Merge pull request #7 from booster-proj/target/windows

Add Windows support
dmorn · Jul 12, 2019 · 4b765c3 · 4b765c3
2 parents 1a66ac5 + 00ef7e8
commit 4b765c3
Show file tree

Hide file tree

Showing 18 changed files with 823 additions and 436 deletions.
diff --git a/.gitignore b/.gitignore
@@ -16,5 +16,6 @@ dist/
 # Dependency directories (remove the comment below to include it)
 # vendor/
 
-# vim
+# misc
 *.swp
+.DS_Store
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -16,6 +16,7 @@ builds:
     goos:
       - darwin
       - linux
+      - windows
 sign:
   artifacts: checksum
 changelog:

diff --git a/README.md b/README.md
@@ -7,20 +7,17 @@
 #### Supported OS
 - `macOS`
 - `linux`
+- `windows` (**NEW** 💥)
+
+#### External dependencies
+OS | Dep | Notes
+------|------|------
+**macOS** | `lsof` | (tested revision: 4.89)
+**macOS** | `pgrep` |
+**Linux** | `lsof` |
+**Windows** | `netstat` |
+**Windows** | `tasklist` |
 
-#### Dependencies
-```
-$ lsof -v
-lsof version information:
-    revision: 4.89
-    latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
-    latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
-    latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
-    configuration info: libproc-based
-    Anyone can list all files.
-    /dev warnings are disabled.
-    Kernel ID check is disabled.
-```
 ## Installation
 Choose one
 - `go get -u github.com/booster-proj/lsaddr`
@@ -34,96 +31,81 @@ The idea is to easily filter the list of open network files of a specific applic
 the lines that match against it are kept, the others discarded. You can pass to `lsaddr` either directly the regex, or the root folder of the
 target app (supported only on macOS for now). Check out some examples:
 
+
+#### Example #1
+"Spotify" is used as a regular expression.
 ```
-lsaddr (master) $ bin/lsaddr Spotify --out=csv
+$ bin/lsaddr Spotify
 COMMAND,NET,SRC,DST
-Spotify,tcp,192.168.0.98:59315,104.199.64.253:80
-Spotify,udp,*:57621,
+Spotify,tcp,192.168.0.98:54862,104.199.64.69:4070
 Spotify,tcp,*:57621,
-Spotify,tcp,*:61357,
-Spotify,tcp,192.168.0.98:61340,2.16.186.91:80
+Spotify,tcp,*:54850,
+Spotify,udp,*:57621,
 Spotify,udp,*:1900,
-Spotify,udp,*:63319,
-Spotify,udp,*:55092,
-Spotify,tcp,192.168.0.98:61342,2.16.186.11:443
-Spotify,tcp,192.168.0.98:61360,192.121.140.177:443
-Spotify,tcp,192.168.0.98:61344,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61343,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61350,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61345,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61346,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61347,151.101.112.246:443
-Spotify,tcp,192.168.0.98:59355,35.186.224.53:443
-Spotify,tcp,192.168.0.98:59360,35.186.224.47:443
-Spotify,tcp,192.168.0.98:61348,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61349,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61351,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61352,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61353,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61361,192.121.140.177:443
+Spotify,udp,*:61152,
+Spotify,udp,*:51535,
+Spotify,tcp,192.168.0.98:54878,35.186.224.47:443
+Spotify,tcp,192.168.0.98:54872,35.186.224.53:443
 ```
-Note: "Spotify" is used as a regular expression.
+
+#### Example #2
+"/Applications/Spotify.app" is used to find the application's name, then its
+process identifiers are used to build the regular expression.
 ```
-lsaddr (master) $ bin/lsaddr /Applications/Spotify.app/ --out=csv
+$ bin/lsaddr /Applications/Spotify.app/
 COMMAND,NET,SRC,DST
-Spotify,tcp,192.168.0.98:59315,104.199.64.253:80
-Spotify,udp,*:57621,
+Spotify,tcp,192.168.0.98:54862,104.199.64.69:4070
 Spotify,tcp,*:57621,
-Spotify,tcp,*:61357,
-Spotify,tcp,192.168.0.98:61340,2.16.186.91:80
+Spotify,tcp,*:54850,
+Spotify,udp,*:57621,
 Spotify,udp,*:1900,
-Spotify,udp,*:63319,
-Spotify,udp,*:55092,
-Spotify,tcp,192.168.0.98:61344,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61343,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61350,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61345,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61346,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61347,151.101.112.246:443
-Spotify,tcp,192.168.0.98:59355,35.186.224.53:443
-Spotify,tcp,192.168.0.98:59360,35.186.224.47:443
-Spotify,tcp,192.168.0.98:61348,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61349,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61351,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61352,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61353,151.101.112.246:443
+Spotify,udp,*:61152,
+Spotify,udp,*:51535,
+Spotify,tcp,192.168.0.98:54878,35.186.224.47:443
+Spotify,tcp,192.168.0.98:54872,35.186.224.53:443
 ```
-Note: "/Applications/Spotify.app" is used to find the application's name, then its
-process identifiers are used to build the regular expression.
+
+#### Example #3
+`--debug` information is printed to `stderr`, command's output to `stdout`.
 ```
-lsaddr (master) $ bin/lsaddr /Applications/Spotify.app/ --out=csv --debug
-[lookup] app name: Spotify, path: /Applications/Spotify.app
-[lsaddr] # of open files: 21
+$ bin/lsaddr /Applications/Spotify.app/ --debug
+[lsaddr] 2019/07/12 14:29:50 app name: Spotify, path: /Applications/Spotify.app
+[lsaddr] 2019/07/12 14:29:50 regexp built: "48042|48044|48045|48047"
+[lsaddr] 2019/07/12 14:29:50 # of open files: 9
 COMMAND,NET,SRC,DST
-Spotify,tcp,192.168.0.98:59315,104.199.64.253:80
-Spotify,udp,*:57621,
+Spotify,tcp,192.168.0.98:54862,104.199.64.69:4070
 Spotify,tcp,*:57621,
-Spotify,tcp,*:61357,
-Spotify,tcp,192.168.0.98:61340,2.16.186.91:80
+Spotify,tcp,*:54850,
+Spotify,udp,*:57621,
 Spotify,udp,*:1900,
-Spotify,udp,*:63319,
-Spotify,udp,*:55092,
-Spotify,tcp,192.168.0.98:61344,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61343,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61350,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61345,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61346,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61347,151.101.112.246:443
-Spotify,tcp,192.168.0.98:59355,35.186.224.53:443
-Spotify,tcp,192.168.0.98:59360,35.186.224.47:443
-Spotify,tcp,192.168.0.98:61348,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61349,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61351,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61352,151.101.112.246:443
-Spotify,tcp,192.168.0.98:61353,151.101.112.246:443
+Spotify,udp,*:61152,
+Spotify,udp,*:51535,
+Spotify,tcp,192.168.0.98:54878,35.186.224.47:443
+Spotify,tcp,192.168.0.98:54872,35.186.224.53:443
 ```
-Note: `--debug` information is printed to `stderr`, command's output to `stdout`.
-```
-lsaddr (master) $ bin/lsaddr /Applications/Spotify.app/ --out=bpf
-host 104.199.64.253 or 2.16.186.91 or 151.101.112.246 or 35.186.224.53 or 35.186.224.47
-```
-Notes:
+
+#### Example #4
 - you can encode the output either in csv or as a [bpf](https://en.wikipedia.org/wiki/Berkeley_Packet_Filter) (hint: very useful for packet capturing tools). 
 - only the unique destination addresses are taken into consideration when building the filter,
 ignoring the ports and without specifing if the "direction" (incoming or outgoing) that we want to
 filter. This is because the expected behaviour has not yet been defined.
+```
+$ bin/lsaddr /Applications/Spotify.app/ --out=bpf
+host 104.199.64.69 or 35.186.224.47 or 35.186.224.53
+```
+#### Example #5
+At the moment on Windows you can pass the absulute path of the program you want (or straight `<program>.exe`)
+to analyze.
+```
+> lsaddr.exe "chrome.exe"
+COMMAND,NET,SRC,DST
+chrome.exe,tcp,10.211.55.3:50551,216.58.205.163:443
+chrome.exe,tcp,10.211.55.3:50556,216.58.205.195:443
+chrome.exe,tcp,10.211.55.3:50558,216.58.205.67:443
+chrome.exe,tcp,10.211.55.3:50567,216.58.205.106:443
+chrome.exe,udp,0.0.0.0:5353,*:*
+chrome.exe,udp,0.0.0.0:5353,*:*
+chrome.exe,udp,0.0.0.0:5353,*:*
+chrome.exe,udp,[::]:5353,*:*
+chrome.exe,udp,[::]:5353,*:*
+```
diff --git a/cmd/root.go b/cmd/root.go
@@ -29,7 +29,6 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var Logger = log.New(os.Stderr, "[lsaddr] ", 0)
 var debug bool
 var output string
 
@@ -40,9 +39,9 @@ var rootCmd = &cobra.Command{
 	Long:  usage,
 	Args:  cobra.ExactArgs(1),
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
+		log.SetPrefix("[lsaddr] ")
 		if !debug {
-			Logger = log.New(ioutil.Discard, "", 0)
-			lookup.Logger = log.New(ioutil.Discard, "", 0)
+			log.SetOutput(ioutil.Discard)
 		}
 
 		output = strings.ToLower(output)
@@ -58,7 +57,7 @@ var rootCmd = &cobra.Command{
 			fmt.Printf("unable to find open network files for %s: %v\n", s, err)
 			os.Exit(1)
 		}
-		Logger.Printf("# of open files: %d", len(ff))
+		log.Printf("# of open files: %d", len(ff))
 
 		w := bufio.NewWriter(os.Stdout)
 		if err := writeOutputTo(w, output, ff); err != nil {
@@ -80,7 +79,7 @@ func Execute() {
 
 func init() {
 	rootCmd.PersistentFlags().BoolVarP(&debug, "debug", "", false, "print debug information to stderr")
-	rootCmd.PersistentFlags().StringVarP(&output, "out", "o", "bpf", "select output produced")
+	rootCmd.PersistentFlags().StringVarP(&output, "out", "o", "csv", "select output produced")
 }
 
 func writeOutputTo(w io.Writer, output string, ff []lookup.NetFile) error {

diff --git a/echo b/echo
diff --git a/go.sum b/go.sum
@@ -7,10 +7,13 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -33,6 +36,7 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/pipe.v2 v2.0.0-20140414041502-3c2ca4d52544 h1:WJH1qsOB4/zb/li+zLMn0vaAUJ5FqPv6HYLI3aQVg1k=
 gopkg.in/pipe.v2 v2.0.0-20140414041502-3c2ca4d52544/go.mod h1:UhTeH/yXCK/KY7TX24mqPkaQ7gZeqmWd/8SSS8B3aHw=