def send_config_request(request): global config_actor_socket request_lock.acquire() try: return send_zmq_request_socket(config_actor_socket, request) finally: request_lock.release()
def send_config_request(request): global config_actor_socket request_lock.acquire() try: return send_zmq_request_socket(config_actor_socket, request) finally: request_lock.release()
def test_matching_quick_succession(self): """ Tests that attack sessions coming in quick succession are classified correctly. This test relates to issue #218 """ honeypot_id = 1 honeypot = Honeypot(id=honeypot_id) db_session = database_setup.get_session() db_session.add(honeypot) db_session.commit() drone_data_socket = beeswarm.shared.zmq_context.socket(zmq.PUB) drone_data_socket.bind(SocketNames.DRONE_DATA.value) # startup session database database_actor = DatabaseActor(999, delay_seconds=2) database_actor.start() gevent.sleep(1) for x in xrange(0, 100): honeypot_session = HoneypotSession(source_ip='192.168.100.22', source_port=52311, protocol='pop3', users={}, destination_port=110) honeypot_session.add_auth_attempt('plaintext', True, username='******', password='******') honeypot_session.honeypot_id = honeypot_id drone_data_socket.send('{0} {1} {2}'.format( Messages.SESSION_HONEYPOT.value, honeypot_id, json.dumps(honeypot_session.to_dict(), default=json_default, ensure_ascii=False))) gevent.sleep(1) database_actor_request_socket = beeswarm.shared.zmq_context.socket( zmq.REQ) database_actor_request_socket.connect( SocketNames.DATABASE_REQUESTS.value) sessions = send_zmq_request_socket( database_actor_request_socket, '{0}'.format(Messages.GET_SESSIONS_ALL.value)) for session in sessions: self.assertEqual(session['classification'], 'Bruteforce') self.assertEqual(len(sessions), 100)
def test_matching_quick_succession(self): """ Tests that attack sessions coming in quick succession are classified correctly. This test relates to issue #218 """ honeypot_id = 1 honeypot = Honeypot(id=honeypot_id) db_session = database_setup.get_session() db_session.add(honeypot) db_session.commit() drone_data_socket = beeswarm.shared.zmq_context.socket(zmq.PUB) drone_data_socket.bind(SocketNames.DRONE_DATA.value) # startup session database database_actor = DatabaseActor(999, delay_seconds=2) database_actor.start() gevent.sleep(1) for x in xrange(0, 100): honeypot_session = HoneypotSession(source_ip='192.168.100.22', source_port=52311, protocol='pop3', users={}, destination_port=110) honeypot_session.add_auth_attempt('plaintext', True, username='******', password='******') honeypot_session.honeypot_id = honeypot_id drone_data_socket.send('{0} {1} {2}'.format(Messages.SESSION_HONEYPOT.value, honeypot_id, json.dumps(honeypot_session.to_dict(), default=json_default, ensure_ascii=False))) gevent.sleep(1) database_actor_request_socket = beeswarm.shared.zmq_context.socket(zmq.REQ) database_actor_request_socket.connect(SocketNames.DATABASE_REQUESTS.value) sessions = send_zmq_request_socket(database_actor_request_socket, '{0}'.format(Messages.GET_SESSIONS_ALL.value)) for session in sessions: self.assertEqual(session['classification'], 'Bruteforce') self.assertEqual(len(sessions), 100)
def send_config_request(self, request): return send_zmq_request_socket(self.config_actor_socket, request)
def send_config_request(self, request): return send_zmq_request_socket(self.config_actor_socket, request)
def bootstrap(server_workdir, drone_workdir): """Bootstraps localhost configurations for a Beeswarm server and a honeypot. :param server_workdir: Output directory for the server configuration file. :param drone_workdir: Output directory for the drone configuration file. """ root_logger = logging.getLogger() root_logger.setLevel(logging.DEBUG) formatter = logging.Formatter('%(asctime)-15s (%(name)s) %(message)s') console_log = logging.StreamHandler() console_log.setLevel(logging.INFO) console_log.setFormatter(formatter) root_logger.addHandler(console_log) server_workdir_absolute = os.path.abspath(server_workdir) old_cwd = os.getcwd() os.chdir(server_workdir) server = Server(server_workdir_absolute, None, start_webui=False, customize=False, reset_password=False, max_sessions=0, server_hostname='127.0.0.1') logger.info('Server config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json'))) gevent.spawn(server.start, False) # waiting game to ensure actors has started. gevent.sleep(2) os.chdir(old_cwd) # setting up socket to communicate with ZMQ actor. context = beeswarm.shared.zmq_context config_actor_socket = context.socket(zmq.REQ) config_actor_socket.connect(SocketNames.CONFIG_COMMANDS) db_session = database_setup.get_session() drone = Honeypot() protocol_config = ( ('ftp', 21, { 'max_attempts': 3, 'banner': 'Microsoft FTP Server', 'syst_type': 'Windows-NT' }), ('telnet', 23, { 'max_attempts': 3 }), ('pop3', 110, { 'max_attempts': 3 }), ('pop3s', 993, { 'max_attempts': 3 }), ('ssh', 22, {}), ('http', 80, { 'banner': 'Microsoft-IIS/5.0' }), ('https', 443, { 'banner': 'Microsoft-IIS/5.0' }), ('smtp', 25, { 'banner': 'Microsoft ESMTP MAIL service ready' }), ('vnc', 5900, {}) ) for protocol, port, protocol_specific_data in protocol_config: drone.add_capability(protocol, port, protocol_specific_data) drone.cert_common_name = '*' drone.cert_country = 'US' drone.cert_state = 'None' drone.cert_locality = 'None' drone.cert_organization = 'None' drone.cert_organization_unit = '' db_session.add(drone) db_session.commit() drone_config = send_zmq_request_socket(config_actor_socket, '{0} {1}'.format(Messages.DRONE_CONFIG, drone.id)) with open(os.path.join(drone_workdir, 'beeswarmcfg.json'), 'w') as drone_config_file: drone_config_file.write(json.dumps(drone_config, indent=4)) logger.info('Drone config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json'))) server.stop()
def bootstrap(server_workdir, drone_workdir): """Bootstraps localhost configurations for a Beeswarm server and a honeypot. :param server_workdir: Output directory for the server configuration file. :param drone_workdir: Output directory for the drone configuration file. """ root_logger = logging.getLogger() root_logger.setLevel(logging.DEBUG) formatter = logging.Formatter('%(asctime)-15s (%(name)s) %(message)s') console_log = logging.StreamHandler() console_log.setLevel(logging.INFO) console_log.setFormatter(formatter) root_logger.addHandler(console_log) server_workdir_absolute = os.path.abspath(server_workdir) old_cwd = os.getcwd() os.chdir(server_workdir) server = Server(server_workdir_absolute, None, start_webui=False, customize=False, reset_password=False, max_sessions=0, server_hostname='127.0.0.1') logger.info('Server config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json'))) gevent.spawn(server.start, False) # waiting game to ensure actors has started. gevent.sleep(2) os.chdir(old_cwd) # setting up socket to communicate with ZMQ actor. context = beeswarm.shared.zmq_context database_actor = context.socket(zmq.REQ) database_actor.connect(SocketNames.DATABASE_REQUESTS.value) db_session = database_setup.get_session() drone = Honeypot() protocol_config = ( ('ftp', 21, { 'max_attempts': 3, 'banner': 'Microsoft FTP Server', 'syst_type': 'Windows-NT' }), ('telnet', 23, { 'max_attempts': 3 }), ('pop3', 110, { 'max_attempts': 3 }), ('pop3s', 993, { 'max_attempts': 3 }), ('ssh', 22, {}), ('http', 80, { 'banner': 'Microsoft-IIS/5.0' }), ('https', 443, { 'banner': 'Microsoft-IIS/5.0' }), ('smtp', 25, { 'banner': 'Microsoft ESMTP MAIL service ready' }), ('vnc', 5900, {}) ) for protocol, port, protocol_specific_data in protocol_config: drone.add_capability(protocol, port, protocol_specific_data) drone.cert_common_name = '*' drone.cert_country = 'US' drone.cert_state = 'None' drone.cert_locality = 'None' drone.cert_organization = 'None' drone.cert_organization_unit = '' db_session.add(drone) db_session.commit() drone_config = send_zmq_request_socket(database_actor, '{0} {1}'.format(Messages.DRONE_CONFIG.value, drone.id)) with open(os.path.join(drone_workdir, 'beeswarmcfg.json'), 'w') as drone_config_file: drone_config_file.write(json.dumps(drone_config, indent=4)) logger.info('Drone config has been written to {0}'.format(os.path.join(server_workdir, 'beeswarmcfg.json'))) server.stop()