From 60a52f4187db5256806f622f95b5f8f2a8899925 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 23 Jun 2023 03:55:53 +0200 Subject: [PATCH] Continued: - added metrics for column detection_mode --- api.py | 4 ++++ templates/base.html | 12 ++++++++++++ templates/views/index.html | 1 + templates/views/scoreboard.html | 28 ++++++++++++++++++++++------ 4 files changed, 39 insertions(+), 6 deletions(-) diff --git a/api.py b/api.py index d1ead22..c7e47a7 100644 --- a/api.py +++ b/api.py @@ -69,6 +69,8 @@ def api_scoreboard(mode: str, amount: int): database.cursor.execute("SELECT command, COUNT(domain) AS score FROM instances WHERE command IS NOT NULL GROUP BY command ORDER BY score DESC, command ASC LIMIT ?", [amount]) elif mode == "error_code": database.cursor.execute("SELECT last_status_code, COUNT(domain) AS score FROM instances WHERE last_status_code IS NOT NULL AND last_status_code != '200' GROUP BY last_status_code ORDER BY score DESC LIMIT ?", [amount]) + elif mode == "detection_mode": + database.cursor.execute("SELECT detection_mode, COUNT(domain) AS cnt FROM instances GROUP BY detection_mode ORDER BY cnt DESC LIMIT ?", [amount]) elif mode == "avg_peers": database.cursor.execute("SELECT software, AVG(total_peers) AS average FROM instances WHERE software IS NOT NULL GROUP BY software HAVING average>0 ORDER BY average DESC LIMIT ?", [amount]) elif mode == "obfuscator": @@ -181,6 +183,8 @@ def scoreboard(request: Request, mode: str, amount: int): response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=command&amount={amount}") elif mode == "error_code" and amount > 0: response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=error_code&amount={amount}") + elif mode == "detection_mode" and amount > 0: + response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=detection_mode&amount={amount}") elif mode == "avg_peers" and amount > 0: response = requests.get(f"http://{config.get('host')}:{config.get('port')}{config.get('base_url')}/api/scoreboard.json?mode=avg_peers&amount={amount}") elif mode == "obfuscator" and amount > 0: diff --git a/templates/base.html b/templates/base.html index 864291b..485eb44 100644 --- a/templates/base.html +++ b/templates/base.html @@ -100,12 +100,24 @@ border: 1px solid #eaeaea; border-radius: 5px; } + .notes > div { + margin: 0px; + padding: 5px; + } .notes > h2 { margin: 0px; padding: 5px; background-color: #eaeaea; text-align: center; } + li { + padding-bottom: 4px; + } + code { + padding: 3px; + background-color: #eaeaea; + border-radius: 5px; + } diff --git a/templates/views/index.html b/templates/views/index.html index 891fd40..91a714b 100644 --- a/templates/views/index.html +++ b/templates/views/index.html @@ -31,6 +31,7 @@ used software / commands / error codes / + detection modes / average peers / obfuscating software / obfuscation metrics / diff --git a/templates/views/scoreboard.html b/templates/views/scoreboard.html index b4615e1..b91eb69 100644 --- a/templates/views/scoreboard.html +++ b/templates/views/scoreboard.html @@ -1,6 +1,6 @@ {% extends "base.html" %} -{% block title %}Scoreboard - {% if mode == 'software' %}TOP {{amount}} used software{% elif mode == 'block_level' %}TOP {{amount}} block level metrics{% elif mode == 'obfuscation' %}obfuscation metrics{% elif mode == 'obfuscator' %}TOP {{amount}} obfuscating software{% elif mode == 'avg_peers' %}TOP {{amount}} average peer count{% elif mode == 'command' %}TOP {{amount}} commands{% elif mode == 'error_code' %}TOP {{amount}} error codes{% elif mode == 'reference' %}TOP {{amount}} referencing instances{% elif mode == 'blocked' %}TOP {{amount}} deferated instances{% elif mode == 'blocker' %}TOP {{amount}} deferating instances{% endif %}{% endblock %} +{% block title %}Scoreboard - {% if mode == 'software' %}TOP {{amount}} used software{% elif mode == 'detection_mode' %}Detection mode metrics{% elif mode == 'block_level' %}TOP {{amount}} block level metrics{% elif mode == 'obfuscation' %}obfuscation metrics{% elif mode == 'obfuscator' %}TOP {{amount}} obfuscating software{% elif mode == 'avg_peers' %}TOP {{amount}} average peer count{% elif mode == 'command' %}TOP {{amount}} commands{% elif mode == 'error_code' %}TOP {{amount}} error codes{% elif mode == 'reference' %}TOP {{amount}} referencing instances{% elif mode == 'blocked' %}TOP {{amount}} deferated instances{% elif mode == 'blocker' %}TOP {{amount}} deferating instances{% endif %}{% endblock %} {% block header %} {% if mode == 'blocker' %} @@ -15,6 +15,8 @@

TOP {{amount}} commands

{% elif mode == 'error_code' %}

TOP {{amount}} error codes

+ {% elif mode == 'detection_mode' %} +

Detection mode metrics

{% elif mode == 'avg_peers' %}

TOP {{amount}} average peer count

{% elif mode == 'obfuscator' %} @@ -31,7 +33,7 @@ - + @@ -40,7 +42,7 @@
№{% if mode in ('software', 'avg_peers', 'obfuscator') %}Software{% elif mode == 'obfuscation' %}obfuscation status{% elif mode == 'error_code' %}Error code{% else %}Instance{% endif %}{% if mode in ('software', 'avg_peers', 'obfuscator') %}Software{% elif mode == 'obfuscation' %}obfuscation status{% elif mode == 'detection_mode' %}Detection mode{% elif mode == 'error_code' %}Error code{% else %}Instance{% endif %} {% if mode == 'reference' %}References{% elif mode == 'avg_peers' %}Average{% elif mode in('software', 'error_code', 'obfuscator', 'obfuscation', 'block_level') %}Total{% else %}Blocks{% endif %}
{{loop.index}} - {% if mode in ('software', 'command', 'error_code', 'avg_peers', 'obfuscator', 'obfuscation', 'block_level') %} + {% if mode in ('software', 'command', 'error_code', 'detection_mode', 'avg_peers', 'obfuscator', 'obfuscation', 'block_level') %} {{entry['domain']}} {% elif entry['domain'] == None %} - @@ -61,17 +63,31 @@ {% block footer %} {% if mode == 'error_code' %}
-

Please note to error codes:

+

Error codes:

  • Error code 999 is fake and covers a lot of reasons why the domain/instance is not reachable. Mostly that the domain is not resolvable or the server refused connection.
+ {% elif mode == 'detection_mode' %} +
+

Detection modes:

+
+ Detection is done in following order: +
+
    +
  1. AUTO_DISCOVERY: /.well-known/nodeinfo was reachable and software type was found in nodeinfo response
    2. +
  2. GENERATOR: Meta data generator was found in HTML code
    3. +
  3. SITE_NAME: Meta data og:site_name was found in HTML code
    4. +
  4. STATIC_CHECK: All above did not reveal software type, so a check on pre-defined JSON elements was done
    5. +
  5. None: the instance was not reachable or the used software was not stated
    6. +
+
{% elif mode == 'obfuscation' %}
-

Please note to obfuscation status:

+

Obfuscation status:

  • Only supported networks are counted here.
    • -
  • None means not determined yet.
    • +
  • None means not determined yet.
{% endif %} -- 2.39.5