Frequently asked questions

For classical desktop or server applications, Survol can use Apache and IIS (Internet Information Services). As a set of Python scripts, it is compatible with CGI and WSGI. Survol comes with its own HTTP server, a concise Python script, so it can run on very small machines and is very appropriate for Internet Of Things applications. This also has the benefit to run on any user account, which gives access to much more information.

To access specific information, a "root" or "administrator" account is needed; Apache or IIS do not run under such a privileged account. Also, the adhoc CGI server is very lightweight, uses standard Python classes, does not require any installation and can execute on any machine running Python.

Using a compiled language might raise security issues when running on a production environment. On the contrary, a scripting language such as Python with its concept of "pure Python" packages, is much safer. NodeJS has the extra advantage to run mostly the same code on server and client. But it may be less mature, less validated in production environments, with less libraries, and the JIT compiler is a bit CPU hungry. Perl would be a good choice, but does not have the flexibility to install modules just by copying a set of files. Survol is heavily based on Python, and benefits from all its specific features: Concision, large set of libraries, object-orientation, modules, memory management, self-documentation etc...

To run Survol, no genuine installation is needed, just a files tree, for example on a USB memory stick (or floppy disk...), is enough. The only needed thing is a Python interpreter. And even not: if your browser can run ActiveX™ object on a Windows™ platform, you can still perform some simplified analysis.

image

Survol is a pure-Python software which runs on Windows™ and Linux™ operating systems. It is easy to port Survol on other platforms: Its modular architecture is such that, when a module cannot run for any reason, it is simply disabled.

Survol can run on Python 2 or Python 3, in 32 or 64 bits. It also runs on the PyPy implementation. It does not need special Python libraries, nor the latest Python version. Its performance requirements are very low and it can run on an Internet of Things network. Some of the most important Python modules it uses are:

  • socket, sys, os, re: Standard modules which are available everywhere.
  • psutil: a cross-platform library for retrieving information on running processes and system utilization. It is not mandatory but very convenient.
  • pywbem if a WBEM server is available.
  • pywin32: The fantastic win32 module is great to have when running on a Windows machine.

A WBEM Provider is the implementation of a CIM Class. It is responsible from getting any type of information, convert it into RDF triples and add these triples in the current triple store which then merges them with other kind of information and display the result. In most WBEM implementation, providers must be written in C or C++ language, which is intrusive in terms of installation and execution. Therefore, Survol has a very light providers framework, written in Python. A simple provider can be written in a dozen lines of code. Another difference with plain WBEM providers, is that Survol ones can be specialized to return specific of data.

The directory survol/sources_types contains the Survol data model. Each directory defines a namespace, at the top, or a class, which are namespaces with an ontology. Each directory contains a __init__.py, therefore each directory is a Python submodule. These __init__.py file contain an ontology, if this is a class. An ontology is a vector of strings which is the set of attributes of this class. Each directory contains several scripts which receive as CGI arguments, the class name attributes of a CIM object. The role of these scripts is to create RDF triple of information related to the received object, and it can return any kind of data.

Yes, this is possible, but they will be poorly integrated in Survol. However, if you want to integrate a piece of software written into another language, it is possible to create your own Python module in your programming language. This is easy in C++, Java, Perl, Fortran etc. If you simply need to speed up you Python code, consider using Pypy, an alternate Python interpreter

Survol uses Graphviz , an open source graph visualization software, to represent its structural information as an SVG diagram. It is not absolutely required because Survol has other rendering methods, but stable SVG representations are convenient to generate print reports or slides.

In the memory of a running process (Its heap, or the stack), variables are created at execution time, and can contain a lot of useful information which helps understand the process behaviour: File names, HTTP URLs, SQL queries etc... and other resources created on-the-fly, provide invaluable hints about what a process is doing. Survol comes with several scripts able to extract this information and display the associated objects. This is not an entirely reliable process, of course, because these data might be corrupted, or just being created, or might simply be unused. Still, the implied information is extremely useful when investigating an application.

Nmap is a free and open source utility for network discovery and security auditing. It is able to detect various resources on a network: Computer, databases, shared disks and other classes defined in WBEM. Nmap is therefore a convenient investigation tool in the Survol toolbox. Several Nmap programs are wrapped into Survol scripts, it is very easy to add more.

Survol is an one-source project and as such, its source code is available on Sourceforge and Github:

Complete explanation are provided with the installation notes. Survol can of course be installed from the sources, but also as a pure-Python module, which is available on PyPI:

A graph database is a database that uses graph structures for semantic queries with nodes, edges and properties to represent and store data. This is exactly the internal representation of Survol information about the application and IT systems it is exploring. Therefore, any Survol URL can generate RDF data which represents the same content as the user interface; These data can be imported in any Graph database such as Neo4j, TigerGraph or Memgraph. This allows storage, extra processing or fusion of these data with heterogeneous sources.