Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
NoPASARAN is an advanced network tool designed to detect, fingerprint, and locate network middleboxes in a unified framework.
Readme
NoPASARAN is an advanced network tool designed to detect, fingerprint, and locate network middleboxes in a unified framework. Written in Python, NoPASARAN uses finite state machines to describe test cases and leverages Ansible for distributing and orchestrating these tests across a network of nodes.
You can install and use NoPASARAN either by cloning the source code from GitHub or by installing it as a Python package.
Clone the NoPASARAN repository:
git clone https://github.com/BenIlies/NoPASARAN.git
Navigate into the NoPASARAN directory:
cd NoPASARAN
Install the necessary Python packages:
pip install -r requirements.txt
Alternatively, you can install NoPASARAN as a Python package using pip:
pip install nopasaran
NoPASARAN can be executed in either a WORKER or PROXY role.
In the WORKER role, NoPASARAN performs a test campaign to evaluate network middleboxes. This could be either a client machine that tests its connection path to another endpoint or a trusted machine registered in the network.
To run NoPASARAN in the WORKER role, you need to specify a JSON scenario file that indicates the test campaign the Worker has to run.
From the source code:
python main.py WORKER --scenario=<path-to-json-scenario-file>
As a package:
nopasaran WORKER --scenario=<path-to-json-scenario-file>
In the PROXY role, NoPASARAN does not perform any tests. It acts as a server accessible to remote Workers, enabling them to communicate when they are unreachable from the Internet, such as when blocked by a firewall.
To run NoPASARAN in the PROXY role:
From the source code:
python main.py PROXY
As a package:
nopasaran PROXY
You can further customize the behavior of NoPASARAN with the following options:
--verbose
or -v
: Enable verbose output.--log=<path-to-log-file>
or -l=<path-to-log-file>
: Specify the path to the log file (default is "conf.log").--log-level=<log-level>
or -ll=<log-level>
: Specify the log level for output. Valid choices are "debug", "info", "warning", and "error".Replace <path-to-json-scenario-file>
with the path to your actual JSON scenario file.
For any further assistance, use the --help
argument with any command for additional information.
You can also use Docker to download and run a NoPASARAN node.
Pull the latest node image:
docker pull benilies/nopasaran:latest
Run the node container:
docker run -it benilies/nopasaran:latest
The node container is now ready for use.
For more detailed guides and information about NoPASARAN, please visit our documentation.
Join the discussion on Gitter.
This software is based on the research paper titled "NoPASARAN: a Novel Platform to Analyse Semi Active elements in Routes Across the Network" by Ilies Benhabbour and Marc Dacier, published in 2022.
@article{benhabbour2022nopasaran,
title={NoPASARAN: a Novel Platform to Analyse Semi Active elements in Routes Across the Network},
author={Benhabbour, Ilies and Dacier, Marc},
year={2022},
publisher={Index Copernicus}
}
NoPASARAN is released under the GNU General Public License v3.0.
FAQs
NoPASARAN is an advanced network tool designed to detect, fingerprint, and locate network middleboxes in a unified framework.
We found that nopasaran demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.