Class: DarwinPorts

Inherits:
PortsInfo show all
Defined in:
lib/resources/port.rb

Overview

extracts udp and tcp ports from macos

Instance Attribute Summary

Attributes inherited from PortsInfo

#inspec

Instance Method Summary collapse

Methods inherited from PortsInfo

#initialize

Constructor Details

This class inherits a constructor from PortsInfo

Instance Method Details

#infoObject 



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
 
# File 'lib/resources/port.rb', line 134

def info
  # collects UDP and TCP information
  cmd = inspec.command('lsof -nP -iTCP -iUDP -sTCP:LISTEN')
  return nil if cmd.exit_status.to_i != 0

  ports = []
  # split on each newline
  cmd.stdout.each_line do |line|
    # parse each line
    # 1 - COMMAND, 2 - PID, 3 - USER, 4 - FD, 5 - TYPE, 6 - DEVICE, 7 - SIZE/OFF, 8 - NODE, 9 - NAME
    parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+).*$/.match(line)
    # extract network info
    net_addr = parsed[9].split(':')
    # convert to number if possible
    net_port = net_addr[1]
    net_port = net_port.to_i if /^\d+$/.match(net_port)
    protocol = parsed[8].downcase

    # add version to protocol
    type = parsed[5].downcase
    protocol += '6' if type == 'IPv6'

    # map data
    port_info = {
      port: net_port,
      address: net_addr[0],
      protocol: protocol,
      process: parsed[1],
      pid: parsed[2].to_i,
    }

    # push data, if not headerfile
    ports.push(port_info) if %w{tcp tcp6 udp udp6}.include?(protocol)
  end
  ports
end