コード例 #1
0
    def loginSuccessful(self, username, password):
        self.passwordTried = True
        self.loginSuccess = True
        dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
        self.makeSessionFolder()
        if self.cfg.get('txtlog', 'enabled') == 'true':
            txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, True)
            txtlog.log(self.txtlog_file, self.connectionString)
            txtlog.log(self.txtlog_file, '[SSH  ] Login Successful: ' + username + ':' + password)
 
        if self.cfg.get('email', 'login') == 'true':
            threads.deferToThread(self.email, 'HonSSH - Login Successful', self.txtlog_file)
        
        if self.cfg.get('database_mysql', 'enabled') == 'true':
            self.dbLog.handleLoginSucceeded(username, password)
            self.dbLog.createSession(self.sessionID, self.endIP, self.endPort, self.cfg.get('honeypot', 'ssh_addr'), self.cfg.get('honeypot', 'ssh_port'))
            self.dbLog.handleClientVersion(self.sessionID, self.version)
                    
        if self.cfg.get('hpfeeds', 'enabled') == 'true':
            self.hpLog.handleLoginSucceeded(username, password)
            self.hpLog.createSession(self.sessionID, self.endIP, self.endPort, self.cfg.get('honeypot', 'ssh_addr'), self.cfg.get('honeypot', 'ssh_port'))
            self.hpLog.handleClientVersion(self.version)
            
        if self.cfg.has_option('app_hooks', 'login_successful'):
            if self.cfg.get('app_hooks', 'login_successful') != '':
                cmdString = self.cfg.get('app_hooks', 'login_successful') + " LOGIN_SUCCESSFUL " + dt + " " + self.endIP + " " + username + " " + password
                threads.deferToThread(self.runCommand, cmdString)
コード例 #2
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def connectionLost(self):
     dt = self.getDateTime()
     log.msg("[OUTPUT] Lost Connection with the attacker: %s" % self.endIP)
     if not self.passwordTried:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             txtlog.authLog(dt, self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, '', '', False)
         
     if self.loginSuccess:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             if os.path.exists(self.txtlog_file):
                 txtlog.log(dt, self.txtlog_file, '[SSH  ] Lost Connection with ' + self.endIP)
                 
         if self.cfg.get('database_mysql', 'enabled') == 'true':
             self.dbLog.handleConnectionLost(dt, self.sessionID)
         if self.cfg.get('hpfeeds', 'enabled') == 'true':
             self.hpLog.handleConnectionLost(dt)
         if self.cfg.get('email', 'attack') == 'true':
             threads.deferToThread(self.email, self.sensorName + ' - Attack logged', self.txtlog_file, self.ttyFiles)
     
     if self.cfg.has_option('app_hooks', 'connection_lost'):
         if self.cfg.get('app_hooks', 'connection_lost') != '':
             cmdString = self.cfg.get('app_hooks', 'connection_lost') + " CONNECTION_LOST " + dt + " " + self.endIP
             threads.deferToThread(self.runCommand, cmdString)
         
     self.connections.delConn(self.sensorName, self.endIP, self.endPort)
コード例 #3
0
ファイル: output.py プロジェクト: JacobJacob/honssh
    def loginSuccessful(self, username, password):
        self.passwordTried = True
        self.loginSuccess = True
        dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
        self.makeSessionFolder()
        if self.cfg.get('txtlog', 'enabled') == 'true':
            txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, True)
            txtlog.log(self.txtlog_file, self.connectionString)
            txtlog.log(self.txtlog_file, '[SSH  ] Login Successful: ' + username + ':' + password)
 
        if self.cfg.get('email', 'login') == 'true':
            threads.deferToThread(self.email, self.sensorName + ' - Login Successful', self.txtlog_file)
        
        if self.cfg.get('database_mysql', 'enabled') == 'true':
            self.dbLog.handleLoginSucceeded(username, password)
            self.dbLog.createSession(self.sessionID, self.endIP, self.endPort, self.honeyIP, self.honeyPort, self.sensorName)
            self.dbLog.handleClientVersion(self.sessionID, self.version)
                    
        if self.cfg.get('hpfeeds', 'enabled') == 'true':
            self.hpLog.handleLoginSucceeded(username, password)
            self.hpLog.createSession(self.sessionID, self.endIP, self.endPort, self.honeyIP, self.honeyPort)
            self.hpLog.handleClientVersion(self.version)
            
        if self.cfg.has_option('app_hooks', 'login_successful'):
            if self.cfg.get('app_hooks', 'login_successful') != '':
                cmdString = self.cfg.get('app_hooks', 'login_successful') + " LOGIN_SUCCESSFUL " + dt + " " + self.endIP + " " + username + " " + password
                threads.deferToThread(self.runCommand, cmdString)
コード例 #4
0
ファイル: output.py プロジェクト: JacobJacob/honssh
 def channelOpened(self, uuid, channelName):
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(self.txtlog_file, channelName + ' Opened Channel')
         
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.channelOpened(self.sessionID, uuid, channelName)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.channelOpened(uuid, channelName)
コード例 #5
0
 def channelOpened(self, uuid, channelName):
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(self.txtlog_file, channelName + ' Opened Channel')
         
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.channelOpened(self.sessionID, uuid, channelName)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.channelOpened(uuid, channelName)
コード例 #6
0
ファイル: output.py プロジェクト: JacobJacob/honssh
 def channelClosed(self, channel):
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(self.txtlog_file, channel.name + ' Closed Channel')
     
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.channelClosed(channel.uuid, channel.ttylog_file)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.channelClosed(channel.uuid, channel.ttylog_file)
         
     if channel.ttylog_file != None:
         self.ttyFiles.append(channel.ttylog_file)
コード例 #7
0
 def channelClosed(self, channel):
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(self.txtlog_file, channel.name + ' Closed Channel')
     
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.channelClosed(channel.uuid, channel.ttylog_file)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.channelClosed(channel.uuid, channel.ttylog_file)
         
     if channel.ttylog_file != None:
         self.ttyFiles.append(channel.ttylog_file)
コード例 #8
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def channelOpened(self, uuid, channelName):
     dt = self.getDateTime()
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(dt, self.txtlog_file, channelName + ' Opened Channel')
         
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.channelOpened(dt, self.sessionID, uuid, channelName)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.channelOpened(dt, uuid, channelName)
       
     self.connections.addChannel(self.sensorName, self.endIP, self.endPort, channelName, dt, uuid)
コード例 #9
0
 def generateMD5(self, channelName, dt, logPath, theIP, link, outFile):      
     f = file(outFile, 'rb')
     md5 = hashlib.md5()
     while True:
         data = f.read(2**20)
         if not data:
             break
         md5.update(data)
     f.close()
     
     theMD5 = md5.hexdigest()
     theSize = os.path.getsize(outFile)
     txtlog.log(self.txtlog_file, channelName + ' Downloaded: ' + link + ' - Saved: ' + outFile + ' - Size: ' + str(theSize) + ' - MD5: ' + str(theMD5))
     txtlog.downloadLog(dt, logPath, theIP, link, outFile, theSize, theMD5)
コード例 #10
0
ファイル: output.py プロジェクト: JacobJacob/honssh
 def generateMD5(self, channelName, dt, logPath, theIP, link, outFile):      
     f = file(outFile, 'rb')
     md5 = hashlib.md5()
     while True:
         data = f.read(2**20)
         if not data:
             break
         md5.update(data)
     f.close()
     
     theMD5 = md5.hexdigest()
     theSize = os.path.getsize(outFile)
     txtlog.log(self.txtlog_file, channelName + ' Downloaded: ' + link + ' - Saved: ' + outFile + ' - Size: ' + str(theSize) + ' - MD5: ' + str(theMD5))
     txtlog.downloadLog(dt, logPath, theIP, link, outFile, theSize, theMD5)
コード例 #11
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def generateSHA256(self, channelName, dt, logPath, theIP, link, outFile):
     f = file(outFile, 'rb')
     sha256 = hashlib.sha256()
     while True:
         data = f.read(2**20)
         if not data:
             break
         sha256.update(data)
     f.close()
     
     theSHA256 = sha256.hexdigest()
     theSize = os.path.getsize(outFile)
     txtlog.log(dt, self.txtlog_file, channelName + ' Downloaded: ' + link + ' - Saved: ' + outFile + ' - Size: ' + str(theSize) + ' - SHA256: ' + str(theSHA256))
     txtlog.downloadLog(dt, logPath, theIP, link, outFile, theSize, theSHA256)
コード例 #12
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def portForwardLog(self, channelName, connDetails):
     dt = self.getDateTime()
     theDNS = ''
     try:
         theDNS = ' (' + socket.gethostbyaddr(connDetails['srcIP'])[0] + ')'
     except:
         pass
     txtlog.log(dt, self.txtlog_file, channelName + ' Source: ' + connDetails['srcIP'] + ':' + str(connDetails['srcPort']) + theDNS)
     
     theDNS = ''
     try:
         theDNS = ' (' + socket.gethostbyaddr(connDetails['dstIP'])[0] + ')'
     except:
         pass
     txtlog.log(dt, self.txtlog_file, channelName + ' Destination: ' + connDetails['dstIP'] + ':' + str(connDetails['dstPort']) + theDNS)
コード例 #13
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def channelClosed(self, channel):
     dt = self.getDateTime()
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(dt, self.txtlog_file, channel.name + ' Closed Channel')
     
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.channelClosed(dt, channel.uuid, channel.ttylog_file)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.channelClosed(dt, channel.uuid, channel.ttylog_file)
         
     if channel.ttylog_file != None:
         self.ttyFiles.append(channel.ttylog_file)
     
     self.connections.delChannel(self.sensorName, self.endIP, self.endPort, channel.uuid)
コード例 #14
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
    def fileDownloaded(self, input):
        dt = self.getDateTime()

        channelName, uuid, success, link, file, error = input
        if success:
            if self.cfg.get('txtlog', 'enabled') == 'true':
                threads.deferToThread(self.generateSHA256, channelName, dt, self.cfg.get('folders', 'log_path') + '/downloads.log', self.endIP, link, file)
                
            if self.cfg.get('database_mysql', 'enabled') == 'true':
                self.dbLog.handleFileDownload(dt, uuid, link, file)
                
            if self.cfg.has_option('app_hooks', 'download_finished'):
                if self.cfg.get('app_hooks', 'download_finished') != '':
                    cmdString = self.cfg.get('app_hooks', 'download_finished') + " DOWNLOAD_FINISHED " + dt + " " + self.endIP + " " + link + " " + file
                    threads.deferToThread(self.runCommand, cmdString)  
        else:
            log.msg('[OUTPUT][DOWNLOAD][ERR]' + error)
            txtlog.log(self.getDateTime(), self.txtlog_file, channelName + ' [DOWNLOAD] - Cannot download URL: ' + link)
コード例 #15
0
ファイル: output.py プロジェクト: JacobJacob/honssh
    def commandEntered(self, uuid, channelName, theCommand):
        if self.cfg.get('txtlog', 'enabled') == 'true':
            theCMD = theCommand.replace('\n', '\\n')
            txtlog.log(self.txtlog_file, channelName + " Command Executed: %s" % (theCMD))
        if self.cfg.get('database_mysql', 'enabled') == 'true':
            self.dbLog.handleCommand(uuid, theCommand)
        if self.cfg.get('hpfeeds', 'enabled') == 'true':
            self.hpLog.handleCommand(uuid, theCommand)
            
        theCommandsSplit = re.findall(r'(?:[^;&|<>"\']|["\'](?:\\.|[^"\'])*[\'"])+', theCommand)
        theCMDs = []
        
        for cmd in theCommandsSplit:
            theCMDs.extend(cmd.split('\n'))

        for command in theCMDs:
            command = command.strip().rstrip()

            dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
            if self.cfg.has_option('app_hooks', 'command_entered'):
                if self.cfg.get('app_hooks', 'command_entered') != '':
                    cmdString = self.cfg.get('app_hooks', 'command_entered') + " COMMAND_ENTERED " + dt + " " + self.endIP + " '" + command + "'"
                    threads.deferToThread(self.runCommand, cmdString)
            
            if self.cfg.get('download','active') == 'true':
                if command.startswith('wget '):
                    command = command[4:]
                    commandArgs = re.findall(r'(?:[^\s"]|"(?:\\.|[^"])*")+', command)
                    args, links = getopt.getopt(commandArgs, 'VhbdqvFcNS46xErkKmpHLnp:e:o:a:i:B:t:O:T:w:Q:P:U:l:A:R:D:I:X:', ['version','help','background','execute=','output-file=','append-output=','debug','quiet','verbose','report-speed=','input-file=','force-html','base=','config=','bind-address=','tries=','output-document=', 'backups=','continue','progress=','timestamping','no-use-server-timestamps','server-response','spider','timeout=','dns-timeout=','connect-timeout=','read-timeout=','limit-rate=','wait=','waitretry=', 'random-wait','no-proxy','quota=','no-dns-cache','restrict-file-names=','inet4-only','inet6-only','prefer-family=','retry-connrefused','user='******'password='******'ask-password','no-iri','local-encoding=','remote-encoding=','unlink','force-directories','protocol-directories','cut-dirs=','directory-prefix=','default-page=','adjust-extension','http-user='******'http-password='******'no-http-keep-alive','no-cache','no-cookies','load-cookies=','save-cookies=','keep-session-cookies','ignore-length','header=','max-redirect=','proxy-user='******'proxy-password='******'referer=','save-headers','user-agent=','post-data=','post-file=','method=','body-data=','body-file=','content-disposition','content-on-error','trust-server-names','auth-no-challenge','secure-protocol=','https-only','no-check-certificate','certificate=','certificate-type=','private-key=','private-key-type=','ca-certificate=','ca-directory=','random-file=','egd-file=','warc-file=','warc-header=','warc-max-size=','warc-cdx','warc-dedup=','no-warc-compression','no-warc-digests','no-warc-keep-log','warc-tempdir=','ftp-user='******'ftp-password='******'no-remove-listing','no-glob','no-passive-ftp','preserve-permissions','retr-symlinks','recursive','level=','delete-after','convert-links','backup-converted','mirror','page-requisites','strict-comments','accept=','reject=','accept-regex=','reject-regex=','regex-type=','domains=','exclude-domains=','follow-ftp','follow-tags=','ignore-tags=','ignore-case','span-hosts','relative','include-directories=','exclude-directories=','no-verbose','no-clobber','no-directories','no-host-directories','no-parent'])
                    username = ''
                    password = ''
                    for a in args:
                        if a[0] in ['user', 'http-user', 'ftp-user']:
                            username = a[1]
                        if a[0] in ['password', 'http-password', 'ftp-password']:
                            password = a[1]
                            
                    for l in links:
                        self.activeDownload(channelName, uuid, l, username, password)
コード例 #16
0
    def commandEntered(self, uuid, channelName, theCommand):
        if self.cfg.get('txtlog', 'enabled') == 'true':
            theCMD = theCommand.replace('\n', '\\n')
            txtlog.log(self.txtlog_file, channelName + " Command Executed: %s" % (theCMD))
        if self.cfg.get('database_mysql', 'enabled') == 'true':
            self.dbLog.handleCommand(uuid, theCommand)
        if self.cfg.get('hpfeeds', 'enabled') == 'true':
            self.hpLog.handleCommand(uuid, theCommand)
            
        theCommandsSplit = re.findall(r'(?:[^;&|<>"\']|["\'](?:\\.|[^"\'])*[\'"])+', theCommand)
        theCMDs = []
        
        for cmd in theCommandsSplit:
            theCMDs.extend(cmd.split('\n'))

        for command in theCMDs:
            command = command.strip().rstrip()

            dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
            if self.cfg.has_option('app_hooks', 'command_entered'):
                if self.cfg.get('app_hooks', 'command_entered') != '':
                    cmdString = self.cfg.get('app_hooks', 'command_entered') + " COMMAND_ENTERED " + dt + " " + self.endIP + " '" + command + "'"
                    threads.deferToThread(self.runCommand, cmdString)
            
            if self.cfg.get('download','active') == 'true':
                if command.startswith('wget '):
                    command = command[4:]
                    commandArgs = re.findall(r'(?:[^\s"]|"(?:\\.|[^"])*")+', command)
                    args, links = getopt.getopt(commandArgs, 'VhbdqvFcNS46xErkKmpHLnp:e:o:a:i:B:t:O:T:w:Q:P:U:l:A:R:D:I:X:', ['version','help','background','execute=','output-file=','append-output=','debug','quiet','verbose','report-speed=','input-file=','force-html','base=','config=','bind-address=','tries=','output-document=', 'backups=','continue','progress=','timestamping','no-use-server-timestamps','server-response','spider','timeout=','dns-timeout=','connect-timeout=','read-timeout=','limit-rate=','wait=','waitretry=', 'random-wait','no-proxy','quota=','no-dns-cache','restrict-file-names=','inet4-only','inet6-only','prefer-family=','retry-connrefused','user='******'password='******'ask-password','no-iri','local-encoding=','remote-encoding=','unlink','force-directories','protocol-directories','cut-dirs=','directory-prefix=','default-page=','adjust-extension','http-user='******'http-password='******'no-http-keep-alive','no-cache','no-cookies','load-cookies=','save-cookies=','keep-session-cookies','ignore-length','header=','max-redirect=','proxy-user='******'proxy-password='******'referer=','save-headers','user-agent=','post-data=','post-file=','method=','body-data=','body-file=','content-disposition','content-on-error','trust-server-names','auth-no-challenge','secure-protocol=','https-only','no-check-certificate','certificate=','certificate-type=','private-key=','private-key-type=','ca-certificate=','ca-directory=','random-file=','egd-file=','warc-file=','warc-header=','warc-max-size=','warc-cdx','warc-dedup=','no-warc-compression','no-warc-digests','no-warc-keep-log','warc-tempdir=','ftp-user='******'ftp-password='******'no-remove-listing','no-glob','no-passive-ftp','preserve-permissions','retr-symlinks','recursive','level=','delete-after','convert-links','backup-converted','mirror','page-requisites','strict-comments','accept=','reject=','accept-regex=','reject-regex=','regex-type=','domains=','exclude-domains=','follow-ftp','follow-tags=','ignore-tags=','ignore-case','span-hosts','relative','include-directories=','exclude-directories=','no-verbose','no-clobber','no-directories','no-host-directories','no-parent'])
                    username = ''
                    password = ''
                    for a in args:
                        if a[0] in ['user', 'http-user', 'ftp-user']:
                            username = a[1]
                        if a[0] in ['password', 'http-password', 'ftp-password']:
                            password = a[1]
                            
                    for l in links:
                        self.activeDownload(channelName, uuid, l, username, password)
コード例 #17
0
 def connectionLost(self):
     log.msg("[OUTPUT] Lost Connection with the attacker: %s" % self.endIP)
     if not self.passwordTried:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, '', '', False)
         
     if self.loginSuccess:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             if os.path.exists(self.txtlog_file):
                 txtlog.log(self.txtlog_file, '[SSH  ] Lost Connection with ' + self.endIP)
                 
         if self.cfg.get('database_mysql', 'enabled') == 'true':
             self.dbLog.handleConnectionLost(self.sessionID)
         if self.cfg.get('hpfeeds', 'enabled') == 'true':
             self.hpLog.handleConnectionLost()
         if self.cfg.get('email', 'attack') == 'true':
             threads.deferToThread(self.email, 'HonSSH - Attack logged', self.txtlog_file, self.ttyFiles)
     
     dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
     if self.cfg.has_option('app_hooks', 'connection_lost'):
         if self.cfg.get('app_hooks', 'connection_lost') != '':
             cmdString = self.cfg.get('app_hooks', 'connection_lost') + " CONNECTION_LOST " + dt + " " + self.endIP
             threads.deferToThread(self.runCommand, cmdString)
コード例 #18
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def errLog(self, message):
     dt = self.getDateTime()
     self.makeSessionFolder()
     txtlog.log(dt, self.txtlog_file + "-err", message)
コード例 #19
0
ファイル: output.py プロジェクト: JacobJacob/honssh
 def advancedLog(self, message):
     self.makeSessionFolder()
     txtlog.log(self.txtlog_file + "-adv", message)
コード例 #20
0
ファイル: output.py プロジェクト: JacobJacob/honssh
 def errLog(self, message):
     self.makeSessionFolder()
     txtlog.log(self.txtlog_file + "-err", message)
コード例 #21
0
ファイル: output.py プロジェクト: JacobJacob/honssh
 def genericLog(self, message):
     self.makeSessionFolder()
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(self.txtlog_file, message)
コード例 #22
0
 def genericLog(self, message):
     self.makeSessionFolder()
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(self.txtlog_file, message)
コード例 #23
0
 def errLog(self, message):
     self.makeSessionFolder()
     txtlog.log(self.txtlog_file + "-err", message)
コード例 #24
0
 def advancedLog(self, message):
     self.makeSessionFolder()
     txtlog.log(self.txtlog_file + "-adv", message)
コード例 #25
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def advancedLog(self, message):
     dt = self.getDateTime()
     self.makeSessionFolder()
     txtlog.log(dt, self.txtlog_file + "-adv", message)
コード例 #26
0
ファイル: output.py プロジェクト: CZ-NIC/honssh
 def genericLog(self, message):
     dt = self.getDateTime()
     self.makeSessionFolder()
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.log(dt, self.txtlog_file, message)