Netconan network configuration anonymization utilities
Project description
Netconan
Netconan (network configuration anonymizer) anonymizes text files that contain sensitive network information.
With Netconan, a sensitive input file
$ cat sensitive/cisco.cfg
! This is intentionet's sensitive comment
username admin password 7 122A001901
enable secret 5 $1$wtHI$0rN7R8PKwC30AsCGA77vy.
!
tacacs-server host 10.10.10.10 key pwd1234
ip address 10.10.20.30/24
ip address 2001:2002::9d3b:1
!
route-map sea-to-lax ...
route-map sea-to-atl ...
can be anonymized
$ netconan -i sensitive -o anonymized \
--sensitive-words intentionet,sea,lax,atl \
--anonymize-passwords \
--anonymize-ips
WARNING No salt was provided; using randomly generated "WNo5pX28MJOrqxfv"
INFO Anonymizing cisco.cfg
to produce an output file you can feel comfortable sharing.
$ cat anonymized/cisco.cfg
! This is db1792's sensitive comment
username admin password 7 09424B1D1A0A1913053E012724322D3765
enable secret 5 $1$0000$EhfXcDfB7iiakW6mwMy1i.
!
tacacs-server host 119.72.192.224 key netconanRemoved2
ip address 119.72.218.183/24
ip address cd7e:83e:1eaf:2ada:7535:591e:6d47:a4b8
!
route-map e69ceb-to-880ac2 ...
route-map e69ceb-to-5d37ad ...
Installing Netconan
Install Netconan using pip:
$ pip install netconan
Features
Netconan can anonymize many types of sensitive information:
Sensitive strings like passwords or SNMP community strings (--anonymize-passwords, -p), for many common network vendors.
IPv4 and IPv6 addresses (--anonymize-ips, -a).
User-specified sensitive words (--sensitive-words, -w).
Netconan attempts to preserve useful structure. For example,
Netconan preserves prefixes when anonymizing IPv4 and IPv6 addresses: IP addresses with a common prefix before anonymization will share the same prefix length after anonymization. For more information, see J. Xu et al., On the Design and Performance of Prefix-Preserving IP Traffic Trace Anonymization, ACM SIGCOMM Workshop on Internet Measurement, 2001 [link].
IPv4 classes are preserved.
Standard password and hash formats (salted md5, Cisco Type 7, Juniper Type 9) are recognized and substituted with format-compliant replacements.
Netconan is deterministic when provided the same user-controllable salt (--salt, -s). Files processed using the same salt are compatible (e.g., IP addresses anonymized the same way) whether anonymized together or separately.
For reversible operations (specifically, IP address anonymization), Netconan can produce a de-anonymized file (--undo, -u) when provided with the same salt used in anonymization (--salt, -s).
Running netconan
Netconan processes all files not starting with . housed in the top level of the specified input directory and saves processed files in the specified output directory.
For more information about less commonly-used features, see the Netconan help (-h).
usage: netconan [-h] -i INPUT -o OUTPUT [-p] [-a] [-s SALT] [-d DUMP_IP_MAP]
[-u] [-w SENSITIVE_WORDS]
[-l {DEBUG,INFO,WARNING,ERROR,CRITICAL}]
optional arguments:
-h, --help show this help message and exit
-i INPUT, --input INPUT
Directory containing files to anonymize
-o OUTPUT, --output OUTPUT
Directory to place anonymized files
-p, --anonymize-passwords Anonymize password and snmp community lines
-a, --anonymize-ips
Anonymize IP addresses
-s SALT, --salt SALT Salt for IP and sensitive keyword anonymization
-d DUMP_IP_MAP, --dump-ip-map DUMP_IP_MAP
Dump IP address anonymization map to specified file
-u, --undo Undo reversible anonymization (must specify salt)
-w SENSITIVE_WORDS, --sensitive-words SENSITIVE_WORDS
Comma separated list of keywords to anonymize
-l {DEBUG,INFO,WARNING,ERROR,CRITICAL}, --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
Determines what level of logs to display
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for netconan-0.1.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | df49ae53479239ac247e9573be67ae9a353fe7ffa35912bb52b2a21a393c20f5 |
|
MD5 | 9d692069182f9c39f3ca7564e99378d7 |
|
BLAKE2b-256 | c7e0a1ad5385b6b20b0d334948418fa18f298d83ca99994c1e464aff9f83be96 |