-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathzmap_schema.py
93 lines (84 loc) · 2.67 KB
/
zmap_schema.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
zmap_base = Record({
"saddr":IPv4Address(),
"saddr_raw":Unsigned32BitInteger(),
"daddr":IPv4Address(),
"daddr_raw":Unsigned32BitInteger(),
"ipid":Unsigned32BitInteger(),
"ttl":Unsigned32BitInteger(),
"classification":String(),
"success":Unsigned32BitInteger(),
"app_success":Unsigned32BitInteger(),
"repeat":Unsigned32BitInteger(),
"cooldown":Unsigned32BitInteger(),
"timestamp_str":String(),
"timestamp_ts":Unsigned32BitInteger(),
"timestamp_us":Unsigned32BitInteger(),
"icmp_responder":String(),
"icmp_type":Unsigned32BitInteger(),
"icmp_code":Unsigned32BitInteger(),
"icmp_unreach_str":String(),
"sport":Unsigned32BitInteger(),
"dport":Unsigned32BitInteger(),
"data":String(),
"length":Unsigned32BitInteger(),
})
zmap_upnp = Record({
"type":String(),
"server":AnalyzedString(),
"location":AnalyzedString(),
"usn":String(),
"st":String(),
"ext":String(),
"cache_control":String(),
"x_user_agent":String(),
"agent":String(),
"date":String(),
}, extends=zmap_base)
zschema.registry.register_schema("zmap-upnp", zmap_upnp)
dns_question = SubRecord({
"name":String(),
"qtype":Unsigned32BitInteger(),
"qtype_str":String(),
"qclass":Unsigned32BitInteger(),
})
dns_answer = SubRecord({
"name":String(),
"type":Unsigned32BitInteger(),
"type_str":String(),
"class":Unsigned32BitInteger(),
"ttl":Unsigned32BitInteger(),
"rdlength":Unsigned32BitInteger(),
"rdata_is_parsed":Unsigned32BitInteger(),
"rdata":String(), # hex
})
zmap_dns = Record({
"qr":Unsigned16BitInteger(),
"rcode":Unsigned16BitInteger(),
"dns_id":Unsigned32BitInteger(),
"dns_rd":Unsigned32BitInteger(),
"dns_tc":Unsigned32BitInteger(),
"dns_aa":Unsigned32BitInteger(),
"dns_opcode":Unsigned32BitInteger(),
"dns_qr":Unsigned32BitInteger(),
"dns_rcode":Unsigned32BitInteger(),
"dns_cd":Unsigned32BitInteger(),
"dns_ad":Unsigned32BitInteger(),
"dns_z":Unsigned32BitInteger(),
"dns_ra":Unsigned32BitInteger(),
"dns_qdcount":Unsigned32BitInteger(),
"dns_ancount":Unsigned32BitInteger(),
"dns_nscount":Unsigned32BitInteger(),
"dns_arcount":Unsigned32BitInteger(),
"dns_questions":ListOf(dns_question),
"dns_answers":ListOf(dns_answer),
"dns_authorities":ListOf(dns_answer),
"dns_additionals":ListOf(dns_answer),
"dns_unconsumed_bytes":Unsigned32BitInteger(),
"dns_parse_err":Unsigned32BitInteger(),
"raw_data":String(),
"udp_len":Unsigned32BitInteger(),
}, extends=zmap_base)
zschema.registry.register_schema("zmap-dns", zmap_dns)