def all_module_names():
"""
Get the list of modules
---
responses:
'200':
description: Ok
examples:
application/json:
[
"ftp/strong_password",
"ftp/weak_password",
"http/basic_auth_strong_password",
"http/basic_auth_weak_password",
"ics/veeder_root_guardian_ast",
"smtp/strong_password",
"ssh/strong_password",
"ssh/weak_password"
]
'500':
description: Internal Server Error
examples:
application/json: { "msg": "file/path not found!", "status": "error" }
"""
try:
return jsonify(load_all_modules()), 200
except Exception:
abort(500)
def argv_parser():
"""
parse ARGVs using argparse
Returns:
parser, parsed ARGVs
"""
# create parser
parser = argparse.ArgumentParser(prog="OWASP Honeypot", add_help=False)
# create menu
engineOpt = parser.add_argument_group(messages("en", "engine"), messages("en", "engine_input"))
# add select module options + list of available modules
engineOpt.add_argument("-m", "--select-module", action="store",
dest="selected_modules", default=user_configuration()["default_selected_modules"],
help=messages("en", "select_module").format(load_all_modules() + ["all"]))
# by default all modules are selected, in case users can exclude one or some (separated with comma)
engineOpt.add_argument("-x", "--exclude-module", action="store",
dest="excluded_modules", default=user_configuration()["default_excluded_modules"],
help=messages("en", "exclude_module").format(load_all_modules()))
# limit the virtual machine storage to avoid related abuse
engineOpt.add_argument("-s", "--vm-storage-limit", action="store",
dest="virtual_machine_storage_limit", type=float,
default=docker_configuration()["virtual_machine_storage_limit"],
help=messages("en", "vm_storage_limit"))
# reset the containers once in a time to prevent being continues botnet zombie
engineOpt.add_argument("-r", "--vm-reset-factory-time", action="store",
dest="virtual_machine_container_reset_factory_time_seconds", type=int,
default=docker_configuration()["virtual_machine_container_reset_factory_time_seconds"],
help=messages("en", "vm_reset_factory_time"))
# start api
engineOpt.add_argument("--start-api-server", action="store_true", dest="start_api_server", default=False,
help="start API server")
# enable verbose mode (debug mode)
engineOpt.add_argument("--verbose", action="store_true", dest="verbose_mode", default=False,
help="enable verbose mode")
# disable color CLI
engineOpt.add_argument("--disable-colors", action="store_true", dest="disable_colors", default=False,
help="disable colors in CLI")
# test CI/ETC
engineOpt.add_argument("--test", action="store_true", dest="run_as_test", default=False, help="run a test and exit")
# help menu
engineOpt.add_argument("-h", "--help", action="store_true", default=False, dest="show_help_menu",
help=messages("en", "show_help_menu"))
return parser, parser.parse_args()
def all_module_names():
"""
Get the list of modules
Returns:
JSON/List of the modules
"""
try:
return jsonify(load_all_modules()), 200
except Exception:
abort(500)
def all_module_names():
"""
Get top passwords used according to module
Returns:
JSON/Dict of top passwords used
"""
module_names = load_all_modules()
try:
return jsonify({"module_names": module_names}), 200
except Exception as _:
return flask_null_array_response()
def test_virtual_machine_container_names(self):
modules_list = load_all_modules()
config = honeypot_configuration_builder(modules_list)
container_names = virtual_machine_names_to_container_names(config)
# list of all modules available
all_modules = [
'ohp_ftpserver_weak_password', 'ohp_ftpserver_strong_password',
'ohp_icsserver_veeder_root_guardian_ast',
'ohp_sshserver_weak_password', 'ohp_sshserver_strong_password',
'ohp_httpserver_basic_auth_strong_password',
'ohp_httpserver_basic_auth_weak_password'
]
self.assertCountEqual(container_names, all_modules)
def test_all_module_names(self):
"""
Test module-names endpoint
"""
module_names = load_all_modules()
response = requests.get(API_URL + "/api/core/list/modules")
self.assertCountEqual(module_names, response.json())
module_names = [
'ics/veeder_root_guardian_ast', 'http/basic_auth_strong_password',
'http/basic_auth_weak_password', 'ftp/strong_password',
'ftp/weak_password', 'ssh/strong_password', 'ssh/weak_password',
'smtp/strong_password'
]
self.assertCountEqual(module_names, response.json())
def load_honeypot_engine():
"""
load OHP Engine
Returns:
True
"""
# print logo
logo()
# parse argv
parser, argv_options = argv_parser()
#########################################
# argv rules apply
#########################################
# check help menu
if argv_options.show_help_menu:
parser.print_help()
exit_success()
# check for requirements before start
check_for_requirements(argv_options.start_api_server)
# check api server flag
if argv_options.start_api_server:
start_api_server()
exit_success()
# check selected modules
if argv_options.selected_modules:
selected_modules = list(set(argv_options.selected_modules.rsplit(",")))
if "all" in selected_modules:
selected_modules = load_all_modules()
if "" in selected_modules:
selected_modules.remove("")
# if selected modules are zero
if not len(selected_modules):
exit_failure(messages("en", "zero_module_selected"))
# if module not found
for module in selected_modules:
if module not in load_all_modules():
exit_failure(messages("en", "module_not_found").format(module))
# check excluded modules
if argv_options.excluded_modules:
excluded_modules = list(set(argv_options.excluded_modules.rsplit(",")))
if "all" in excluded_modules:
exit_failure("you cannot exclude all modules")
if "" in excluded_modules:
excluded_modules.remove("")
# remove excluded modules
for module in excluded_modules:
if module not in load_all_modules():
exit_failure(messages("en", "module_not_found").format(module))
# ignore if module not selected, it will remove anyway
try:
selected_modules.remove(module)
except Exception as _:
del _
# if selected modules are zero
if not len(selected_modules):
exit_failure(messages("en", "zero_module_selected"))
virtual_machine_container_reset_factory_time_seconds = argv_options. \
virtual_machine_container_reset_factory_time_seconds
run_as_test = argv_options.run_as_test
#########################################
# argv rules apply
#########################################
# build configuration based on selected modules
configuration = honeypot_configuration_builder(selected_modules)
info(messages("en", "honeypot_started"))
info(messages("en", "loading_modules").format(", ".join(selected_modules)))
# check for conflict in real machine ports and pick new ports
info("checking for conflicts in ports")
configuration = conflict_ports(configuration)
# stop old containers (in case they are not stopped)
stop_containers(configuration)
# remove old containers (in case they are not updated)
remove_old_containers(configuration)
# remove old images (in case they are not updated)
remove_old_images(configuration)
# create new images based on selected modules
create_new_images(configuration)
# create OWASP Honeypot networks in case not exist
create_ohp_networks()
# start containers based on selected modules
configuration = start_containers(configuration)
# start network monitoring thread
new_network_events_thread = Thread(target=new_network_events,
args=(configuration, ),
name="new_network_events_thread")
new_network_events_thread.start()
info("all selected modules started: {0}".format(
", ".join(selected_modules)))
bulk_events_thread = Thread(target=insert_bulk_events_from_thread,
args=(),
name="insert_events_in_bulk_thread")
bulk_events_thread.start()
# run module processors
run_modules_processors(configuration)
# check if it's not a test
if not run_as_test:
# wait forever! in case user can send ctrl + c to interrupt
wait_until_interrupt(
virtual_machine_container_reset_factory_time_seconds,
configuration, new_network_events_thread)
# kill the network events thread
terminate_thread(new_network_events_thread)
terminate_thread(bulk_events_thread)
insert_events_in_bulk(
) # if in case any events that were not inserted from thread
# stop created containers
stop_containers(configuration)
# stop module processor
stop_modules_processors(configuration)
# remove created containers
remove_old_containers(configuration)
# remove created images
remove_old_images(configuration)
# remove_tmp_directories() error: access denied!
# kill all missed threads
for thread in threading.enumerate()[1:]:
terminate_thread(thread, False)
info("finished.")
# reset cmd/terminal color
finish()
return True
def load_honeypot_engine():
"""
load OHP Engine
Returns:
True
"""
# print logo
logo()
# parse argv
parser, argv_options = argv_parser()
# check the language
if argv_options.language:
update_language(argv_options)
#########################################
# argv rules apply
#########################################
# check help menu
if argv_options.show_help_menu:
parser.print_help()
exit_success()
# check for requirements before start
check_for_requirements(argv_options.start_api_server)
# create indices before server start
create_indices()
# check api server flag
if argv_options.start_api_server:
start_api_server()
exit_success()
# Check if the script is running with sudo
if not os.geteuid() == 0:
exit_failure(messages['script_must_run_as_root'])
# Check timeout value if provided
if argv_options.timeout_value < 1:
exit_failure(messages["timeout_error"])
# check selected modules
if argv_options.selected_modules:
selected_modules = list(set(argv_options.selected_modules.rsplit(",")))
if "all" in selected_modules:
selected_modules = load_all_modules()
if "" in selected_modules:
selected_modules.remove("")
# if selected modules are zero
if not len(selected_modules):
exit_failure(messages["no_module_selected_error"])
# if module not found
for module in selected_modules:
if module not in load_all_modules():
exit_failure("module {0} not found!".format(module))
# check excluded modules
if argv_options.excluded_modules:
excluded_modules = list(set(argv_options.excluded_modules.rsplit(",")))
if "all" in excluded_modules:
exit_failure(messages["all_modules_excluded_error"])
if "" in excluded_modules:
excluded_modules.remove("")
# remove excluded modules
for module in excluded_modules:
if module not in load_all_modules():
exit_failure("module {0} not found!".format(module))
# ignore if module not selected, it will remove anyway
try:
selected_modules.remove(module)
except Exception:
pass
# if selected modules are zero
if not len(selected_modules):
exit_failure(messages["no_module_selected_error"])
virtual_machine_container_reset_factory_time_seconds = argv_options. \
virtual_machine_container_reset_factory_time_seconds
run_as_test = argv_options.run_as_test
#########################################
# argv rules apply
#########################################
# build configuration based on selected modules
configuration = honeypot_configuration_builder(selected_modules)
# Set network configuration
network_config = set_network_configuration(argv_options)
info(messages["start_message"])
info(messages["loading_modules"].format(", ".join(selected_modules)))
# check for conflict in real machine ports and pick new ports
info(messages["check_for_port_conflicts"])
configuration = conflict_ports(configuration)
# stop old containers (in case they are not stopped)
stop_containers(configuration)
# remove old containers (in case they are not updated)
remove_old_containers(configuration)
# remove old images (in case they are not updated)
remove_old_images(configuration)
# create new images based on selected modules
create_new_images(configuration)
# create OWASP Honeypot networks in case not exist
create_ohp_networks()
# start containers based on selected modules
configuration = start_containers(configuration)
# network capture process
mp.set_start_method('spawn')
# Event queues
honeypot_events_queue = mp.Queue()
network_events_queue = mp.Queue()
# start a new process for network capture
network_traffic_capture_process = mp.Process(
target=network_traffic_capture,
args=(
configuration,
honeypot_events_queue,
network_events_queue,
network_config,
),
name="network_traffic_capture_process")
network_traffic_capture_process.start()
info(messages["selected_modules_started"].format(
", ".join(selected_modules)))
# start a thread to push events to database regularly
bulk_events_thread = Thread(target=push_events_to_database_from_thread,
args=(
honeypot_events_queue,
network_events_queue,
),
name="insert_events_in_bulk_thread")
bulk_events_thread.start()
# run module processors
run_modules_processors(configuration)
# wait forever! in case user can send ctrl + c to interrupt
exit_flag = wait_until_interrupt(
virtual_machine_container_reset_factory_time_seconds, configuration,
network_traffic_capture_process, run_as_test)
# killed the network traffic capture process by ctrl + c... waiting to end.
info(messages["killing_capture_process"])
if run_as_test:
network_traffic_capture_process.terminate()
# without ci it will be terminate after a few seconds, it needs to kill the tshark and update pcap file collection
network_traffic_capture_process.join()
# if in case any events that were not inserted from thread
push_events_queues_to_database(honeypot_events_queue, network_events_queue)
# Kill bulk events thread
terminate_thread(bulk_events_thread)
# stop created containers
stop_containers(configuration)
# stop module processor
stop_modules_processors(configuration)
# remove created containers
remove_old_containers(configuration)
# remove created images
remove_old_images(configuration)
# remove_tmp_directories() error: access denied!
# kill all missed threads
for thread in threading.enumerate()[1:]:
terminate_thread(thread, False)
info(messages["finished"])
# reset cmd/terminal color
reset_cmd_color()
return exit_flag
def argv_parser():
"""
parse ARGVs using argparse
Returns:
parser, parsed ARGVs
"""
# create parser
parser = argparse.ArgumentParser(prog="OWASP Honeypot", add_help=False)
# create menu
docker_config = docker_configuration()
user_config = user_configuration()
engineOpt = parser.add_argument_group("OHP Engine",
"OHP Engine input options")
# add select module options + list of available modules
engineOpt.add_argument(
"-m",
"--select-module",
action="store",
dest="selected_modules",
default=user_config["default_selected_modules"],
help="select module(s) {0}".format(load_all_modules() + ["all"]))
# by default all modules are selected, in case users can exclude one or
# some (separated with comma)
engineOpt.add_argument("-x",
"--exclude-module",
action="store",
dest="excluded_modules",
default=user_config["default_excluded_modules"],
help="select modules(s) to exclude {0}".format(
load_all_modules()))
# limit the virtual machine storage to avoid related abuse
engineOpt.add_argument(
"-s",
"--vm-storage-limit",
action="store",
dest="virtual_machine_storage_limit",
type=float,
default=docker_config["virtual_machine_storage_limit"],
help="virtual machine storage limit")
# reset the containers once in a time to prevent being continues botnet
# zombie
engineOpt.add_argument(
"-r",
"--vm-reset-factory-time",
action="store",
dest="virtual_machine_container_reset_factory_time_seconds",
type=int,
default=docker_config[
"virtual_machine_container_reset_factory_time_seconds"],
help="virtual machine reset factory time")
# start API
engineOpt.add_argument("--start-api-server",
action="store_true",
dest="start_api_server",
default=False,
help="start API server")
# Store Network captured files
engineOpt.add_argument("--store-pcap",
action="store_true",
dest="store_pcap",
default=False,
help="store network traffic as pcap files")
# Set Timeout value for splitting network captured files
engineOpt.add_argument(
"-t",
"--split-pcap-file-timeout",
type=int,
dest="timeout_value",
default=3600,
help="timeout value used to split network captured files")
# enable verbose mode (debug mode)
engineOpt.add_argument("-v",
"--verbose",
action="store_true",
dest="verbose_mode",
default=False,
help="enable verbose mode")
# disable color CLI
engineOpt.add_argument("--disable-colors",
action="store_true",
dest="disable_colors",
default=False,
help="disable colors in CLI")
# set language
engineOpt.add_argument("--language",
type=str,
dest="language",
default="en_US",
help="Set the default language. {languages}".format(
languages=load_messages().languages_list))
# test CI/ETC
engineOpt.add_argument("--test",
action="store_true",
dest="run_as_test",
default=False,
help="run a test and exit")
# help menu
engineOpt.add_argument("-h",
"--help",
action="store_true",
default=False,
dest="show_help_menu",
help="print this help menu")
return parser, parser.parse_args()
def test_load_all_modules(self):
"""
checking total number of modules
"""
modules_list = load_all_modules()
self.assertEqual(len(modules_list), 7)
def load_honeypot_engine():
"""
load OHP Engine
Returns:
True
"""
# print logo
logo()
# parse argv
parser, argv_options = argv_parser()
#########################################
# argv rules apply
#########################################
# check help menu
if argv_options.show_help_menu:
parser.print_help()
__die_success()
# check for requirements before start
check_for_requirements(argv_options.start_api_server)
# check api server flag
if argv_options.start_api_server:
start_api_server()
__die_success()
# check selected modules
if argv_options.selected_modules:
selected_modules = list(set(argv_options.selected_modules.rsplit(",")))
if "" in selected_modules:
selected_modules.remove("")
# if selected modules are zero
if not len(selected_modules):
__die_failure(messages("en", "zero_module_selected"))
# if module not found
for module in selected_modules:
if module not in load_all_modules():
__die_failure(
messages("en", "module_not_found").format(module))
# check excluded modules
if argv_options.excluded_modules:
excluded_modules = list(set(argv_options.excluded_modules.rsplit(",")))
if "" in excluded_modules:
excluded_modules.remove("")
# remove excluded modules
for module in excluded_modules:
if module not in load_all_modules():
__die_failure(
messages("en", "module_not_found").format(module))
# ignore if module not selected, it will remove anyway
try:
selected_modules.remove(module)
except Exception as _:
del _
# if selected modules are zero
if not len(selected_modules):
__die_failure(messages("en", "zero_module_selected"))
virtual_machine_container_reset_factory_time_seconds = argv_options. \
virtual_machine_container_reset_factory_time_seconds
global verbose_mode
verbose_mode = argv_options.verbose_mode
#########################################
# argv rules apply
#########################################
# build configuration based on selected modules
configuration = honeypot_configuration_builder(selected_modules)
# check for conflict in real machine ports
conflict = conflict_ports(configuration)
if conflict:
__die_failure("conflict ports between {0}, {1}".format(
conflict[0], conflict[1]))
info(messages("en", "honeypot_started"))
info(messages("en", "loading_modules").format(", ".join(selected_modules)))
# stop old containers (in case they are not stopped)
stop_containers(configuration)
# remove old containers (in case they are not updated)
remove_old_containers(configuration)
# remove old images (in case they are not updated)
remove_old_images(configuration)
# create new images based on selected modules
create_new_images(configuration)
# create OWASP Honeypot networks in case not exist
create_ohp_networks()
# start containers based on selected modules
configuration = start_containers(configuration)
# start network monitoring thread
new_network_events_thread = threading.Thread(
target=new_network_events,
args=(configuration, ),
name="new_network_events_thread")
new_network_events_thread.start()
info("all selected modules started: {0}".format(
", ".join(selected_modules)))
# wait forever! in case user can send ctrl + c to interrupt
wait_until_interrupt(virtual_machine_container_reset_factory_time_seconds,
configuration)
# kill the network events thread
terminate_thread(new_network_events_thread)
# stop created containers
stop_containers(configuration)
# remove created containers
remove_old_containers(configuration)
# remove created images
remove_old_images(configuration)
# remove_tmp_directories() error: access denied!
info("finished.")
# reset cmd/terminal color
finish()
return True
