def connection_made(self, end_ip, end_port, honey_ip, honey_port, sensor_name): plugin_list = plugins.get_plugin_list(plugin_type='output') self.loaded_plugins = plugins.import_plugins(plugin_list) dt = self.get_date_time() self.sensor_name = sensor_name self.honey_ip = honey_ip self.honey_port = str(honey_port) self.end_ip = end_ip self.end_port = str(end_port) self.session_id = uuid.uuid4().hex self.logLocation = self.cfg.get(['folders', 'session_path']) + "/" + self.sensor_name + "/" + end_ip + "/" self.downloadFolder = self.logLocation + 'downloads/' for plugin in self.loaded_plugins: plugin_name = plugins.get_plugin_name(plugin) for plugin_server in self.plugin_servers: if plugin_server['name'] == plugin_name: plugins.run_plugins_function([plugin], 'set_server', False, plugin_server['server']) break country = self.cname(self.end_ip) if not country: country = '' session = self.connections.add_session(self.sensor_name, self.end_ip, self.end_port, dt, self.honey_ip, self.honey_port, self.session_id, self.logLocation, country) plugins.run_plugins_function(self.loaded_plugins, 'connection_made', True, session)
def __init__(self): self.ourVersionString = self.cfg.get('honeypot', 'ssh_banner') if self.ourVersionString == '': log.msg(log.LPURPLE, '[SERVER]', 'Acquiring SSH Version String from honey_ip:honey_port') clientFactory = client.HonsshSlimClientFactory() clientFactory.server = self reactor.connectTCP( self.cfg.get('honeypot-static', 'honey_ip'), int(self.cfg.get('honeypot-static', 'honey_port')), clientFactory) else: log.msg( log.LPURPLE, '[SERVER]', 'Using ssh_banner for SSH Version String: ' + self.ourVersionString) plugin_list = plugins.get_plugin_list(type='output') loaded_plugins = plugins.import_plugins(plugin_list, self.cfg) for plugin in loaded_plugins: plugin_server = plugins.run_plugins_function([plugin], 'start_server', False) plugin_name = plugins.get_plugin_name(plugin) self.plugin_servers.append({ 'name': plugin_name, 'server': plugin_server }) if self.ourVersionString != '': log.msg(log.LGREEN, '[HONSSH]', 'HonSSH Boot Sequence Complete - Ready for attacks!')
def connectionMade(self, end_ip, end_port, honey_ip, honey_port, sensor_name): plugin_list = plugins.get_plugin_list(type='output') self.loaded_plugins = plugins.import_plugins(plugin_list, self.cfg) dt = self.getDateTime() self.sensor_name = sensor_name self.honey_ip = honey_ip self.honey_port = str(honey_port) self.end_ip = end_ip self.end_port = str(end_port) self.session_id = uuid.uuid4().hex self.logLocation = self.cfg.get('folders', 'session_path') + "/" + self.sensor_name + "/"+ end_ip + "/" self.downloadFolder = self.logLocation + 'downloads/' for plugin in self.loaded_plugins: plugin_name = plugins.get_plugin_name(plugin) for plugin_server in self.plugin_servers: if plugin_server['name'] == plugin_name: plugins.run_plugins_function([plugin], 'set_server', False, plugin_server['server']) break country = self.cname(self.end_ip) if not country: country = '' session = self.connections.add_session(self.sensor_name, self.end_ip, self.end_port, dt, self.honey_ip, self.honey_port, self.session_id, self.logLocation, country) plugins.run_plugins_function(self.loaded_plugins, 'connection_made', True, session)
def __init__(self): self.cfg = Config.getInstance() self.otherVersionString = '' self.connections = connections.Connections() self.plugin_servers = [] self.ourVersionString = self.cfg.get(['honeypot', 'ssh_banner']) if len(self.ourVersionString) > 0: log.msg(log.LPURPLE, '[SERVER]', 'Using ssh_banner for SSH Version String: ' + self.ourVersionString) else: if self.cfg.getboolean(['honeypot-static', 'enabled']): log.msg(log.LPURPLE, '[SERVER]', 'Acquiring SSH Version String from honey_ip:honey_port') client_factory = client.HonsshSlimClientFactory() client_factory.server = self reactor.connectTCP(self.cfg.get(['honeypot-static', 'honey_ip']), int(self.cfg.get(['honeypot-static', 'honey_port'])), client_factory) elif self.cfg.getboolean(['honeypot-docker', 'enabled']): log.msg(log.LRED, '[SERVER][ERR]', 'You need to configure the ssh_banner for docker manually!') plugin_list = plugins.get_plugin_list() loaded_plugins = plugins.import_plugins(plugin_list) for plugin in loaded_plugins: plugin_server = plugins.run_plugins_function([plugin], 'start_server', False) plugin_name = plugins.get_plugin_name(plugin) self.plugin_servers.append({'name': plugin_name, 'server': plugin_server}) if self.ourVersionString != '': log.msg(log.LGREEN, '[HONSSH]', 'HonSSH Boot Sequence Complete - Ready for attacks!')
def config(): plugin_list = plugins.get_plugin_list() cfg_files = plugins.get_plugin_cfg_files(plugin_list) cfg = ConfigParser.ConfigParser() cfg_files.append('honssh.cfg') cfg.read(cfg_files) return cfg
def get_conn_details(self): plugin_list = plugins.get_plugin_list(type='honeypot') self.auth_plugin = plugins.import_auth_plugins(self.name, plugin_list, self.cfg) if self.auth_plugin == None: log.msg(log.LRED, '[' + self.name + ']', 'NO PLUGIN ENABLED FOR ' + self.name) return {'success':False} else: return plugins.run_plugins_function(self.auth_plugin, 'get_' + self.name.lower() + '_details', False, self.conn_details)
def validate_config(self): plugin_list = plugins.get_plugin_list() loaded_plugins = plugins.import_plugins(plugin_list) # TODO: Is this right? valid = plugins.run_plugins_function(loaded_plugins, 'validate_config', False) # Check prop exists and is an IP address props = [['honeypot', 'ssh_addr'], ['honeypot', 'client_addr']] for prop in props: if not self.check_exist(prop, validation.check_valid_ip): valid = False # Check prop exists and is a port number props = [['honeypot', 'ssh_port']] for prop in props: if not self.check_exist(prop, validation.check_valid_port): valid = False # Check prop exists props = [['honeypot', 'public_key'], ['honeypot', 'private_key'], ['honeypot', 'public_key_dsa'], ['honeypot', 'private_key_dsa'], ['folders', 'log_path'], ['folders', 'session_path']] for prop in props: if not self.check_exist(prop): valid = False # Check prop exists and is true/false props = [['advNet', 'enabled'], ['interact', 'enabled'], ['spoof', 'enabled'], ['download', 'passive'], ['download', 'active'], ['hp-restrict', 'disable_publicKey'], ['hp-restrict', 'disable_x11'], ['hp-restrict', 'disable_sftp'], ['hp-restrict', 'disable_exec'], ['hp-restrict', 'disable_port_forwarding'], ['packet_logging', 'enabled']] for prop in props: if not self.check_exist(prop, validation.check_valid_boolean): valid = False # If interact is enabled check it's config if self.getboolean(['interact', 'enabled']): prop = ['interact', 'interface'] if not self.check_exist(prop, validation.check_valid_ip): valid = False prop = ['interact', 'port'] if not self.check_exist(prop, validation.check_valid_port): valid = False # If spoof is enabled check it's config if self.getboolean(['spoof', 'enabled']): prop = ['spoof', 'users_conf'] if not self.check_exist(prop): valid = False return valid
def validateConfig(cfg): validConfig = True plugin_list = plugins.get_plugin_list() loaded_plugins = plugins.import_plugins(plugin_list, cfg) #TODO: Is this right? validConfig = plugins.run_plugins_function(loaded_plugins, 'validate_config', False) #Check prop exists and is an IP address props = [['honeypot', 'ssh_addr'], ['honeypot', 'client_addr']] for prop in props: if not checkExist(cfg, prop) or not checkValidIP(cfg, prop): validConfig = False #Check prop exists and is a port number props = [['honeypot', 'ssh_port']] for prop in props: if not checkExist(cfg, prop) or not checkValidPort(cfg, prop): validConfig = False #Check prop exists props = [['honeypot', 'public_key'], ['honeypot', 'private_key'], ['honeypot', 'public_key_dsa'], ['honeypot', 'private_key_dsa'], ['folders', 'log_path'], ['folders', 'session_path']] for prop in props: if not checkExist(cfg, prop): validConfig = False #Check prop exists and is true/false props = [['advNet', 'enabled'], ['interact', 'enabled'], ['spoof', 'enabled'], ['download', 'passive'], ['download', 'active'], ['hp-restrict', 'disable_publicKey'], ['hp-restrict', 'disable_x11'], ['hp-restrict', 'disable_sftp'], ['hp-restrict', 'disable_exec'], ['hp-restrict', 'disable_port_forwarding'], ['packet_logging', 'enabled']] for prop in props: if not checkExist(cfg, prop) or not checkValidBool(cfg, prop): validConfig = False #If interact is enabled check it's config if cfg.get('interact', 'enabled') == 'true': prop = ['interact', 'interface'] if not checkExist(cfg, prop) or not checkValidIP(cfg, prop): validConfig = False prop = ['interact', 'port'] if not checkExist(cfg, prop) or not checkValidPort(cfg, prop): validConfig = False #If spoof is enabled check it's config if cfg.get('spoof', 'enabled') == 'true': prop = ['spoof', 'users_conf'] if not checkExist(cfg, prop): validConfig = False return validConfig
def get_conn_details(self): plugin_list = plugins.get_plugin_list(type='honeypot') self.auth_plugin = plugins.import_auth_plugins(self.name, plugin_list, self.cfg) if self.auth_plugin == None: log.msg(log.LRED, '[' + self.name + ']', 'NO PLUGIN ENABLED FOR ' + self.name) return {'success': False} else: return plugins.run_plugins_function( self.auth_plugin, 'get_' + self.name.lower() + '_details', False, self.conn_details)
def connectionMade(self): if self.wasConnected: print("FAIL") return self.out = output_handler.Output(self.factory) self.net = networking.Networking() self.sshParse = ssh.SSH(self, self.out) self.peer_ip = self.transport.getPeer().host self.peer_port = self.transport.getPeer().port + 1 self.local_ip = self.transport.getHost().host self.local_port = self.transport.getHost().port self.pre_auth = pre_auth_handler.PreAuth(self) self.post_auth = post_auth_handler.PostAuth(self) self.wasConnected = True # Get auth plugins plugin_list = plugins.get_plugin_list(plugin_type='honeypot') pre_auth_plugin = plugins.import_auth_plugin(self.pre_auth.name, plugin_list) post_auth_plugin = plugins.import_auth_plugin(self.post_auth.name, plugin_list) # Check pre auth plugin is set if pre_auth_plugin is None: log.msg(log.LRED, '[SERVER]', 'NO AUTH PLUGIN ENABLED FOR ' + self.pre_auth.name) else: self.pre_auth.auth_plugin = pre_auth_plugin # Check post auth plugin is set if post_auth_plugin is None: log.msg(log.LRED, '[SERVER]', 'NO AUTH PLUGIN ENABLED FOR ' + self.post_auth.name) else: self.post_auth.auth_plugin = post_auth_plugin # Check for same auth plugin if post_auth_plugin.__class__ is pre_auth_plugin.__class__: # Share auth plugin instance self.post_auth.auth_plugin = self.pre_auth.auth_plugin # Execute pre auth self.pre_auth.start() honsshServer.HonsshServer.connectionMade(self)
def __init__(self): stack = inspect.stack() if 'cls' in stack[1][ 0].f_locals and stack[1][0].f_locals['cls'] is self.__class__: ConfigParser.ConfigParser.__init__(self) plugin_list = plugins.get_plugin_list() cfg_files = plugins.get_plugin_cfg_files(plugin_list) cfg_files.append('honssh.cfg') self.read(cfg_files) else: raise Exception( 'This class cannot be instantiated from outside. Please use \'getInstance()\'' )
def validateConfig(cfg): validConfig = True plugin_list = plugins.get_plugin_list() loaded_plugins = plugins.import_plugins(plugin_list, cfg) #TODO: Is this right? validConfig = plugins.run_plugins_function(loaded_plugins, 'validate_config', False) #Check prop exists and is an IP address props = [['honeypot','ssh_addr'], ['honeypot','client_addr']] for prop in props: if not checkExist(cfg,prop) or not checkValidIP(cfg,prop): validConfig = False #Check prop exists and is a port number props = [['honeypot','ssh_port']] for prop in props: if not checkExist(cfg,prop) or not checkValidPort(cfg,prop): validConfig = False #Check prop exists props = [['honeypot','public_key'], ['honeypot','private_key'], ['honeypot','public_key_dsa'], ['honeypot','private_key_dsa'], ['folders','log_path'], ['folders','session_path']] for prop in props: if not checkExist(cfg,prop): validConfig = False #Check prop exists and is true/false props = [['advNet','enabled'], ['interact','enabled'], ['spoof','enabled'], ['download','passive'], ['download','active'], ['hp-restrict', 'disable_publicKey'], ['hp-restrict', 'disable_x11'], ['hp-restrict', 'disable_sftp'], ['hp-restrict', 'disable_exec'], ['hp-restrict', 'disable_port_forwarding'], ['packet_logging', 'enabled']] for prop in props: if not checkExist(cfg,prop) or not checkValidBool(cfg, prop): validConfig = False #If interact is enabled check it's config if cfg.get('interact','enabled') == 'true': prop = ['interact','interface'] if not checkExist(cfg,prop) or not checkValidIP(cfg,prop): validConfig = False prop = ['interact','port'] if not checkExist(cfg,prop) or not checkValidPort(cfg,prop): validConfig = False #If spoof is enabled check it's config if cfg.get('spoof','enabled') == 'true': prop = ['spoof','users_conf'] if not checkExist(cfg,prop): validConfig = False return validConfig
def __init__(self): self.ourVersionString = self.cfg.get('honeypot', 'ssh_banner') if self.ourVersionString == '': log.msg(log.LPURPLE, '[SERVER]', 'Acquiring SSH Version String from honey_ip:honey_port') clientFactory = client.HonsshSlimClientFactory() clientFactory.server = self reactor.connectTCP(self.cfg.get('honeypot-static', 'honey_ip'), int(self.cfg.get('honeypot-static', 'honey_port')), clientFactory) else: log.msg(log.LPURPLE, '[SERVER]', 'Using ssh_banner for SSH Version String: ' + self.ourVersionString) plugin_list = plugins.get_plugin_list(type='output') loaded_plugins = plugins.import_plugins(plugin_list, self.cfg) for plugin in loaded_plugins: plugin_server = plugins.run_plugins_function([plugin], 'start_server', False) plugin_name = plugins.get_plugin_name(plugin) self.plugin_servers.append({'name':plugin_name, 'server':plugin_server}) if self.ourVersionString != '': log.msg(log.LGREEN, '[HONSSH]', 'HonSSH Boot Sequence Complete - Ready for attacks!')