0 ]; then
+            echo -e "\e[92m    [✔] $package was successfully installed\e[39m"
+        else
+            echo -e "\e[91m    [✘] $package has an error during the installation\e[39m"
+        fi
     fi
+done
 }
 
-check_dependencies() {
-   # Check binary dependencies associated to the project.
-   # If not installed, call install_package with the package name.
-   bins=("/usr/bin/tshark"
-         "/usr/bin/dig"
-         "/usr/bin/suricata"
-         "/usr/bin/sqlite3"
-         "/usr/bin/pip")
-
-   echo -e "\e[39m[+] Checking dependencies...\e[39m"
-   for bin in "${bins[@]}"
-   do
-       if [[ -f "$bin" ]]; then
-           echo -e "\e[92m    [✔] ${bin##*/} installed\e[39m"
-       else
-           echo -e "\e[93m    [✘] ${bin##*/} not installed, lets install it\e[39m"
-           install_package ${bin##*/}
-       fi
-   done
+create_venv() {
+   echo -e "\e[39m[+] Create and activate Virtual Environment for Python packages\e[39m"
+   python3 -m venv /usr/share/spyguard/spyguard-venv
+   source /usr/share/spyguard/spyguard-venv/bin/activate
    echo -e "\e[39m[+] Install Python packages...\e[39m"
-   python3 -m pip install -r "$SCRIPT_PATH/assets/requirements.txt"
+   python3 -m pip install -r "$SCRIPT_PATH/assets/requirements.txt" --no-cache-dir
 }
 
 get_version() {
@@ -202,7 +200,7 @@ cleaning() {
     systemctl disable suricata.service &> /dev/null
 
     # Removing some useless dependencies.
-    sudo apt autoremove -y &> /dev/null
+    apt autoremove -y &> /dev/null
 
     echo -e "\e[92m[+] Installation finished! You can open https://localhost:8443 to configure network settings.\e[39m"
 }
@@ -237,7 +235,8 @@ else
     get_version
     set_userlang
     set_credentials
-    check_dependencies
+    install_packages
+    create_venv
     change_hostname
     generate_certificate
     create_database

server/backend/app/classes/iocs.py

@@ -5,7 +5,7 @@ from app import db
 from app.db.models import Ioc
 from sqlalchemy.sql import exists
 from app.definitions import definitions
-from flask import escape
+from markupsafe import escape
 import re
 import time
 

server/backend/app/classes/misp.py

@@ -6,7 +6,7 @@ from app.db.models import MISPInst
 from app.definitions import definitions as defs
 
 from sqlalchemy.sql import exists
-from flask import escape
+from markupsafe import escape
 from pymisp import PyMISP
 import re
 import time

server/backend/app/classes/watchers.py

@@ -7,7 +7,7 @@ from typing import Iterator
 
 import requests
 import yaml
-from flask import escape
+from markupsafe import escape
 from sqlalchemy.sql import exists
 
 

server/backend/app/classes/whitelist.py

@@ -5,7 +5,7 @@ from app import db
 from app.db.models import Whitelist
 from sqlalchemy.sql import exists
 from app.definitions import definitions
-from flask import escape
+from markupsafe import escape
 import re
 import time
 

server/backend/app/definitions.py

@@ -72,8 +72,8 @@ definitions = {
             "name" : "Stalkerware"
         },
         { 
-            "tag"  : "suspect",
-            "name" : "Suspect"
+            "tag"  : "suspicious",
+            "name" : "Suspicious"
         },
         { 
             "tag"  : "malicious",

server/frontend/app/classes/network.py

@@ -35,7 +35,7 @@ class Network(object):
         ctx = { "internet": self.check_internet() }
 
         for iface in ni.interfaces():
-            if iface != self.iface_in and iface.startswith(("wl", "en", "et")):
+            if iface != self.iface_in and iface.startswith(("wl", "en", "et", "ww")):
                 addrs = ni.ifaddresses(iface)
                 try:
                     ctx["ip_out"] = addrs[ni.AF_INET][0]["addr"]

uninstall.sh

@@ -1,11 +1,11 @@
 
 delete_folder(){
-    echo "[+] Deleting Spyguard folders"
+    echo "[+] Deleting SpyGuard folders"
     rm -rf /usr/share/spyguard/
 }
 
 delete_services(){
-    echo "[+] Deleting Spyguard services"
+    echo "[+] Deleting SpyGuard services"
 
     systemctl disable spyguard-frontend &> /dev/null
     systemctl disable spyguard-backend &> /dev/null
@@ -16,27 +16,23 @@ delete_services(){
     rm /lib/systemd/system/spyguard-watchers.service
 }
 
-deleting_icon(){
-    echo "[+] Deleting desktop icon"
-    rm "/home/${SUDO_USER}/Desktop/spyguard.desktop"
-}
-
 delete_packages(){
     pkgs=("tshark"
           "dnsutils"
           "suricata"
           "sqlite3")
-    
+
     echo -n "[?] Do you want to remove the installed packages? (Yes/no) "
     read answer
     if [[ "$answer" =~ ^([yY][eE][sS]|[yY])$ ]]
     then
+        rm -rf /var/log/suricata
         for pkg in "${pkgs[@]}"
-        do 
+        do
             apt -y remove $pkg && apt -y purge $pkg
         done
     fi
-    apt autoremove &> /dev/null 
+    apt autoremove &> /dev/null -y
 }
 
 update_hostname(){
@@ -59,7 +55,6 @@ if [[ $EUID -ne 0 ]]; then
 else
     delete_folder
     delete_services
-    deleting_icon
     update_hostname
     delete_packages
     reboot_box

update.sh

@@ -6,12 +6,12 @@ fi
 
 if [ $PWD = "/usr/share/spyguard" ]; then
     echo "[+] Cloning the current repository to /tmp/"
-    rm -rf /tmp/spyguard/ &> /dev/null 
+    rm -rf /tmp/spyguard/ &> /dev/null
     cd /tmp/ && git clone https://github.com/SpyGuard/spyguard
     cd /tmp/spyguard && bash update.sh
 elif [ $PWD = "/tmp/spyguard" ]; then
 
-    echo "[+] Saving spyguard backend's SSL configuration in /tmp/"
+    echo "[+] Saving SpyGuard backend's SSL configuration in /tmp/"
     mv /usr/share/spyguard/server/backend/*.pem /tmp/
 
     echo "[+] Deleting the current SpyGuard folders and files."
@@ -48,4 +48,4 @@ elif [ $PWD = "/tmp/spyguard" ]; then
     cd /tmp/spyguard && git tag | tail -n 1 | xargs echo -n > /usr/share/spyguard/VERSION
 
     echo "[+] SpyGuard updated!"
-fi
+fi