def connectionLost(self, reason): log.info(self.name + " lost connection to " + str(self.transport.getPeer().host) + ":" + str(self.transport.getPeer().port)) self.setTimeout(None) # remove connection from dictionary del self.factory.clients[self]
def _decode(self, value, title): try: return value.decode() except UnicodeError: # value is invalid utf-8 log.info('{} was invalid UTF-8: "{}"'.format(title, value)) return value.decode('replace')
def ssh_USERAUTH_REQUEST(self, packet): """ Literally taken from Twisted and modified to enable detection of login attempts """ user, nextService, method, rest = common.getNS(packet, 3) if user != self.user or nextService != self.nextService: self.authenticatedWith = [] # clear auth state self.user = user self.nextService = nextService self.method = method is_key = method == b"publickey" d = self.tryAuth(method, user, rest) # If we don't accept keys, abort early if is_key and not Config.ssh.accept_keys: d.addCallback(self._cbFinishedAuth) d.addErrback(self._ebMaybeBadAuth) d.addErrback(self._ebBadAuth) return d if is_key: algName, rest, blobrest = common.getNS(rest[1:], 2) else: rest = rest[5:] user = user.decode() # Try to get tokens from the database honeytoken = str( SSHService.honeytokendb.try_get_tokens(user, rest, is_key)) # We need to decode the key to log it in the Callback and Errback if is_key: rest = SSHService.honeytokendb.try_decode_key(rest) # This might fail if the key type is unsupported, so we log that if not rest: rest = "<unsupported key type>" elif isinstance(rest, bytes): try: rest = rest.decode() except UnicodeError: # Password is invalid utf-8 log.info( 'Password was invalid UETF-8: "{}"; username = "******", password = "******"' .format(rest, user, rest)) rest = rest.decode('replace') d.addCallback(self._cbFinishedAuth) d.addCallback(log.defer_login, Config.ssh.name, self.transport.transport.client[0], Config.ssh.port, True, user, rest, honeytoken) d.addErrback(log.defer_login, Config.ssh.name, self.transport.transport.client[0], Config.ssh.port, False, user, rest, honeytoken) d.addErrback(self._ebMaybeBadAuth) d.addErrback(self._ebBadAuth) return d
def timeoutConnection(self): response = "* BYE Connection closed due to timeout\r\n" log.info(self.name + " (" + self.peerOfAttacker + "): Timeout waiting for client input") self.transport.write(response.encode("UTF-8")) # close connection gently (nonblocking, send buffers before closing, client is able to receive error message) self.transport.loseConnection()
def connectionMade(self): if self.transport.getHost().port == Config.smtp.port: self.name = Config.smtp.name elif self.transport.getHost().port == Config.smtps.port: self.name = Config.smtps.name else: log.err("Please check SMTP/SMTPS port Configuration!") self.name = "SMTP/SMTPS" self.setTimeout(self.timeoutPreAuth) log.info(self.name + " established connection to " + str(self.transport.getPeer().host) + ":" + str(self.transport.getPeer().port)) # add connection to dictionary self.factory.clients[self] = (str(self.transport.getPeer().host) + ":" + str(self.transport.getPeer().port)) # protocol state self.state["connected"] = True self.peerOfAttacker = self.transport.getPeer().host response = "220 Service ready ESMTP\r\n" self.transport.write(response.encode("UTF-8"))
def connectionMade(self): if (self.transport.getHost().port == Config.imap.port): self.name = Config.imap.name elif (self.transport.getHost().port == Config.imaps.port): self.name = Config.imaps.name else: log.err("Please check IMAP/IMAPS port Configuration!") self.name = "IMAP/IMAPS" self.setTimeout(self.timeoutPreAuth) log.info(self.name + " established connection to " + str(self.transport.getPeer().host) + ":" + str(self.transport.getPeer().port)) # add connection to dictionary self.factory.clients[self] = (str(self.transport.getPeer().host) + ":" + str(self.transport.getPeer().port)) # protocol state self.state["connected"] = True self.stateRFC = IMAPState.NotAuth self.peerOfAttacker = self.transport.getPeer().host # server hello response = "* OK IMAP4rev1 Service Ready\r\n" self.transport.write(response.encode("UTF-8"))
def get_param(self, number): """Reads an internal Server object parameter. """ log.info("S7comm, retreiving param number %s" % number) value = ctypes.c_int() code = self.library.Srv_GetParam(self.pointer, number, ctypes.byref(value)) check_error(code) return value.value
def timeoutConnection(self): response = "-ERR Timeout waiting for client input\r\n" log.info(self.name+" ("+self.peerOfAttacker+"): Timeout waiting for client input") self.transport.write(response.encode("UTF-8")) # close connection gently (nonblocking, send buffers before closing, client is able to receive error message) self.transport.loseConnection() time.sleep(5) # force close connection after waiting duration self.transport.abortConnection()
def write_to_database(self, user, pw, services): if type(user) is bytes: user = user.decode() if type(pw) is bytes: pw = pw.decode() try: with open(self.filepath, "a") as fp: log.info("Begin Honeytoken creation: {} : {}".format(user, pw)) # TODO make this a proper log type fp.write("\n" + services + self.sep + user + self.sep + pw + self.sep) except Exception as e: log.err("Honeytoken DB write exception: {}".format(e))
def stopService(self, name): """ Stops the given service and removes it from threadDict :param name: Name of the service (str) """ log.info("Stop Service: " + name) if name in self.runningServicesDict: self.serviceDict[name].stopService() self.runningServicesDict.pop(name) if name not in Config.noPortSpecificService: self.listen.startOnPort(self.serviceDict[name]._port) return True else: return False
def broker_status_loop(controller): # Only if broker is enabled if not Config.general.use_broker: return # Initialize # - Listen for commands from management console if Config.broker.listen: BrokerEndpoint.listen(Config.broker.listen_ip, Config.broker.listen_port) # - Peer to database for log messages if Config.broker.peer: BrokerEndpoint.peer(Config.broker.peer_ip, Config.broker.peer_port) heartbeat_interval = 60 next_heartbeat = time.time() # Watch endpoints # - Loop Status # - Print Status/Error fds = [ BrokerEndpoint.status_queue.fd(), BrokerEndpoint.command_queue.fd() ] while True: # Wait for something to do t = time.time() timeout = next_heartbeat - t if next_heartbeat > t else 0 result = select.select(fds, [], [], timeout) # Heartbeat Time if len(result[0]) == 0: log.heartbeat() next_heartbeat += heartbeat_interval continue # - Status if fds[0] in result[0]: for status in BrokerEndpoint.getStatusMessages(): log.info(status) # - Command if fds[1] in result[0]: cmds = BrokerEndpoint.getCommandMessages() for cmd in cmds: ManagementHandler.handle_messages(cmd, controller)
def startService(self, name): """ Starts the given service and adds it to threadDict :param name: Name of the service (str) """ service = self.serviceDict[name] address = service._address if service._port: address += ":{}".format(service._port) log.info("{}: Starting on {}".format(name, address)) if name not in self.runningServicesDict: if name not in Config.multiple_port_services: self.listen.stopOnPort(service._port) service.startService() self.runningServicesDict[name] = service return True else: return False
def get_status(self): """Reads the server status, the Virtual CPU status and the number of the clients connected. :returns: server status, cpu status, client count """ log.info("S7comm, get server status") server_status = ctypes.c_int() cpu_status = ctypes.c_int() clients_count = ctypes.c_int() error = self.library.Srv_GetStatus(self.pointer, ctypes.byref(server_status), ctypes.byref(cpu_status), ctypes.byref(clients_count)) check_error(error) log.info("S7comm, status server %s cpu %s clients %s" % (server_status.value, cpu_status.value, clients_count.value)) return types.server_statuses[server_status.value], \ types.cpu_statuses[cpu_status.value], \ clients_count.value
def connectionMade(self): if (self.transport.getHost().port == Config.pop3.port): self.name = Config.pop3.name elif (self.transport.getHost().port == Config.pop3s.port): self.name = Config.pop3s.name else: log.err("Please check POP3/POP3S port Configuration!") self.name = "POP3/POP3S" self.setTimeout(self.timeoutPreAuth) log.info(self.name+" established connection to "+str(self.transport.getPeer().host)+":"+str(self.transport.getPeer().port)) # add connection to dictionary self.factory.clients[self] = (str(self.transport.getPeer().host) + ":" + str(self.transport.getPeer().port)) # protocol state self.state["connected"] = True self.peerOfAttacker = self.transport.getPeer().host # TODO: modify server name response = "+OK example.com POP3 server\r\n" self.transport.write(response.encode("UTF-8"))
def __init__(self): """ Opens a RAW socket which is able to monitor all TCP/IP Traffic within the machine. Root priv. are needed! """ super(TCPFlagSniffer, self).__init__() self._name = Config.tcp_scan.name self.synConnections = dict([]) self.finConnections = dict([]) self.xmasConnections = dict([]) self.reInstanceThreads() self.synConnectionsLock = threading.Lock() self.rootStatus = True try: self.rSock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) except socket.error: log.info("RAW Socket could not be created. You are root?") log.err( "TCPFlagSniffer wird nicht ordnungsgemäß ausgeführt werden!") self.rootStatus = False
def shutdown(): log.info("Shutting down") save_database() quit()
import threading import atexit def shutdown(): log.info("Shutting down") save_database() quit() if __name__ == '__main__': """ Startup module. Name needs to be like this for the automatic import of the other modules. """ log.info("Starting HoneyGrove") if not os.getuid() == 0: print( "[-] Honeygrove must be run as root.\n[!] Starting anyway!\n[!] Some functions may not work correctly!" ) # Initialize Services controller = ServiceController() # Initialize Broker brokerThread = threading.Thread(target=BrokerWatcher.broker_status_loop, args=(controller, )) brokerThread.name = "BrokerThread" brokerThread.start()