forked from hrbrmstr/mhn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.Rmd
124 lines (96 loc) · 3.45 KB
/
README.Rmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
---
output:
md_document:
variant: markdown_github
---
<!-- README.md is generated from README.Rmd. Please edit that file -->
```{r, echo = FALSE}
knitr::opts_chunk$set(
collapse = TRUE,
comment = "#>",
fig.path = "README-",
fig.retina = 2
)
```
mhn is an R package to interface with the MHN API and (eventually) provide tools to analyze and visualize MHN data.
The API wrapper functions in this package all rely on a MHN server API
key residing in the environment variable `MHN_API_KEY` or being
passed in as a parameter. The former is useful in simple deplpoyments
where there is only one MHN server. In such cases, the easiest way to
accomplish this is to set it in the `.Renviron` file in your
home directory.
This package pairs nicely with:
- [iptools](https://github.com/hrbrmstr/iptools)
- [urltools](https://github.com/Ironholds/urltools)
- [cymruservices](https://github.com/hrbrmstr/cymruservices)
- [shodan](https://github.com/hrbrmstr/shodan)
- [rgeolocate](https://github.com/Ironholds/rgeolocate)
- [whoisxmlapi](https://github.com/hrbrmstr/whoisxmlapi)
- [domaintools](https://github.com/hrbrmstr/domaintools)
- [whoapi](https://github.com/Ironholds/whoapi)
The following functions are implemented:
- `all_metadata`: Get all collected metadata
- `attacker_stats`: Get attacker (IP) statistics
- `feed_info`: Get data for a specific hpfeed
- `hp_feeds`: Getthe raw hpfeeds data collected over a specific channel.
- `intel_feed`: Get intel feed
- `ip_metadata`: Get IP metadata (mainly from 'p0f' honeypot data)
- `metadata_for`: Get metadata for a specific id
- `mhn_api_key`: Get or set `MHN_API_KEY` value
- `mhn_dork`: MHN dork _(I have no idea what this is tho)_
- `mhn_file`: MHN file _(I have no idea what this is tho)_
- `mhn_url`: MHN url _(I have no idea what this is tho)_
- `sensors`: Get sensors.
- `sessions`: Get normalized sessions/connection data
- `session_info`: Get data for a specific attack session
- `top_attackers`: Get top attackers
### News
- Version 0.0.1.9000 : paarmeterized the MHN URL
- Version 0.0.0.9000 : initial release
### Installation
```{r eval=FALSE}
devtools::install_github("hrbrmstr/mhn")
```
```{r echo=FALSE, message=FALSE, warning=FALSE, error=FALSE}
options(width=120)
```
### Usage
```{r}
library(mhn)
# current verison
packageVersion("mhn")
library(dplyr)
library(ggplo2)
library(ggthemes)
library(scales)
ssns <- sessions(hours_ago=24)$data
port_tots <- count(ssns, destination_port)
```
```{r ports_g, fig.width=7, fig.height=14, cache=TRUE}
gg <- ggplot(port_tots)
gg <- gg + geom_bar(stat="identity",
aes(x=reorder(destination_port, n), y=n))
gg <- gg + geom_text(aes(x=reorder(destination_port, n), y=n, label=comma(n)),
hjust=-0.5, size=3)
gg <- gg + scale_x_discrete(expand=c(0,0))
gg <- gg + scale_y_continuous(expand=c(0,0), limits=c(0, extendrange(port_tots$n)[2]))
gg <- gg + coord_flip()
gg <- gg + labs(x=NULL, y=NULL, title="Port counts last 24 hrs\n")
gg <- gg + theme_tufte(base_family="Lato")
gg <- gg + theme(axis.ticks.y=element_blank())
gg <- gg + theme(axis.text.x=element_blank())
gg <- gg + theme(axis.ticks.x=element_blank())
gg <- gg + theme(plot.title=element_text(hjust=0))
gg
```
### Test Results
```{r}
library(mhn)
library(testthat)
date()
test_dir("tests/")
```
### Code of Conduct
Please note that this project is released with a [Contributor Code of Conduct](CONDUCT.md).
By participating in this project you agree to abide by its terms.