### Netconan Configuration File Example Source: https://context7.com/intentionet/netconan/llms.txt A sample configuration file demonstrating how to set anonymization options. This allows for reusable and consistent anonymization settings. ```ini # sample-netconan-config.cfg input=./sensitive_configs output=./anonymized_configs log-level=INFO anonymize-ips anonymize-passwords salt=CONSISTENT_SALT_FOR_REPRODUCIBILITY dump-ip-map=./ip-mapping.txt sensitive-words=companyname,datacenter,secretproject ``` -------------------------------- ### Install Package from TestPyPI Source: https://github.com/intentionet/netconan/blob/master/DEVELOPMENT.rst Use this command to install the Netconan package from TestPyPI for testing purposes. This command includes an extra index URL for PyPI to resolve any potential dependencies. ```bash pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netconan ``` -------------------------------- ### Install Netconan using pip Source: https://github.com/intentionet/netconan/blob/master/README.rst Install the Netconan package using pip. This is the standard method for installing Python packages. ```bash $ pip install netconan ``` -------------------------------- ### Netconan Pipe Mode Example Source: https://github.com/intentionet/netconan/blob/master/README.rst Netconan supports reading from stdin and writing to stdout using '-' as input or output paths, enabling pipe-based workflows. ```bash ``` -------------------------------- ### Python API: Directory Anonymization with All Options Source: https://context7.com/intentionet/netconan/llms.txt Perform comprehensive anonymization on a directory using the `anonymize_files` function. This example demonstrates enabling all anonymization features, including sensitive words, AS numbers, and IP preservation options. ```python from netconan.anonymize_files import anonymize_files anonymize_files( input_path="sensitive_configs/", output_path="anonymized_configs/", anon_pwd=True, anon_ip=True, salt="productionSalt", dumpfile="ip_mapping.txt", sensitive_words=["companyname", "internal", "secret"], as_numbers=["65001", "65002"], reserved_words=["interface", "router"], # Words to never anonymize preserve_prefixes=["10.0.0.0/8", "172.16.0.0/12"], preserve_networks=["192.168.1.0/24"], # Fully preserve these networks preserve_suffix_v4=8, # Preserve last 8 bits of IPv4 preserve_suffix_v6=8 # Preserve last 8 bits of IPv6 ) ``` -------------------------------- ### Use Configuration File with Netconan Source: https://context7.com/intentionet/netconan/llms.txt Execute netconan using a specified configuration file. Command-line arguments can override settings defined in the configuration file. ```bash netconan -c sample-netconan-config.cfg ``` ```bash netconan -c netconan.cfg -i different_input/ -o different_output/ ``` -------------------------------- ### Initialize and Use FileAnonymizer Source: https://context7.com/intentionet/netconan/llms.txt Instantiate FileAnonymizer with various options for anonymizing passwords, IPs, sensitive words, and preserving specific network prefixes. Demonstrates anonymizing from file to file and in-memory using StringIO. ```python from io import StringIO from netconan.anonymize_files import FileAnonymizer # Create anonymizer with desired options anonymizer = FileAnonymizer( anon_pwd=True, anon_ip=True, salt="mySalt", sensitive_words=["companyname", "secret"], as_numbers=["65001"], preserve_prefixes=["10.0.0.0/8"], preserve_suffix_v4=8 ) # Anonymize from file to file with open("sensitive.cfg", "r") as in_file, open("anon.cfg", "w") as out_file: anonymizer.anonymize_io(in_file, out_file) # Anonymize in-memory strings input_config = """ hostname companyname-router1 ip address 192.168.1.100 255.255.255.0 username admin password 7 122A001901 router bgp 65001 """ in_io = StringIO(input_config) out_io = StringIO() anonymizer.anonymize_io(in_io, out_io) anonymized_output = out_io.getvalue() print(anonymized_output) ``` -------------------------------- ### Netconan Usage Help Source: https://github.com/intentionet/netconan/blob/master/README.rst Displays the help message for the netconan command, outlining all available arguments and their descriptions. This is useful for understanding the full range of options. ```bash usage: netconan [-h] [--version] [-a] [-c CONFIG] [-d DUMP_IP_MAP] -i INPUT [-l {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-n AS_NUMBERS] -o OUTPUT [-p] [-r RESERVED_WORDS] [-s SALT] [-u] [-w SENSITIVE_WORDS] [--preserve-prefixes PRESERVE_PREFIXES] [--preserve-addresses PRESERVE_ADDRESSES] [--preserve-private-addresses] [--preserve-host-bits PRESERVE_HOST_BITS) Args that can start with '--' can also be set in a config file (specified via -c). If an arg is specified in more than one place, then command line values override config file values which override defaults. Config file syntax allows: key=value, flag=true, stuff=[a,b,c] (for more details, see here https://goo.gl/R74nmi). optional arguments: -h, --help show this help message and exit --version Print version number and exit -a, --anonymize-ips Anonymize IP addresses -c CONFIG, --config CONFIG Netconan configuration file with defaults for these CLI parameters -d DUMP_IP_MAP, --dump-ip-map DUMP_IP_MAP Dump IP address anonymization map to specified file -i INPUT, --input INPUT Input file or directory containing files to anonymize -l {DEBUG,INFO,WARNING,ERROR,CRITICAL}, --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL} Determines what level of logs to display -n AS_NUMBERS, --as-numbers AS_NUMBERS List of comma separated AS numbers to anonymize -o OUTPUT, --output OUTPUT Output file or directory where anonymized files are placed -p, --anonymize-passwords Anonymize password and snmp community lines -r RESERVED_WORDS, --reserved-words RESERVED_WORDS List of comma separated words that should not be anonymized -s SALT, --salt SALT Salt for IP and sensitive keyword anonymization -u, --undo Undo reversible anonymization (must specify salt) -w SENSITIVE_WORDS, --sensitive-words SENSITIVE_WORDS List of comma separated keywords to anonymize --preserve-prefixes PRESERVE_PREFIXES List of comma separated IP prefixes to preserve. Specified prefixes are preserved, but the host bits within those prefixes are still anonymized. To preserve prefixes and host bits in specified blocks, use --preserve-addresses instead --preserve-addresses PRESERVE_ADDRESSES List of comma separated IP addresses or networks to preserve. Prefixes and host bits within those networks are preserved. To preserve just prefixes and anonymize host bits, use --preserve-prefixes --preserve-private-addresses Preserve private-use IP addresses. Prefixes and host bits within the private-use IP networks are preserved. To preserve specific addresses or networks, use --preserve-addresses instead. To preserve just prefixes and anonymize host bits, use --preserve- prefixes --preserve-host-bits PRESERVE_HOST_BITS Preserve the trailing bits of IP addresses, aka the host bits of a network. Set this value large enough to represent the largest interface network (e.g., 8 for a /24 or 12 for a /20) or NAT pool. ``` -------------------------------- ### Initialize and Use SensitiveWordAnonymizer Source: https://context7.com/intentionet/netconan/llms.txt Instantiate SensitiveWordAnonymizer with a list of sensitive words and a salt. Shows anonymizing a hostname line and demonstrates case-insensitive replacement. ```python from netconan.sensitive_item_removal import SensitiveWordAnonymizer # Basic sensitive word anonymizer anonymizer = SensitiveWordAnonymizer( sensitive_words=["companyname", "secretproject", "internal"], salt="mySalt" ) # Anonymize a config line line = "hostname companyname-router1" anon_line = anonymizer.anonymize(line) print(anon_line) # Case-insensitive replacement line_upper = "hostname COMPANYNAME-ROUTER1" anon_line_upper = anonymizer.anonymize(line_upper) print(anon_line_upper) ``` -------------------------------- ### Command Line Interface - Basic Usage Source: https://context7.com/intentionet/netconan/llms.txt Anonymize IP addresses and passwords in a single file. ```APIDOC ## POST /api/users ### Description This endpoint allows for the creation of new user accounts. ### Method POST ### Endpoint /api/users ### Parameters #### Query Parameters - **limit** (integer) - Optional - The maximum number of users to return. #### Request Body - **username** (string) - Required - The desired username. - **email** (string) - Required - The user's email address. - **password** (string) - Required - The user's password. ### Request Example ```json { "username": "johndoe", "email": "john.doe@example.com", "password": "securePassword123" } ``` ### Response #### Success Response (200) - **userId** (string) - The unique identifier for the newly created user. - **message** (string) - A confirmation message. #### Response Example ```json { "userId": "usr_12345abcde", "message": "User created successfully." } ``` ``` -------------------------------- ### Bump Minor Version in __init__.py Source: https://github.com/intentionet/netconan/blob/master/DEVELOPMENT.rst After creating a release branch, update the version in the __init__.py file on the master branch to the next minor version, appending '.dev'. ```python 0.14.0.dev ``` -------------------------------- ### Basic IPv4 Anonymization with IpAnonymizer Source: https://context7.com/intentionet/netconan/llms.txt Create an IpAnonymizer instance with a salt to anonymize and deanonymize IPv4 addresses. Shows conversion between string, integer, and anonymized integer representations. ```python from netconan.ip_anonymization import IpAnonymizer, anonymize_ip_addr # Basic IPv4 anonymizer anonymizer = IpAnonymizer(salt="testSalt") # Anonymize a single IP address ip_addr = anonymizer.make_addr("192.168.1.100") ip_int = int(ip_addr) anon_ip_int = anonymizer.anonymize(ip_int) anon_ip = anonymizer.make_addr_from_int(anon_ip_int) print(f"Original: {ip_addr}, Anonymized: {anon_ip}") # Deanonymize (reverse the process with same salt) restored_ip_int = anonymizer.deanonymize(anon_ip_int) restored_ip = anonymizer.make_addr_from_int(restored_ip_int) print(f"Restored: {restored_ip}") ``` -------------------------------- ### Create Release Branch Source: https://github.com/intentionet/netconan/blob/master/DEVELOPMENT.rst Use this command to create a new release branch from the master branch. Ensure the branch name follows the 'release-0.xx' format. ```bash git checkout -b release-0.13 ``` -------------------------------- ### IPv6 Anonymizer with Preserved Suffix Source: https://context7.com/intentionet/netconan/llms.txt Demonstrates initializing an IpV6Anonymizer with a salt and a `preserve_suffix` value, which retains a specified number of bits from the end of the IPv6 address during anonymization. ```python from netconan.ip_anonymization import IpV6Anonymizer # IPv6 with preserved suffix anonymizer_preserved = IpV6Anonymizer(salt="testSalt", preserve_suffix=64) ``` -------------------------------- ### Dump IP Mapping to File Source: https://context7.com/intentionet/netconan/llms.txt Generate a file containing the mapping between original and anonymized IP addresses. This is useful for tracking or manual restoration if needed. ```bash netconan -i configs/ -o anon_configs/ \ --anonymize-ips \ --salt "mySalt" \ --dump-ip-map ip_mapping.txt ``` -------------------------------- ### Anonymize using Pipes (stdin/stdout) Source: https://context7.com/intentionet/netconan/llms.txt Utilize netconan with standard input and output for pipeline workflows. This is useful for processing data streams or when direct file access is not preferred. ```bash cat router.cfg | netconan -i - -o - -a -p -s mysalt > anonymized.cfg ``` -------------------------------- ### Dump IP Mapping to File Source: https://context7.com/intentionet/netconan/llms.txt Use the `dump_to_file` method of an IpAnonymizer instance to save the mapping of original IP addresses to their anonymized counterparts to a specified file. ```python from netconan.ip_anonymization import IpAnonymizer anonymizer = IpAnonymizer(salt="testSalt") # Dump IP mapping to file with open("ip_map.txt", "w") as f: anonymizer.dump_to_file(f) ``` -------------------------------- ### Update Version in __init__.py Source: https://github.com/intentionet/netconan/blob/master/DEVELOPMENT.rst Modify the version number in the __init__.py file to reflect the new release. Remove the '.dev' suffix for release branches. ```python 0.13.0 ``` -------------------------------- ### Custom Prefix Preservation with IpAnonymizer Source: https://context7.com/intentionet/netconan/llms.txt Configure IpAnonymizer to preserve specific IP address ranges and individual addresses, and to retain the last 8 bits of anonymized IPs. Includes a check for whether an address should be anonymized. ```python from netconan.ip_anonymization import IpAnonymizer # Custom prefix preservation custom_anonymizer = IpAnonymizer( salt="testSalt", preserve_prefixes=["170.0.0.0/8", "12.0.0.0/8"], preserve_addresses=["10.10.10.10"], # Skip anonymizing this address preserve_suffix=8 # Preserve last 8 bits (host portion) ) # Check if an address should be anonymized ip_int = int(custom_anonymizer.make_addr("10.10.10.10")) should_anon = custom_anonymizer.should_anonymize(ip_int) print(f"Should anonymize 10.10.10.10: {should_anon}") ``` -------------------------------- ### Anonymize IPs and Passwords in a File Source: https://context7.com/intentionet/netconan/llms.txt Basic usage for anonymizing IP addresses and passwords in a single configuration file. Ensure to use the same salt for consistent anonymization. ```bash netconan -i sensitive/config.cfg -o anonymized/config.cfg \ --anonymize-ips \ --anonymize-passwords \ --salt "mySecretSalt123" ``` -------------------------------- ### Netconan CLI for Anonymization Source: https://context7.com/intentionet/netconan/llms.txt Use the Netconan CLI to anonymize sensitive data in configuration files, specifying options for hostnames, AS numbers, and passwords. ```bash # Example input configuration (Cisco IOS) $ cat sensitive/router.cfg hostname companyname-router1 ! enable secret 5 $1$wtHI$0rN7R8PKwC30AsCGA77vy. username admin password 7 122A001901 ! snmp-server community publicRO tacacs-server host 10.1.2.3 key secretTacacsKey ! ip address 192.168.1.100 255.255.255.0 router bgp 65001 neighbor 10.0.0.1 remote-as 65002 # Anonymize with all options $ netconan -i sensitive/router.cfg -o anon/router.cfg \ -a -p \ -w companyname \ -n 65001,65002 \ -s "consistentSalt" # Example output (anonymized) $ cat anon/router.cfg hostname a1b2c3-router1 ! enable secret 5 $1$0000$EhfXcDfB7iiakW6mwMy1i. username admin password 7 09424B1D1A0A1913053E012724322D3765 ! snmp-server community netconanRemoved0 RO tacacs-server host 10.72.218.183 key netconanRemoved1 ! ip address 192.168.145.100 255.255.255.0 router bgp 42156 neighbor 10.52.183.1 remote-as 58234 ``` -------------------------------- ### Anonymize Single IPv6 Address with IpV6Anonymizer Source: https://context7.com/intentionet/netconan/llms.txt Initialize IpV6Anonymizer with a salt and use its methods to anonymize and deanonymize a single IPv6 address, converting between string and integer representations. ```python from netconan.ip_anonymization import IpV6Anonymizer, anonymize_ip_addr # IPv6 anonymizer anonymizer = IpV6Anonymizer(salt="testSalt") # Anonymize a single IPv6 address ip_addr = anonymizer.make_addr("2001:db8:85a3::8a2e:370:7334") ip_int = int(ip_addr) anon_ip_int = anonymizer.anonymize(ip_int) anon_ip = anonymizer.make_addr_from_int(anon_ip_int) print(f"Original: {ip_addr}") print(f"Anonymized: {anon_ip}") # Deanonymize restored_ip_int = anonymizer.deanonymize(anon_ip_int) restored_ip = anonymizer.make_addr_from_int(restored_ip_int) print(f"Restored: {restored_ip}") ``` -------------------------------- ### Python API: Basic File Anonymization Source: https://context7.com/intentionet/netconan/llms.txt Programmatically anonymize a single file using the `anonymize_files` function. Specify input and output paths, and enable password and IP anonymization with a salt. ```python from netconan.anonymize_files import anonymize_files anonymize_files( input_path="sensitive/router.cfg", output_path="anonymized/router.cfg", anon_pwd=True, anon_ip=True, salt="myConsistentSalt" ) ``` -------------------------------- ### Anonymize AS Numbers with AsNumberAnonymizer Source: https://context7.com/intentionet/netconan/llms.txt Utilize AsNumberAnonymizer to anonymize BGP AS numbers while maintaining their classification as public or private. ```python from netconan.sensitive_item_removal import AsNumberAnonymizer, anonymize_as_numbers # Create AS number anonymizer anonymizer = AsNumberAnonymizer( as_numbers=["65001", "65002", "64512"], salt="mySalt" ) # Anonymize AS numbers in config lines config_line = "router bgp 65001" anon_line = anonymize_as_numbers(anonymizer, config_line) print(anon_line) # Output: router bgp 42156 (anonymized but still in private AS range) # Multiple AS numbers config_line = "neighbor 10.0.0.1 remote-as 65001\nneighbor 10.0.0.2 remote-as 65002" anon_line = anonymize_as_numbers(anonymizer, config_line) print(anon_line) # Direct anonymization lookup anon_as = anonymizer.anonymize("65001") print(f"AS 65001 -> AS {anon_as}") # AS number blocks are preserved: # 0-64511: Public AS numbers # 64512-65535: Private AS numbers (16-bit) # 65536-4199999999: Public AS numbers (32-bit) # 4200000000-4294967295: Private AS numbers (32-bit) ``` -------------------------------- ### Anonymize Network Configuration File Source: https://github.com/intentionet/netconan/blob/master/README.rst Use this command to anonymize a network configuration file. Specify input and output directories, sensitive words, and options to anonymize passwords and IP addresses. ```bash $ cat sensitive/cisco.cfg ! This is intentionet's sensitive comment username admin password 7 122A001901 enable secret 5 $1$wtHI$0rN7R8PKwC30AsCGA77vy. ! tacacs-server host 1.2.3.4 key pwd1234 ip address 10.10.20.30/24 ip address 2001:2002::9d3b:1 ! route-map sea-to-lax ... route-map sea-to-atl ... ``` ```bash $ netconan -i sensitive -o anonymized \ --sensitive-words intentionet,sea,lax,atl \ --anonymize-passwords \ --anonymize-ips WARNING No salt was provided; using randomly generated "WNo5pX28MJOrqxfv" INFO Anonymizing cisco.cfg ``` ```bash $ cat anonymized/cisco.cfg ! This is db1792's sensitive comment username admin password 7 09424B1D1A0A1913053E012724322D3765 enable secret 5 $1$0000$EhfXcDfB7iiakW6mwMy1i. ! tacacs-server host 7.227.130.88 key netconanRemoved2 ip address 10.72.218.183/24 ip address cd7e:83e:1eaf:2ada:7535:591e:6d47:a4b8 ! route-map e69ceb-to-880ac2 ... route-map e69ceb-to-5d37ad ... ``` -------------------------------- ### Anonymize IP Addresses from Stdin to Stdout Source: https://github.com/intentionet/netconan/blob/master/README.rst Use this command to anonymize IP addresses from standard input and write the output to standard output. Requires a salt for anonymization. ```bash cat config.cfg | netconan -i - -o - -a -p -s mysalt > anonymized.cfg ``` -------------------------------- ### Anonymize IP Addresses in Configuration Lines Source: https://context7.com/intentionet/netconan/llms.txt Utilize the `anonymize_ip_addr` function with an existing IpAnonymizer instance to replace IPv4 addresses within a string. ```python from netconan.ip_anonymization import IpAnonymizer, anonymize_ip_addr anonymizer = IpAnonymizer(salt="testSalt") # Anonymize IP addresses in config lines config_line = "ip route 10.1.2.0 255.255.255.0 192.168.1.1" anon_line = anonymize_ip_addr(anonymizer, config_line) print(anon_line) ``` -------------------------------- ### Python API: De-anonymize IP Addresses Source: https://context7.com/intentionet/netconan/llms.txt Use the `anonymize_files` function to reverse IP address anonymization. Ensure the same salt is provided as used during the initial anonymization. Password anonymization cannot be undone. ```python from netconan.anonymize_files import anonymize_files anonymize_files( input_path="anonymized/router.cfg", output_path="restored/router.cfg", anon_pwd=False, anon_ip=False, salt="myConsistentSalt", undo_ip_anon=True ) ``` -------------------------------- ### Anonymize Directory with Custom Sensitive Words Source: https://context7.com/intentionet/netconan/llms.txt Anonymize all files within a directory, including IP addresses, passwords, and custom sensitive words. A consistent salt is crucial for reproducibility. ```bash netconan -i sensitive_configs/ -o anonymized_configs/ \ --anonymize-ips \ --anonymize-passwords \ --sensitive-words "companyname,datacenter,internal-project" \ --salt "consistentSalt" ``` -------------------------------- ### Netconan CLI Usage Source: https://github.com/intentionet/netconan/blob/master/README.rst The Netconan CLI tool is used for anonymizing network configuration files. It supports various options for IP address anonymization, password anonymization, and more. ```APIDOC ## Netconan CLI Usage ### Description This section details the command-line arguments and options available for the Netconan tool, which is used to anonymize network configuration files. ### Method Command Line Interface ### Endpoint N/A ### Parameters #### Command-line Arguments - **-h, --help** (flag) - show this help message and exit - **--version** (flag) - Print version number and exit - **-a, --anonymize-ips** (flag) - Anonymize IP addresses - **-c CONFIG, --config CONFIG** (string) - Netconan configuration file with defaults for these CLI parameters - **-d DUMP_IP_MAP, --dump-ip-map DUMP_IP_MAP** (string) - Dump IP address anonymization map to specified file - **-i INPUT, --input INPUT** (string) - Input file or directory containing files to anonymize - **-l {DEBUG,INFO,WARNING,ERROR,CRITICAL}, --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}** (string) - Determines what level of logs to display - **-n AS_NUMBERS, --as-numbers AS_NUMBERS** (string) - List of comma separated AS numbers to anonymize - **-o OUTPUT, --output OUTPUT** (string) - Output file or directory where anonymized files are placed - **-p, --anonymize-passwords** (flag) - Anonymize password and snmp community lines - **-r RESERVED_WORDS, --reserved-words RESERVED_WORDS** (string) - List of comma separated words that should not be anonymized - **-s SALT, --salt SALT** (string) - Salt for IP and sensitive keyword anonymization - **-u, --undo** (flag) - Undo reversible anonymization (must specify salt) - **-w SENSITIVE_WORDS, --sensitive-words SENSITIVE_WORDS** (string) - List of comma separated keywords to anonymize - **--preserve-prefixes PRESERVE_PREFIXES** (string) - List of comma separated IP prefixes to preserve. Specified prefixes are preserved, but the host bits within those prefixes are still anonymized. To preserve prefixes and host bits in specified blocks, use --preserve-addresses instead - **--preserve-addresses PRESERVE_ADDRESSES** (string) - List of comma separated IP addresses or networks to preserve. Prefixes and host bits within those networks are preserved. To preserve just prefixes and anonymize host bits, use --preserve-prefixes - **--preserve-private-addresses** (flag) - Preserve private-use IP addresses. Prefixes and host bits within the private-use IP networks are preserved. To preserve specific addresses or networks, use --preserve-addresses instead. To preserve just prefixes and anonymize host bits, use --preserve-prefixes - **--preserve-host-bits PRESERVE_HOST_BITS** (string) - Preserve the trailing bits of IP addresses, aka the host bits of a network. Set this value large enough to represent the largest interface network (e.g., 8 for a /24 or 12 for a /20) or NAT pool. ### Request Example ```bash $ cat config.cfg | netconan -i - -o - -a -p -s mysalt > anonymized.cfg $ cat config.cfg | netconan -i - -o anonymized.cfg -a -p -s mysalt $ netconan -i config.cfg -o - -a -p -s mysalt > anonymized.cfg ``` ### Response N/A (This is a CLI tool) ### Error Handling Note that directory input cannot be combined with ``-o -``. For more information about less commonly-used features, see the Netconan help (``-h``). For more information on config file syntax, see `here `_. ``` -------------------------------- ### Customize Host Bit Preservation Source: https://context7.com/intentionet/netconan/llms.txt Control the number of host bits to preserve when anonymizing IP addresses. The default is 8 bits, but this can be adjusted for different network requirements. ```bash netconan -i config.cfg -o anon.cfg \ --anonymize-ips \ --preserve-host-bits 12 \ --salt "mySalt" ``` -------------------------------- ### Anonymize IPv6 Addresses in Configuration Lines Source: https://context7.com/intentionet/netconan/llms.txt Use the `anonymize_ip_addr` function with an IpV6Anonymizer instance to replace IPv6 addresses within a configuration string. ```python from netconan.ip_anonymization import IpV6Anonymizer, anonymize_ip_addr anonymizer = IpV6Anonymizer(salt="testSalt") # Anonymize IPv6 in config lines config_line = "ipv6 address 2001:db8::1/64" anon_line = anonymize_ip_addr(anonymizer, config_line) print(anon_line) ``` -------------------------------- ### Anonymize IP Addresses from File to Stdout Source: https://github.com/intentionet/netconan/blob/master/README.rst Use this command to anonymize IP addresses from an input file and direct the output to standard output. A salt is required for anonymization. ```bash netconan -i config.cfg -o - -a -p -s mysalt > anonymized.cfg ``` -------------------------------- ### Anonymize IP Addresses from Stdin to File Source: https://github.com/intentionet/netconan/blob/master/README.rst This command anonymizes IP addresses from standard input and saves the output to a specified file. It requires a salt for the anonymization process. ```bash cat config.cfg | netconan -i - -o anonymized.cfg -a -p -s mysalt ``` -------------------------------- ### Anonymize Specific AS Numbers Source: https://context7.com/intentionet/netconan/llms.txt Anonymize IP addresses and specific Autonomous System (AS) numbers. Provide a list of AS numbers to be anonymized. ```bash netconan -i config.cfg -o anon_config.cfg \ --anonymize-ips \ --as-numbers "65001,65002,64512" \ --salt "mySalt" ``` -------------------------------- ### Preserve Custom Prefixes Source: https://context7.com/intentionet/netconan/llms.txt Anonymize IP addresses while preserving specified network prefixes. This allows for granular control over which parts of the IP address space are anonymized. ```bash netconan -i config.cfg -o anon.cfg \ --anonymize-ips \ --preserve-prefixes "12.0.0.0/8,170.0.0.0/8" \ --salt "mySalt" ``` -------------------------------- ### FileAnonymizer API Source: https://context7.com/intentionet/netconan/llms.txt The FileAnonymizer class allows for anonymizing data from file-like objects or in-memory strings. It supports various options for customizing the anonymization process, such as anonymizing passwords, IP addresses, and specific sensitive words. ```APIDOC ## Python API: FileAnonymizer ### Description The `FileAnonymizer` class provides fine-grained control for anonymizing file-like objects, useful for custom processing pipelines or in-memory anonymization. ### Initialization ```python anonymizer = FileAnonymizer( anon_pwd=True, # Anonymize passwords anon_ip=True, # Anonymize IP addresses salt="mySalt", # Salt for hashing sensitive_words=["companyname", "secret"], # List of sensitive words as_numbers=["65001"], # Words to be replaced by numbers preserve_prefixes=["10.0.0.0/8"], # IP prefixes to preserve preserve_suffix_v4=8 # Number of bits to preserve in IPv4 host portion ) ``` ### Usage #### Anonymize from file to file ```python with open("sensitive.cfg", "r") as in_file, open("anon.cfg", "w") as out_file: anonymizer.anonymize_io(in_file, out_file) ``` #### Anonymize in-memory strings ```python from io import StringIO input_config = """ hostname companyname-router1 ip address 192.168.1.100 255.255.255.0 username admin password 7 122A001901 router bgp 65001 """ in_io = StringIO(input_config) out_io = StringIO() anonymizer.anonymize_io(in_io, out_io) anonymized_output = out_io.getvalue() print(anonymized_output) ``` ``` -------------------------------- ### IpV6Anonymizer API Source: https://context7.com/intentionet/netconan/llms.txt The IpV6Anonymizer class provides prefix-preserving anonymization for IPv6 addresses, mirroring the functionality of the IpAnonymizer for IPv4. It supports anonymization, deanonymization, and custom configurations. ```APIDOC ## Python API: IpV6Anonymizer ### Description The `IpV6Anonymizer` class provides prefix-preserving anonymization for IPv6 addresses using the same algorithm as IPv4. ### Initialization ```python # IPv6 anonymizer anonymizer = IpV6Anonymizer(salt="testSalt") # IPv6 with preserved suffix anonymizer_preserved = IpV6Anonymizer(salt="testSalt", preserve_suffix=64) ``` ### Usage #### Anonymize a single IPv6 address ```python ip_addr = anonymizer.make_addr("2001:db8:85a3::8a2e:370:7334") ip_int = int(ip_addr) anon_ip_int = anonymizer.anonymize(ip_int) anon_ip = anonymizer.make_addr_from_int(anon_ip_int) print(f"Original: {ip_addr}") print(f"Anonymized: {anon_ip}") ``` #### Anonymize IPv6 in config lines ```python config_line = "ipv6 address 2001:db8::1/64" anon_line = anonymize_ip_addr(anonymizer, config_line) print(anon_line) ``` #### Deanonymize an IPv6 address ```python restored_ip_int = anonymizer.deanonymize(anon_ip_int) restored_ip = anonymizer.make_addr_from_int(restored_ip_int) print(f"Restored: {restored_ip}") ``` ``` -------------------------------- ### AsNumberAnonymizer Source: https://context7.com/intentionet/netconan/llms.txt Anonymizes BGP AS numbers while preserving their block classification (public vs private AS number ranges). ```APIDOC ## AsNumberAnonymizer ### Description Anonymizes BGP AS numbers while preserving their block classification (public vs private AS number ranges). ### Method `AsNumberAnonymizer(as_numbers: list, salt: str)` ### Parameters #### Initialization Parameters - **as_numbers** (list) - Required - A list of AS numbers to anonymize. - **salt** (str) - Required - A salt string used for anonymization. ### Method `anonymize(as_number: str) -> str` ### Parameters #### Method Parameters - **as_number** (str) - Required - The AS number to anonymize. ### Helper Function `anonymize_as_numbers(anonymizer: AsNumberAnonymizer, config_line: str) -> str` ### Parameters #### Helper Function Parameters - **anonymizer** (AsNumberAnonymizer) - Required - An instance of AsNumberAnonymizer. - **config_line** (str) - Required - The configuration line containing AS numbers. ### AS Number Blocks - 0-64511: Public AS numbers - 64512-65535: Private AS numbers (16-bit) - 65536-4199999999: Public AS numbers (32-bit) - 4200000000-4294967295: Private AS numbers (32-bit) ### Request Example ```python from netconan.sensitive_item_removal import AsNumberAnonymizer, anonymize_as_numbers # Create AS number anonymizer anonymizer = AsNumberAnonymizer( as_numbers=["65001", "65002", "64512"], salt="mySalt" ) # Anonymize AS numbers in config lines config_line = "router bgp 65001" anon_line = anonymize_as_numbers(anonymizer, config_line) print(anon_line) # Output: router bgp 42156 (anonymized but still in private AS range) # Multiple AS numbers config_line = "neighbor 10.0.0.1 remote-as 65001\nneighbor 10.0.0.2 remote-as 65002" anon_line = anonymize_as_numbers(anonymizer, config_line) print(anon_line) # Direct anonymization lookup anon_as = anonymizer.anonymize("65001") print(f"AS 65001 -> AS {anon_as}") ``` ``` -------------------------------- ### Anonymize Passwords and Communities with replace_matching_item Source: https://context7.com/intentionet/netconan/llms.txt Use replace_matching_item with generated regexes to anonymize passwords and community strings, preserving vendor-specific formats. ```python from netconan.sensitive_item_removal import ( generate_default_sensitive_item_regexes, replace_matching_item, _anonymize_value ) # Generate compiled regexes for password detection regexes = generate_default_sensitive_item_regexes() # Anonymize passwords in config lines pwd_lookup = {} # Tracks already-anonymized passwords for consistency salt = "mySalt" # Cisco password examples cisco_lines = [ "enable secret 5 $1$wtHI$0rN7R8PKwC30AsCGA77vy.", "username admin password 7 122A001901", "snmp-server community public RO", "tacacs-server host 10.1.1.1 key secretkey123", ] for line in cisco_lines: anon_line = replace_matching_item(regexes, line, pwd_lookup, salt) print(f"Original: {line}") print(f"Anonymized: {anon_line}\n") # Juniper password examples juniper_lines = [ 'secret "$9$HqfQ1IcrK8n/t0IcvM24aZGi6/t"', 'set system root-authentication encrypted-password "$1$salt$hash"', ] for line in juniper_lines: anon_line = replace_matching_item(regexes, line, pwd_lookup, salt) print(f"Original: {line}") print(f"Anonymized: {anon_line}\n") # Direct value anonymization with format preservation test_values = [ "122A001901", # Cisco Type 7 "$1$salt$abcdefghijklmnopqrs", # MD5 hash "$9$HqfQ1IcrK8n/t0IcvM24aZGi6/t", # Juniper Type 9 "plainTextPassword", # Plain text ] for val in test_values: anon_val = _anonymize_value(val, {}, set(), salt) print(f"Original: {val}") print(f"Anonymized: {anon_val}\n") ``` -------------------------------- ### Password and Community String Anonymization Source: https://context7.com/intentionet/netconan/llms.txt Handles password and community string anonymization using RANCID-derived regex patterns that support multiple vendor formats. ```APIDOC ## Password Anonymization ### Description Handles password and community string anonymization using RANCID-derived regex patterns that support multiple vendor formats. ### Functions - `generate_default_sensitive_item_regexes() -> list` - `replace_matching_item(regexes: list, line: str, pwd_lookup: dict, salt: str) -> str` - `_anonymize_value(value: str, pwd_lookup: dict, anonymized_values: set, salt: str) -> str` ### Parameters #### `generate_default_sensitive_item_regexes()` No parameters. #### `replace_matching_item` - **regexes** (list) - Required - Compiled regexes for sensitive item detection. - **line** (str) - Required - The configuration line to process. - **pwd_lookup** (dict) - Required - A dictionary to track already anonymized passwords for consistency. - **salt** (str) - Required - A salt string used for anonymization. #### `_anonymize_value` - **value** (str) - Required - The value to anonymize. - **pwd_lookup** (dict) - Required - A dictionary to track already anonymized passwords. - **anonymized_values** (set) - Required - A set to store anonymized values. - **salt** (str) - Required - A salt string used for anonymization. ### Supported Vendor Password Formats Netconan recognizes and preserves the format of passwords from multiple vendors including Cisco (Type 5 MD5, Type 7), Juniper (Type 9), Arista (SHA-512), Fortinet, and AWS VPN configurations. ### Request Example ```python from netconan.sensitive_item_removal import ( generate_default_sensitive_item_regexes, replace_matching_item, _anonymize_value ) # Generate compiled regexes for password detection regexes = generate_default_sensitive_item_regexes() # Anonymize passwords in config lines pwd_lookup = {} # Tracks already-anonymized passwords for consistency salt = "mySalt" # Cisco password examples cisco_lines = [ "enable secret 5 $1$wtHI$0rN7R8PKwC30AsCGA77vy.", "username admin password 7 122A001901", "snmp-server community public RO", "tacacs-server host 10.1.1.1 key secretkey123", ] for line in cisco_lines: anon_line = replace_matching_item(regexes, line, pwd_lookup, salt) print(f"Original: {line}") print(f"Anonymized: {anon_line}\n") # Juniper password examples juniper_lines = [ 'secret "$9$HqfQ1IcrK8n/t0IcvM24aZGi6/t"', 'set system root-authentication encrypted-password "$1$salt$hash"', ] for line in juniper_lines: anon_line = replace_matching_item(regexes, line, pwd_lookup, salt) print(f"Original: {line}") print(f"Anonymized: {anon_line}\n") # Direct value anonymization with format preservation test_values = [ "122A001901", # Cisco Type 7 "$1$salt$abcdefghijklmnopqrs", # MD5 hash "$9$HqfQ1IcrK8n/t0IcvM24aZGi6/t", # Juniper Type 9 "plainTextPassword", # Plain text ] for val in test_values: anon_val = _anonymize_value(val, {}, set(), salt) print(f"Original: {val}") print(f"Anonymized: {anon_val}\n") ``` ``` -------------------------------- ### IpAnonymizer API Source: https://context7.com/intentionet/netconan/llms.txt The IpAnonymizer class handles anonymization of IPv4 addresses while preserving network topology. It supports basic anonymization, deanonymization, and custom configurations for preserving specific prefixes or addresses. ```APIDOC ## Python API: IpAnonymizer ### Description The `IpAnonymizer` class implements prefix-preserving anonymization for IPv4 addresses, ensuring network topology is maintained while actual addresses are obfuscated. ### Initialization ```python # Basic IPv4 anonymizer anonymizer = IpAnonymizer(salt="testSalt") # Custom prefix preservation custom_anonymizer = IpAnonymizer( salt="testSalt", preserve_prefixes=["170.0.0.0/8", "12.0.0.0/8"], preserve_addresses=["10.10.10.10"], # Skip anonymizing this address preserve_suffix=8 # Preserve last 8 bits (host portion) ) ``` ### Usage #### Anonymize a single IP address ```python ip_addr = anonymizer.make_addr("192.168.1.100") ip_int = int(ip_addr) anon_ip_int = anonymizer.anonymize(ip_int) anon_ip = anonymizer.make_addr_from_int(anon_ip_int) print(f"Original: {ip_addr}, Anonymized: {anon_ip}") ``` #### Deanonymize an IP address ```python restored_ip_int = anonymizer.deanonymize(anon_ip_int) restored_ip = anonymizer.make_addr_from_int(restored_ip_int) print(f"Restored: {restored_ip}") ``` #### Anonymize IP addresses in config lines ```python config_line = "ip route 10.1.2.0 255.255.255.0 192.168.1.1" anon_line = anonymize_ip_addr(anonymizer, config_line) print(anon_line) ``` #### Check if an address should be anonymized ```python ip_int = int(custom_anonymizer.make_addr("10.10.10.10")) should_anon = custom_anonymizer.should_anonymize(ip_int) print(f"Should anonymize 10.10.10.10: {should_anon}") ``` #### Dump IP mapping to file ```python with open("ip_map.txt", "w") as f: anonymizer.dump_to_file(f) # Creates tab-separated file: original_ip\tanonymized_ip ``` ``` -------------------------------- ### Anonymize with Reserved Words Source: https://context7.com/intentionet/netconan/llms.txt Use SensitiveWordAnonymizer to anonymize sensitive words while preserving specified reserved words. ```python from netconan.sensitive_word_anonymizer import SensitiveWordAnonymizer anonymizer_with_reserved = SensitiveWordAnonymizer( sensitive_words=["sea"], salt="mySalt", reserved_words={"search", "season", "interface"} ) line = "search domain.com sea-router1 seasonal" anon_line = anonymizer_with_reserved.anonymize(line) print(anon_line) # "search" is preserved, "sea" in "sea-router1" is anonymized ``` -------------------------------- ### De-anonymize IP Addresses Source: https://context7.com/intentionet/netconan/llms.txt Restore anonymized IP addresses to their original values. This requires the same salt used during the anonymization process. Note that password anonymization is not reversible. ```bash netconan -i anonymized/config.cfg -o restored/config.cfg \ --undo \ --salt "mySecretSalt123" ``` -------------------------------- ### Preserve All Private IP Addresses (RFC 1918) Source: https://context7.com/intentionet/netconan/llms.txt Automatically preserve all IP addresses falling within the RFC 1918 private address ranges during anonymization. This simplifies configuration for common internal networks. ```bash netconan -i config.cfg -o anon.cfg \ --anonymize-ips \ --preserve-private-addresses \ --salt "mySalt" ``` -------------------------------- ### Preserve Specific IP Addresses or Networks Source: https://context7.com/intentionet/netconan/llms.txt Anonymize IP addresses while ensuring specific IP addresses or entire networks remain unchanged. This is useful for critical infrastructure or management IPs. ```bash netconan -i config.cfg -o anon.cfg \ --anonymize-ips \ --preserve-addresses "10.0.0.1,192.168.0.0/16" \ --salt "mySalt" ```