def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal("mysql.port", default=3306))
self.banner = config.getVal("mysql.banner", default="5.5.43-0ubuntu0.14.04.1").encode()
self.logtype = logger.LOG_MYSQL_LOGIN_ATTEMPT
if re.search('^[3456]\.[-_~.+\w]+$', self.banner) is None:
raise ConfigException("sql.banner", "Invalid MySQL Banner")
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams.get('httpproxy.port', 8443))
self.banner = instanceParams.get('httpproxy.banner',
'').encode('utf8')
self.skin = instanceParams.get('httpproxy.skin', 'squid')
self.maskpassword = instanceParams.get('httpproxy.maskpassword',
True)
else:
self.port = int(config.getVal('httpproxy.port', default=8443))
self.banner = config.getVal('httpproxy.banner', '').encode('utf8')
self.skin = config.getVal('httpproxy.skin', default='squid')
self.maskpassword = config.getVal('httpproxy.maskpassword', True)
self.skindir = os.path.join(HTTPProxy.resource_dir(), 'skin',
self.skin)
self.logtype = logger.LOG_HTTPPROXY_LOGIN_ATTEMPT
self.listen_addr = config.getVal('device.listen_addr', default='')
authfilename = os.path.join(self.skindir, 'auth.html')
try:
with open(authfilename, 'r') as f:
self.auth_template = Template(f.read())
except:
self.auth_template = Template("")
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal("ssh.port", default=22))
self.version = config.getVal(
"ssh.version",
default="SSH-2.0-OpenSSH_5.1p1 Debian-5").encode('utf8')
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal("mssql.port", default=1433))
self.version = config.getVal("mssql.version", default="2012")
self.listen_addr = config.getVal('device.listen_addr', default='')
if self.version not in MSSQLProtocol.NMAP_PROBE_1_RESP:
raise ConfigException("mssql.version", "Invalid MSSQL Version")
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal('smb.auditfile',
default='/var/log/samba-audit.log')
self.sharepath = config.getVal('smb.sharepath',
default='/briar/smb/openshare')
self.config = config
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams['sip.port'])
else:
self.port = int(config.getVal('sip.port', default=5060))
self.logtype = self.logger.LOG_SIP_REQUEST
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config, logger)
self.hostname = config.getVal('device.node_id')
self.localip = config.getVal('device.listen_addr')
self.serverip = config.getVal('server.ip')
self.last_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f")
self.status = "online"
self.logtype = logger.LOG_HOST
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams['ntp.port'])
else:
self.port = int(config.getVal('ntp.port', default=123))
self.logtype = logger.LOG_NTP_MONLIST
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('telnet.port', default=8023))
self.banner = config.getVal('telnet.banner', '').encode('utf8')
self.logtype = logger.LOG_TELNET_LOGIN_ATTEMPT
if self.banner:
self.banner += "\n"
def __init__(self,config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.banner = config.getVal('ftp.banner', default='FTP Ready.').encode('utf8')
self.port = config.getVal('ftp.port', default=21)
# find a place to check that logtype is initialised
# find a place to check that factory has service attached
self.logtype = logger.LOG_FTP_LOGIN_ATTEMPT
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('telnet.port', default=8023))
self.banner = config.getVal('telnet.banner', '').encode('utf8')
self.logtype = logger.LOG_TELNET_LOGIN_ATTEMPT
if self.banner:
self.banner += "\n"
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams['snmp.port'])
else:
self.port = int(config.getVal('snmp.port', default=161))
self.logtype = logger.LOG_SNMP_CMD
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config, logger)
if instanceParams:
self.port = int(instanceParams["vnc.port"])
else:
self.port = int(config.getVal("vnc.port", 5900))
self.logtype = logger.LOG_VNC
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal("mysql.port", default=3306))
self.banner = config.getVal("mysql.banner", default="5.5.43-0ubuntu0.14.04.1").encode()
self.logtype = logger.LOG_MYSQL_LOGIN_ATTEMPT
self.listen_addr = config.getVal('device.listen_addr', default='')
if re.search('^[3456]\.[-_~.+\w]+$', self.banner.decode()) is None:
raise ConfigException("sql.banner", "Invalid MySQL Banner")
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.banner = config.getVal('ftp.banner',
default='FTP Ready.').encode('utf8')
self.port = config.getVal('ftp.port', default=21)
# find a place to check that logtype is initialised
# find a place to check that factory has service attached
self.logtype = logger.LOG_FTP_LOGIN_ATTEMPT
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal('portscan.logfile',
default='/var/log/kern.log')
self.synrate = int(config.getVal('portscan.synrate', default=5))
self.listen_addr = config.getVal('device.listen_addr', default='')
self.listen_interface = config.getVal('device.listen_interface',
default='')
self.config = config
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.skin = config.getVal('http.skin', default='basicLogin')
self.skindir = os.path.join(
CanaryHTTP.resource_dir(), "skin", self.skin)
self.staticdir = os.path.join(self.skindir, "static")
self.port = int(config.getVal('http.port', default=80))
ubanner = config.getVal('http.banner', default="Apache/2.2.22 (Ubuntu)")
self.banner = ubanner.encode('utf8')
StaticNoDirListing.BANNER = self.banner
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.skin = config.getVal('http.skin', default='basicLogin')
self.skindir = os.path.join(
CanaryHTTP.resource_dir(), "skin", self.skin)
self.staticdir = os.path.join(self.skindir, "static")
self.port = int(config.getVal('http.port', default=80))
ubanner = config.getVal('http.banner', default="Apache/2.2.22 (Ubuntu)")
self.banner = ubanner.encode('utf8')
StaticNoDirListing.BANNER = self.banner
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams["ssh.port"])
self.version = instanceParams["ssh.version"].encode('utf8')
self.maskpassword = instanceParams.get('ssh.maskpassword', True)
else:
self.port = int(config.getVal("ssh.port", default=22))
self.version = config.getVal(
"ssh.version",
default="SSH-2.0-OpenSSH_5.1p1 Debian-5").encode('utf8')
self.maskpassword = config.getVal('ssh.maskpassword', True)
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams.get("mssql.port", 1433))
self.version = instanceParams.get("mssql.version", "2012")
self.maskpassword = instanceParams.get("mssql.maskpassword", True)
else:
self.port = int(config.getVal("mssql.port", default=1433))
self.version = config.getVal("mssql.version", default="2012")
self.maskpassword = config.getVal("mssql.maskpassword", True)
self.listen_addr = config.getVal('device.listen_addr', default='')
if self.version not in MSSQLProtocol.NMAP_PROBE_1_RESP:
raise ConfigException("mssql.version", "Invalid MSSQL Version")
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('httpproxy.port', default=8443))
self.banner = config.getVal('httpproxy.banner', '').encode('utf8')
self.skin = config.getVal('httpproxy.skin', default='squid')
self.skindir = os.path.join(HTTPProxy.resource_dir(), 'skin',
self.skin)
self.logtype = logger.LOG_HTTPPROXY_LOGIN_ATTEMPT
authfilename = os.path.join(self.skindir, 'auth.html')
try:
with open(authfilename, 'r') as f:
self.auth_template = Template(f.read())
except:
self.auth_template = Template("")
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.banner = instanceParams['ftp.banner'].encode('utf8')
self.port = instanceParams['ftp.port']
self.maskpassword = instanceParams.get('ftp.maskpassword', True)
else:
self.banner = config.getVal('ftp.banner',
default='FTP Ready.').encode('utf8')
self.port = config.getVal('ftp.port', default=21)
self.maskpassword = config.getVal('ftp.maskpassword', True)
# find a place to check that logtype is initialised
# find a place to check that factory has service attached
self.logtype = logger.LOG_FTP_LOGIN_ATTEMPT
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('httpproxy.port', default=8443))
self.banner = config.getVal('httpproxy.banner', '').encode('utf8')
self.skin = config.getVal('httpproxy.skin', default='squid')
self.skindir = os.path.join(
HTTPProxy.resource_dir(), 'skin', self.skin)
self.logtype = logger.LOG_HTTPPROXY_LOGIN_ATTEMPT
self.listen_addr = config.getVal('device.listen_addr', default='')
authfilename = os.path.join(self.skindir, 'auth.html')
try:
with open(authfilename, 'r') as f:
self.auth_template = Template(f.read())
except:
self.auth_template = Template("")
def __init__(self, config=None, logger=None):
ServerFactory.__init__(self, 16, None, None)
CanaryService.__init__(self, config, logger)
self.rssFile = self.resource_filename("login.rss")
reader = rss.createReader(self.rssFile)
self.rss = []
while True:
e = reader.nextEvent()
if e:
self.rss.append(e)
else:
break
self.port = config.getVal("rdp.port", 3389)
self.logtype = logger.LOG_RDP
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams.get('telnet.port', 23))
self.banner = instanceParams.get('telnet.banner',
'').encode('utf8')
self.maskpassword = instanceParams.get('telnet.maskpassword', True)
else:
self.port = int(config.getVal('telnet.port', default=8023))
self.banner = config.getVal('telnet.banner', '').encode('utf8')
self.maskpassword = config.getVal('telnet.maskpassword', True)
self.logtype = logger.LOG_TELNET_LOGIN_ATTEMPT
self.listen_addr = config.getVal('device.listen_addr', default='')
if self.banner:
self.banner += "\n"
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams['http.port'])
ubanner = instanceParams['http.banner']
self.banner = ubanner.encode('utf8')
self.skin = instanceParams['http.skin']
self.maskpassword = instanceParams.get('http.maskpassword', True)
else:
self.port = int(config.getVal('http.port', default=80))
ubanner = config.getVal('http.banner',
default="Apache/2.2.22 (Ubuntu)")
self.banner = ubanner.encode('utf8')
self.skin = config.getVal('http.skin', default='basicLogin')
self.maskpassword = config.getVal('http.maskpassword', True)
self.skindir = os.path.join(CanaryHTTP.resource_dir(), "skin",
self.skin)
self.staticdir = os.path.join(self.skindir, "static")
StaticNoDirListing.BANNER = self.banner
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None, instanceParams={}):
ServerFactory.__init__(self, 16, None, None)
CanaryService.__init__(self, config, logger)
if instanceParams:
self.port = instanceParams["rdp.port"]
self.maskpassword = instanceParams.get('rdp.maskpassword', True)
else:
self.port = config.getVal("rdp.port", 3389)
self.maskpassword = config.getVal('rdp.maskpassword', True)
self.rssFile = self.resource_filename("login.rss")
reader = rss.createReader(self.rssFile)
self.rss = []
while True:
e = reader.nextEvent()
if e:
self.rss.append(e)
else:
break
self.logtype = logger.LOG_RDP
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams["mysql.port"])
self.banner = instanceParams["mysql.banner"].encode()
self.maskpassword = instanceParams.get("mysql.maskpassword", True)
else:
self.port = int(config.getVal("mysql.port", default=3306))
self.banner = config.getVal(
"mysql.banner", default="5.5.43-0ubuntu0.14.04.1").encode()
self.maskpassword = config.getVal("mysql.maskpassword", True)
self.logtype = logger.LOG_MYSQL_LOGIN_ATTEMPT
self.listen_addr = config.getVal('device.listen_addr', default='')
if re.search('^[3456]\.[-_~.+\w]+$', self.banner) is None:
mysql_version = re.search('x0A([^\\\\]+)', self.banner)
if not self.banner:
self.banner = "5.5.43"
elif mysql_version:
self.banner = mysql_version.groups()[0]
else:
self.banner = "5.5.43"
def __init__(self, config=None, logger=None, instanceParams={}):
CanaryService.__init__(self, config=config, logger=logger)
if instanceParams:
self.port = int(instanceParams['generictcp.port'])
self.probes = instanceParams['generictcp.probes']
else:
self.port = int(config.getVal('generictcp.port', default=161))
self.probes = config.getVal('generictcp.probes', {})
self.blacklist = config.getVal('generictcp.blacklist', [139])
self.logtype = logger.LOG_GENERIC_TCP
self.listen_addr = config.getVal('device.listen_addr', default='')
if self.port in self.blacklist:
self.probes = {}
elif self.probes:
for probe, response in self.probes.items():
try:
self.probes[probe] = codecs.escape_decode(response)[0]
except (ValueError):
pass
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal('portscan.logfile',
default='/var/log/kern.log')
self.synrate = int(config.getVal('portscan.synrate', default=5))
self.nmaposrate = config.getVal('portscan.nmaposrate', default='5')
self.lorate = config.getVal('portscan.lorate', default='3')
self.listen_addr = config.getVal('device.listen_addr', default='')
self.config = config
try:
self.synrate = int(self.synrate)
except:
self.synrate = 5
try:
self.nmaposrate = int(self.nmaposrate)
except:
self.nmaposrate = 5
try:
self.lorate = int(self.lorate)
except:
self.lorate = 3
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal('arpwatch.logfile', default='/var/log/arpwatch.log')
self.config = config
def __init__(self,config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal('portscan.logfile', default='/var/log/kern.log')
self.synrate = config.getVal('portscan.synrate', default='5')
self.listen_addr = config.getVal('device.listen_addr', default='')
self.config = config
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal("portscan.logfile", default="/var/log/kern.log")
self.synrate = config.getVal("portscan.synrate", default="5")
self.config = config
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('ntp.port', default=123))
self.logtype = logger.LOG_NTP_MONLIST
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal("portscan.logfile", default="/var/log/kern.log")
self.synrate = int(config.getVal("portscan.synrate", default=5))
self.listen_addr = config.getVal("device.listen_addr", default="")
self.config = config
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('snmp.port', default=161))
self.logtype = logger.LOG_SNMP_CMD
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal('smb.auditfile',
default='/var/log/samba-audit.log')
self.config = config
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('sip.port', default=5060))
self.logtype=self.logger.LOG_SIP_REQUEST
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self,config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.audit_file = config.getVal('smb.auditfile', default='/var/log/samba-audit.log')
self.sharepath = config.getVal('smb.sharepath', default='/briar/smb/openshare')
self.config = config
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config, logger)
self.port = 8007
self.logtype = logger.LOG_BASE_EXAMPLE
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('tftp.port', default=69))
self.logtype=self.logger.LOG_TFTP
def __init__(self,config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal("ssh.port", default=22))
self.version = config.getVal("ssh.version", default="SSH-2.0-OpenSSH_5.1p1 Debian-5").encode('utf8')
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
self.port = int(config.getVal('snmp.port', default=161))
self.logtype = logger.LOG_SNMP_CMD
self.listen_addr = config.getVal('device.listen_addr', default='')
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config, logger)
self.port = config.getVal("example1.port", 8025)
self.logtype = logger.LOG_BASE_EXAMPLE
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config, logger)
self.port = config.getVal("vnc.port", 5900)
self.logtype = logger.LOG_VNC
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config, logger)
self.port = config.getVal("vnc.port", 5900)
self.logtype = logger.LOG_VNC
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config, logger)
self.port = config.getVal("example1.port", 8025)
self.logtype = logger.LOG_BASE_EXAMPLE
