Setezor is a network traffic analyzer with the ability to automatically build network topology.
-
Separation into projects. In order not to "keep all eggs in one basket" the division into projects is implemented. User's belonging to a project is determined by a cookie. Unless a user has a cookie, he/she cannot start working with a project.
-
Active scanning using nmap. Integration with natively installed
nmap
has been done. Currently, from the scan results are pulled:- host information (IP, MAC, hostname);
- trace information;
- port information (port number, state, software information on the port).
-
Active scanning using masscan. Integration with natively installed
masscan
is performed. -
Parsing nmap scan xml logs. Performed a scan on a remote machine and want to upload the logs to your project? No problem,
Setezor
supports parsing ofnmap
xml logs -
Parsing masscan scan xml/list/json logs.
-
Passive scanning using scapy. Scapy is a powerful networking tool. The application creates an asynchronous sniffer and "guts packets" on the fly. Right now, you can get information from the following packet types:
- ARP;
- LLNMR;
- NBNS;
- TCP.
-
Parsing pcap files. You have done packet sniffing and want to load data into your project? No problem,
Setezor
supports pcap-files parsing. -
Parsing is organized as tasks. All parsing of parsing logs is organized as tasks and executed on the server side in separate schedulers. It is possible to configure each scheduler individually to control outgoing traffic.
-
Building network topology. Network topology is automatically built on the basis of scan data with the following functions:
- automatic rebuilding of the network map when new data is received;
- interactive network map with the possibility of working in full-screen mode;
- obtaining data on open ports for a selected network node;
- possibility to set the role of a network node and install an icon;
- network nodes clustering by 24 mask. Very convenient when there are 100500 nodes on the map;
- export of network topology in
SVG
,PNG
andJSON
(vis.js data structure); - importing network topology from
JSON
(vis.js data structure);
-
Notifications. When the status of a task changes, a notification pops up to inform the user
-
Working with the base through the web interface. The web interface has an element for working with the database that supports the following functionality:
- displaying a record;
- record creation
- record editing;
- deleting a record.
-
Use of REST API. REST API is used to work with the server part, so it is possible to write your own interface (tui, gui native, mobile) or integrate it into your project.
- python3.11
- nmap
- masscan
- libpcap2-bin
- python3-pip
aiohttp==3.8.4
aiohttp_jinja2==1.5
aiohttp_session==2.11.0
aiojobs==1.1.0
alembic==1.9.2
cryptography==3.4.8
iptools==0.7.0
Jinja2==3.1.2
mac_vendor_lookup==0.1.12
nest-asyncio==1.5.6
pandas==2.0.0
scapy==2.4.5
setuptools==59.6.0
SQLAlchemy==1.4.32
sqlalchemy_schemadisplay==1.3
SQLAlchemy-Utils==0.41.1
xmltodict==0.12.0
xlsxwriter==3.0.8
cffi
click
colorama
openpyxl
pyroute2
orjson
typing_extensions
pydantic-extra-types
- Download latest release
wget https://github.com/lmsecure/Setezor/releases/download/0.5.8b/setezor_0.5.8b_all.deb
- Install with apt
sudo apt install ./setezor_0.5.8b_all.deb
- Run
setezor
- Clone a repository from github
git clone https://github.com/lmsecure/Setezor.git
cd Setezor
- Install the necessary software
sudo apt install nmap python3.11 masscan
2.1. It is recommended to use venv
sudo apt install -y python3-venv
python3 -m venv venv
source venv/bin/activate
- Install dependent packages.
pip3 install -r requirements.txt
- Grant socket permissions for
nmap
,masscan
andpython3.11
sudo setcap cap_net_raw=eip "$(readlink -f `which venv/bin/python3.11`)"
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip `which nmap`
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip `which masscan`
- Start the application
python3 .py
- Download docker image
docker pull docker pull lmsecure/setezor
- Create a working folder. It will be used to store logs and user data
mkdir ~/setezor && cd $_
- Start the docker container
docker run -p 16661:16661 --network=host -v ~/setezor/projects:/setezor/projects -v ~/setezor/logs:/setezor/logs -d lmsecure/setezor:latest
After launching, go to https://localhost:16661
- Ability to parse logs from other instruments:
- whatweb
- crackmapexec
- nikto
- gobuster
- and others
- Advanced analysis of nmap scans
- Increase the number of analyzed packet types and the quality of packet parsing
- Work with domain names
- Search services by dns records and subdomains
- Creating screenshots of web applications
- Proxying requests