def all_module_names(): """ Get the list of modules --- responses: '200': description: Ok examples: application/json: [ "ftp/strong_password", "ftp/weak_password", "http/basic_auth_strong_password", "http/basic_auth_weak_password", "ics/veeder_root_guardian_ast", "smtp/strong_password", "ssh/strong_password", "ssh/weak_password" ] '500': description: Internal Server Error examples: application/json: { "msg": "file/path not found!", "status": "error" } """ try: return jsonify(load_all_modules()), 200 except Exception: abort(500)
def argv_parser(): """ parse ARGVs using argparse Returns: parser, parsed ARGVs """ # create parser parser = argparse.ArgumentParser(prog="OWASP Honeypot", add_help=False) # create menu engineOpt = parser.add_argument_group(messages("en", "engine"), messages("en", "engine_input")) # add select module options + list of available modules engineOpt.add_argument("-m", "--select-module", action="store", dest="selected_modules", default=user_configuration()["default_selected_modules"], help=messages("en", "select_module").format(load_all_modules() + ["all"])) # by default all modules are selected, in case users can exclude one or some (separated with comma) engineOpt.add_argument("-x", "--exclude-module", action="store", dest="excluded_modules", default=user_configuration()["default_excluded_modules"], help=messages("en", "exclude_module").format(load_all_modules())) # limit the virtual machine storage to avoid related abuse engineOpt.add_argument("-s", "--vm-storage-limit", action="store", dest="virtual_machine_storage_limit", type=float, default=docker_configuration()["virtual_machine_storage_limit"], help=messages("en", "vm_storage_limit")) # reset the containers once in a time to prevent being continues botnet zombie engineOpt.add_argument("-r", "--vm-reset-factory-time", action="store", dest="virtual_machine_container_reset_factory_time_seconds", type=int, default=docker_configuration()["virtual_machine_container_reset_factory_time_seconds"], help=messages("en", "vm_reset_factory_time")) # start api engineOpt.add_argument("--start-api-server", action="store_true", dest="start_api_server", default=False, help="start API server") # enable verbose mode (debug mode) engineOpt.add_argument("--verbose", action="store_true", dest="verbose_mode", default=False, help="enable verbose mode") # disable color CLI engineOpt.add_argument("--disable-colors", action="store_true", dest="disable_colors", default=False, help="disable colors in CLI") # test CI/ETC engineOpt.add_argument("--test", action="store_true", dest="run_as_test", default=False, help="run a test and exit") # help menu engineOpt.add_argument("-h", "--help", action="store_true", default=False, dest="show_help_menu", help=messages("en", "show_help_menu")) return parser, parser.parse_args()
def all_module_names(): """ Get the list of modules Returns: JSON/List of the modules """ try: return jsonify(load_all_modules()), 200 except Exception: abort(500)
def all_module_names(): """ Get top passwords used according to module Returns: JSON/Dict of top passwords used """ module_names = load_all_modules() try: return jsonify({"module_names": module_names}), 200 except Exception as _: return flask_null_array_response()
def test_virtual_machine_container_names(self): modules_list = load_all_modules() config = honeypot_configuration_builder(modules_list) container_names = virtual_machine_names_to_container_names(config) # list of all modules available all_modules = [ 'ohp_ftpserver_weak_password', 'ohp_ftpserver_strong_password', 'ohp_icsserver_veeder_root_guardian_ast', 'ohp_sshserver_weak_password', 'ohp_sshserver_strong_password', 'ohp_httpserver_basic_auth_strong_password', 'ohp_httpserver_basic_auth_weak_password' ] self.assertCountEqual(container_names, all_modules)
def test_all_module_names(self): """ Test module-names endpoint """ module_names = load_all_modules() response = requests.get(API_URL + "/api/core/list/modules") self.assertCountEqual(module_names, response.json()) module_names = [ 'ics/veeder_root_guardian_ast', 'http/basic_auth_strong_password', 'http/basic_auth_weak_password', 'ftp/strong_password', 'ftp/weak_password', 'ssh/strong_password', 'ssh/weak_password', 'smtp/strong_password' ] self.assertCountEqual(module_names, response.json())
def load_honeypot_engine(): """ load OHP Engine Returns: True """ # print logo logo() # parse argv parser, argv_options = argv_parser() ######################################### # argv rules apply ######################################### # check help menu if argv_options.show_help_menu: parser.print_help() exit_success() # check for requirements before start check_for_requirements(argv_options.start_api_server) # check api server flag if argv_options.start_api_server: start_api_server() exit_success() # check selected modules if argv_options.selected_modules: selected_modules = list(set(argv_options.selected_modules.rsplit(","))) if "all" in selected_modules: selected_modules = load_all_modules() if "" in selected_modules: selected_modules.remove("") # if selected modules are zero if not len(selected_modules): exit_failure(messages("en", "zero_module_selected")) # if module not found for module in selected_modules: if module not in load_all_modules(): exit_failure(messages("en", "module_not_found").format(module)) # check excluded modules if argv_options.excluded_modules: excluded_modules = list(set(argv_options.excluded_modules.rsplit(","))) if "all" in excluded_modules: exit_failure("you cannot exclude all modules") if "" in excluded_modules: excluded_modules.remove("") # remove excluded modules for module in excluded_modules: if module not in load_all_modules(): exit_failure(messages("en", "module_not_found").format(module)) # ignore if module not selected, it will remove anyway try: selected_modules.remove(module) except Exception as _: del _ # if selected modules are zero if not len(selected_modules): exit_failure(messages("en", "zero_module_selected")) virtual_machine_container_reset_factory_time_seconds = argv_options. \ virtual_machine_container_reset_factory_time_seconds run_as_test = argv_options.run_as_test ######################################### # argv rules apply ######################################### # build configuration based on selected modules configuration = honeypot_configuration_builder(selected_modules) info(messages("en", "honeypot_started")) info(messages("en", "loading_modules").format(", ".join(selected_modules))) # check for conflict in real machine ports and pick new ports info("checking for conflicts in ports") configuration = conflict_ports(configuration) # stop old containers (in case they are not stopped) stop_containers(configuration) # remove old containers (in case they are not updated) remove_old_containers(configuration) # remove old images (in case they are not updated) remove_old_images(configuration) # create new images based on selected modules create_new_images(configuration) # create OWASP Honeypot networks in case not exist create_ohp_networks() # start containers based on selected modules configuration = start_containers(configuration) # start network monitoring thread new_network_events_thread = Thread(target=new_network_events, args=(configuration, ), name="new_network_events_thread") new_network_events_thread.start() info("all selected modules started: {0}".format( ", ".join(selected_modules))) bulk_events_thread = Thread(target=insert_bulk_events_from_thread, args=(), name="insert_events_in_bulk_thread") bulk_events_thread.start() # run module processors run_modules_processors(configuration) # check if it's not a test if not run_as_test: # wait forever! in case user can send ctrl + c to interrupt wait_until_interrupt( virtual_machine_container_reset_factory_time_seconds, configuration, new_network_events_thread) # kill the network events thread terminate_thread(new_network_events_thread) terminate_thread(bulk_events_thread) insert_events_in_bulk( ) # if in case any events that were not inserted from thread # stop created containers stop_containers(configuration) # stop module processor stop_modules_processors(configuration) # remove created containers remove_old_containers(configuration) # remove created images remove_old_images(configuration) # remove_tmp_directories() error: access denied! # kill all missed threads for thread in threading.enumerate()[1:]: terminate_thread(thread, False) info("finished.") # reset cmd/terminal color finish() return True
def load_honeypot_engine(): """ load OHP Engine Returns: True """ # print logo logo() # parse argv parser, argv_options = argv_parser() # check the language if argv_options.language: update_language(argv_options) ######################################### # argv rules apply ######################################### # check help menu if argv_options.show_help_menu: parser.print_help() exit_success() # check for requirements before start check_for_requirements(argv_options.start_api_server) # create indices before server start create_indices() # check api server flag if argv_options.start_api_server: start_api_server() exit_success() # Check if the script is running with sudo if not os.geteuid() == 0: exit_failure(messages['script_must_run_as_root']) # Check timeout value if provided if argv_options.timeout_value < 1: exit_failure(messages["timeout_error"]) # check selected modules if argv_options.selected_modules: selected_modules = list(set(argv_options.selected_modules.rsplit(","))) if "all" in selected_modules: selected_modules = load_all_modules() if "" in selected_modules: selected_modules.remove("") # if selected modules are zero if not len(selected_modules): exit_failure(messages["no_module_selected_error"]) # if module not found for module in selected_modules: if module not in load_all_modules(): exit_failure("module {0} not found!".format(module)) # check excluded modules if argv_options.excluded_modules: excluded_modules = list(set(argv_options.excluded_modules.rsplit(","))) if "all" in excluded_modules: exit_failure(messages["all_modules_excluded_error"]) if "" in excluded_modules: excluded_modules.remove("") # remove excluded modules for module in excluded_modules: if module not in load_all_modules(): exit_failure("module {0} not found!".format(module)) # ignore if module not selected, it will remove anyway try: selected_modules.remove(module) except Exception: pass # if selected modules are zero if not len(selected_modules): exit_failure(messages["no_module_selected_error"]) virtual_machine_container_reset_factory_time_seconds = argv_options. \ virtual_machine_container_reset_factory_time_seconds run_as_test = argv_options.run_as_test ######################################### # argv rules apply ######################################### # build configuration based on selected modules configuration = honeypot_configuration_builder(selected_modules) # Set network configuration network_config = set_network_configuration(argv_options) info(messages["start_message"]) info(messages["loading_modules"].format(", ".join(selected_modules))) # check for conflict in real machine ports and pick new ports info(messages["check_for_port_conflicts"]) configuration = conflict_ports(configuration) # stop old containers (in case they are not stopped) stop_containers(configuration) # remove old containers (in case they are not updated) remove_old_containers(configuration) # remove old images (in case they are not updated) remove_old_images(configuration) # create new images based on selected modules create_new_images(configuration) # create OWASP Honeypot networks in case not exist create_ohp_networks() # start containers based on selected modules configuration = start_containers(configuration) # network capture process mp.set_start_method('spawn') # Event queues honeypot_events_queue = mp.Queue() network_events_queue = mp.Queue() # start a new process for network capture network_traffic_capture_process = mp.Process( target=network_traffic_capture, args=( configuration, honeypot_events_queue, network_events_queue, network_config, ), name="network_traffic_capture_process") network_traffic_capture_process.start() info(messages["selected_modules_started"].format( ", ".join(selected_modules))) # start a thread to push events to database regularly bulk_events_thread = Thread(target=push_events_to_database_from_thread, args=( honeypot_events_queue, network_events_queue, ), name="insert_events_in_bulk_thread") bulk_events_thread.start() # run module processors run_modules_processors(configuration) # wait forever! in case user can send ctrl + c to interrupt exit_flag = wait_until_interrupt( virtual_machine_container_reset_factory_time_seconds, configuration, network_traffic_capture_process, run_as_test) # killed the network traffic capture process by ctrl + c... waiting to end. info(messages["killing_capture_process"]) if run_as_test: network_traffic_capture_process.terminate() # without ci it will be terminate after a few seconds, it needs to kill the tshark and update pcap file collection network_traffic_capture_process.join() # if in case any events that were not inserted from thread push_events_queues_to_database(honeypot_events_queue, network_events_queue) # Kill bulk events thread terminate_thread(bulk_events_thread) # stop created containers stop_containers(configuration) # stop module processor stop_modules_processors(configuration) # remove created containers remove_old_containers(configuration) # remove created images remove_old_images(configuration) # remove_tmp_directories() error: access denied! # kill all missed threads for thread in threading.enumerate()[1:]: terminate_thread(thread, False) info(messages["finished"]) # reset cmd/terminal color reset_cmd_color() return exit_flag
def argv_parser(): """ parse ARGVs using argparse Returns: parser, parsed ARGVs """ # create parser parser = argparse.ArgumentParser(prog="OWASP Honeypot", add_help=False) # create menu docker_config = docker_configuration() user_config = user_configuration() engineOpt = parser.add_argument_group("OHP Engine", "OHP Engine input options") # add select module options + list of available modules engineOpt.add_argument( "-m", "--select-module", action="store", dest="selected_modules", default=user_config["default_selected_modules"], help="select module(s) {0}".format(load_all_modules() + ["all"])) # by default all modules are selected, in case users can exclude one or # some (separated with comma) engineOpt.add_argument("-x", "--exclude-module", action="store", dest="excluded_modules", default=user_config["default_excluded_modules"], help="select modules(s) to exclude {0}".format( load_all_modules())) # limit the virtual machine storage to avoid related abuse engineOpt.add_argument( "-s", "--vm-storage-limit", action="store", dest="virtual_machine_storage_limit", type=float, default=docker_config["virtual_machine_storage_limit"], help="virtual machine storage limit") # reset the containers once in a time to prevent being continues botnet # zombie engineOpt.add_argument( "-r", "--vm-reset-factory-time", action="store", dest="virtual_machine_container_reset_factory_time_seconds", type=int, default=docker_config[ "virtual_machine_container_reset_factory_time_seconds"], help="virtual machine reset factory time") # start API engineOpt.add_argument("--start-api-server", action="store_true", dest="start_api_server", default=False, help="start API server") # Store Network captured files engineOpt.add_argument("--store-pcap", action="store_true", dest="store_pcap", default=False, help="store network traffic as pcap files") # Set Timeout value for splitting network captured files engineOpt.add_argument( "-t", "--split-pcap-file-timeout", type=int, dest="timeout_value", default=3600, help="timeout value used to split network captured files") # enable verbose mode (debug mode) engineOpt.add_argument("-v", "--verbose", action="store_true", dest="verbose_mode", default=False, help="enable verbose mode") # disable color CLI engineOpt.add_argument("--disable-colors", action="store_true", dest="disable_colors", default=False, help="disable colors in CLI") # set language engineOpt.add_argument("--language", type=str, dest="language", default="en_US", help="Set the default language. {languages}".format( languages=load_messages().languages_list)) # test CI/ETC engineOpt.add_argument("--test", action="store_true", dest="run_as_test", default=False, help="run a test and exit") # help menu engineOpt.add_argument("-h", "--help", action="store_true", default=False, dest="show_help_menu", help="print this help menu") return parser, parser.parse_args()
def test_load_all_modules(self): """ checking total number of modules """ modules_list = load_all_modules() self.assertEqual(len(modules_list), 7)
def load_honeypot_engine(): """ load OHP Engine Returns: True """ # print logo logo() # parse argv parser, argv_options = argv_parser() ######################################### # argv rules apply ######################################### # check help menu if argv_options.show_help_menu: parser.print_help() __die_success() # check for requirements before start check_for_requirements(argv_options.start_api_server) # check api server flag if argv_options.start_api_server: start_api_server() __die_success() # check selected modules if argv_options.selected_modules: selected_modules = list(set(argv_options.selected_modules.rsplit(","))) if "" in selected_modules: selected_modules.remove("") # if selected modules are zero if not len(selected_modules): __die_failure(messages("en", "zero_module_selected")) # if module not found for module in selected_modules: if module not in load_all_modules(): __die_failure( messages("en", "module_not_found").format(module)) # check excluded modules if argv_options.excluded_modules: excluded_modules = list(set(argv_options.excluded_modules.rsplit(","))) if "" in excluded_modules: excluded_modules.remove("") # remove excluded modules for module in excluded_modules: if module not in load_all_modules(): __die_failure( messages("en", "module_not_found").format(module)) # ignore if module not selected, it will remove anyway try: selected_modules.remove(module) except Exception as _: del _ # if selected modules are zero if not len(selected_modules): __die_failure(messages("en", "zero_module_selected")) virtual_machine_container_reset_factory_time_seconds = argv_options. \ virtual_machine_container_reset_factory_time_seconds global verbose_mode verbose_mode = argv_options.verbose_mode ######################################### # argv rules apply ######################################### # build configuration based on selected modules configuration = honeypot_configuration_builder(selected_modules) # check for conflict in real machine ports conflict = conflict_ports(configuration) if conflict: __die_failure("conflict ports between {0}, {1}".format( conflict[0], conflict[1])) info(messages("en", "honeypot_started")) info(messages("en", "loading_modules").format(", ".join(selected_modules))) # stop old containers (in case they are not stopped) stop_containers(configuration) # remove old containers (in case they are not updated) remove_old_containers(configuration) # remove old images (in case they are not updated) remove_old_images(configuration) # create new images based on selected modules create_new_images(configuration) # create OWASP Honeypot networks in case not exist create_ohp_networks() # start containers based on selected modules configuration = start_containers(configuration) # start network monitoring thread new_network_events_thread = threading.Thread( target=new_network_events, args=(configuration, ), name="new_network_events_thread") new_network_events_thread.start() info("all selected modules started: {0}".format( ", ".join(selected_modules))) # wait forever! in case user can send ctrl + c to interrupt wait_until_interrupt(virtual_machine_container_reset_factory_time_seconds, configuration) # kill the network events thread terminate_thread(new_network_events_thread) # stop created containers stop_containers(configuration) # remove created containers remove_old_containers(configuration) # remove created images remove_old_images(configuration) # remove_tmp_directories() error: access denied! info("finished.") # reset cmd/terminal color finish() return True