chris/styx
chris/styx
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Simple linked model on certstream + better install instructions

Browse source
This commit is contained in:
Christopher Talib 2020-05-18 10:22:08 +02:00
parent 5dca0a0472
commit cbdca52ab2
4 changed files with 108 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
README.md
View file

@ -1,5 +1,11 @@
# Styx # Styx
## IMPORTANT
For development purposes, each time you restart Styx, the database and the
schema is dropped. Currently, this is hardcoded and used to make development
easier. Just so you know.
## Prerequisites ## Prerequisites
Styx uses a couple of other services to run: Styx uses a couple of other services to run:
@ -7,6 +13,7 @@ Styx uses a couple of other services to run:
* Kafka for messaging (not implemented yet in the docker, but currently not * Kafka for messaging (not implemented yet in the docker, but currently not
necessary) necessary)
* Dgraph for graph representation of results * Dgraph for graph representation of results
* Docker-compose to launch everything
For that purposes, there is a `docker-compose.yml` file that you can spin up For that purposes, there is a `docker-compose.yml` file that you can spin up
with the following command when in the directory: with the following command when in the directory:
@ -28,10 +35,13 @@ docker run --rm -it -p 8080:8080 -p 9080:9080 -p 8000:8000 -v ~/dgraph:/dgraph d
go get -u gitlab.dcso.lolcat/LABS/styx go get -u gitlab.dcso.lolcat/LABS/styx
cd $GOPATH/src/gitlab.dcso.lolcat/LABS/styx cd $GOPATH/src/gitlab.dcso.lolcat/LABS/styx
go build go build
docker-compose up -d # or the other command if you're connected with OpenVPN docker-compose up -d # or the other command
./styx ./styx
``` ```
*Note*: if you have issues with the docker compose, make sure it runs on the
same subnet. Check [this](https://serverfault.com/questions/916941/configuring-docker-to-not-use-the-172-17-0-0-range) for inspiration.
### Example configuration: ### Example configuration:
``` ```
certstream: certstream:
@ -56,6 +66,7 @@ kafka:
partition: 0 partition: 0
balboa: balboa:
# the url you tunneled to Balboa
url: http://127.0.0.1:8030 url: http://127.0.0.1:8030
activated: true activated: true
@ -63,7 +74,6 @@ elasticsearch:
activated: true activated: true
url: http://localhost:9200 url: http://localhost:9200
index: "pastebin" index: "pastebin"
``` ```
## Dgraph Interface ## Dgraph Interface
@ -84,6 +94,38 @@ query {
``` ```
Or filter node by type, this example works for certstream nodes:
```graphql
query {
Node(func: eq(type, "certstream")) {
uid
created
modified
type
ndata
cert_node {
uid
fingerprint
cn
raw {
uid
id
}
chain {
uid
id
}
sourceName
serialNumber
basicConstrains
notBefore
notAfter
}
}
}
```
## Datastructure ## Datastructure
### Meta ### Meta

93
graph/main.go
View file

@ -37,27 +37,30 @@ func setupDgraphSchema(c *dgo.Dgraph) error {
id: string @index(term) . id: string @index(term) .
type: string @index(term) . type: string @index(term) .
ndata: string . ndata: string .
nodeOne: string @index(term) . nodeOne: uid .
nodeTwo: string @index(term) . nodeTwo: uid .
subNode: uid .
sourceName: string @index(term) . sourceName: string @index(term) .
timestamp: string . timestamp: string .
created: string . created: string .
modified: string . modified: string .
cert_node: uid .
type Node { type Node {
id id: string
type type: string
ndata ndata: string
created created: string
modified modified: string
cert_node: CertNode
} }
type Edge { type Edge {
id id: string
nodeOne nodeOne: uid
nodeTwo nodeTwo: uid
timestamp timestamp: string
sourceName sourceName: string
} }
fingerprint: string . fingerprint: string .
@ -67,59 +70,61 @@ cn: string .
sourceName: string . sourceName: string .
serialNumber: string . serialNumber: string .
basicConstraints: string . basicConstraints: string .
chain: uid . chain: [uid].
csdata: uid . csdata: uid .
raw: uid .
type CertNode { type CertNode {
id id: string
fingerprint fingerprint: string
notBefore notBefore: string
notAfter notAfter: string
cn cn: string
sourceName sourceName: string
serialNumber serialNumber: string
basicConstraints basicConstraints: string
chain raw: CertRaw
chain: CertNode
} }
type CertRaw { type CertRaw {
id id: string
type type: string
created created: string
modified modified: string
csdata csdata: string
} }
type PasteNode { type PasteNode {
id id: string
type type: string
created created: string
modified modified: string
ndata ndata: uid
} }
meta: uid . meta: uid .
full: string . full: string .
type FullPaste { type FullPaste {
meta meta: PasteNode
full full: string
} }
type ShodanNode { type ShodanNode {
id id: string
type type: string
ndata ndata: string
created created: string
modified modified: string
} }
type BalboaNode { type BalboaNode {
id id: string
type type: string
ndata ndata: string
created created: string
modified modified: string
} }
`}) `})
if err != nil { if err != nil {

1
models/main.go
View file

@ -31,6 +31,7 @@ type Node struct {
Created string `json:"created,omiempty"` Created string `json:"created,omiempty"`
Modified string `json:"modified,omiempty"` Modified string `json:"modified,omiempty"`
DType []string `json:"dgraph.type,omiempty"` DType []string `json:"dgraph.type,omiempty"`
CertNode CertNode `json:"cert_node,omiempty"`
} }
// BuildNode builds a node to send to MQ instance. // BuildNode builds a node to send to MQ instance.

62
plugins/certstream.go
View file

@ -3,7 +3,6 @@ package plugins
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
"sync" "sync"
"github.com/CaliDog/certstream-go" "github.com/CaliDog/certstream-go"
@ -82,65 +81,32 @@ func (c *CertStreamPlugin) doRun(graphClient *dgo.Dgraph) {
models.SaveEdge(edge) models.SaveEdge(edge)
// saveSingleValues(conn, "certstream", "domain", certNode.ID, domain) // saveSingleValues(conn, "certstream", "domain", certNode.ID, domain)
// edge between Node and CertNode
e := models.Node{
ID: mainNode.ID,
Type: mainNode.Type,
NData: mainNode.NData,
Created: mainNode.Created,
Modified: mainNode.Modified,
CertNode: *certNode,
}
ctx := context.Background()
mu := &api.Mutation{ mu := &api.Mutation{
CommitNow: true, CommitNow: true,
} }
marshaled, err := json.Marshal(mainNode) pb, err := json.Marshal(e)
if err != nil {
logrus.Fatal(err)
}
mu.SetJson = marshaled
_, err = graphClient.NewTxn().Mutate(context.Background(), mu)
if err != nil { if err != nil {
logrus.Fatal(err) logrus.Fatal(err)
} }
variables := map[string]string{"$id": mainNode.ID} mu.SetJson = pb
q := `query Node($id: string){
node(func: eq(id, $id)) {
uid
id
type
ndata
created
modified
}
}`
node, err := graphClient.NewTxn().QueryWithVars(context.Background(), q, variables)
if err != nil {
logrus.Fatal(err)
}
marshaled, err = json.Marshal(certNode) _, err = graphClient.NewTxn().Mutate(ctx, mu)
if err != nil { if err != nil {
logrus.Fatal(err) logrus.Fatal(err)
} }
mu.SetJson = marshaled
_, err = graphClient.NewTxn().Mutate(context.Background(), mu)
if err != nil {
logrus.Fatal(err)
}
query := `
query Node($mainNodeID: string, $subNodeID: string) {
node as var(func: eq(id, $mainNodeID))
}
`
mu = &api.Mutation{
SetNquads: []byte(`uid(node) <CertNode> "$subNodeID" .`),
}
req := &api.Request{
Query: query,
Mutations: []*api.Mutation{mu},
CommitNow: true,
Vars: map[string]string{"$mainNodeID": node.Uids[mainNode.ID], "$subNodeID": certNode.ID},
}
res, err := graphClient.NewTxn().Do(context.Background(), req)
if err != nil {
logrus.Error(err)
}
fmt.Println(res)
} }
} }