def connection_made(self, end_ip, end_port, honey_ip, honey_port, sensor_name):
plugin_list = plugins.get_plugin_list(plugin_type='output')
self.loaded_plugins = plugins.import_plugins(plugin_list)
dt = self.get_date_time()
self.sensor_name = sensor_name
self.honey_ip = honey_ip
self.honey_port = str(honey_port)
self.end_ip = end_ip
self.end_port = str(end_port)
self.session_id = uuid.uuid4().hex
self.logLocation = self.cfg.get(['folders', 'session_path']) + "/" + self.sensor_name + "/" + end_ip + "/"
self.downloadFolder = self.logLocation + 'downloads/'
for plugin in self.loaded_plugins:
plugin_name = plugins.get_plugin_name(plugin)
for plugin_server in self.plugin_servers:
if plugin_server['name'] == plugin_name:
plugins.run_plugins_function([plugin], 'set_server', False, plugin_server['server'])
break
country = self.cname(self.end_ip)
if not country:
country = ''
session = self.connections.add_session(self.sensor_name, self.end_ip, self.end_port, dt, self.honey_ip,
self.honey_port, self.session_id, self.logLocation, country)
plugins.run_plugins_function(self.loaded_plugins, 'connection_made', True, session)
def __init__(self):
self.ourVersionString = self.cfg.get('honeypot', 'ssh_banner')
if self.ourVersionString == '':
log.msg(log.LPURPLE, '[SERVER]',
'Acquiring SSH Version String from honey_ip:honey_port')
clientFactory = client.HonsshSlimClientFactory()
clientFactory.server = self
reactor.connectTCP(
self.cfg.get('honeypot-static', 'honey_ip'),
int(self.cfg.get('honeypot-static', 'honey_port')),
clientFactory)
else:
log.msg(
log.LPURPLE, '[SERVER]',
'Using ssh_banner for SSH Version String: ' +
self.ourVersionString)
plugin_list = plugins.get_plugin_list(type='output')
loaded_plugins = plugins.import_plugins(plugin_list, self.cfg)
for plugin in loaded_plugins:
plugin_server = plugins.run_plugins_function([plugin],
'start_server', False)
plugin_name = plugins.get_plugin_name(plugin)
self.plugin_servers.append({
'name': plugin_name,
'server': plugin_server
})
if self.ourVersionString != '':
log.msg(log.LGREEN, '[HONSSH]',
'HonSSH Boot Sequence Complete - Ready for attacks!')
def connectionMade(self, end_ip, end_port, honey_ip, honey_port, sensor_name):
plugin_list = plugins.get_plugin_list(type='output')
self.loaded_plugins = plugins.import_plugins(plugin_list, self.cfg)
dt = self.getDateTime()
self.sensor_name = sensor_name
self.honey_ip = honey_ip
self.honey_port = str(honey_port)
self.end_ip = end_ip
self.end_port = str(end_port)
self.session_id = uuid.uuid4().hex
self.logLocation = self.cfg.get('folders', 'session_path') + "/" + self.sensor_name + "/"+ end_ip + "/"
self.downloadFolder = self.logLocation + 'downloads/'
for plugin in self.loaded_plugins:
plugin_name = plugins.get_plugin_name(plugin)
for plugin_server in self.plugin_servers:
if plugin_server['name'] == plugin_name:
plugins.run_plugins_function([plugin], 'set_server', False, plugin_server['server'])
break
country = self.cname(self.end_ip)
if not country:
country = ''
session = self.connections.add_session(self.sensor_name, self.end_ip, self.end_port, dt, self.honey_ip, self.honey_port, self.session_id, self.logLocation, country)
plugins.run_plugins_function(self.loaded_plugins, 'connection_made', True, session)
def __init__(self):
self.cfg = Config.getInstance()
self.otherVersionString = ''
self.connections = connections.Connections()
self.plugin_servers = []
self.ourVersionString = self.cfg.get(['honeypot', 'ssh_banner'])
if len(self.ourVersionString) > 0:
log.msg(log.LPURPLE, '[SERVER]', 'Using ssh_banner for SSH Version String: ' + self.ourVersionString)
else:
if self.cfg.getboolean(['honeypot-static', 'enabled']):
log.msg(log.LPURPLE, '[SERVER]', 'Acquiring SSH Version String from honey_ip:honey_port')
client_factory = client.HonsshSlimClientFactory()
client_factory.server = self
reactor.connectTCP(self.cfg.get(['honeypot-static', 'honey_ip']),
int(self.cfg.get(['honeypot-static', 'honey_port'])), client_factory)
elif self.cfg.getboolean(['honeypot-docker', 'enabled']):
log.msg(log.LRED, '[SERVER][ERR]', 'You need to configure the ssh_banner for docker manually!')
plugin_list = plugins.get_plugin_list()
loaded_plugins = plugins.import_plugins(plugin_list)
for plugin in loaded_plugins:
plugin_server = plugins.run_plugins_function([plugin], 'start_server', False)
plugin_name = plugins.get_plugin_name(plugin)
self.plugin_servers.append({'name': plugin_name, 'server': plugin_server})
if self.ourVersionString != '':
log.msg(log.LGREEN, '[HONSSH]', 'HonSSH Boot Sequence Complete - Ready for attacks!')
def config():
plugin_list = plugins.get_plugin_list()
cfg_files = plugins.get_plugin_cfg_files(plugin_list)
cfg = ConfigParser.ConfigParser()
cfg_files.append('honssh.cfg')
cfg.read(cfg_files)
return cfg
def config():
plugin_list = plugins.get_plugin_list()
cfg_files = plugins.get_plugin_cfg_files(plugin_list)
cfg = ConfigParser.ConfigParser()
cfg_files.append('honssh.cfg')
cfg.read(cfg_files)
return cfg
def get_conn_details(self):
plugin_list = plugins.get_plugin_list(type='honeypot')
self.auth_plugin = plugins.import_auth_plugins(self.name, plugin_list, self.cfg)
if self.auth_plugin == None:
log.msg(log.LRED, '[' + self.name + ']', 'NO PLUGIN ENABLED FOR ' + self.name)
return {'success':False}
else:
return plugins.run_plugins_function(self.auth_plugin, 'get_' + self.name.lower() + '_details', False, self.conn_details)
def validate_config(self):
plugin_list = plugins.get_plugin_list()
loaded_plugins = plugins.import_plugins(plugin_list)
# TODO: Is this right?
valid = plugins.run_plugins_function(loaded_plugins, 'validate_config',
False)
# Check prop exists and is an IP address
props = [['honeypot', 'ssh_addr'], ['honeypot', 'client_addr']]
for prop in props:
if not self.check_exist(prop, validation.check_valid_ip):
valid = False
# Check prop exists and is a port number
props = [['honeypot', 'ssh_port']]
for prop in props:
if not self.check_exist(prop, validation.check_valid_port):
valid = False
# Check prop exists
props = [['honeypot', 'public_key'], ['honeypot', 'private_key'],
['honeypot', 'public_key_dsa'],
['honeypot', 'private_key_dsa'], ['folders', 'log_path'],
['folders', 'session_path']]
for prop in props:
if not self.check_exist(prop):
valid = False
# Check prop exists and is true/false
props = [['advNet', 'enabled'], ['interact', 'enabled'],
['spoof', 'enabled'], ['download', 'passive'],
['download', 'active'], ['hp-restrict', 'disable_publicKey'],
['hp-restrict', 'disable_x11'],
['hp-restrict', 'disable_sftp'],
['hp-restrict', 'disable_exec'],
['hp-restrict', 'disable_port_forwarding'],
['packet_logging', 'enabled']]
for prop in props:
if not self.check_exist(prop, validation.check_valid_boolean):
valid = False
# If interact is enabled check it's config
if self.getboolean(['interact', 'enabled']):
prop = ['interact', 'interface']
if not self.check_exist(prop, validation.check_valid_ip):
valid = False
prop = ['interact', 'port']
if not self.check_exist(prop, validation.check_valid_port):
valid = False
# If spoof is enabled check it's config
if self.getboolean(['spoof', 'enabled']):
prop = ['spoof', 'users_conf']
if not self.check_exist(prop):
valid = False
return valid
def validateConfig(cfg):
validConfig = True
plugin_list = plugins.get_plugin_list()
loaded_plugins = plugins.import_plugins(plugin_list, cfg)
#TODO: Is this right?
validConfig = plugins.run_plugins_function(loaded_plugins,
'validate_config', False)
#Check prop exists and is an IP address
props = [['honeypot', 'ssh_addr'], ['honeypot', 'client_addr']]
for prop in props:
if not checkExist(cfg, prop) or not checkValidIP(cfg, prop):
validConfig = False
#Check prop exists and is a port number
props = [['honeypot', 'ssh_port']]
for prop in props:
if not checkExist(cfg, prop) or not checkValidPort(cfg, prop):
validConfig = False
#Check prop exists
props = [['honeypot', 'public_key'], ['honeypot', 'private_key'],
['honeypot', 'public_key_dsa'], ['honeypot', 'private_key_dsa'],
['folders', 'log_path'], ['folders', 'session_path']]
for prop in props:
if not checkExist(cfg, prop):
validConfig = False
#Check prop exists and is true/false
props = [['advNet', 'enabled'], ['interact', 'enabled'],
['spoof', 'enabled'], ['download', 'passive'],
['download', 'active'], ['hp-restrict', 'disable_publicKey'],
['hp-restrict', 'disable_x11'], ['hp-restrict', 'disable_sftp'],
['hp-restrict', 'disable_exec'],
['hp-restrict', 'disable_port_forwarding'],
['packet_logging', 'enabled']]
for prop in props:
if not checkExist(cfg, prop) or not checkValidBool(cfg, prop):
validConfig = False
#If interact is enabled check it's config
if cfg.get('interact', 'enabled') == 'true':
prop = ['interact', 'interface']
if not checkExist(cfg, prop) or not checkValidIP(cfg, prop):
validConfig = False
prop = ['interact', 'port']
if not checkExist(cfg, prop) or not checkValidPort(cfg, prop):
validConfig = False
#If spoof is enabled check it's config
if cfg.get('spoof', 'enabled') == 'true':
prop = ['spoof', 'users_conf']
if not checkExist(cfg, prop):
validConfig = False
return validConfig
def get_conn_details(self):
plugin_list = plugins.get_plugin_list(type='honeypot')
self.auth_plugin = plugins.import_auth_plugins(self.name, plugin_list,
self.cfg)
if self.auth_plugin == None:
log.msg(log.LRED, '[' + self.name + ']',
'NO PLUGIN ENABLED FOR ' + self.name)
return {'success': False}
else:
return plugins.run_plugins_function(
self.auth_plugin, 'get_' + self.name.lower() + '_details',
False, self.conn_details)
def connectionMade(self):
if self.wasConnected:
print("FAIL")
return
self.out = output_handler.Output(self.factory)
self.net = networking.Networking()
self.sshParse = ssh.SSH(self, self.out)
self.peer_ip = self.transport.getPeer().host
self.peer_port = self.transport.getPeer().port + 1
self.local_ip = self.transport.getHost().host
self.local_port = self.transport.getHost().port
self.pre_auth = pre_auth_handler.PreAuth(self)
self.post_auth = post_auth_handler.PostAuth(self)
self.wasConnected = True
# Get auth plugins
plugin_list = plugins.get_plugin_list(plugin_type='honeypot')
pre_auth_plugin = plugins.import_auth_plugin(self.pre_auth.name,
plugin_list)
post_auth_plugin = plugins.import_auth_plugin(self.post_auth.name,
plugin_list)
# Check pre auth plugin is set
if pre_auth_plugin is None:
log.msg(log.LRED, '[SERVER]',
'NO AUTH PLUGIN ENABLED FOR ' + self.pre_auth.name)
else:
self.pre_auth.auth_plugin = pre_auth_plugin
# Check post auth plugin is set
if post_auth_plugin is None:
log.msg(log.LRED, '[SERVER]',
'NO AUTH PLUGIN ENABLED FOR ' + self.post_auth.name)
else:
self.post_auth.auth_plugin = post_auth_plugin
# Check for same auth plugin
if post_auth_plugin.__class__ is pre_auth_plugin.__class__:
# Share auth plugin instance
self.post_auth.auth_plugin = self.pre_auth.auth_plugin
# Execute pre auth
self.pre_auth.start()
honsshServer.HonsshServer.connectionMade(self)
def __init__(self):
stack = inspect.stack()
if 'cls' in stack[1][
0].f_locals and stack[1][0].f_locals['cls'] is self.__class__:
ConfigParser.ConfigParser.__init__(self)
plugin_list = plugins.get_plugin_list()
cfg_files = plugins.get_plugin_cfg_files(plugin_list)
cfg_files.append('honssh.cfg')
self.read(cfg_files)
else:
raise Exception(
'This class cannot be instantiated from outside. Please use \'getInstance()\''
)
def validateConfig(cfg):
validConfig = True
plugin_list = plugins.get_plugin_list()
loaded_plugins = plugins.import_plugins(plugin_list, cfg)
#TODO: Is this right?
validConfig = plugins.run_plugins_function(loaded_plugins, 'validate_config', False)
#Check prop exists and is an IP address
props = [['honeypot','ssh_addr'], ['honeypot','client_addr']]
for prop in props:
if not checkExist(cfg,prop) or not checkValidIP(cfg,prop):
validConfig = False
#Check prop exists and is a port number
props = [['honeypot','ssh_port']]
for prop in props:
if not checkExist(cfg,prop) or not checkValidPort(cfg,prop):
validConfig = False
#Check prop exists
props = [['honeypot','public_key'], ['honeypot','private_key'], ['honeypot','public_key_dsa'], ['honeypot','private_key_dsa'], ['folders','log_path'], ['folders','session_path']]
for prop in props:
if not checkExist(cfg,prop):
validConfig = False
#Check prop exists and is true/false
props = [['advNet','enabled'], ['interact','enabled'], ['spoof','enabled'], ['download','passive'], ['download','active'], ['hp-restrict', 'disable_publicKey'], ['hp-restrict', 'disable_x11'], ['hp-restrict', 'disable_sftp'], ['hp-restrict', 'disable_exec'], ['hp-restrict', 'disable_port_forwarding'], ['packet_logging', 'enabled']]
for prop in props:
if not checkExist(cfg,prop) or not checkValidBool(cfg, prop):
validConfig = False
#If interact is enabled check it's config
if cfg.get('interact','enabled') == 'true':
prop = ['interact','interface']
if not checkExist(cfg,prop) or not checkValidIP(cfg,prop):
validConfig = False
prop = ['interact','port']
if not checkExist(cfg,prop) or not checkValidPort(cfg,prop):
validConfig = False
#If spoof is enabled check it's config
if cfg.get('spoof','enabled') == 'true':
prop = ['spoof','users_conf']
if not checkExist(cfg,prop):
validConfig = False
return validConfig
def __init__(self):
self.ourVersionString = self.cfg.get('honeypot', 'ssh_banner')
if self.ourVersionString == '':
log.msg(log.LPURPLE, '[SERVER]', 'Acquiring SSH Version String from honey_ip:honey_port')
clientFactory = client.HonsshSlimClientFactory()
clientFactory.server = self
reactor.connectTCP(self.cfg.get('honeypot-static', 'honey_ip'), int(self.cfg.get('honeypot-static', 'honey_port')), clientFactory)
else:
log.msg(log.LPURPLE, '[SERVER]', 'Using ssh_banner for SSH Version String: ' + self.ourVersionString)
plugin_list = plugins.get_plugin_list(type='output')
loaded_plugins = plugins.import_plugins(plugin_list, self.cfg)
for plugin in loaded_plugins:
plugin_server = plugins.run_plugins_function([plugin], 'start_server', False)
plugin_name = plugins.get_plugin_name(plugin)
self.plugin_servers.append({'name':plugin_name, 'server':plugin_server})
if self.ourVersionString != '':
log.msg(log.LGREEN, '[HONSSH]', 'HonSSH Boot Sequence Complete - Ready for attacks!')
