def __init__(self, work_dir, config): """ Main class which runs Beeswarm in Client mode. :param work_dir: Working directory (usually the current working directory) :param config_arg: Beeswarm configuration dictionary. """ self.run_flag = True # maps honeypot id to IP self.honeypot_map = {} with open('beeswarmcfg.json', 'r') as config_file: self.config = json.load(config_file, object_hook=asciify) # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) BaitSession.client_id = self.config['general']['id'] if self.config['general']['fetch_ip']: self.my_ip = urllib2.urlopen( 'http://api-sth01.exip.org/?call=ip').read() logger.info('Fetched {0} as my external ip.'.format(self.my_ip)) else: self.my_ip = get_most_likely_ip() self.dispatcher_greenlets = []
def __init__(self, work_dir, config, key='server.key', cert='server.crt', curses_screen=None, **kwargs): """ :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities :param curses_screen: Contains a curses screen object, if UI is enabled. Default is None. """ # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) self.work_dir = work_dir self.config = config self.key = key self.cert = cert self.id = self.config['general']['id'] # Honeypot / Client self.drone = None self.drone_greenlet = None self.outgoing_msg_greenlet = None self.incoming_msg_greenlet = None if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format(self.ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.ip = ''
def __init__(self, work_dir, config): """ Main class which runs Beeswarm in Client mode. :param work_dir: Working directory (usually the current working directory) :param config_arg: Beeswarm configuration dictionary. """ self.run_flag = True # maps honeypot id to IP self.honeypot_map = {} with open('beeswarmcfg.json', 'r') as config_file: self.config = json.load(config_file, object_hook=asciify) # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) BaitSession.client_id = self.config['general']['id'] if self.config['general']['fetch_ip']: self.my_ip = urllib2.urlopen('http://api-sth01.exip.org/?call=ip').read() logger.info('Fetched {0} as my external ip.'.format(self.my_ip)) else: self.my_ip = get_most_likely_ip() self.dispatcher_greenlets = []
def __init__(self, work_dir, config, key='server.key', cert='server.crt', **kwargs): """ Main class which runs Beeswarm in Honeypot mode. :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ if config is None or not os.path.isdir(os.path.join(work_dir, 'data')): Honeypot.prepare_environment(work_dir) self.work_dir = work_dir self.config = config self.key = os.path.join(work_dir, key) self.cert = os.path.join(work_dir, cert) self._servers = [] self._server_greenlets = [] self.honeypot_id = self.config['general']['id'] Session.honeypot_id = self.honeypot_id # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) if not (os.path.isfile(os.path.join(work_dir, 'server.key'))): cert_info = config['certificate_info'] if cert_info['common_name']: cert_info['common_name'] = cert_info['common_name'] else: cert_info['common_name'] = get_most_likely_ip() cert, priv_key = create_self_signed_cert(cert_info['country'], cert_info['state'], cert_info['organization'], cert_info['locality'], cert_info['organization_unit'], cert_info['common_name']) cert_path = os.path.join(work_dir, 'server.crt') key_path = os.path.join(work_dir, 'server.key') with open(cert_path, 'w') as certfile: certfile.write(cert) with open(key_path, 'w') as keyfile: keyfile.write(priv_key) send_zmq_push(SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.KEY.value, self.honeypot_id, priv_key)) send_zmq_push(SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.CERT.value, self.honeypot_id, cert)) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.honeypot_ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format(self.honeypot_ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.honeypot_ip = '' # spawning time checker if self.config['timecheck']['enabled']: Greenlet.spawn(self.check_time)
def __init__(self, work_dir, config, key='server.key', cert='server.crt', **kwargs): """ :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) self.work_dir = work_dir self.config = config self.key = key self.cert = cert self.id = self.config['general']['id'] # Honeypot / Client self.drone = None self.drone_greenlet = None self.outgoing_msg_greenlet = None self.incoming_msg_greenlet = None self.config_url_dropper_greenlet = None # messages from server relayed to internal listeners ctx = beeswarm.shared.zmq_context self.internal_server_relay = ctx.socket(zmq.PUSH) self.internal_server_relay.bind('inproc://serverCommands') self.config_received = gevent.event.Event() if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format( self.ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.ip = ''
def __init__(self, work_dir, config, curses_screen=None): """ Main class which runs Beeswarm in Client mode. :param work_dir: Working directory (usually the current working directory) :param config_arg: Beeswarm configuration dictionary. :param curses_screen: Contains a curses screen object, if UI is enabled. Default is None. """ self.run_flag = True self.curses_screen = curses_screen with open('beeswarmcfg.json', 'r') as config_file: self.config = json.load(config_file, object_hook=asciify) # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) BaitSession.client_id = self.config['general']['id'] # TODO: Handle peering in other place BaitSession.honeypot_id = self.config['general']['id'] if self.config['public_ip']['fetch_ip']: self.my_ip = urllib2.urlopen('http://api-sth01.exip.org/?call=ip').read() logger.info('Fetched {0} as my external ip.'.format(self.my_ip)) else: self.my_ip = '127.0.0.1' self.status = { 'mode': 'Client', 'total_bees': 0, 'active_bees': 0, 'enabled_bees': [], 'client_id': self.config['general']['client_id'], 'managment_url': self.config['beeswarm_server']['managment_url'], 'ip_address': self.my_ip } self.dispatchers = {} self.dispatcher_greenlets = [] if self.curses_screen is not None: self.uihandler = ClientUIHandler(self.status, self.curses_screen) Greenlet.spawn(self.show_status_ui)
def __init__(self, work_dir, config, key='server.key', cert='server.crt', local_pull_socket=None, **kwargs): """ :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) self.work_dir = work_dir self.config = config self.config_file = os.path.join(work_dir, 'beeswarmcfg.json') self.key = key self.cert = cert self.id = self.config['general']['id'] self.local_pull_socket = local_pull_socket # Honeypot / Client self.drone = None self.drone_greenlet = None self.outgoing_msg_greenlet = None self.incoming_msg_greenlet = None # messages from server relayed to internal listeners ctx = beeswarm.shared.zmq_context self.internal_server_relay = ctx.socket(zmq.PUSH) self.internal_server_relay.bind(SocketNames.SERVER_COMMANDS.value) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format(self.ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.ip = '' self.greenlets = [] self.config_received = gevent.event.Event()
def __init__(self, work_dir, config, key='server.key', cert='server.crt', **kwargs): """ Main class which runs Beeswarm in Honeypot mode. :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ if fs.__version__ != '0.5.4': os.exit('the python fs package must be verison 0.5.4') if config is None or not os.path.isdir(os.path.join(work_dir, 'data')): Honeypot.prepare_environment(work_dir) self.work_dir = work_dir self.config = config self.key = os.path.join(work_dir, key) self.cert = os.path.join(work_dir, cert) self._servers = [] self._server_greenlets = [] self.honeypot_id = self.config['general']['id'] Session.honeypot_id = self.honeypot_id # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) if not (os.path.isfile(os.path.join(work_dir, 'server.key'))): cert_info = config['certificate_info'] if cert_info['common_name']: cert_info['common_name'] = cert_info['common_name'] else: cert_info['common_name'] = get_most_likely_ip() cert, priv_key = create_self_signed_cert( cert_info['country'], cert_info['state'], cert_info['organization'], cert_info['locality'], cert_info['organization_unit'], cert_info['common_name']) cert_path = os.path.join(work_dir, 'server.crt') key_path = os.path.join(work_dir, 'server.key') with open(cert_path, 'w') as certfile: certfile.write(cert) with open(key_path, 'w') as keyfile: keyfile.write(priv_key) send_zmq_push( SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.KEY.value, self.honeypot_id, priv_key)) send_zmq_push( SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.CERT.value, self.honeypot_id, cert)) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.honeypot_ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format( self.honeypot_ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.honeypot_ip = '' # spawning time checker if self.config['timecheck']['enabled']: Greenlet.spawn(self.check_time)
def __init__(self, work_dir, config, key='server.key', cert='server.crt', curses_screen=None, **kwargs): """ Main class which runs Beeswarm in Honeypot mode. :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities :param curses_screen: Contains a curses screen object, if UI is enabled. Default is None. """ if config is None or not os.path.isdir(os.path.join(work_dir, 'data')): Honeypot.prepare_environment(work_dir) with open('beeswarmcfg.json', 'r') as config_file: config = json.load(config_file, object_hook=asciify) self.work_dir = work_dir self.config = config self.key = key self.cert = cert self.curses_screen = curses_screen # TODO: pass honeypot otherwise Session.honeypot_id = self.config['general']['id'] self.id = self.config['general']['id'] # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) if not (os.path.isfile(os.path.join(work_dir, 'server.key'))): cert_info = config['certificate_info'] #TODO: IF NOT COMMON_NAME: Use own ip address... cert, priv_key = create_self_signed_cert(cert_info['country'], cert_info['state'], cert_info['organization'], cert_info['locality'], cert_info['organization_unit'], cert_info['common_name']) cert_path = os.path.join(work_dir, 'server.crt') key_path = os.path.join(work_dir, 'server.key') with open(cert_path, 'w') as certfile: certfile.write(cert) with open(key_path, 'w') as keyfile: keyfile.write(priv_key) send_zmq_push('ipc://serverRelay', '{0} {1} {2}'.format(Messages.KEY, self.id, keyfile)) send_zmq_push('ipc://serverRelay', '{0} {1} {2}'.format(Messages.CERT, self.id, cert)) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.honeypot_ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format(self.honeypot_ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.honeypot_ip = '' self.status = { 'mode': 'Honeypot', 'ip_address': self.honeypot_ip, 'honeypot_id': self.config['general']['id'], 'total_sessions': 0, 'active_sessions': 0, 'enabled_capabilities': [], 'managment_url': '' } # will contain BaitUser objects self.users = self.create_users() # inject authentication mechanism Session.authenticator = Authenticator(self.users) # spawning time checker if self.config['timecheck']['enabled']: Greenlet.spawn(self.checktime) # show curses UI if self.curses_screen is not None: self.uihandler = HoneypotUIHandler(self.status, self.curses_screen) Greenlet.spawn(self.show_status_ui)
def __init__(self, work_dir, config, key='server.key', cert='server.crt', **kwargs): """ Main class which runs Beeswarm in Honeypot mode. :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ if config is None or not os.path.isdir(os.path.join(work_dir, 'data')): Honeypot.prepare_environment(work_dir) with open('beeswarmcfg.json', 'r') as config_file: config = json.load(config_file, object_hook=asciify) self.work_dir = work_dir self.config = config self.key = key self.cert = cert self._servers = [] self._server_greenlets = [] # will contain Session objects self._sessions = {} self._session_consumer = None # TODO: pass honeypot otherwise Session.honeypot_id = self.config['general']['id'] self.id = self.config['general']['id'] # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) if not (os.path.isfile(os.path.join(work_dir, 'server.key'))): cert_info = config['certificate_info'] if cert_info['common_name']: cert_info['common_name'] = cert_info['common_name'] else: cert_info['common_name'] = get_most_likely_ip() cert, priv_key = create_self_signed_cert( cert_info['country'], cert_info['state'], cert_info['organization'], cert_info['locality'], cert_info['organization_unit'], cert_info['common_name']) cert_path = os.path.join(work_dir, 'server.crt') key_path = os.path.join(work_dir, 'server.key') with open(cert_path, 'w') as certfile: certfile.write(cert) with open(key_path, 'w') as keyfile: keyfile.write(priv_key) send_zmq_push('inproc://serverRelay', '{0} {1} {2}'.format(Messages.KEY, self.id, keyfile)) send_zmq_push('inproc://serverRelay', '{0} {1} {2}'.format(Messages.CERT, self.id, cert)) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.honeypot_ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format( self.honeypot_ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.honeypot_ip = '' # spawning time checker if self.config['timecheck']['enabled']: Greenlet.spawn(self.checktime)