Exemple #1
0
 def processor(self):
     """
     processor function will be called as a new thread and will be die when
     kill_flag is True
     :return:
     """
     new_file_handler = FileMonitor()
     new_file_handler.log_filename = self.log_filename
     new_file_handler.log_filename_dump = self.log_filename_dump
     new_file_handler.DIRECTORY_TO_WATCH = self.DIRECTORY_TO_WATCH
     new_file_handler.EXCLUDES = self.EXCLUDES
     new_file_handler.module_name = self.module_name
     thread = threading.Thread(target=new_file_handler.run,
                               args=(),
                               name="ftp_weak_password_processor")
     if os.path.exists(self.log_filename):
         os.remove(self.log_filename)  # remove if exist from past
     thread.start()  # Start the execution
     while not self.kill_flag:
         try:
             time.sleep(0.1)
         except Exception:
             pass
     new_file_handler.stop()
     terminate_thread(thread)
Exemple #2
0
def load_honeypot_engine():
    """
    load OHP Engine

    Returns:
        True
    """
    # print logo
    logo()

    # parse argv
    parser, argv_options = argv_parser()

    #########################################
    # argv rules apply
    #########################################
    # check help menu
    if argv_options.show_help_menu:
        parser.print_help()
        exit_success()
    # check for requirements before start
    check_for_requirements(argv_options.start_api_server)
    # check api server flag
    if argv_options.start_api_server:
        start_api_server()
        exit_success()
    # check selected modules
    if argv_options.selected_modules:
        selected_modules = list(set(argv_options.selected_modules.rsplit(",")))
        if "all" in selected_modules:
            selected_modules = load_all_modules()
        if "" in selected_modules:
            selected_modules.remove("")
        # if selected modules are zero
        if not len(selected_modules):
            exit_failure(messages("en", "zero_module_selected"))
        # if module not found
        for module in selected_modules:
            if module not in load_all_modules():
                exit_failure(messages("en", "module_not_found").format(module))
    # check excluded modules
    if argv_options.excluded_modules:
        excluded_modules = list(set(argv_options.excluded_modules.rsplit(",")))
        if "all" in excluded_modules:
            exit_failure("you cannot exclude all modules")
        if "" in excluded_modules:
            excluded_modules.remove("")
        # remove excluded modules
        for module in excluded_modules:
            if module not in load_all_modules():
                exit_failure(messages("en", "module_not_found").format(module))
            # ignore if module not selected, it will remove anyway
            try:
                selected_modules.remove(module)
            except Exception as _:
                del _
        # if selected modules are zero
        if not len(selected_modules):
            exit_failure(messages("en", "zero_module_selected"))
    virtual_machine_container_reset_factory_time_seconds = argv_options. \
        virtual_machine_container_reset_factory_time_seconds
    run_as_test = argv_options.run_as_test
    #########################################
    # argv rules apply
    #########################################
    # build configuration based on selected modules
    configuration = honeypot_configuration_builder(selected_modules)

    info(messages("en", "honeypot_started"))
    info(messages("en", "loading_modules").format(", ".join(selected_modules)))
    # check for conflict in real machine ports and pick new ports
    info("checking for conflicts in ports")
    configuration = conflict_ports(configuration)
    # stop old containers (in case they are not stopped)
    stop_containers(configuration)
    # remove old containers (in case they are not updated)
    remove_old_containers(configuration)
    # remove old images (in case they are not updated)
    remove_old_images(configuration)
    # create new images based on selected modules
    create_new_images(configuration)
    # create OWASP Honeypot networks in case not exist
    create_ohp_networks()
    # start containers based on selected modules
    configuration = start_containers(configuration)
    # start network monitoring thread
    new_network_events_thread = Thread(target=new_network_events,
                                       args=(configuration, ),
                                       name="new_network_events_thread")
    new_network_events_thread.start()
    info("all selected modules started: {0}".format(
        ", ".join(selected_modules)))

    bulk_events_thread = Thread(target=insert_bulk_events_from_thread,
                                args=(),
                                name="insert_events_in_bulk_thread")
    bulk_events_thread.start()

    # run module processors
    run_modules_processors(configuration)

    # check if it's not a test
    if not run_as_test:
        # wait forever! in case user can send ctrl + c to interrupt
        wait_until_interrupt(
            virtual_machine_container_reset_factory_time_seconds,
            configuration, new_network_events_thread)
    # kill the network events thread
    terminate_thread(new_network_events_thread)
    terminate_thread(bulk_events_thread)
    insert_events_in_bulk(
    )  # if in case any events that were not inserted from thread
    # stop created containers
    stop_containers(configuration)
    # stop module processor
    stop_modules_processors(configuration)
    # remove created containers
    remove_old_containers(configuration)
    # remove created images
    remove_old_images(configuration)
    # remove_tmp_directories() error: access denied!
    # kill all missed threads
    for thread in threading.enumerate()[1:]:
        terminate_thread(thread, False)
    info("finished.")
    # reset cmd/terminal color
    finish()
    return True
Exemple #3
0
def load_honeypot_engine():
    """
    load OHP Engine

    Returns:
        True
    """
    # print logo
    logo()

    # parse argv
    parser, argv_options = argv_parser()

    # check the language
    if argv_options.language:
        update_language(argv_options)
    #########################################
    # argv rules apply
    #########################################
    # check help menu
    if argv_options.show_help_menu:
        parser.print_help()
        exit_success()
    # check for requirements before start
    check_for_requirements(argv_options.start_api_server)
    # create indices before server start
    create_indices()
    # check api server flag
    if argv_options.start_api_server:
        start_api_server()
        exit_success()

    # Check if the script is running with sudo
    if not os.geteuid() == 0:
        exit_failure(messages['script_must_run_as_root'])
    # Check timeout value if provided
    if argv_options.timeout_value < 1:
        exit_failure(messages["timeout_error"])

    # check selected modules
    if argv_options.selected_modules:
        selected_modules = list(set(argv_options.selected_modules.rsplit(",")))
        if "all" in selected_modules:
            selected_modules = load_all_modules()
        if "" in selected_modules:
            selected_modules.remove("")
        # if selected modules are zero
        if not len(selected_modules):
            exit_failure(messages["no_module_selected_error"])
        # if module not found
        for module in selected_modules:
            if module not in load_all_modules():
                exit_failure("module {0} not found!".format(module))
    # check excluded modules
    if argv_options.excluded_modules:
        excluded_modules = list(set(argv_options.excluded_modules.rsplit(",")))
        if "all" in excluded_modules:
            exit_failure(messages["all_modules_excluded_error"])
        if "" in excluded_modules:
            excluded_modules.remove("")
        # remove excluded modules
        for module in excluded_modules:
            if module not in load_all_modules():
                exit_failure("module {0} not found!".format(module))
            # ignore if module not selected, it will remove anyway
            try:
                selected_modules.remove(module)
            except Exception:
                pass
        # if selected modules are zero
        if not len(selected_modules):
            exit_failure(messages["no_module_selected_error"])
    virtual_machine_container_reset_factory_time_seconds = argv_options. \
        virtual_machine_container_reset_factory_time_seconds
    run_as_test = argv_options.run_as_test
    #########################################
    # argv rules apply
    #########################################
    # build configuration based on selected modules
    configuration = honeypot_configuration_builder(selected_modules)
    # Set network configuration
    network_config = set_network_configuration(argv_options)
    info(messages["start_message"])
    info(messages["loading_modules"].format(", ".join(selected_modules)))
    # check for conflict in real machine ports and pick new ports
    info(messages["check_for_port_conflicts"])
    configuration = conflict_ports(configuration)
    # stop old containers (in case they are not stopped)
    stop_containers(configuration)
    # remove old containers (in case they are not updated)
    remove_old_containers(configuration)
    # remove old images (in case they are not updated)
    remove_old_images(configuration)
    # create new images based on selected modules
    create_new_images(configuration)
    # create OWASP Honeypot networks in case not exist
    create_ohp_networks()
    # start containers based on selected modules
    configuration = start_containers(configuration)
    # network capture process
    mp.set_start_method('spawn')
    # Event queues
    honeypot_events_queue = mp.Queue()
    network_events_queue = mp.Queue()
    # start a new process for network capture
    network_traffic_capture_process = mp.Process(
        target=network_traffic_capture,
        args=(
            configuration,
            honeypot_events_queue,
            network_events_queue,
            network_config,
        ),
        name="network_traffic_capture_process")
    network_traffic_capture_process.start()
    info(messages["selected_modules_started"].format(
        ", ".join(selected_modules)))
    # start a thread to push events to database regularly
    bulk_events_thread = Thread(target=push_events_to_database_from_thread,
                                args=(
                                    honeypot_events_queue,
                                    network_events_queue,
                                ),
                                name="insert_events_in_bulk_thread")
    bulk_events_thread.start()

    # run module processors
    run_modules_processors(configuration)

    # wait forever! in case user can send ctrl + c to interrupt
    exit_flag = wait_until_interrupt(
        virtual_machine_container_reset_factory_time_seconds, configuration,
        network_traffic_capture_process, run_as_test)
    # killed the network traffic capture process by ctrl + c... waiting to end.
    info(messages["killing_capture_process"])
    if run_as_test:
        network_traffic_capture_process.terminate()
    # without ci it will be terminate after a few seconds, it needs to kill the tshark and update pcap file collection
    network_traffic_capture_process.join()
    # if in case any events that were not inserted from thread
    push_events_queues_to_database(honeypot_events_queue, network_events_queue)
    # Kill bulk events thread
    terminate_thread(bulk_events_thread)
    # stop created containers
    stop_containers(configuration)
    # stop module processor
    stop_modules_processors(configuration)
    # remove created containers
    remove_old_containers(configuration)
    # remove created images
    remove_old_images(configuration)
    # remove_tmp_directories() error: access denied!
    # kill all missed threads
    for thread in threading.enumerate()[1:]:
        terminate_thread(thread, False)
    info(messages["finished"])
    # reset cmd/terminal color
    reset_cmd_color()
    return exit_flag