c_meyer/SpyGuard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: c_meyer:master
Branches Tags
c_meyer:master
c_meyer:BetterReport
c_meyer:1.0
..
compare: c_meyer:1.0
Branches Tags
c_meyer:master
c_meyer:BetterReport
c_meyer:1.0

No commits in common. "master" and "1.0" have entirely different histories.
master ... 1.0

70 changed files with 205 additions and 31268 deletions
Show Stats Expand all files Collapse all files

32
README.md
View File

@ -6,14 +6,6 @@ SpyGuard is a forked and enhanced version of [TinyCheck](https://github.com/Kasp
As it uses WiFi, SpyGuard can be used against a wide range of devices, such as smartphones, laptops, IOTs or workstations. To do its job, the analysis engine of SpyGuard is using Indicators of Compromise (IOCs), anomaly detection and is supported by [Suricata](https://suricata.io).
### Examples of use cases
| 📰 Journalists | 🏦 IT Services | 🌏 NGOs | 👩 Women's Shelter | 👮‍♂️ LEA |
|:--------:|:-------------:|:-----:|:-----:|:-----:|
| As a journalist, I need to test my smartphone's against spyware before or during engagements with confidential informants. | Working for a public institution, I aim to set up a self-service station where individuals can check their smartphones for spyware. | After traveling overseas, I'm looking to check my phone and laptop quickly. | I seek to examine the smartphones of women upon their arrival for any stalkerware. | I aim to check the communications of a smartphone in response to a complaint, as a preliminary step before proceeding with a full forensic analysis. |
**Note:** *SpyGuard is not a forensic tool*. Therefore, it might miss malware that does not communicate during the analysis. [Please refer to the FAQ for more information](https://github.com/SpyGuard/SpyGuard/wiki/Frequently-Asked-Questions#1-spyguard-hasnt-detected-anything-malicious-im-safe).
### Installation
You need a debian-like operating system to install it easly by using the provided bash script. Once you've cloned the repository, just launch `install.sh` as root. Here are the command lines to do that:
@ -25,35 +17,29 @@ cd spyguard && sudo bash install.sh
Once installed, you can go to the backend interface located at `https://localhost:8443` to manage the device and setup the right network interfaces to get it working. Please look at the [dedicated wiki page](https://github.com/SpyGuard/spyguard/wiki/Installing-SpyGuard) to get some tips regarding it.
> [!WARNING]
> Please check prior the installation that your Linux distribution is using `nmcli` to manage networks. If you want to install it on a Raspberry Pi
> you need to activate it via the `raspi-config` interface prior Spyguard installation ([See here](https://github.com/SpyGuard/spyguard/wiki/Installing-SpyGuard#common-issues)).
The frontend is available at the URL `https://localhost:8000`.
> you need to activate it via the `raspi-config` interface.
### Smartphone analysis best practices
* Do the interception in a public place (library, restaurant, train station...) or common place (office, home...);
* Intercept the network communications of the device for at least 15 minutes;
* Interact with the analysed device during the interception (reboot it, take a photo, send an SMS...);
* Do the interception in a public place (library, restaurant...) or common place (office, home...);
* Intercept the network communications of the device for at least 10 minutes;
* Interact with the analysed device during the interception (reboot it, take a photo, send a message...);
### SpyGuard and Stalkerware threat
The indicators of compromise (IOCs) linked to stalkerware are now fully managed by [ECHAP](https://echap.eu.org), a French association working against cyberviolence. Even though stalkerware still remains a threat, **remember that most of digital violence and surveillance is done by using simple means**, such as hacking cloud & mail accounts. Therefore, we encourage you to consult the [ECHAP guides](https://echap.eu.org/ressources/) and apply their advice to your digital life alongside of device checks.
The indicators of compromise (IOCs) linked to stalkerware are now fully managed by [ECHAP](https://echap.eu.org), a French association working against cyberviolence. Even though stalkerware still remains a threat, remember that most of digital violence and surveillance is done by using simple means, such as hacking cloud & mail accounts. Therefore, we encourage you to consult the [ECHAP guides](https://echap.eu.org/ressources/) and apply their advice to your digital life alongside of device checks.
> [!IMPORTANT]
> It is worth mentioning that the IOCs are distributed under the **Creative Common BY-NC-SA** licence.
> This imply a **non commercial use** of them. Please respect this licence and ask ECHAP for any question related to that.
### Commercial use
You can use SpyGuard in a commercial product. However, you can't use SpyGuard as the name of your product and youre still required to follow the terms and conditions that the Apache License imposes, like refering to the SpyGuard project in customer documentation. Moreover, a sweet note to explain your use to the author is always appreciated, please see the contact below. You liked SpyGuard? Do not hesistate to make a donation!
<a href="https://www.paypal.com/donate/?hosted_button_id=V77EASZEVTXKL"><img src="https://raw.githubusercontent.com/aha999/DonateButtons/master/Paypal.png" width="150" /></a>
You can use SpyGuard in a commercial product. However, you can't use SpyGuard as the name of your product and youre still required to follow the terms and conditions that the Apache License imposes, like refering to the SpyGuard project in customer documentation. Moreover, a sweet note to explain your use to the author is always appreciated, please see the contact below.
### Contact
If you need an express help to understand the results of the analysis or have a specific demand/question, do not hesitate to contact [the author](https://twitter.com/felixaime) via Twitter or by sending an email at spyguard@protonmail.com. A bug? Do not hesitate to open a [new issue](https://github.com/SpyGuard/spyguard/issues).
If you need an express help or have a specific demand/question, do not hesitate to contact [the author](https://twitter.com/felixaime) via Twitter or by sending an email at spyguard@protonmail.com. A bug? Do not hesitate to open a [new issue](https://github.com/SpyGuard/spyguard/issues).
### They have contributed to or helped this project
@ -64,8 +50,6 @@ If you need an express help to understand the results of the analysis or have a
</p>
##
To work, Spyguard is using a lot of awesome opensource projects, libraries, and fonts, kudos to them:
[Dumpcap](https://tshark.dev/capture/dumpcap/),
@ -96,4 +80,4 @@ To work, Spyguard is using a lot of awesome opensource projects, libraries, and
[OpenSSL](https://www.openssl.org),
[Spectre CSS](https://picturepan2.github.io/spectre/).
Icons and design created via [Figma](https://www.figma.com), list of active TOR nodes taken from [Dan.me.uk](https://www.dan.me.uk/tornodes)
Icons and design created via [Figma](https://www.figma.com).

23
analysis/classes/engine.py
View File

@ -6,7 +6,6 @@ import os
import re
import subprocess as sp
import sys
import time
from datetime import datetime
from ipaddress import IPv4Address, IPv6Address
@ -91,25 +90,17 @@ class Engine():
def check_internet(self) -> bool:
"""Check the internet link just with a small http request
to an URL present in the configuration. If the link is down,
retry 3 times.
to an URL present in the configuration
Returns:
bool: True if everything works.
"""
attempts = 3
while True:
try:
url = get_config(("network", "internet_check"))
requests.get(url, timeout=3)
return True
except:
if attempts == 0:
return False
else:
time.sleep(5)
attempts -= 1
try:
url = get_config(("network", "internet_check"))
requests.get(url, timeout=3)
return True
except:
return False
def get_public_ip(self) -> list:
"""Get the public IP address

10
analysis/locales/de.json
View File

@ -65,11 +65,11 @@
"description": "Der Server {} wird als Knoten im TOR-Anonymisierungsnetzwerk referenziert. Das analysierte Gerät scheint TOR zu verwenden oder mit einem Server zu kommunizieren, der als TOR-Eingangs- oder -Ausgangsknoten konfiguriert ist. Einige Angreifer nutzen TOR auf ihren Servern, um ihre Spuren zu verwischen."
},
"IOC-12": {
"title": "Eine Anwendung fordert einen legitimen Dienst an, der möglicherweise doppelt verwendet wird.",
"title": "Eine Anwendung fordert einen legitimen Dienst an, der möglicherweise doppelt verwendet wird."
"description": "Der Server {} wird für legitime Zwecke verwendet. Einige Angreifer können ihn jedoch verwenden, um mit ihren Implantaten zu interagieren. Es wird empfohlen, zu überprüfen, ob das analysierte Gerät eine legitime Anwendung enthält, die diesen Dienst verwendet."
},
"IOC-13": {
"title": "Mindestens eine Anwendung verwendet verschlüsselte DNS-Abfragen.",
"title": "Mindestens eine Anwendung verwendet verschlüsselte DNS-Abfragen."
"description": "Der DNS over HTTPs server {} wurde während der Erfassung kontaktiert. Dies scheint darauf hinzuweisen, dass mindestens eine Anwendung diese Technik verwendet, um ihre DNS-Anfragen zu verschlüsseln. Diese Funktion schränkt die Scanfunktionen von SpyGuard ein. Wenn diese Funktion auf dem analysierten Gerät nicht aktiviert ist, kann es sich lohnen, herauszufinden, welche App diese Methode verwendet."
},
"ACT-01": {
@ -93,11 +93,11 @@
"description": "Die Verwendung von selbstsignierten Zertifikaten ist in der Infrastruktur von Angreifern weit verbreitet. Wir empfehlen, den mit diesem Zertifikat verknüpften Host {} zu überprüfen. Sehen Sie sich dazu seinen Domain-Namen (falls vorhanden), den WHOIS-Eintrag und das Erstellungsdatum an und überprüfen Sie die Reputation des Hosts im Internet."
},
"SSL-04": {
"title": "Das mit {} verknüpfte Zertifikat ist mit böswilligen Aktivitäten ({})",
"title": "Das mit {} verknüpfte Zertifikat ist mit böswilligen Aktivitäten ({})" verknüpft,
"description": "Das mit server {} verknüpfte Zertifikat wurde explizit als bösartig eingestuft. Ihr Gerät sieht kompromittiert aus und muss von einem professionellen Team weiter untersucht werden."
},
"SSL-05": {
"title": "Die SSL-Konfiguration von {} ist mit bösartigen Aktivitäten ({})",
"title": "Die SSL-Konfiguration von {} ist mit bösartigen Aktivitäten ({})" verknüpft,
"description": "Der serverbezogene JARM-Hash {} wurde explizit mit bösartigen Aktivitäten verknüpft. Ihr Gerät ist möglicherweise kompromittiert und muss von einem professionellen Team weiter untersucht werden."
},
"ADV-01": {
@ -134,7 +134,7 @@
"packets_number": "Anzahl der Pakete",
"capture_sha1": "SHA1-Aufnahme",
"report_for_the_capture": "Bericht zur Aufnahme",
"report_footer": "Dieser Bericht wurde von einem SpyGuard-Gerät automatisch erstellt. Wenn Sie Fragen haben, Bugs melden oder Feedback geben möchten, kontaktieren Sie uns unter spyguard@protonmail.com.",
"report_footer": "Dieser Bericht wurde von einem SpyGuard-Gerät automatisch erstellt. Wenn Sie Fragen haben, Bugs melden oder Feedback geben möchten, kontaktieren Sie uns unter contact@spyguard.io.",
"high_msg": "Ihr Gerät scheint kompromittiert zu sein, da Sie {} Warnung(en) der Stufe \"Hoch\" haben.",
"moderate_msg": "Sie haben {} Warnungen der Stufe \"Mittel\": Ihr Gerät könnte kompromittiert sein. Bitte sehen Sie sich die Warnungen sorgfältig an.",
"low_msg": "Sie haben nur {} Warnungen der Stufe \"Niedrig\": Überprüfen Sie sie gerne.",

2
analysis/locales/en.json
View File

@ -134,7 +134,7 @@
"packets_number": "Number of packets",
"capture_sha1": "Capture SHA1",
"report_for_the_capture": "Report for the capture",
"report_footer": "This report has been autogenerated by a SpyGuard device. For any question, bug report or feedback, please contact spyguard@protonmail.com.",
"report_footer": "This report has been autogenerated by a SpyGuard device. For any question, bug report or feedback, please contact contact@spyguard.io.",
"high_msg": "Your device seems to be compromised as you have {} high alert(s).",
"moderate_msg": "You have {} moderate alert(s), your device might be compromised. Please look at them carefully.",
"low_msg": "You have only {} low alert(s), don't hesitate to check them.",

2
analysis/locales/es.json
View File

@ -134,7 +134,7 @@
"packets_number": "Número de paquetes",
"capture_sha1": "Captura SHA1",
"report_for_the_capture": "Informe de la captura",
"report_footer": "Este informe ha sido autogenerado por un dispositivo SpyGuard. Para cualquier pregunta, informe de fallos o feedback por favor contacte con spyguard@protonmail.com.",
"report_footer": "Este informe ha sido autogenerado por un dispositivo SpyGuard. Para cualquier pregunta, informe de fallos o feedback por favor contacte con contact@spyguard.io.",
"high_msg": "Su dispositivo parece estar comprometido ya que tiene {} alerta(s) de nivel alto.",
"moderate_msg": "Tienes {} alerta(s) de nivel moderado, su dispositivo podría estar comprometido. Por favor revíselas detenidamente.",
"low_msg": "Solamente tiene {} alertas(s) de nivel bajo, por favor revíselas.",

2
analysis/locales/fr.json
View File

@ -134,7 +134,7 @@
"packets_number": "Nombre de paquets",
"capture_sha1": "SHA1 de la capture",
"report_for_the_capture": "Rapport pour la capture",
"report_footer": "Ce rapport a été automatiquement généré par une instance de SpyGuard. Pour toute question et retours, n'hésitez pas à contacter spyguard@protonmail.com.",
"report_footer": "Ce rapport a été automatiquement généré par une instance de SpyGuard. Pour toute question et retours, n'hésitez pas à contacter contact@spyguard.io.",
"high_msg": "Votre appareil semble être compromis car vous avez {} alerte(s) élevée(s).",
"moderate_msg": "Vous avez {} alerte(s) modérée(s), votre appareil peut être compromis. Regardez ces alertes en détail.",
"low_msg": "Vous avez uniquement {} alerte(s) faibles, n'hésitez pas à les consulter.",

2
analysis/locales/it.json
View File

@ -134,7 +134,7 @@
"packets_number": "Numero di pacchetti",
"capture_sha1": "SHA1 acquisizione",
"report_for_the_capture": "Rapporto relativo all'acquisizione",
"report_footer": "Questo rapporto è stato generato automaticamente da un dispositivo SpyGuard. Per eventuali domande, segnalazioni di bug o feedback, contattare spyguard@protonmail.com.",
"report_footer": "Questo rapporto è stato generato automaticamente da un dispositivo SpyGuard. Per eventuali domande, segnalazioni di bug o feedback, contattare contact@spyguard.io.",
"high_msg": "Sembra che il dispositivo sia compromesso poiché sono presenti {} avvisi con priorità elevata.",
"moderate_msg": "Sono presenti {} avvisi con priorità moderata, è possibile che il dispositivo sia compromesso. Esaminarli con attenzione.",
"low_msg": "Sono presenti solo {} avvisi con priorità bassa da controllare.",

147
analysis/locales/pl.json
View File

@ -1,147 +0,0 @@
{
"alerts": {
"PROTO-01": {
"title": "Komunikacja {} poza sieć lokalną z {}.",
"description": "Protokół {} jest często używany w sieciach lokalnych. Sprawdź, czy host {} jest obecny w innych ostrzeżeniach, co może oznaczać złośliwe zachowanie."
},
"PROTO-02": {
"title": "{} Połączenie z {} do portu większego lub równego {}.",
"description": "{}Zaobserwowano połączenie z {} do portu {}. Użycie niestandardowych portów może wskazywać na złośliwą komunikację. Zaleca się sprawdzenie reputacji hosta poprzez przejrzenie innych ostrzeżeń oraz przeszukanie internetu."
},
"PROTO-03": {
"title": "Komunikacja HTTP z hostem {}.",
"description": "Twoje urządzenie komunikowało się z hostem {} przy użyciu nieszyfrowanego protokołu HTTP. To niekoniecznie złośliwa komunikacja, rzadko się jednak zdarza nieszyfrowana komunikacja w przypadku aplikacji działających w tle - gdy użytkownik nie odwiedzi samemu nieszyfrowanej strony. Sprawdź reputację hosta w internecie."
},
"PROTO-04": {
"title": "Komunikacja HTTP z hostem {} na niestandardowym porcie ({}).",
"description": "Twoje urządzenie komunikowało się z hostem {} przy użyciu nieszyfrowanego protokołu HTTP na porcie {}. Takie zachowanie jest dosyć nietypowe. Sprawdź reputację hosta w internecie."
},
"PROTO-05": {
"title": "Serwer {} nie został rozwiązany poprzez zapytanie DNS podczas badania.",
"description": "Oznacza to, że serwer {} nie został odwzorowany z zapytania o jakąkolwiek domenę lub urzadzenie wykorzystało wartość z cache. Przyjrzyj się temu hostowi jeśli pojawia się w innych ostrzeżeniach."
},
"IOC-01": {
"title": "Nawiązano połączenie z {} ({}), który jest oznaczony jako {}.",
"description": "Serwer {} został dodany na listę podejrzanych adresów w związku ze złośliwym zachowaniem. Prawodpodobnie Twoje urządzenie jest skompromitowane i powinno zostać poddane dokładniejszej analizie przez profesjonalistę od bezpieczeństwa IT."
},
"IOC-02": {
"title": "Komunikacja z {} w sieci {}, która jest oznaczona jako {}.",
"description": "Serwer {} pracuje w obrębie sieci, która jest znana z hostowania złośliwego oprogramowania. To nie musi oznaczać przeprowadzenia złośliwych działań, sprawdź jednak czy ten serwer jest wspomniany w innych ostrzeżeniach. W przypadku wątpliwości przeszukaj internet pod kątem informacji o tym serwerze i jego reputacji."
},
"IOC-03": {
"title": "Zaobserwowano zapytanie DNS o nazwę {}, która jest oznaczona jako {}.",
"description": "Nazwa domenowa {} zaobserwowana w ruchu sieciowym została jednoznacznie oznaczona jako złośliwa. Oznacza to, że Twoje urządzenie jest prawdopodobnie skompromitowane i powinno być poddane dokładniejszej analizie."
},
"IOC-04": {
"title": "Zaobserwowano zapytanie DNS o nazwę {}, która jest oznaczona jako {}.",
"description": "Nazwa domenowa {} zaobserwowana w ruchu sieciowym została jednoznacznie oznaczona jako śledząca. Oznacza to, że jedna z aplikacji śledzi Twoje położenie geograficzne."
},
"IOC-05": {
"title": "Zaobserwowano zapytanie DNS o nazwę {}, która używa usługi Free DNS.",
"description": "Nazwa domenowa {} używa usługi Free DNS. Ten rodzaj jest często używany przez cyberprzestępców lub atakujących sponsorowanych przez państwa podczas ich działań. To bardzo podejrzane, że aplikacja na urządzeniu używa tego rodzaju usługi, należy przeprowadzić śledztwo."
},
"IOC-06": {
"title": "Zaobserwowano zapytanie DNS o nazwę {}, która zawiera podejrzaną domenę najwyższego poziomu (TLD)",
"description": "Nazwa domenowa {} używa podejrzanej domeny najwyższego poziomu ({}). Pomimo, że sama w sobie nie złośliwa, ta domena najwyższego poziomu jest regularnie używana przez cyberprzestępców lub atakujących sponsorowanych przez państwa. Sprawdź domenę poprzez wyszukanie informacji o niej. Jeśli inne ostrzeżenia dotyczą tego adresu jest to bardzo podejrzane."
},
"IOC-07": {
"title": "A certificate associated to {} activities have been found in the communication to {}.",
"description": "The certificate ({}) associated to {} has been explicitly tagged as malicious. This indicates that your device is likely compromised and need a forensic analysis."
},
"IOC-08": {
"title": "An HTTP request have been done to {} which is tagged as {}.",
"description": "The domain name {} seen in the capture has been explicitly tagged as malicious. This indicates that your device is likely compromised and needs to be investigated deeply."
},
"IOC-09": {
"title": "An HTTP request have been done to the domain {} which is a Free DNS.",
"description": "The domain name {} is using a Free DNS service. This kind of service is commonly used by cybercriminals or state-sponsored threat actors during their operations. It is very suspicious that an application running in background use this kind of service, please investigate."
},
"IOC-10": {
"title": "An HTTP request have been done to the domain {} which contains a suspect TLD.",
"description": "The domain name {} is using a suspect Top Level Domain ({}). Even not malicious, this non-generic TLD is used regularly by cybercrime or state-sponsored operations. Please check this domain by searching it on an internet search engine. If other alerts are related to this host, please consider it as very suspicious."
},
"IOC-11": {
"title": "Połączenie z {} ({}), który jest określany jako węzeł sieci TOR.",
"description": "Serwer {} jest określany jako węzeł sieci anonymizującej TOR. Wygląda na to, że analizowane urządzenie używa sieci TOR lub komunikuje się z serwerem, który jest skonfigurowany jako węzeł wejściowy lub wyjściowy sieci TOR. Niektórzy atakujący używają sieci TOR w celu zatarcia śladów."
},
"IOC-12": {
"title": "Aplikacja komunikuje się z usługą, która może być nadużywana.",
"description": "Serwer {} jest używany dla uzasadnionych celów . Atakujący może być jednak w stanie komunikować się z implantami poprzez usługę. Zaleca się sprawdzić obecność na urządzenie prawowitej aplikcji przeznaczonej do korzystania z usługi."
},
"IOC-13": {
"title": "Co najmniej jedna aplikacja używa szyfrowania zapytań DNS.",
"description": "Skorzystano z serwera {} DNS over HTTPs (DoH) podczas badania. Wygląda na to, że co najmniej jedna aplikacja używa tej metody w celu szyfrowania zapytań DNS. Ogranicza to możliwościa przeglądania ruchu przez SpyGuard. Jeśli ta funkcja nie jest włączona na urządzeniu, warto dowiedzieć się, która aplikaja używa tej metody."
},
"ACT-01": {
"title": "Domena {} używa podejrzanego serwera nazw ({}).",
"description": "Nazwa domenowa {} używa serwera nazwa, który został jednoznacznie oznaczony jako skojarzony ze złośliwymi działaniami. Wielu cybeprzestępców oraz atakujących sponsorowanych przez państwa używa tego rodzaju rejestratorów nazw ponieważ pozwalają na płatności kryptowalutami oraz płatności anonimowe. Zaleca się zbadać tą domenę oraz aplikacje, które ją wykorzystują poprzez analizę telefonu metodami informatyki śledczej."
},
"ACT-02": {
"title": "Domena {} został stworzona całkiem niedawno ({} dni temu).",
"description": "Nazwa domenowa {} jest relatywnie nowa. Mimo że to samo w sobie nie jest złośliwe, dosyć często atakujący tworzą nową infrastrukturę dla kolejnych kampanii ataków co może objawiać się wykorzystaniem świeżo rejestrowanych domen."
},
"SSL-01": {
"title": "Połączenie TLS/SSL zrealizowane na niestandardowym porcie ({}) do {}",
"description": "Urządznie takie jak smartphone rzadko używają niestandardowych portów do połączeń TLS/SSL. Pomimo tego, że to może być całkowicie prawidłowe działanie, zalecamy sprawdzenie reputacji {} poprzez sprawdzenie rekordów WHOIS, skojarzone systemu autonomicznego, czasu utworzenia oraz przeszukanie internetu."
},
"SSL-02": {
"title": "Połączenie TLS/SSL do {} używającego darmowego certyfikatu.",
"description": "Darmowe certyfikaty - takie jak Let's Encrypt - są szeroko używane w obrębie serwerów kierowania i kontroli oraz do stron phishingowych. Zaleca się sprawdzić hosta skojarzonego z tym certyfikatem, przyjrzenie się domenie, jej dacie utworzenialub sprawdzenie reputacji hosta."
},
"SSL-03": {
"title": "Certyfikat towarzyszący {} jest z podpisem własnym (self-signed).",
"description": "Użycie certyfikatów z podpisem własnym (self-signed) jest częstą praktyką w przypadku infrastruktury atakujących. Zaleca się sprawdzić hosta {}, który jest skojarzony z certyfikatem, przyjrzeć się domenie (jeśli istnieje), rekordowi WHOIS, dacie utworzenia oraz sprawdzić reputację w internecie"
},
"SSL-04": {
"title": "Certyfikat towarzyszący {} jest skojarzony ze złośliwą działalnością ({}).",
"description": "Certyfikat wykorzystywany przez serwer {} został jednoznacznie skategoryzowany jako złośliwy. Twoje urządzenie wygląda na skompromitowane i powinno być poddane dalszej analizie przez profesjonalistów."
},
"SSL-05": {
"title": "Konfiguracja TLS/SSL hosta {} jest powiązana ze złośliwą działalnością ({}).",
"description": "Hash JARM skojarzony z serwerem {} został jednoznacznie skategoryzowany jako złośliwy. Twoje urządzenie może być skompromitowane i powinno być poddane dalszej analizie przez profesjonalistów."
},
"ADV-01": {
"title": "Check the alerts for {}",
"description": "Please, check the reputation of the host {}, this one seems to be malicious as it leveraged {} alerts during the session."
},
"SNORT-01": {
"title": "Zadziałała reguła Suricata: {}",
"description": "Reguła wykrywania zdarzeń została aktywowana. Jest prawdopodobne, że Twoje urządznie jest skompromitowane lub wykazuje podejrzane zachowanie."
}
},
"report": {
"numbers": [
"jeden",
"dwa",
"trzy",
"cztery",
"pięć",
"sześć",
"siedem",
"osiem",
"dziewięć"
],
"suspect_title": "Podejrzana komunikacja",
"uncat_title": "Nieskategoryzowana komunikacja",
"whitelist_title": "Komunikacja z listy dozwolonej",
"protocol": "Protokół",
"domain": "Domena",
"dst_ip": "Docelowy adres IP",
"dst_port": "Docelowy numer portu",
"device_mac": "Adres MAC urządzenia",
"report_generated_on": "Raport wygenerowano",
"capture_duration": "Czas trwania badania",
"packets_number": "Liczba pakietów",
"capture_sha1": "SHA1 zapisu ruchu",
"report_for_the_capture": "Raport dla badania",
"report_footer": "Raport został wygenerowany automatycznie przez urządzenie SpyGuard. W sprawie pytań, błędów oraz oceny, kontakt: spyguard@protonmail.com.",
"high_msg": "Twoje urządzenie wygląd na skompromitowane, odnotowano {} wysokich ostrzeżeń.",
"moderate_msg": "Odntowano {} umiarkowanych ostrzeżeń, Twoje urządzenie może być skompromitowane. Badź czujna(y) używając go.",
"low_msg": "Odnotowano tylko niskie ostrzeżenia: {}. Możesz się im przyjrzeć.",
"none_msg": "Zero ostrzeżeń, wszystko wygląda dobrze. Możesz się przyjrzeć nieskategoryzowanej komunikacji, jeżeli miała miejsce.",
"detection_methods": "Metody detekcji",
"analysis_duration": "Czas trwania analizy",
"instance_uuid": "Instancja SpyGuard",
"seconds" : "sekund(y)"
}
}

2
analysis/locales/pt.json
View File

@ -134,7 +134,7 @@
"packets_number": "Número de pacotes",
"capture_sha1": "Captura SHA1",
"report_for_the_capture": "Relatório da captura",
"report_footer": "Este relatório foi gerado automaticamente por um dispositivo SpyGuard. Em caso de dúvidas, relatório de erros ou comentários, envie uma mensagem para spyguard@protonmail.com.",
"report_footer": "Este relatório foi gerado automaticamente por um dispositivo SpyGuard. Em caso de dúvidas, relatório de erros ou comentários, envie uma mensagem para contact@spyguard.io.",
"high_msg": "O dispositivo parece estar comprometido porque você tem {} alerta(s) crítico(s).",
"moderate_msg": "Você tem {} alerta(s) moderado(s), seu dispositivo pode estar comprometido. Analise-os com cuidado.",
"low_msg": "Você tem apenas {} alerta(s) leve(s), não deixe de verificá-los.",

2
analysis/locales/ru.json
View File

@ -134,7 +134,7 @@
"packets_number": "Количество пакетов",
"capture_sha1": "Сбор данных SHA1",
"report_for_the_capture": "Отчет для сбора данных",
"report_footer": "Этот отчет был автоматически сформирован устройством SpyGuard. С любыми вопросами, сообщениями об ошибках или отзывами обращайтесь по адресу spyguard@protonmail.com.",
"report_footer": "Этот отчет был автоматически сформирован устройством SpyGuard. С любыми вопросами, сообщениями об ошибках или отзывами обращайтесь по адресу contact@spyguard.io.",
"high_msg": "Вероятно, ваше устройство взломано, поскольку у вас {} предупрежд. высокого уровня.",
"moderate_msg": "У вас {} предупрежд. среднего уровня. Возможно, ваше устройство взломано. Внимательно изучите их.",
"low_msg": "У вас {} предупрежд. низкого уровня, проверьте их.",

2
app/.gitignore vendored
View File

@ -81,7 +81,7 @@ typings/
# Nuxt.js build / generate output
.nuxt
dist
# Gatsby files
.cache/

3
app/frontend/dist/.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"python.pythonPath": "/usr/local/opt/python@3.8/bin/python3.8"
}

2
app/frontend/dist/css/app.9dd9f6a0.css → app/frontend/dist/css/app.f82c83ee.css vendored
View File

File diff suppressed because one or more lines are too long

0
app/frontend/dist/css/chunk-0861991e.3b87afd9.css → app/frontend/dist/css/chunk-0d175fb6.3b87afd9.css vendored
View File

0
app/frontend/dist/css/chunk-20894ada.030f6319.css → app/frontend/dist/css/chunk-7cb613d5.030f6319.css vendored
View File

2
app/frontend/dist/index.html vendored
View File

@ -1 +1 @@
<!DOCTYPE html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Vue App</title><link href="/css/chunk-0861991e.3b87afd9.css" rel="prefetch"><link href="/css/chunk-20894ada.030f6319.css" rel="prefetch"><link href="/js/chunk-0861991e.9c29cadc.js" rel="prefetch"><link href="/js/chunk-20894ada.5d58a9fc.js" rel="prefetch"><link href="/js/chunk-2d0b23b3.7a92b6b1.js" rel="prefetch"><link href="/js/chunk-2d0b6d35.594f8d0e.js" rel="prefetch"><link href="/js/chunk-2d0baeaa.e5cd247b.js" rel="prefetch"><link href="/js/chunk-2d0cfa15.15a50d26.js" rel="prefetch"><link href="/js/chunk-2e6079ad.09954c81.js" rel="prefetch"><link href="/css/app.9dd9f6a0.css" rel="preload" as="style"><link href="/css/chunk-vendors.466ce708.css" rel="preload" as="style"><link href="/js/app.5d381dba.js" rel="preload" as="script"><link href="/js/chunk-vendors.bad3f814.js" rel="preload" as="script"><link href="/css/chunk-vendors.466ce708.css" rel="stylesheet"><link href="/css/app.9dd9f6a0.css" rel="stylesheet"></head><body><div id="app"></div><script src="/js/chunk-vendors.bad3f814.js"></script><script src="/js/app.5d381dba.js"></script></body></html>
<!DOCTYPE html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Vue App</title><link href="/css/chunk-0d175fb6.3b87afd9.css" rel="prefetch"><link href="/css/chunk-7cb613d5.030f6319.css" rel="prefetch"><link href="/js/chunk-0d175fb6.56d23ddc.js" rel="prefetch"><link href="/js/chunk-2d0b23b3.3d66404f.js" rel="prefetch"><link href="/js/chunk-2d0b6d35.9c950e8a.js" rel="prefetch"><link href="/js/chunk-2d0baeaa.9d6eca74.js" rel="prefetch"><link href="/js/chunk-2d0cfa15.805b5619.js" rel="prefetch"><link href="/js/chunk-2e6079ad.3b1ceaed.js" rel="prefetch"><link href="/js/chunk-7cb613d5.35dd63f5.js" rel="prefetch"><link href="/css/app.f82c83ee.css" rel="preload" as="style"><link href="/css/chunk-vendors.466ce708.css" rel="preload" as="style"><link href="/js/app.13d7f657.js" rel="preload" as="script"><link href="/js/chunk-vendors.3521aad3.js" rel="preload" as="script"><link href="/css/chunk-vendors.466ce708.css" rel="stylesheet"><link href="/css/app.f82c83ee.css" rel="stylesheet"></head><body><div id="app"></div><script src="/js/chunk-vendors.3521aad3.js"></script><script src="/js/app.13d7f657.js"></script></body></html>

2
app/frontend/dist/js/app.13d7f657.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/app.13d7f657.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/app.5d381dba.js vendored
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/app.5d381dba.js.map vendored
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-0861991e.9c29cadc.js vendored
View File

@ -1,2 +0,0 @@
(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-0861991e"],{5980:function(e,s,t){},9152:function(e,s,t){"use strict";t.r(s);var a=function(){var e=this,s=e._self._c;return s("div",{staticClass:"wrapper"},[e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",{staticClass:"canvas-anim",class:{"anim-connect":!e.saved&&!e.usb},on:{click:function(s){return e.new_capture()}}},[!e.saved&&e.usb?s("div",{staticClass:"icon-spinner"}):e._e(),e.saved?s("div",{staticClass:"icon-success"}):e._e(),s("div",{staticClass:"icon-usb"}),s("div",{staticClass:"icon-usb-plug"})]),e.saved||e.usb?e._e():s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.please_connect")))]),!e.saved&&e.usb?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.we_are_saving")))]):e._e(),e.saved?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.tap_msg")))]):e._e()]):!e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",[s("p",{staticClass:"legend"},[e._v(e._s(e.$t("save-capture.capture_download"))),s("br"),s("br"),s("br")]),s("button",{staticClass:"btn btn-primary",on:{click:function(s){return e.new_capture()}}},[e._v(e._s(e.$t("save-capture.start_capture_btn")))]),s("iframe",{staticClass:"frame-download",attrs:{src:e.download_url}})])]):e._e()])},n=[],c=(t("14d9"),t("bc3a")),i=t.n(c),u=t("a18c"),o={name:"save-capture",components:{},data(){return{usb:!1,saved:!1,save_usb:!1,init:!1}},props:{capture_token:String},methods:{check_usb:function(){console.log("[save-capture.vue] Checking connected USB device..."),i.a.get("/api/save/usb-check",{timeout:3e4}).then(e=>{e.data.status&&(this.usb=!0,clearInterval(this.interval),this.save_capture())})},save_capture:function(){var e=this.capture_token;console.log("[save-capture.vue] Saving the capture on USB"),i.a.get(`/api/save/save-capture/${e}/usb`,{timeout:3e4}).then(e=>{e.data.status&&(this.saved=!0,console.log("[save-capture.vue] Capture saved, going back to main view"),this.timeout=setTimeout(()=>u["a"].push("/"),6e4))})},new_capture:function(){console.log("[save-capture.vue] Capture saved, generating a new access point"),clearTimeout(this.timeout),u["a"].push({name:"generate-ap"})}},created:function(){console.log("[save-capture.vue] Showing save-capture.vue"),window.config.download_links?(console.log("[save-capture.vue] Using download links instead of USB key"),this.init=!0,this.save_usb=!1,this.download_url=`/api/save/save-capture/${this.capture_token}/url`):(console.log("[save-capture.vue] Using USB key to save the capture"),this.init=!0,this.save_usb=!0,this.interval=setInterval(()=>{this.check_usb()},500))}},r=o,v=(t("d12d"),t("2877")),l=Object(v["a"])(r,a,n,!1,null,null,null);s["default"]=l.exports},d12d:function(e,s,t){"use strict";t("5980")}}]);
//# sourceMappingURL=chunk-0861991e.9c29cadc.js.map

1
app/frontend/dist/js/chunk-0861991e.9c29cadc.js.map vendored
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-0d175fb6.56d23ddc.js vendored Normal file
View File

@ -0,0 +1,2 @@
(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-0d175fb6"],{"192d":function(e,s,t){"use strict";t("fd7d")},9152:function(e,s,t){"use strict";t.r(s);var a=function(){var e=this,s=e._self._c;return s("div",{staticClass:"wrapper"},[e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",{staticClass:"canvas-anim",class:{"anim-connect":!e.saved&&!e.usb},on:{click:function(s){return e.new_capture()}}},[!e.saved&&e.usb?s("div",{staticClass:"icon-spinner"}):e._e(),e.saved?s("div",{staticClass:"icon-success"}):e._e(),s("div",{staticClass:"icon-usb"}),s("div",{staticClass:"icon-usb-plug"})]),e.saved||e.usb?e._e():s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.please_connect")))]),!e.saved&&e.usb?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.we_are_saving")))]):e._e(),e.saved?s("p",{staticClass:"legend"},[s("br"),e._v(e._s(e.$t("save-capture.tap_msg")))]):e._e()]):!e.save_usb&&e.init?s("div",{staticClass:"center"},[s("div",[s("p",{staticClass:"legend"},[e._v(e._s(e.$t("save-capture.capture_download"))),s("br"),s("br"),s("br")]),s("button",{staticClass:"btn btn-primary",on:{click:function(s){return e.new_capture()}}},[e._v(e._s(e.$t("save-capture.start_capture_btn")))]),s("iframe",{staticClass:"frame-download",attrs:{src:e.download_url}})])]):e._e()])},n=[],c=(t("14d9"),t("bc3a")),i=t.n(c),u=t("a18c"),o={name:"save-capture",components:{},data(){return{usb:!1,saved:!1,save_usb:!1,init:!1}},props:{capture_token:String},methods:{check_usb:function(){console.log("[save-capture.vue] Checking connected USB device..."),i.a.get("/api/save/usb-check",{timeout:3e4}).then(e=>{e.data.status&&(this.usb=!0,clearInterval(this.interval),this.save_capture())})},save_capture:function(){var e=this.capture_token;console.log("[save-capture.vue] Saving the capture on USB"),i.a.get(`/api/save/save-capture/${e}/usb`,{timeout:3e4}).then(e=>{e.data.status&&(this.saved=!0,console.log("[save-capture.vue] Capture saved, going back to main view"),this.timeout=setTimeout(()=>u["a"].push("/"),6e4))})},new_capture:function(){console.log("[save-capture.vue] Capture saved, generating a new access point"),clearTimeout(this.timeout),u["a"].push({name:"generate-ap"})}},created:function(){console.log("[save-capture.vue] Showing save-capture.vue"),window.config.download_links?(console.log("[save-capture.vue] Using download links instead of USB key"),this.init=!0,this.save_usb=!1,this.download_url=`/api/save/save-capture/${this.capture_token}/url`):(console.log("[save-capture.vue] Using USB key to save the capture"),this.init=!0,this.save_usb=!0,this.interval=setInterval(()=>{this.check_usb()},500))}},r=o,v=(t("192d"),t("2877")),l=Object(v["a"])(r,a,n,!1,null,null,null);s["default"]=l.exports},fd7d:function(e,s,t){}}]);
//# sourceMappingURL=chunk-0d175fb6.56d23ddc.js.map

1
app/frontend/dist/js/chunk-0d175fb6.56d23ddc.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-20894ada.5d58a9fc.js vendored
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-20894ada.5d58a9fc.js.map vendored
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-2d0b23b3.7a92b6b1.js → app/frontend/dist/js/chunk-2d0b23b3.3d66404f.js vendored
View File

@ -1,2 +1,2 @@
(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0b23b3"],{"22da":function(e,t,a){"use strict";a.r(t);var s=function(){var e=this,t=e._self._c;return t("div",{staticClass:"wrapper"},[t("div",{staticClass:"center"},[t("svg",{staticStyle:{margin:"auto",background:"none",display:"block","shape-rendering":"auto"},attrs:{xmlns:"http://www.w3.org/2000/svg","xmlns:xlink":"http://www.w3.org/1999/xlink",width:"194px",height:"194px",viewBox:"0 0 100 100",preserveAspectRatio:"xMidYMid"}},[t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dfdfdf","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"0s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"0s"}})]),t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dadada","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}})])]),e.long_waiting?e._e():t("p",{staticClass:"legend"},[e._v(e._s(e.$t("analysis.please_wait_msg")))]),e.long_waiting?t("p",{staticClass:"legend fade-in"},[e._v(e._s(e.$t("analysis.some_time_msg")))]):e._e()])])},i=[],n=a("a18c"),l=a("bc3a"),r=a.n(l),o={name:"analysis",data(){return{check_alerts:!1,long_waiting:!1}},props:{capture_token:String},methods:{start_analysis:function(){console.log("[analysis.vue] Starting the analysis..."),setTimeout(function(){this.long_waiting=!0}.bind(this),15e3),r.a.get("/api/analysis/start/"+this.capture_token,{timeout:6e4}).then(e=>{"Analysis started"==e.data.message&&(this.check_alerts=setInterval(()=>{this.get_alerts()},500))}).catch(e=>{console.log(e)})},get_alerts:function(){r.a.get("/api/analysis/report/"+this.capture_token,{timeout:6e4}).then(e=>{"No report yet"!=e.data.message?(console.log("[analysis.vue] Got the results analysis, moving to report view"),clearInterval(this.check_alerts),this.long_waiting=!1,n["a"].replace({name:"report",params:{alerts:e.data.alerts,device:e.data.device,methods:e.data.methods,pcap:e.data.pcap,records:e.data.records,capture_token:this.capture_token}})):console.log("[analysis.vue] No analysis results yet")}).catch(e=>{console.log(e)})}},created:function(){console.log("[analysis.vue] Showing analysis.vue"),this.start_analysis()}},c=o,d=a("2877"),p=Object(d["a"])(c,s,i,!1,null,null,null);t["default"]=p.exports}}]);
//# sourceMappingURL=chunk-2d0b23b3.7a92b6b1.js.map
//# sourceMappingURL=chunk-2d0b23b3.3d66404f.js.map

1
app/frontend/dist/js/chunk-2d0b23b3.3d66404f.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-2d0b23b3.7a92b6b1.js.map vendored
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-2d0b6d35.594f8d0e.js.map vendored
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-2d0b6d35.594f8d0e.js → app/frontend/dist/js/chunk-2d0b6d35.9c950e8a.js vendored
View File

@ -1,2 +1,2 @@
(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0b6d35"],{"1f8b":function(e,t,s){"use strict";s.r(t);var n=function(){var e=this,t=e._self._c;return t("div",{staticClass:"wrapper-dark"},[t("div",{staticClass:"center"},[t("h1",{attrs:{id:"title"}},[e._v(e._s(e.title))]),t("span",{staticClass:"loading loading-lg loadingsplash"}),t("span",{staticClass:"message_splash"},[e._v(e._s(e.message))])])])},a=[],o=s("a18c"),i=s("bc3a"),l=s.n(i),c={name:"splash-screen",components:{},data(){return{internet:!1,message:"",title:"SPYGUARD",letters:["SSS§ṠSSSSS","PPPþ⒫PPPP","YYYÿYYYÿYȲYY","GGḠGGGǤG¬G","UÚUUÜUɄUUU","AAAAÄA¬AAA","RЯRɌRRRɌʭR","DD¬DDDDƋDD"]}},methods:{delete_captures:function(){this.message="Doing some cleaning...",console.log("[splash-screen.vue] Deleting previous captures..."),l.a.get("/api/misc/delete-captures",{timeout:3e4}),setTimeout(function(){this.goto_home()}.bind(this),2e3)},goto_home:function(){console.log("[splash-screen.vue] Going to home..."),this.message="Going to home...",o["a"].replace({name:"home"})},generate_random:function(e=0,t=1e3){let s=t-e,n=Math.random();return n=Math.floor(n*s),n+=e,n}},created:function(){window.access_point="",console.log("[splash-screen.vue] Welcome to SPYGUARD"),setInterval(function(){let e="";this.letters.forEach(t=>{e+=t.charAt(this.generate_random(0,9))}),this.title=e,setTimeout(function(){this.title="SPYGUARD"}.bind(this),this.generate_random(30,100))}.bind(this),this.generate_random(500,4e3)),this.delete_captures()}},r=c,h=s("2877"),u=Object(h["a"])(r,n,a,!1,null,null,null);t["default"]=u.exports}}]);
//# sourceMappingURL=chunk-2d0b6d35.594f8d0e.js.map
//# sourceMappingURL=chunk-2d0b6d35.9c950e8a.js.map

1
app/frontend/dist/js/chunk-2d0b6d35.9c950e8a.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-2d0baeaa.e5cd247b.js → app/frontend/dist/js/chunk-2d0baeaa.9d6eca74.js vendored
View File

@ -1,2 +1,2 @@
(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0baeaa"],{"38f5":function(e,t,a){"use strict";a.r(t);var s=function(){var e=this,t=e._self._c;return t("div",{staticClass:"wrapper"},[t("div",{staticClass:"center"},[0==e.error?t("div",[e.ssid_name?t("div",[t("div",{staticClass:"card apcard",on:{click:function(t){return e.generate_ap()}}},[t("div",{staticClass:"columns"},[t("div",{staticClass:"column col-5"},[t("center",[t("img",{attrs:{src:e.ssid_qr,id:"qrcode"}})])],1),t("div",{staticClass:"divider-vert white-bg",attrs:{"data-content":"OR"}}),t("div",{staticClass:"column col-5"},[t("br"),t("span",{staticClass:"light-grey"},[e._v(e._s(e.$t("generate-ap.network_name"))+" ")]),t("br"),t("h4",[e._v(e._s(e.ssid_name))]),t("span",{staticClass:"light-grey"},[e._v(e._s(e.$t("generate-ap.network_password"))+" ")]),t("br"),t("h4",[e._v(e._s(e.ssid_password))])])])]),t("br"),t("br"),t("br"),t("br"),e._v(" "),t("br"),t("br"),t("br"),t("br"),t("br"),t("br"),t("span",{staticClass:"legend"},[e._v(e._s(e.$t("generate-ap.tap_msg")))])]):t("div",[t("svg",{staticStyle:{margin:"auto",background:"none",display:"block","shape-rendering":"auto"},attrs:{xmlns:"http://www.w3.org/2000/svg","xmlns:xlink":"http://www.w3.org/1999/xlink",width:"194px",height:"194px",viewBox:"0 0 100 100",preserveAspectRatio:"xMidYMid"}},[t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dfdfdf","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"0s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"0s"}})]),t("circle",{attrs:{cx:"50",cy:"50",r:"0",fill:"none",stroke:"#dadada","stroke-width":"1"}},[t("animate",{attrs:{attributeName:"r",repeatCount:"indefinite",dur:"2.941176470588235s",values:"0;43",keyTimes:"0;1",keySplines:"0 0.2 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}}),t("animate",{attrs:{attributeName:"opacity",repeatCount:"indefinite",dur:"2.941176470588235s",values:"1;0",keyTimes:"0;1",keySplines:"0.2 0 0.8 1",calcMode:"spline",begin:"-1.4705882352941175s"}})])]),t("p",{staticClass:"legend"},[e._v(e._s(e.$t("generate-ap.generate_ap_msg")))])])]):t("div",[t("p",[t("strong",{domProps:{innerHTML:e._s(e.$t("generate-ap.error_msg1"))}}),t("br"),t("br"),t("span",{domProps:{innerHTML:e._s(e.$t("generate-ap.error_msg2"))}}),t("br"),t("br")])])])])},r=[],n=a("bc3a"),i=a.n(n),o=a("a18c"),c={name:"generate-ap",components:{},data(){return{ssid_name:!1,ssid_qr:!1,ssid_password:!1,capture_token:!1,capture_start:!1,interval:!1,error:!1,reboot_option:window.config.reboot_option,attempts:3}},methods:{generate_ap:function(){console.log("[generate-ap.vue] Trying to start a new access point"),clearInterval(this.interval),this.ssid_name=!1,i.a.get("/api/network/ap/start",{timeout:3e4}).then(e=>this.show_ap(e.data))},show_ap:function(e){e.status?(console.log("[generate-ap.vue] Access point created, showing SSID"),window.access_point=e.ssid,this.ssid_name=e.ssid,this.ssid_password=e.password,this.ssid_qr=e.qrcode,this.start_capture()):(console.log("[generate-ap.vue] Issue when creating AP, let's retry"),0!=this.attempts?(setTimeout(function(){this.generate_ap()}.bind(this),1e4),this.attempts-=1):(console.log("[generate-ap.vue] Fatal error when creating AP, showing the error message"),this.error=!0))},start_capture:function(){console.log("[generate-ap.vue] Starting the capture in background"),i.a.get("/api/capture/start",{timeout:3e4}).then(e=>this.get_capture_token(e.data))},reboot:function(){console.log("[generate-ap.vue] Rebooting the device"),i.a.get("/api/misc/reboot",{timeout:3e4}).then(e=>{console.log(e)})},get_capture_token:function(e){e.status&&(console.log("[generate-ap.vue] Capture token retrieved, waiting a device to connect"),this.capture_token=e.capture_token,this.capture_start=Date.now(),this.get_device())},get_device:function(){this.interval=setInterval(()=>{i.a.get("/api/device/get/"+this.capture_token,{timeout:3e4}).then(e=>this.check_device(e.data))},500)},check_device:function(e){if(e.status){console.log("[generate-ap.vue] Device connected, going to capture view."),clearInterval(this.interval);var t=this.capture_token,a=this.capture_start,s=e.name;o["a"].replace({name:"capture",params:{capture_token:t,capture_start:a,device_name:s}})}}},created:function(){console.log("[generate-ap.vue] Showing generate-ap.vue"),this.generate_ap()}},p=c,d=a("2877"),l=Object(d["a"])(p,s,r,!1,null,null,null);t["default"]=l.exports}}]);
//# sourceMappingURL=chunk-2d0baeaa.e5cd247b.js.map
//# sourceMappingURL=chunk-2d0baeaa.9d6eca74.js.map

1
app/frontend/dist/js/chunk-2d0baeaa.9d6eca74.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-2d0baeaa.e5cd247b.js.map vendored
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-2d0cfa15.15a50d26.js.map vendored
View File

@ -1 +0,0 @@
{"version":3,"sources":["webpack:///./src/views/home.vue","webpack:///src/views/home.vue","webpack:///./src/views/home.vue?755c","webpack:///./src/views/home.vue?79fa"],"names":["render","_vm","this","_c","_self","staticClass","_v","_s","$t","on","$event","next","staticRenderFns","name","methods","router","push","component"],"mappings":"uHAAA,IAAIA,EAAS,WAAkB,IAAIC,EAAIC,KAAKC,EAAGF,EAAIG,MAAMD,GAAG,OAAOA,EAAG,MAAM,CAACE,YAAY,WAAW,CAACF,EAAG,MAAM,CAACE,YAAY,UAAU,CAACF,EAAG,KAAK,CAACE,YAAY,WAAW,CAACJ,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,wBAAwBL,EAAG,IAAI,CAACF,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,qBAAqBL,EAAG,SAAS,CAACE,YAAY,kBAAkBI,GAAG,CAAC,MAAQ,SAASC,GAAQ,OAAOT,EAAIU,UAAU,CAACV,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,2BAErXI,EAAkB,G,wBCWP,GACfC,KAAA,OACAC,QAAA,CACAH,KAAA,WACAI,OAAAC,KAAA,CAAAH,KAAA,mBCjB6U,I,YCOzUI,EAAY,eACd,EACAjB,EACAY,GACA,EACA,KACA,KACA,MAIa,aAAAK,E","file":"js/chunk-2d0cfa15.15a50d26.js","sourcesContent":["var render = function render(){var _vm=this,_c=_vm._self._c;return _c('div',{staticClass:\"wrapper\"},[_c('div',{staticClass:\"center\"},[_c('h3',{staticClass:\"lobster\"},[_vm._v(_vm._s(_vm.$t(\"home.welcome_msg\")))]),_c('p',[_vm._v(_vm._s(_vm.$t(\"home.help_msg\")))]),_c('button',{staticClass:\"btn btn-primary\",on:{\"click\":function($event){return _vm.next()}}},[_vm._v(_vm._s(_vm.$t(\"home.start_btn\")))])])])\n}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","<template>\r\n <div class=\"wrapper\">\r\n <div class=\"center\">\r\n <h3 class=\"lobster\">{{ $t(\"home.welcome_msg\") }}</h3>\r\n <p>{{ $t(\"home.help_msg\") }}</p>\r\n <button class=\"btn btn-primary\" v-on:click=\"next()\">{{ $t(\"home.start_btn\") }}</button>\r\n </div>\r\n </div>\r\n</template>\r\n\r\n<script>\r\nimport router from '../router'\r\n\r\nexport default {\r\n name: 'home',\r\n methods: {\r\n next: function() {\r\n router.push({ name: 'generate-ap' });\r\n }\r\n }\r\n}\r\n</script>\r\n","import mod from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js\"; export default mod; export * from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js\"","import { render, staticRenderFns } from \"./home.vue?vue&type=template&id=66a1090d\"\nimport script from \"./home.vue?vue&type=script&lang=js\"\nexport * from \"./home.vue?vue&type=script&lang=js\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/vue-loader/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n null,\n null\n \n)\n\nexport default component.exports"],"sourceRoot":""}

2
app/frontend/dist/js/chunk-2d0cfa15.15a50d26.js → app/frontend/dist/js/chunk-2d0cfa15.805b5619.js vendored
View File

@ -1,2 +1,2 @@
(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-2d0cfa15"],{6511:function(t,n,s){"use strict";s.r(n);var e=function(){var t=this,n=t._self._c;return n("div",{staticClass:"wrapper"},[n("div",{staticClass:"center"},[n("h3",{staticClass:"lobster"},[t._v(t._s(t.$t("home.welcome_msg")))]),n("p",[t._v(t._s(t.$t("home.help_msg")))]),n("button",{staticClass:"btn btn-primary",on:{click:function(n){return t.next()}}},[t._v(t._s(t.$t("home.start_btn")))])])])},a=[],c=(s("14d9"),s("a18c")),o={name:"home",methods:{next:function(){c["a"].push({name:"generate-ap"})}}},r=o,i=s("2877"),l=Object(i["a"])(r,e,a,!1,null,null,null);n["default"]=l.exports}}]);
//# sourceMappingURL=chunk-2d0cfa15.15a50d26.js.map
//# sourceMappingURL=chunk-2d0cfa15.805b5619.js.map

1
app/frontend/dist/js/chunk-2d0cfa15.805b5619.js.map vendored Normal file
View File

@ -0,0 +1 @@
{"version":3,"sources":["webpack:///./src/views/home.vue","webpack:///src/views/home.vue","webpack:///./src/views/home.vue?d449","webpack:///./src/views/home.vue?46ae"],"names":["render","_vm","this","_c","_self","staticClass","_v","_s","$t","on","$event","next","staticRenderFns","name","methods","router","component"],"mappings":"uHAAA,IAAIA,EAAS,WAAkB,IAAIC,EAAIC,KAAKC,EAAGF,EAAIG,MAAMD,GAAG,OAAOA,EAAG,MAAM,CAACE,YAAY,WAAW,CAACF,EAAG,MAAM,CAACE,YAAY,UAAU,CAACF,EAAG,KAAK,CAACE,YAAY,WAAW,CAACJ,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,wBAAwBL,EAAG,IAAI,CAACF,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,qBAAqBL,EAAG,SAAS,CAACE,YAAY,kBAAkBI,GAAG,CAAC,MAAQ,SAASC,GAAQ,OAAOT,EAAIU,UAAU,CAACV,EAAIK,GAAGL,EAAIM,GAAGN,EAAIO,GAAG,2BAErXI,EAAkB,G,wBCWP,GACfC,YACAC,SACAH,gBACAI,aAAAF,wBCjB8U,I,YCO1UG,EAAY,eACd,EACAhB,EACAY,GACA,EACA,KACA,KACA,MAIa,aAAAI,E","file":"js/chunk-2d0cfa15.805b5619.js","sourcesContent":["var render = function render(){var _vm=this,_c=_vm._self._c;return _c('div',{staticClass:\"wrapper\"},[_c('div',{staticClass:\"center\"},[_c('h3',{staticClass:\"lobster\"},[_vm._v(_vm._s(_vm.$t(\"home.welcome_msg\")))]),_c('p',[_vm._v(_vm._s(_vm.$t(\"home.help_msg\")))]),_c('button',{staticClass:\"btn btn-primary\",on:{\"click\":function($event){return _vm.next()}}},[_vm._v(_vm._s(_vm.$t(\"home.start_btn\")))])])])\n}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","<template>\r\n <div class=\"wrapper\">\r\n <div class=\"center\">\r\n <h3 class=\"lobster\">{{ $t(\"home.welcome_msg\") }}</h3>\r\n <p>{{ $t(\"home.help_msg\") }}</p>\r\n <button class=\"btn btn-primary\" v-on:click=\"next()\">{{ $t(\"home.start_btn\") }}</button>\r\n </div>\r\n </div>\r\n</template>\r\n\r\n<script>\r\nimport router from '../router'\r\n\r\nexport default {\r\n name: 'home',\r\n methods: {\r\n next: function() {\r\n router.push({ name: 'generate-ap' });\r\n }\r\n }\r\n}\r\n</script>\r\n","import mod from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js&\"; export default mod; export * from \"-!../../node_modules/cache-loader/dist/cjs.js??ref--13-0!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/cache-loader/dist/cjs.js??ref--1-0!../../node_modules/vue-loader/lib/index.js??vue-loader-options!./home.vue?vue&type=script&lang=js&\"","import { render, staticRenderFns } from \"./home.vue?vue&type=template&id=66a1090d&\"\nimport script from \"./home.vue?vue&type=script&lang=js&\"\nexport * from \"./home.vue?vue&type=script&lang=js&\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/vue-loader/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n null,\n null\n \n)\n\nexport default component.exports"],"sourceRoot":""}

1
app/frontend/dist/js/chunk-2e6079ad.09954c81.js.map vendored
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-2e6079ad.09954c81.js → app/frontend/dist/js/chunk-2e6079ad.3b1ceaed.js vendored
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-2e6079ad.3b1ceaed.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
app/frontend/dist/js/chunk-7cb613d5.35dd63f5.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-7cb613d5.35dd63f5.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

25
app/frontend/dist/js/chunk-vendors.3521aad3.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-vendors.3521aad3.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

25
app/frontend/dist/js/chunk-vendors.bad3f814.js vendored
View File

File diff suppressed because one or more lines are too long

1
app/frontend/dist/js/chunk-vendors.bad3f814.js.map vendored
View File

File diff suppressed because one or more lines are too long

3
app/frontend/public/.vscode/settings.json vendored Executable file
View File

@ -0,0 +1,3 @@
{
"python.pythonPath": "/usr/local/opt/python@3.8/bin/python3.8"
}

18
app/frontend/src/assets/custom.css
View File

@ -1100,25 +1100,7 @@ ul {
color: #cecece;
}
.no-alerts-to-show {
text-align: center;
padding: 50px;
background-color: #f7f8f9;
border: 1px dashed #eee;
border-radius: 5px;
font-size: 25px;
color: #CFCFCF;
margin-bottom: 30px;
margin-top: 20px;
}
.no-alerts-to-show>.main-text {
color: #CCC;
}
.no-alerts-to-show>.second-text {
font-size: 20px;
}
.icon-usb {
background: url('../assets/icon_usb.svg') no-repeat 0 0;

5
app/frontend/src/locales/de.json
View File

@ -62,9 +62,6 @@
"moderate": "Mittel",
"low": "Niedrig",
"uncat_coms_table" : "Kommunikation nicht kategorisiert",
"whitelisted_coms_table" : "Kommunikation auf der Whitelist",
"no_alerts_title" : "Die Analyse der Kommunikation Ihres Geräts hat zu keinen Warnungen geführt.",
"no_alerts_subtext" : "Unten können Sie die von ihm während der Erfassung ausgegebenen Mitteilungen sehen.",
"protocol" : "Protokoll",
"domain_name" : "Domain",
"ip_address": "IP-Adresse:",
@ -80,7 +77,7 @@
"please_connect": "Bitte schließen Sie einen USB-Stick an, um Ihre Aufnahme zu speichern.",
"we_are_saving": "Wir speichern Ihre Aufnahme.",
"tap_msg": "Sie können den USB-Stick antippen, um eine neue Aufnahme zu starten.",
"capture_download": "Der Download der Aufnahme beginnt…",
"capture_download": "Der Download der Aufnahme beginnt …",
"start_capture_btn": "Noch eine Aufnahme starten"
},
"modals": {

3
app/frontend/src/locales/en.json
View File

@ -62,9 +62,6 @@
"moderate": "moderate",
"low": "low",
"uncat_coms_table" : "Uncategorized communications",
"whitelisted_coms_table" : "Whitelisted communications",
"no_alerts_title" : "Analysis of your smartphone's communications did not cause any alerts.",
"no_alerts_subtext" : "You can see below the communications issued by it during the capture.",
"protocol" : "Protocol",
"domain_name" : "Domain",
"ip_address" : "IP Address",

3
app/frontend/src/locales/es.json
View File

@ -62,9 +62,6 @@
"moderate": "moderada",
"low": "bajo",
"uncat_coms_table" : "Sin categorizar Comunicaciones",
"whitelisted_coms_table": "Comunicaciones incluidas en la lista blanca",
"no_alerts_title": "El análisis de las comunicaciones de su dispositivo no generó ninguna alerta.",
"no_alerts_subtext": "Puedes ver a continuación las comunicaciones emitidas por éste durante la captura.",
"protocol" : "Protocolo",
"domain_name" : "Dominio",
"ip_address" : "Dirección IP ",

3
app/frontend/src/locales/fr.json
View File

@ -62,9 +62,6 @@
"moderate": "moyenne",
"low": "basse",
"uncat_coms_table" : "Communications non catégorisées",
"whitelisted_coms_table": "Communications sur liste blanche",
"no_alerts_title": "L'analyse des communications de votre appareil n'a provoqué aucune alerte.",
"no_alerts_subtext": "Vous pouvez voir ci-dessous les communications émises par celui-ci lors de la capture.",
"protocol" : "Protocole",
"domain_name" : "Domaine",
"ip_address" : "Adresse IP",

3
app/frontend/src/locales/it.json
View File

@ -62,9 +62,6 @@
"moderate": "moderata",
"low": "bassa",
"uncat_coms_table" : "Comunicazioni non categorizzate",
"whitelisted_coms_table": "Comunicazioni autorizzate",
"no_alerts_title": "L'analisi delle comunicazioni del tuo dispositivo non ha causato alcun avviso.",
"no_alerts_subtext": "Di seguito puoi vedere le comunicazioni emesse da esso durante la cattura.",
"protocol" : "Protocollo",
"domain_name" : "Dominio",
"ip_address" : "Indirizzo IP",

93
app/frontend/src/locales/pl.json
View File

@ -1,93 +0,0 @@
{
"home": {
"welcome_msg": "Witaj w SpyGuard.",
"help_msg": "Pomożemy Ci sprawdzić Twoje urządzenie.",
"start_btn": "Start!"
},
"analysis": {
"question": "Czy chcesz przeanalizować przechwyconą komunikację?",
"no_btn": "Nie, tylko zapisz",
"yes_btn": "Tak, wykonaj",
"please_wait_msg": "Poczekaj na zakończenie analizy...",
"some_time_msg": "Tak, to może chwilę potrwać..."
},
"capture": {
"intercept_coms_msg": "Przechwytywanie komunikacji z ",
"stop_btn": "Zatrzymaj przechwytywanie"
},
"generate-ap": {
"network_name": "Nazwa sieci",
"network_password": "Hasło do sieci",
"tap_msg": "Naciśnij białą ramkę aby wygenerować nową sieć.",
"generate_ap_msg": "Wygenerujemy tymczasową sieć do wykorzystania.",
"error_msg1": "Niestety, wystąpiły problemy <br />podczas tworzenia punktu dostępowego.",
"error_msg2": "Sprawdź czy odpowiedni interfejs został skonfigurowany<br /> w ustawieniach zaplecza."
},
"report": {
"show_full_report": "Pokaż pełny raport",
"start_new_capture": "Rozpocznij od nowa",
"save_capture": "Zachowaj ruch sieciowy",
"save": "Zapisz",
"print": "Drukuj",
"numbers": [
"zero",
"jeden",
"dwa",
"trzy",
"cztery",
"pięć",
"sześć",
"siedem",
"osiem",
"dziewięć",
"dziesięć",
"jedenaście"
],
"stalkerware_msg": "Twoje urządzenie jest zagrożone<br />przez stalkerware, zapoznaj się z raportem.",
"location_msg": "Aplikacja udostępnia Twoje<br /> bieżące położenie stronie trzeciej.",
"fine_msg": "Wszystko wygląda w porządku, zero alarmów.",
"high_msg": "Masz {nb} poważnych alarmów,<br />Twoje urządzenie wygląda na zagrożone.",
"moderate_msg": "Masz {nb} umiarkowanych alarmów,<br />Twoje urządzenie może być zagrożone.",
"low_msg": "Masz tylko {nb} niskich alarmów,<br />nie wahaj się ich sprawdzić.",
"save_report": "Zapisz raport",
"report_of": "Raport z",
"detection_methods": "Metody detekcji:",
"indicators": "Wskaźniki",
"heuristics": "Heurystyki",
"active": "Aktywne",
"pcap_sha1": "Suma SHA1 zapisu ruchu:",
"capture_started": "Przechwytywanie rozpoczęto o:",
"capture_ended": "Przechwytywanie zakończono o:",
"high": "wysoki",
"moderate": "umiarkowany",
"low": "niski",
"uncat_coms_table" : "Komunikacja nieskategoryzowana",
"whitelisted_coms_table" : "Komunikacja dozwolona",
"no_alerts_title" : "Analiza komunikacji z urządzenia nie spowodowała żadnych alarmów.",
"no_alerts_subtext" : "Zapoznaj się z komunikacją zaobserwowaną podczas przechwytywania.",
"protocol" : "Protokół",
"domain_name" : "Domena",
"ip_address" : "Adres IP",
"port" : "Port"
},
"wifi-select": {
"wifi_connected": "Wi-Fi - podłączono",
"wifi_not_connected": "Wi-Fi - nie podłączono. Spróbuj ponownie.",
"wifi_password": "Hasło",
"connect_to_it": "Podłącz"
},
"save-capture": {
"please_connect": "Podłącz pamięć USB aby zachować przechwycony ruch sieciowy.",
"we_are_saving": "Zapisywanie przechwytywania.",
"tap_msg": "Dotknij ikony pamięci USB aby rozpocząć nowe przechwytywnie.",
"capture_download": "Rozpocznie się pobieranie pliku przechwytywania...",
"start_capture_btn": "Rozpocznij kolejne przechwytywanie"
},
"modals": {
"want_to_quit": "Czy chcesz opuścić aplikację?",
"no_go_back": "Nie, wróć",
"yes_continue": "Tak, kontynuuj",
"please_give_the_password": "Podaj hasło do sieci: ",
"want_to_whitelist" : "Czy chcesz dodać <i class='ioc'>{host}</i> do listy dozwolonych<br />dla następnych analiz?"
}
}

3
app/frontend/src/locales/pt.json
View File

@ -62,9 +62,6 @@
"moderate": "moderado",
"low": "leve",
"uncat_coms_table" : "Comunicações não categorizadas",
"whitelisted_coms_table" : "Comunicações na lista branca",
"no_alerts_title" : "A análise das comunicações do seu dispositivo não causou nenhum alerta.",
"no_alerts_subtext" : "Você pode ver abaixo as comunicações emitidas por ele durante a captura.",
"protocol" : "Protocolo",
"domain_name" : "Domínio",
"ip_address": "Endereço IP:",

3
app/frontend/src/locales/ru.json
View File

@ -62,9 +62,6 @@
"moderate": "средний",
"low": "низкий",
"uncat_coms_table" : "Несекретные сообщения",
"whitelisted_coms_table": "Связь в белом списке",
"no_alerts_title": "Анализ сообщений вашего устройства не вызвал никаких предупреждений.",
"no_alerts_subtext": "Ниже вы можете увидеть сообщения, отправленные им во время захвата.",
"protocol" : "Протокол",
"domain_name" : "домен",
"ip_address": "IP-адрес:",

5
app/frontend/src/plugins/i18n.js
View File

@ -13,7 +13,6 @@ export const i18n = new VueI18n({
'ru': require('@/locales/ru.json'),
'pt': require('@/locales/pt.json'),
'it': require('@/locales/it.json'),
'de': require('@/locales/de.json'),
'pl': require('@/locales/pl.json')
'de': require('@/locales/de.json')
}
})
})

106
app/frontend/src/views/report.vue
View File

@ -29,7 +29,7 @@
<button class="btn btn-report-low" @click="show_report=true;results=false;">{{ $t("report.show_full_report") }}</button>
</div>
</div>
<div v-else class="none-wrapper">
<div v-else class="none-wrapper">
<div class="center">
<h1 class="warning-title" v-html="$t('report.fine_msg')"></h1>
<button class="btn btn-report-low-light" @click="show_report=true;results=false;">{{ $t("report.show_full_report") }}</button>
@ -48,47 +48,41 @@
{{ $t("report.detection_methods") }} {{ detection_methods }}
</div>
</div>
<div v-if="alerts">
<ul class="alerts">
<li class="alert" v-for="alert in alerts.high" :key="alert.message">
<div class="alert-header">
<span class="high-label">{{ $t("report.high") }}</span>
<span class="alert-id">{{ alert.id }}</span>
<span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
</div>
<div class="alert-body">
<span class="title">{{ alert.title }}</span>
<p class="description">{{ alert.description }}</p>
</div>
</li>
<li class="alert" v-for="alert in alerts.moderate" :key="alert.message">
<div class="alert-header">
<span class="moderate-label">{{ $t("report.moderate") }}</span>
<span class="alert-id">{{ alert.id }}</span>
<span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
</div>
<div class="alert-body">
<span class="title">{{ alert.title }}</span>
<p class="description">{{ alert.description }}</p>
</div>
</li>
<li class="alert" v-for="alert in alerts.low" :key="alert.message">
<div class="alert-header">
<span class="moderate-label">{{ $t("report.low") }}</span>
<span class="alert-id">{{ alert.id }}</span>
<span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
</div>
<div class="alert-body">
<span class="title">{{ alert.title }}</span>
<p class="description">{{ alert.description }}</p>
</div>
</li>
</ul>
</div>
<div class="no-alerts-to-show" v-else>
<span class="main-text">{{ $t("report.no_alerts_title") }}</span><br />
<span class="second-text">{{ $t("report.no_alerts_subtext") }}</span>
</div>
<ul class="alerts">
<li class="alert" v-for="alert in alerts.high" :key="alert.message">
<div class="alert-header">
<span class="high-label">{{ $t("report.high") }}</span>
<span class="alert-id">{{ alert.id }}</span>
<span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
</div>
<div class="alert-body">
<span class="title">{{ alert.title }}</span>
<p class="description">{{ alert.description }}</p>
</div>
</li>
<li class="alert" v-for="alert in alerts.moderate" :key="alert.message">
<div class="alert-header">
<span class="moderate-label">{{ $t("report.moderate") }}</span>
<span class="alert-id">{{ alert.id }}</span>
<span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
</div>
<div class="alert-body">
<span class="title">{{ alert.title }}</span>
<p class="description">{{ alert.description }}</p>
</div>
</li>
<li class="alert" v-for="alert in alerts.low" :key="alert.message">
<div class="alert-header">
<span class="moderate-label">{{ $t("report.low") }}</span>
<span class="alert-id">{{ alert.id }}</span>
<span class="btn-whitelist" v-on:click="add_whitelist(alert.host)">Add to the whitelist</span>
</div>
<div class="alert-body">
<span class="title">{{ alert.title }}</span>
<p class="description">{{ alert.description }}</p>
</div>
</li>
</ul>
<h5 class="title-report" v-if="uncategorized_records.length>0">{{ $t("report.uncat_coms_table") }}</h5>
<div v-if="uncategorized_records.length>0">
<table class="table-uncat">
@ -108,25 +102,6 @@
</tr>
</table>
</div>
<h5 class="title-report" v-if="whitelisted_records.length>0">{{ $t("report.whitelisted_coms_table") }}</h5>
<div v-if="whitelisted_records.length>0">
<table class="table-uncat">
<thead>
<tr>
<td>{{ $t("report.protocol") }}</td>
<td>{{ $t("report.domain_name") }}</td>
<td>{{ $t("report.ip_address") }}</td>
<td>{{ $t("report.port") }}</td>
</tr>
</thead>
<tr v-for="record in whitelisted_records" :key="record.ip_dst">
<td>{{ Object.keys(record.protocols).map(key => record.protocols[key].name).join(", ") }}</td>
<td>{{ record.domains.join(", ") }}</td>
<td>{{ record.ip_dst }}</td>
<td>{{ Object.keys(record.protocols).map(key => record.protocols[key].port).join(", ") }}</td>
</tr>
</table>
</div>
<div id="controls-analysis">
<div class="column col-6">
<button class="btn btn btn-primary width-100" v-on:click="save_capture()">{{ $t("report.save") }}</button>
@ -158,8 +133,7 @@ export default {
return {
results: true,
detection_methods: "",
uncategorized_records: [],
whitelisted_records: []
uncategorized_records: []
}
},
props: {
@ -204,12 +178,10 @@ export default {
add_whitelist: function(host){
EventBus.$emit("showModal", {"action" : "whitelist", "host" : host})
},
get_records: function(){
get_uncategorized_records: function(){
this.records.forEach( r => {
if (!r.suspicious && !r.whitelisted){
this.uncategorized_records.push(r);
} else if (r.whitelisted){
this.whitelisted_records.push(r);
}
})
}
@ -217,7 +189,7 @@ export default {
created: function() {
console.log("[report.vue] Showing report.vue");
this.get_detection_methods();
this.get_records();
this.get_uncategorized_records();
}
}
</script>

30743
assets/iocs.json
View File

File diff suppressed because one or more lines are too long

35
assets/requirements.txt
View File

@ -1,18 +1,17 @@
ipwhois==1.2.0
pydig==0.4.0
pymisp==2.4.165.1
netaddr==0.8.0
pyyaml==5.3.1
flask==2.3.3
flask_httpauth==4.7.0
pyjwt==1.7.1
sqlalchemy==1.4.44
psutil==5.8.0
pyudev==0.24.0
qrcode==7.3.1
netifaces==0.11.0
weasyprint==57.1
python-whois==0.8.0
publicsuffix2==2.20191221
six==1.16.0
pyOpenSSL==23.2.0
ipwhois
pydig
pymisp
netaddr
pyyaml
flask
flask_httpauth
pyjwt
sqlalchemy
psutil
pyudev
qrcode
netifaces
weasyprint
python-whois
publicsuffix2
six>=1.13.0

87
install.sh
View File

@ -1,16 +1,17 @@
#!/bin/bash
CURRENT_USER="${SUDO_USER}"
SCRIPT_PATH="$( cd "$(dirname "$0")" ; pwd -P )"
HOST="$( hostname )"
LOCALES=(de en es fr it pl pt ru)
LOCALES=(en fr es ru pt de it)
welcome_screen() {
cat << "EOF"
__ _ __ _ _
(_ |_) \_/ /__ | | /\ |_) | \
__) | | \_| |_| /--\ | \ |_/
SpyGuard is a fork of TinyCheck, developped by Kaspersky.
__ _ __ _ _
(_ |_) \_/ /__ | | /\ |_) | \
__) | | \_| |_| /--\ | \ |_/
SpyGuard is a fork of TinyCheck, developped by Kaspersky.
-----
EOF
@ -65,8 +66,8 @@ set_credentials() {
}
create_directory() {
# Create the SpyGuard directory and move the whole stuff there.
echo -e "[+] Creating SpyGuard folder under /usr/share/"
# Create the Spyguard directory and move the whole stuff there.
echo -e "[+] Creating Spyguard folder under /usr/share/"
mkdir /usr/share/spyguard
cp -Rf ./* /usr/share/spyguard
}
@ -79,6 +80,7 @@ generate_certificate() {
create_services() {
# Create services to launch the two servers.
echo -e "\e[39m[+] Creating services\e[39m"
echo -e "\e[92m [✔] Creating frontend service\e[39m"
@ -88,7 +90,7 @@ Description=Spyguard frontend service
[Service]
Type=simple
ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/frontend/main.py
ExecStart=/usr/bin/python3 /usr/share/spyguard/server/frontend/main.py
Restart=on-abort
KillMode=process
@ -103,7 +105,7 @@ Description=Spyguard backend service
[Service]
Type=simple
ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/backend/main.py
ExecStart=/usr/bin/python3 /usr/share/spyguard/server/backend/main.py
Restart=on-abort
KillMode=process
@ -120,7 +122,7 @@ After=network-online.target
[Service]
Type=simple
ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/backend/watchers.py
ExecStart=/usr/bin/python3 /usr/share/spyguard/server/backend/watchers.py
Restart=on-abort
KillMode=process
@ -138,6 +140,7 @@ EOL
systemctl start spyguard-backend
}
change_hostname() {
# Changing the hostname to spyguard
echo -e "[+] Changing the hostname to spyguard"
@ -148,39 +151,38 @@ change_hostname() {
echo "127.0.0.1 spyguard.local" >> /etc/hosts
}
install_packages() {
# Install associated packages by using aptitude.
packages=("tshark"
"sqlite3"
"suricata"
"dnsutils"
"python3-pip"
"python3-venv"
"net-tools")
echo -e "\e[39m[+] Checking dependencies...\e[39m"
for package in "${packages[@]}"
do
if dpkg-query -W -f='${Status}' "$package" 2>/dev/null | grep -q -P '^install ok installed$'; then
echo -e "\e[92m [✔] $package is already installed\e[39m"
else
echo -e "\e[93m [✘] $package is not installed, lets install it\e[39m"
apt-get install -y "$package"
if [ $? -eq 0 ]; then
echo -e "\e[92m [✔] $package was successfully installed\e[39m"
else
echo -e "\e[91m [✘] $package has an error during the installation\e[39m"
fi
install_package() {
# Install associated packages by using aptitude.
if [[ $1 == "tshark" || $1 == "sqlite3" || $1 == "suricata" ]]; then
apt install $1 -y
elif [[ $1 == "dig" ]]; then
apt-get install -y dnsutils
elif [[ $1 == "pip" ]]; then
apt-get install -y python3-pip
fi
done
}
create_venv() {
echo -e "\e[39m[+] Create and activate Virtual Environment for Python packages\e[39m"
python3 -m venv /usr/share/spyguard/spyguard-venv
source /usr/share/spyguard/spyguard-venv/bin/activate
check_dependencies() {
# Check binary dependencies associated to the project.
# If not installed, call install_package with the package name.
bins=("/usr/bin/tshark"
"/usr/bin/dig"
"/usr/bin/suricata"
"/usr/bin/sqlite3"
"/usr/bin/pip")
echo -e "\e[39m[+] Checking dependencies...\e[39m"
for bin in "${bins[@]}"
do
if [[ -f "$bin" ]]; then
echo -e "\e[92m [✔] ${bin##*/} installed\e[39m"
else
echo -e "\e[93m [✘] ${bin##*/} not installed, lets install it\e[39m"
install_package ${bin##*/}
fi
done
echo -e "\e[39m[+] Install Python packages...\e[39m"
python3 -m pip install -r "$SCRIPT_PATH/assets/requirements.txt" --no-cache-dir
python3 -m pip install -r "$SCRIPT_PATH/assets/requirements.txt"
}
get_version() {
@ -200,7 +202,7 @@ cleaning() {
systemctl disable suricata.service &> /dev/null
# Removing some useless dependencies.
apt autoremove -y &> /dev/null
sudo apt autoremove -y &> /dev/null
echo -e "\e[92m[+] Installation finished! You can open https://localhost:8443 to configure network settings.\e[39m"
}
@ -235,8 +237,7 @@ else
get_version
set_userlang
set_credentials
install_packages
create_venv
check_dependencies
change_hostname
generate_certificate
create_database

2
server/backend/app/classes/iocs.py
View File

@ -5,7 +5,7 @@ from app import db
from app.db.models import Ioc
from sqlalchemy.sql import exists
from app.definitions import definitions
from markupsafe import escape
from flask import escape
import re
import time

2
server/backend/app/classes/misp.py
View File

@ -6,7 +6,7 @@ from app.db.models import MISPInst
from app.definitions import definitions as defs
from sqlalchemy.sql import exists
from markupsafe import escape
from flask import escape
from pymisp import PyMISP
import re
import time

2
server/backend/app/classes/watchers.py
View File

@ -7,7 +7,7 @@ from typing import Iterator
import requests
import yaml
from markupsafe import escape
from flask import escape
from sqlalchemy.sql import exists

2
server/backend/app/classes/whitelist.py
View File

@ -5,7 +5,7 @@ from app import db
from app.db.models import Whitelist
from sqlalchemy.sql import exists
from app.definitions import definitions
from markupsafe import escape
from flask import escape
import re
import time

4
server/backend/app/definitions.py
View File

@ -72,8 +72,8 @@ definitions = {
"name" : "Stalkerware"
},
{
"tag" : "suspicious",
"name" : "Suspicious"
"tag" : "suspect",
"name" : "Suspect"
},
{
"tag" : "malicious",

2
server/frontend/app/classes/network.py
View File

@ -35,7 +35,7 @@ class Network(object):
ctx = { "internet": self.check_internet() }
for iface in ni.interfaces():
if iface != self.iface_in and iface.startswith(("wl", "en", "et", "ww")):
if iface != self.iface_in and iface.startswith(("wl", "en", "et")):
addrs = ni.ifaddresses(iface)
try:
ctx["ip_out"] = addrs[ni.AF_INET][0]["addr"]

17
uninstall.sh
View File

@ -1,11 +1,11 @@
delete_folder(){
echo "[+] Deleting SpyGuard folders"
echo "[+] Deleting Spyguard folders"
rm -rf /usr/share/spyguard/
}
delete_services(){
echo "[+] Deleting SpyGuard services"
echo "[+] Deleting Spyguard services"
systemctl disable spyguard-frontend &> /dev/null
systemctl disable spyguard-backend &> /dev/null
@ -16,23 +16,27 @@ delete_services(){
rm /lib/systemd/system/spyguard-watchers.service
}
deleting_icon(){
echo "[+] Deleting desktop icon"
rm "/home/${SUDO_USER}/Desktop/spyguard.desktop"
}
delete_packages(){
pkgs=("tshark"
"dnsutils"
"suricata"
"sqlite3")
echo -n "[?] Do you want to remove the installed packages? (Yes/no) "
read answer
if [[ "$answer" =~ ^([yY][eE][sS]|[yY])$ ]]
then
rm -rf /var/log/suricata
for pkg in "${pkgs[@]}"
do
do
apt -y remove $pkg && apt -y purge $pkg
done
fi
apt autoremove &> /dev/null -y
apt autoremove &> /dev/null
}
update_hostname(){
@ -55,6 +59,7 @@ if [[ $EUID -ne 0 ]]; then
else
delete_folder
delete_services
deleting_icon
update_hostname
delete_packages
reboot_box

6
update.sh
View File

@ -6,12 +6,12 @@ fi
if [ $PWD = "/usr/share/spyguard" ]; then
echo "[+] Cloning the current repository to /tmp/"
rm -rf /tmp/spyguard/ &> /dev/null
rm -rf /tmp/spyguard/ &> /dev/null
cd /tmp/ && git clone https://github.com/SpyGuard/spyguard
cd /tmp/spyguard && bash update.sh
elif [ $PWD = "/tmp/spyguard" ]; then
echo "[+] Saving SpyGuard backend's SSL configuration in /tmp/"
echo "[+] Saving spyguard backend's SSL configuration in /tmp/"
mv /usr/share/spyguard/server/backend/*.pem /tmp/
echo "[+] Deleting the current SpyGuard folders and files."
@ -48,4 +48,4 @@ elif [ $PWD = "/tmp/spyguard" ]; then
cd /tmp/spyguard && git tag | tail -n 1 | xargs echo -n > /usr/share/spyguard/VERSION
echo "[+] SpyGuard updated!"
fi
fi