• Stars
    star
    158
  • Rank 231,701 (Top 5 %)
  • Language
    C
  • Created almost 11 years ago
  • Updated 13 days ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Awareness Hub for the Internet of Things

Dowse logo

A digital rod for local area network rabdomancy

software by Dyne.org

Updates: http://dowse.eu

Whitepaper: https://files.dyne.org/dowse/dowse_whitepaper.pdf

Build Status

Dowse project stats

Introduction

Dowse is a transparent proxy facilitating the awareness of ingoing and outgoing connections, from, to, and within a local area network.

Dowse provides a central point of soft control for all local traffic: from ARP traffic (layer 2) to TCP/IP (layers 3 and 4) as well as application space, by chaining a firewall setup to a trasparent proxy setup. A core feature for Dowse is that of hiding all the complexity of such a setup.

Dowse is also a highly extensible platform: interoperability between modules is available using Socks4/5, UNIX pipes, local TCP/IP sockets and port redirection, conforming to specific daemon implementations. At the core of Dowse is a very portable shell script codebase implementing a modular plugin architecture that isolates processes and supports any executable written in any language: Shell, C, Perl, Python etc.

Dowse is an ongoing development effort rapidly gaining momentum for its simplicity and usefulness. Here a recent backstage video:

The making of Dowse

Features

Dowse takes control of a LAN by becoming its DHCP server and thereby assigning itself as main gateway and DNS server for all clients. It keeps tracks of assigned leases by MAC Address. ISC DHCP and DNSCRYPT-PROXY are used as daemons.

All network traffic is passed through NAT rules for masquerading. HTTP traffic (TCP port 80) can be filtered through a transparent proxy using an application layer chain of Squid2 and Privoxy.

All IP traffic is filtered using configurable blocklists to keep out malware, spyware and known bad peers, using Peerguardian2 and Iptables.

All DNS traffic (UDP port 53) is filtered through a DNSCRYPT-PROXY plugin encrypting all traffic (AES/SHA256) and analysed using domain-list to render a graphical representation of traffic.

Privilege escalation is managed using https://sup.dyne.org

Installation

Installation and activation takes a few steps, only make install needs root:

  1. Download dowse on a GNU/Linux box (we use Devuan Ascii)
git clone https://github.com/dyne/dowse dowse-src
cd dowse-src && git submodule update --init --recursive
  1. Install all requirements, here below the list of packages. To avoid installing more than needed, consider using the --no-install-recommends flag in APT or similar for other package managers.
zsh iptables build-essential autoconf automake libhiredis-dev libkmod-dev libjemalloc-dev pkg-config libtool libltdl-dev libsodium-dev libldns-dev libnetfilter-queue-dev uuid-dev zlib1g-dev cmake liblo-dev nmap python3-flask python3-redis xmlstarlet wget libcap2-bin
  1. Choose which user should be running dowse: your own is fine, or eventually create one just for that to separate filesystem permissions.

  2. As the user of choice, run make inside the dowse source

  3. As root, run make install

  4. If necessary edit the files in the /etc/dowse folder, especially settings where it should be indicated the address for the local network you like to create.

  5. As the dowse user of choice and inside the source, fire up the startup script ./start.sh

Dowse is now running with a web interface on port 80.

To interact with dowse there is also a console with commands prefixed with dowse- (tab completion available). To enter it run zsh without extensions and source the main script: first type zsh -f and press enter, then type source /usr/local/dowse/zshrc and press enter.

If you like the dowse user to have an interactive console every time it logs in, then do ln -s /usr/local/dowse/zshrc $HOME/.zshrc.

If all went well now one should be able to connect any device to the internet as you did before, via Dowse.

Embedded ARM devices

Using https://www.devuan.org just compile and install Dowse following the procedure above. Images are available for a several popular ARM devices including RaspberryPI2 and 3, BananaPI, Cubieboard etc.

Starting Dowse

Here below an example start script launching all services in Dowse. Some can be commented / expunged ad-hoc depending from use cases, since the only vital functions are redis-server, dhcpd and dnscrypt-proxy.

#/usr/bin/env zsh

source /etc/dowse/settings
source /usr/local/dowse/zshrc

    notice "Starting Dowse"

    # start the redis daemon (core k/v service)
    start redis-server

	notice "Starting all daemons in Dowse"

    # launch the dhcp daemon
    start dhcpd

    # start the dns encrypted tunneling
    start dnscrypt-proxy

	# start the mqtt/websocket hub
	start mosquitto

    # netdata dashboard for the technical status
    start netdata

	# nodejs/node-red
	start node-red

	# start the cronjob handler (with resolution to seconds)
	start seccrond

    notice "Dowse succesfully started"

}

Adding the following line one can set up an open network, what we call it "party mode":

echo "set party-mode ON" | redis-cli

As a good practice, such a script can be launched from /etc/rc.local for user dowse using setuidgid from the daemontools package.

The next is an example on how to stop dowse, for instance from a stop.sh script:

#/usr/bin/env zsh

source /usr/local/dowse/zshrc

	notice "Stopping all daemons in Dowse"

	stop seccrond

	stop mosquitto

	# stop nodejs/node-red
	stop node-red

    # stop the dashboard
    stop netdata

    # stop the dns crypto tunnel
    stop dnscrypt-proxy

    # stop the dhcp server
    stop dhcpd

    # remove the layer 3 firewall rules
    iptables-snat-off
    iptables-stop

    # restore backup if present
    # [[ -r /etc/resolv.conf.dowse-backup ]] &&  {
    #     mv /etc/resolv.conf.dowse-backup /etc/resolv.conf
    # }

    stop redis-server

    notice "Dowse has stopped running."

The scripts above are found in dowse source as start.sh and stop.sh and can be customised and called from the system at boot. It is also possible to run an interactive console with completion where dowse commands are available using the console.sh script. Once in the console all the above start/stop commands and even more internals will be available to be launched interactively.

Visualization

The DNS visualization is produced in a custom format which can be easily processed by gource. This is the best way to "see dowse running": if you are running it locally, then install gource and do:

dowse-to-gource | gource --log-format custom -

or from remote:

ssh [email protected] -- dowse-to-gource | gource --log-format custom -

Sidenote: dowse-to-gource must be in the user's $PATH. To achieve this, as mentioned above, you can change the user's shell to zsh and do: ln -sf /usr/local/dowse/zshrc $HOME/.zshrc.

This will live render all the DNS activity occurring on your computer or local network, with the sort of animation that is also showcased on our website.

One can also experiment with gource arguments and render all the output of dowse-to-gource into a video file.

Experimentation

Open Sound Control (OSC) messaging is implemented to interface low-latency devices that are running on the same network. To start it one must know the IP address of the device, then do:

dowse-to-osc osc.udp://10.0.0.2:999

This will start sending OSC messages over UDP to IP 10.0.0.2 port 999

Development

The main development repository is on https://github.com/dyne/dowse

Inside the ops directory an Ansible recipe is found along a ready to use Vagrant configuration to build two virtual machines (leader and client) that simulate a LAN to do further testing of Dowse.

cd ops
vagrant up

Plus the usual vagrant commands. The devops in Dowse is based on http://Devuan.org and will run two virtual machines connected to each other, one "leader" running Dowse and serving DHCP, one "client" connected to it and to the Internet via the leader.

Help with development is welcome, manuals on how to write new modules and daemons are in the making and there is a sister project to categorize all domains used by Internet's conglomerates which also welcomes contributions: https://github.com/dyne/domain-list

Disclaimer

Dowse development is supported by: NLNET foundation (2015) SIDNfonds (2015-2016)

Dowse is Copyright (C) 2012-2017 by the Dyne.org Foundation

This source code is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 3 of
the License, or (at your option) any later version.

This source code is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Please refer to the GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this source code; if not, write to: Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

More Repositories

1

Tomb

the Crypto Undertaker
Shell
1,190
star
2

frei0r

A large collection of free and portable video plugins
C
409
star
3

Zenroom

Embedded no-code VM executing human-like language to manipulate data and process cryptographic operations.
C
186
star
4

dnscrypt-proxy

DNSCrypt-Proxy repository, frankly maintained for what it does (no new features planned)
C
166
star
5

file-extension-list

Organised collection of common file extensions
Shell
116
star
6

gitzone

git-based zone management tool for static and dynamic domains
Perl
114
star
7

ZShaolin

Interactive and scriptable console terminal on Android (build framework)
Java
111
star
8

JaroMail

Terminal UI email client to download, filter, search and archive messages off-line
Shell
101
star
9

domain-list

A list of domains (including CDN hosts) belonging to ICT company silos, i.e. FB, GOOG, AMZN etc.
Shell
76
star
10

sup

a "small is beautiful" tool for UNIX privilege escalation
C
53
star
11

dynebolic-upstream

dyne:bolic is a nomadic operating system, 100% Free, based on GNU/Linux
ASL
33
star
12

harvest

Tool to sort large collections of files according to common typologies
Shell
32
star
13

webnomad

A slick and solid website builder
JavaScript
30
star
14

binnit

minimal no-fuss pastebin service clone in golang
Go
30
star
15

decode-proximity-hw

Embedded version of decode's proximity app
C
26
star
16

Freecoin

New project, moved to https://github.com/d-cent/freecoin
C++
24
star
17

tinfoil

A minimalist tool to manage multiple profiles for web browsers
Shell
21
star
18

docker-devuan-builds

Slim docker base images based on Devuan
Dockerfile
21
star
19

dohd

Very fast DNS-over-HTTPS to DNS proxy with emphasis on privacy (no logging)
C
21
star
20

docker2sh

Convert a Dockerfile to a shell script
Python
14
star
21

AutOrg

Autonomy is Organization
Emacs Lisp
13
star
22

FXC

FXC Simple Secret Sharing - clojure library
Clojure
13
star
23

social-wallet-api

Social Wallet REST API web interface
Clojure
12
star
24

reflow-crypto

Reflow: Zero Knowledge Multi Party Signatures with Application to Distributed Authentication
TeX
10
star
25

sud

minimalist sudo alternative: multi-user privilege escalation tool in three letters
HTML
9
star
26

scorsh

Signed-Commit Remote Shell - authenticated trigger for remote execution via Git
Go
9
star
27

autosshfs

Per user SSHFS automount using user's SSH configuration
Shell
9
star
28

freecoin-lib

Freecoin digital currency toolkit - core library
Clojure
8
star
29

fabchain

FABchain network based on geth + clique
Lua
8
star
30

Tomb3

WIP for Tomb v3 the crypto undertaker
Shell
8
star
31

pangolin

The Secret Pangolin Code, Fastest Proximity Tracing in the West (FPTW)
C
8
star
32

W3C-DID

Dyne.org's W3C-DID implementation
Shell
8
star
33

reflow-os

Base scripts to run Reflow OS
Makefile
7
star
34

RedRoom

Zenroom crypto module for Redis
C
7
star
35

zuper

Zsh Ultimate Programmer's Extensions Refurbished
Shell
7
star
36

bonfire_ui_reflow

UI for reflow bonfire app
Elixir
7
star
37

TorTV

Build of Tor maintained to run on TV devices and set-top boxes
Shell
6
star
38

lotionroom

Tendermint / Cosmos proof of concept contract made with Zenroom
JavaScript
6
star
39

Sawroom

Zenroom Transaction Processor for Hyperledger Sawtooth
Python
6
star
40

Agiladmin

Administration of timesheets and project budgets for small and medium organisations
JavaScript
6
star
41

reflow-docs

ReflowOS Architecture and Manual for Distributed Network Setup and Maintenance
HTML
5
star
42

social-explorer

A Social Explorer UI built on top of SWAPI and Sawroom
Clojure
5
star
43

TBT

Time Based Text
C++
5
star
44

luigi

Design tool for hackers
JavaScript
5
star
45

starters

πŸ“ Projects template starters of Dyne.org
Svelte
5
star
46

fistpy

✊ 🐍 Python client library for Fist full text search
Python
5
star
47

decode-web

DECODE Project static website, rendered from the original site in Drupal
HTML
4
star
48

Writedown

Minimalistic academic publisher using markdown and pandoc
Shell
4
star
49

lua-paillier

Lua module for the Paillier cryptographic scheme
C
4
star
50

markdown-inline-tag

Render the content of <markdown></markdown> tags inside an HTML file using Pandoc
Shell
4
star
51

slangroom

Enhance zencode smart contracts with your slang
TypeScript
4
star
52

handbook-dev

Dyne.org's Handbook for developers
3
star
53

just-auth

A simple two factor authentication library
Clojure
3
star
54

social-wallet

A social wallet with a simple configurable UI backed by the social wallet api
Clojure
3
star
55

reflow-dpp-demo

Produce a Digital Product Passport from Reflow OS object
HTML
3
star
56

zenswarm

Protototype of Zenroom based consensus
Shell
3
star
57

luabinaries

Binary builds of the Lua language interpreter
Makefile
3
star
58

clj-flows

A building block of the REFLOW infrastructure: a VF implementation in clojure, with graphql as API layer.
Clojure
3
star
59

restroom-mw

πŸ›  Easy REST API builder executing Zencode
TypeScript
3
star
60

lua-zenroom

Port of Zenroom crypto primitives running on Lua5.1/Luajit including Nginx, Tarantool and Openresty
C
3
star
61

fxc-soldipubblici

Console interattiva (live-coding) per analisi di dati pubblicati su soldipubblici.gov.it
3
star
62

clj-storage

Minimal storage lib to facilitate different DB implementations
Clojure
2
star
63

mkdocs-dyne-theme

A mkdocs theme for dyne.org software webpages
HTML
2
star
64

zenflows

Resource-Event-Agent Graph Database governed by Valueflows vocabulary logics
Elixir
2
star
65

zenflows-crypto

Zencode crypto functions for Zenflows
Shell
2
star
66

restroom-github-action

Shell
2
star
67

tech-radar

Overview of technologies mapped according to our level of adoption
2
star
68

petition-tp-python

Transaction processor for Decode Petition over Hyperledger Sawtooth
Python
2
star
69

social-wallet-admin-console

Interactive admin console (REPL) for the social wallet
JavaScript
2
star
70

clj-auxiliary

Common auxiliary functions extending clojure basic utilities
Clojure
2
star
71

indycaptcha

An independent captcha that does not feed any AI and takes arbitrary lists of words
HTML
2
star
72

bonfire_reflow

Bonfire module for REFLOW authenticated graphs
Elixir
2
star
73

shuriken

A tool to throw confs around like a ninja
Shell
2
star
74

devuan-rpi4-home-assistant

Base installer for home-assistant + extensions for Devuan on RaspberryPi 4
Shell
2
star
75

devuan-sdk

Simple Development Kit for the Devuan GNU/Linux distribution
Shell
2
star
76

gh-cd

πŸš€ cd || clone || repo create
Go
2
star
77

socialwallet.app

HTML
2
star
78

lurker-ng

Fork of lurker to keep the mailinglist archive alive with new fixes
C++
2
star
79

zenswarm-oracle

Zenswarm Oracle implementation
JavaScript
2
star
80

docker-dyne-software

Docker setups to quickly deploy some software applications made by Dyne.org
Dockerfile
2
star
81

json-schema-builder-svelte

A Svelte component library for building JSON Schemas
Svelte
1
star
82

rustroom

Rust micro-service for fast async Zencode execution
Rust
1
star
83

zenroom-go-wrapper

Go
1
star
84

zenflows-gui

Reflow GUI
TypeScript
1
star
85

blog-code-samples

Code samples linked from https://medium.com/think-do-tank
HTML
1
star
86

bonfire_api_json

http api json post endpoints for bonfire
Elixir
1
star
87

dynebot

Telegram bot intended for helping automating small tedious tasks of dyne.org internal interaction
Python
1
star
88

great-dane

Zenroom DNS utilities
Go
1
star
89

softwarepassport

Software Passport compliancy check on the blockchain
Python
1
star
90

pangolin-armor

Proxy with load-balancing and SSL management for node pangolin staging server
JavaScript
1
star
91

zenroom-web-example

πŸš€ Running Zenroom js on HTML
HTML
1
star
92

FXC-webapi

FXC web API for Simple Secret Sharing
Clojure
1
star
93

bonfire_quantify

1
star
94

clj-paypal-ipn

PayPal IPN handler in Clojure for use with Ring and Compojure.
Clojure
1
star
95

tender-vf

prototype tendermint value flows
1
star
96

valueflows-dashboard

JavaScript
1
star
97

.github

1
star
98

zenpub-websites

zenpub design components
HTML
1
star
99

Zenroom-Android-app

Simple Android app, built to show how to use Zenroom libs
Java
1
star
100

W3C-DID-data

1
star