def send_config_request(request):
global config_actor_socket
request_lock.acquire()
try:
return send_zmq_request_socket(config_actor_socket, request)
finally:
request_lock.release()
def send_config_request(request):
global config_actor_socket
request_lock.acquire()
try:
return send_zmq_request_socket(config_actor_socket, request)
finally:
request_lock.release()
def test_matching_quick_succession(self):
"""
Tests that attack sessions coming in quick succession are classified correctly.
This test relates to issue #218
"""
honeypot_id = 1
honeypot = Honeypot(id=honeypot_id)
db_session = database_setup.get_session()
db_session.add(honeypot)
db_session.commit()
drone_data_socket = beeswarm.shared.zmq_context.socket(zmq.PUB)
drone_data_socket.bind(SocketNames.DRONE_DATA.value)
# startup session database
database_actor = DatabaseActor(999, delay_seconds=2)
database_actor.start()
gevent.sleep(1)
for x in xrange(0, 100):
honeypot_session = HoneypotSession(source_ip='192.168.100.22',
source_port=52311,
protocol='pop3',
users={},
destination_port=110)
honeypot_session.add_auth_attempt('plaintext',
True,
username='******',
password='******')
honeypot_session.honeypot_id = honeypot_id
drone_data_socket.send('{0} {1} {2}'.format(
Messages.SESSION_HONEYPOT.value, honeypot_id,
json.dumps(honeypot_session.to_dict(),
default=json_default,
ensure_ascii=False)))
gevent.sleep(1)
database_actor_request_socket = beeswarm.shared.zmq_context.socket(
zmq.REQ)
database_actor_request_socket.connect(
SocketNames.DATABASE_REQUESTS.value)
sessions = send_zmq_request_socket(
database_actor_request_socket,
'{0}'.format(Messages.GET_SESSIONS_ALL.value))
for session in sessions:
self.assertEqual(session['classification'], 'Bruteforce')
self.assertEqual(len(sessions), 100)
def test_matching_quick_succession(self):
"""
Tests that attack sessions coming in quick succession are classified correctly.
This test relates to issue #218
"""
honeypot_id = 1
honeypot = Honeypot(id=honeypot_id)
db_session = database_setup.get_session()
db_session.add(honeypot)
db_session.commit()
drone_data_socket = beeswarm.shared.zmq_context.socket(zmq.PUB)
drone_data_socket.bind(SocketNames.DRONE_DATA.value)
# startup session database
database_actor = DatabaseActor(999, delay_seconds=2)
database_actor.start()
gevent.sleep(1)
for x in xrange(0, 100):
honeypot_session = HoneypotSession(source_ip='192.168.100.22', source_port=52311, protocol='pop3', users={},
destination_port=110)
honeypot_session.add_auth_attempt('plaintext', True, username='******', password='******')
honeypot_session.honeypot_id = honeypot_id
drone_data_socket.send('{0} {1} {2}'.format(Messages.SESSION_HONEYPOT.value, honeypot_id,
json.dumps(honeypot_session.to_dict(), default=json_default,
ensure_ascii=False)))
gevent.sleep(1)
database_actor_request_socket = beeswarm.shared.zmq_context.socket(zmq.REQ)
database_actor_request_socket.connect(SocketNames.DATABASE_REQUESTS.value)
sessions = send_zmq_request_socket(database_actor_request_socket, '{0}'.format(Messages.GET_SESSIONS_ALL.value))
for session in sessions:
self.assertEqual(session['classification'], 'Bruteforce')
self.assertEqual(len(sessions), 100)
def send_config_request(self, request):
return send_zmq_request_socket(self.config_actor_socket, request)
def send_config_request(self, request):
return send_zmq_request_socket(self.config_actor_socket, request)
def bootstrap(server_workdir, drone_workdir):
"""Bootstraps localhost configurations for a Beeswarm server and a honeypot.
:param server_workdir: Output directory for the server configuration file.
:param drone_workdir: Output directory for the drone configuration file.
"""
root_logger = logging.getLogger()
root_logger.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)-15s (%(name)s) %(message)s')
console_log = logging.StreamHandler()
console_log.setLevel(logging.INFO)
console_log.setFormatter(formatter)
root_logger.addHandler(console_log)
server_workdir_absolute = os.path.abspath(server_workdir)
old_cwd = os.getcwd()
os.chdir(server_workdir)
server = Server(server_workdir_absolute, None, start_webui=False, customize=False, reset_password=False,
max_sessions=0, server_hostname='127.0.0.1')
logger.info('Server config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json')))
gevent.spawn(server.start, False)
# waiting game to ensure actors has started.
gevent.sleep(2)
os.chdir(old_cwd)
# setting up socket to communicate with ZMQ actor.
context = beeswarm.shared.zmq_context
config_actor_socket = context.socket(zmq.REQ)
config_actor_socket.connect(SocketNames.CONFIG_COMMANDS)
db_session = database_setup.get_session()
drone = Honeypot()
protocol_config = (
('ftp', 21, {
'max_attempts': 3,
'banner': 'Microsoft FTP Server',
'syst_type': 'Windows-NT'
}),
('telnet', 23, {
'max_attempts': 3
}),
('pop3', 110, {
'max_attempts': 3
}),
('pop3s', 993, {
'max_attempts': 3
}),
('ssh', 22, {}),
('http', 80, {
'banner': 'Microsoft-IIS/5.0'
}),
('https', 443, {
'banner': 'Microsoft-IIS/5.0'
}),
('smtp', 25, {
'banner': 'Microsoft ESMTP MAIL service ready'
}),
('vnc', 5900, {})
)
for protocol, port, protocol_specific_data in protocol_config:
drone.add_capability(protocol, port, protocol_specific_data)
drone.cert_common_name = '*'
drone.cert_country = 'US'
drone.cert_state = 'None'
drone.cert_locality = 'None'
drone.cert_organization = 'None'
drone.cert_organization_unit = ''
db_session.add(drone)
db_session.commit()
drone_config = send_zmq_request_socket(config_actor_socket, '{0} {1}'.format(Messages.DRONE_CONFIG, drone.id))
with open(os.path.join(drone_workdir, 'beeswarmcfg.json'), 'w') as drone_config_file:
drone_config_file.write(json.dumps(drone_config, indent=4))
logger.info('Drone config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json')))
server.stop()
def bootstrap(server_workdir, drone_workdir):
"""Bootstraps localhost configurations for a Beeswarm server and a honeypot.
:param server_workdir: Output directory for the server configuration file.
:param drone_workdir: Output directory for the drone configuration file.
"""
root_logger = logging.getLogger()
root_logger.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)-15s (%(name)s) %(message)s')
console_log = logging.StreamHandler()
console_log.setLevel(logging.INFO)
console_log.setFormatter(formatter)
root_logger.addHandler(console_log)
server_workdir_absolute = os.path.abspath(server_workdir)
old_cwd = os.getcwd()
os.chdir(server_workdir)
server = Server(server_workdir_absolute, None, start_webui=False, customize=False, reset_password=False,
max_sessions=0, server_hostname='127.0.0.1')
logger.info('Server config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json')))
gevent.spawn(server.start, False)
# waiting game to ensure actors has started.
gevent.sleep(2)
os.chdir(old_cwd)
# setting up socket to communicate with ZMQ actor.
context = beeswarm.shared.zmq_context
database_actor = context.socket(zmq.REQ)
database_actor.connect(SocketNames.DATABASE_REQUESTS.value)
db_session = database_setup.get_session()
drone = Honeypot()
protocol_config = (
('ftp', 21, {
'max_attempts': 3,
'banner': 'Microsoft FTP Server',
'syst_type': 'Windows-NT'
}),
('telnet', 23, {
'max_attempts': 3
}),
('pop3', 110, {
'max_attempts': 3
}),
('pop3s', 993, {
'max_attempts': 3
}),
('ssh', 22, {}),
('http', 80, {
'banner': 'Microsoft-IIS/5.0'
}),
('https', 443, {
'banner': 'Microsoft-IIS/5.0'
}),
('smtp', 25, {
'banner': 'Microsoft ESMTP MAIL service ready'
}),
('vnc', 5900, {})
)
for protocol, port, protocol_specific_data in protocol_config:
drone.add_capability(protocol, port, protocol_specific_data)
drone.cert_common_name = '*'
drone.cert_country = 'US'
drone.cert_state = 'None'
drone.cert_locality = 'None'
drone.cert_organization = 'None'
drone.cert_organization_unit = ''
db_session.add(drone)
db_session.commit()
drone_config = send_zmq_request_socket(database_actor, '{0} {1}'.format(Messages.DRONE_CONFIG.value, drone.id))
with open(os.path.join(drone_workdir, 'beeswarmcfg.json'), 'w') as drone_config_file:
drone_config_file.write(json.dumps(drone_config, indent=4))
logger.info('Drone config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json')))
server.stop()
