diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 6b3fcafb..216900c8 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,13 @@ +Version 3.2 +----------- +* Use .1 for default gateway instead of .254 because this is the default Virtual + Adapter address for VMWare and VirtualBox. +* Update documentation to use new year +* Update documentation links to current working links +* Update documentation to use Mandiant instead of FireEye +* Fix the filepath of HTML report template to work in all methods of installations + including Pyinstaller bundles. + Version 3.1 ----------- * HTML and text NBI after-reporting courtesy of @3V3RYONE and @tinajohnson diff --git a/LICENSE.txt b/LICENSE.txt index ec2449b5..dc91de02 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -175,7 +175,7 @@ END OF TERMS AND CONDITIONS - Copyright (C) 2018 FireEye, Inc. + Copyright (C) 2024 Mandiant, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index 0780afc8..e083ea88 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ D O C U M E N T A T I O N -FakeNet-NG 3.0 (alpha) is a next generation dynamic network analysis tool for malware +FakeNet-NG 3.2 is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows (and Linux, for certain modes of operation). FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael @@ -116,10 +116,10 @@ parameter to get simple help: | | / ____ \| . \| |____| |\ | |____ | | | |\ | |__| | |_|/_/ \_\_|\_\______|_| \_|______| |_| |_| \_|\_____| - Version 3.0 (alpha) + Version 3.2 _____________________________________________________________ Developed by FLARE Team - Copyright (C) 2016-2023 Mandiant, Inc. All rights reserved. + Copyright (C) 2016-2024 Mandiant, Inc. All rights reserved. _____________________________________________________________ Usage: python -m fakenet.fakenet [options]: @@ -171,10 +171,10 @@ and an HTTP connection: | | / ____ \| . \| |____| |\ | |____ | | | |\ | |__| | |_|/_/ \_\_|\_\______|_| \_|______| |_| |_| \_|\_____| - Version 3.0 (alpha) + Version 3.2 _____________________________________________________________ Developed by FLARE Team - Copyright (C) 2016-2022 Mandiant, Inc. All rights reserved. + Copyright (C) 2016-2024 Mandiant, Inc. All rights reserved. _____________________________________________________________ 07/06/16 10:20:52 PM [ FakeNet] Loaded configuration file: configs/default.ini diff --git a/docs/architecture.md b/docs/architecture.md index 9b0c7a2d..3d90e725 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -12,11 +12,11 @@ directly (if they are not hidden behind the ProxyListener) or through the ProxyListener. This architecture is in contrast to tools like PyNetSim (can't find an authoritative hyperlink to cite this reference) that effectively integrate all services into a bus. The benefit of this additional complexity in -FakeNet-NG�s architecture is that it can incorporate Listeners based on generic +FakeNet-NG's architecture is that it can incorporate Listeners based on generic code that expects to directly bind to ports and manage its own sockets. The FakeNet-NG architecture is diagrammed subsequently. -![FakeNet-NG Architecture](https://github.com/fireeye/flare-fakenet-ng/raw/master/docs/fakenet_architecture.png "FakeNet-NG Architecture") +![FakeNet-NG Architecture](https://github.com/mandiant/flare-fakenet-ng/blob/master/docs/fakenet_architecture.png "FakeNet-NG Architecture") # Diverters diff --git a/docs/contributors.md b/docs/contributors.md index 9185aefc..09fe09a6 100644 --- a/docs/contributors.md +++ b/docs/contributors.md @@ -13,13 +13,13 @@ malware analysis on Windows XP. ## Windows Peter Kacherginsky [implemented -FakeNet-NG](https://www.fireeye.com/blog/threat-research/2016/08/fakenet-ng_next_gen.html) +FakeNet-NG](https://www.mandiant.com/resources/blog/fakenet-ng-next-gen) targeting modern versions of Windows. ## Linux and Core Michael Bailey [implemented FakeNet-NG on -Linux](https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html), +Linux](https://www.mandiant.com/resources/blog/introducing-linux-support-fakenet-ng-flares-next-generation-dynamic-network-analysis-tool), and later refactored FakeNet-NG to use this as the unified packet processing logic for both Windows and Linux. @@ -32,7 +32,7 @@ Haigh, Michael Bailey, and Peter Kacherginsky conceptualized the Proxy Listener and Hidden Listener mechanisms for introducing both of these content-based protocol detection features to FakeNet-NG. Matthew Haigh then [implemented Content-Based Protocol -Detection](https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html). +Detection](https://www.mandiant.com/content/fireeye-www/en_US/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html). ## HTML- and Text-Based NBI After-Reporting diff --git a/docs/srs.md b/docs/srs.md index 89333cdf..29c49447 100644 --- a/docs/srs.md +++ b/docs/srs.md @@ -24,19 +24,19 @@ Analysis](https://nostarch.com/malware). ## History FakeNet-NG was initially released August 3, 2016 by Peter Kacherginsky with support for Windows: [FakeNet-NG: Next Generation Dynamic Network Analysis -Tool](https://www.fireeye.com/blog/threat-research/2016/08/fakenet-ng_next_gen.html). +Tool](https://www.mandiant.com/resources/blog/fakenet-ng-next-gen). On July 5, 2017 FakeNet-NG was updated by Michael Bailey to add support for Linux: [Introducing Linux Support for FakeNet-NG: FLARE's Next Generation Dynamic Network Analysis -Tool](https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html). +Tool](https://www.mandiant.com/resources/blog/introducing-linux-support-fakenet-ng-flares-next-generation-dynamic-network-analysis-tool). The next significant FakeNet-NG release was by Matthew Haigh on October 23, 2017 to introduce a proxy listener to sample, identify, and route traffic to the most appropriate listener: [New FakeNet-NG Feature: Content-Based Protocol -Detection](https://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html). +Detection](https://www.mandiant.com/content/fireeye-www/en_US/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html). -FireEye's [flare-fakenet-ng](https://github.com/fireeye/flare-fakenet-ng) +Mandiant's [flare-fakenet-ng](https://github.com/mandiant/flare-fakenet-ng) repository contains `README.md` which documents usage and configuration; and `docs/internals.md` which describes Diverter internals for Linux. @@ -157,7 +157,7 @@ The Configuration Logic for parsing and validating the configuration file is spread throughout the Application, Diverter, and Listeners. The configuration file is a -[ConfigParser](https://docs.python.org/2/library/configparser.html)-compatible +[ConfigParser](https://docs.python.org/3/library/configparser.html)-compatible file at an operator-specified location detailing how FakeNet-NG is to behave. Proposed: it may be beneficial to better encapsulate and centralize the diff --git a/fakenet/defaultFiles/FakeNet.html b/fakenet/defaultFiles/FakeNet.html index 418c0dd4..e7746792 100644 --- a/fakenet/defaultFiles/FakeNet.html +++ b/fakenet/defaultFiles/FakeNet.html @@ -32,6 +32,6 @@