Note: This version of HILTI/Spicy is no longer maintained and kept here only for reference. There is a new implementation on GitHub. Download and InstallationThe source code for both HILTI and Spicy is hosted at git://git.icir.org/hilti. There's is also a mirror on github. Follow the installation instructions to get it up and running. We do not offer any further archives or packages for download right now. However, there's a Docker image that comes with everything preinstalled. DocumentationThere is the start of a manual. It's very preliminary at this point, and very incomplete. For more background on HILTI, see the IMC paper. For more background on Spicy, see the ACSAC paper. For a demo of Spicy, watch the presentation at BroCon 2014. Mailing List & ContactFor questions and discussion of HILTI and Spicy, join our mailing list. To report problems, please use the github tracker. To submit patches, file a github pull request. If you want to contact the development team directly, email us.Frequently Asked Questions
|
About HILTIWhen developing networking systems such as firewalls, routers, and intrusion detection systems, one faces a striking gap between the ease with which one can often describe a desired analysis in high-level terms, and the tremendous amount of low-level implementation details that one must still grapple with to come to a robust solution. HILTI bridges this divide by providing an abstract execution environment for deep, stateful network traffic analysis. It offers platform to application developers that provides much of the low-level functionality, without tying it to a specific analysis structure. HILTI consists of two parts: (1) an abstract machine model that caters specifically to the networking domain, directly supporting the field's common abstractions and idioms in its instruction set; and (2) a compiler toolchain, built on top of LLVM, for turning programs written for the abstract machine into optimized, natively executable code.
# cat hello-world.hlt
module Main
import Hilti
void run() {
call Hilti::print ("Hello, HILTI world!")
}
# hiltic -j hello-world.hlt
Hello, HILTI world!
About SpicySpicy is a next-generation parser generator that makes it easy to build parsers for network protocols, file formats, and more. Spicy is more than just a "yacc for protocols": it's an all-in-one system that enables developers to write attributed grammars defining both syntax and semantics of an input format inside a single comprehensive scripting language. The Spicy toolchain, built on top of HILTI, turns such grammars into efficient parsing code that exposes an well-defined C interface to its host application for feeding in input and retrieving results. At runtime, parsing proceeds fully incrementally—and potentially in parallel—on input streams of arbitrary size. Compilation takes place either statically at build time, or or just-in-time at startup.
# cat http-request.spicy
module HTTP;
const Token = /[^ \t\r\n]+/;
const WhiteSpace = /[ \t]+/;
const NewLine = /\r?\n/;
export type RequestLine = unit {
method: Token;
: WhiteSpace;
uri: Token;
: WhiteSpace;
version: Version;
: NewLine;
on %done {
print self.method, self.uri, self.version.number;
}
};
type Version = unit {
: /HTTP\//;
number: /[0-9]+\.[0-9]+/;
};
# echo "GET /index.html HTTP/1.0" | spicy-driver http-request.spicy
GET /index.html 1.0
|