def __init__(self, work_dir, config): """ Main class which runs Beeswarm in Client mode. :param work_dir: Working directory (usually the current working directory) :param config_arg: Beeswarm configuration dictionary. """ self.run_flag = True # maps honeypot id to IP self.honeypot_map = {} with open('beeswarmcfg.json', 'r') as config_file: self.config = json.load(config_file, object_hook=asciify) # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) BaitSession.client_id = self.config['general']['id'] if self.config['general']['fetch_ip']: self.my_ip = urllib2.urlopen( 'http://api-sth01.exip.org/?call=ip').read() logger.info('Fetched {0} as my external ip.'.format(self.my_ip)) else: self.my_ip = get_most_likely_ip() self.dispatcher_greenlets = []
def __init__(self, work_dir, config): """ Main class which runs Beeswarm in Client mode. :param work_dir: Working directory (usually the current working directory) :param config_arg: Beeswarm configuration dictionary. """ self.run_flag = True # maps honeypot id to IP self.honeypot_map = {} with open('beeswarmcfg.json', 'r') as config_file: self.config = json.load(config_file, object_hook=asciify) # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) BaitSession.client_id = self.config['general']['id'] if self.config['general']['fetch_ip']: self.my_ip = urllib2.urlopen('http://api-sth01.exip.org/?call=ip').read() logger.info('Fetched {0} as my external ip.'.format(self.my_ip)) else: self.my_ip = get_most_likely_ip() self.dispatcher_greenlets = []
def monitor_worker(self, monitor_socket, log_name): monitor_socket.linger = 0 poller = zmq.Poller() poller.register(monitor_socket, zmq.POLLIN) while True: socks = poller.poll(1) gevent.sleep(0.1) if len(socks) > 0: data = recv_monitor_message(monitor_socket) event = data['event'] if event == zmq.EVENT_CONNECTED: logger.info('Connected to {0}'.format(log_name)) # always ask for config to avoid race condition. send_zmq_push(SocketNames.SERVER_RELAY.value, '{0}'.format(Messages.DRONE_WANT_CONFIG.value)) if 'outgoing' in log_name: send_zmq_push(SocketNames.SERVER_RELAY.value, '{0}'.format(Messages.PING.value)) own_ip = get_most_likely_ip() send_zmq_push(SocketNames.SERVER_RELAY.value, '{0} {1}'.format(Messages.IP.value, own_ip)) elif 'incomming': pass else: assert False elif event == zmq.EVENT_DISCONNECTED: logger.warning('Disconnected from {0}, will reconnect in {1} seconds.'.format(log_name, 5)) gevent.sleep()
def __init__(self, work_dir, config, key='server.key', cert='server.crt', **kwargs): """ Main class which runs Beeswarm in Honeypot mode. :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ if config is None or not os.path.isdir(os.path.join(work_dir, 'data')): Honeypot.prepare_environment(work_dir) self.work_dir = work_dir self.config = config self.key = os.path.join(work_dir, key) self.cert = os.path.join(work_dir, cert) self._servers = [] self._server_greenlets = [] self.honeypot_id = self.config['general']['id'] Session.honeypot_id = self.honeypot_id # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) if not (os.path.isfile(os.path.join(work_dir, 'server.key'))): cert_info = config['certificate_info'] if cert_info['common_name']: cert_info['common_name'] = cert_info['common_name'] else: cert_info['common_name'] = get_most_likely_ip() cert, priv_key = create_self_signed_cert(cert_info['country'], cert_info['state'], cert_info['organization'], cert_info['locality'], cert_info['organization_unit'], cert_info['common_name']) cert_path = os.path.join(work_dir, 'server.crt') key_path = os.path.join(work_dir, 'server.key') with open(cert_path, 'w') as certfile: certfile.write(cert) with open(key_path, 'w') as keyfile: keyfile.write(priv_key) send_zmq_push(SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.KEY.value, self.honeypot_id, priv_key)) send_zmq_push(SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.CERT.value, self.honeypot_id, cert)) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.honeypot_ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format(self.honeypot_ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.honeypot_ip = '' # spawning time checker if self.config['timecheck']['enabled']: Greenlet.spawn(self.check_time)
def __init__(self, work_dir, config, key='server.key', cert='server.crt', **kwargs): """ Main class which runs Beeswarm in Honeypot mode. :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ if fs.__version__ != '0.5.4': os.exit('the python fs package must be verison 0.5.4') if config is None or not os.path.isdir(os.path.join(work_dir, 'data')): Honeypot.prepare_environment(work_dir) self.work_dir = work_dir self.config = config self.key = os.path.join(work_dir, key) self.cert = os.path.join(work_dir, cert) self._servers = [] self._server_greenlets = [] self.honeypot_id = self.config['general']['id'] Session.honeypot_id = self.honeypot_id # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) if not (os.path.isfile(os.path.join(work_dir, 'server.key'))): cert_info = config['certificate_info'] if cert_info['common_name']: cert_info['common_name'] = cert_info['common_name'] else: cert_info['common_name'] = get_most_likely_ip() cert, priv_key = create_self_signed_cert( cert_info['country'], cert_info['state'], cert_info['organization'], cert_info['locality'], cert_info['organization_unit'], cert_info['common_name']) cert_path = os.path.join(work_dir, 'server.crt') key_path = os.path.join(work_dir, 'server.key') with open(cert_path, 'w') as certfile: certfile.write(cert) with open(key_path, 'w') as keyfile: keyfile.write(priv_key) send_zmq_push( SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.KEY.value, self.honeypot_id, priv_key)) send_zmq_push( SocketNames.SERVER_RELAY.value, '{0} {1} {2}'.format(Messages.CERT.value, self.honeypot_id, cert)) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.honeypot_ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format( self.honeypot_ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.honeypot_ip = '' # spawning time checker if self.config['timecheck']['enabled']: Greenlet.spawn(self.check_time)
def __init__(self, work_dir, config, key='server.key', cert='server.crt', **kwargs): """ Main class which runs Beeswarm in Honeypot mode. :param work_dir: Working directory (usually the current working directory) :param config: Beeswarm configuration dictionary, None if no configuration was supplied. :param key: Key file used for SSL enabled capabilities :param cert: Cert file used for SSL enabled capabilities """ if config is None or not os.path.isdir(os.path.join(work_dir, 'data')): Honeypot.prepare_environment(work_dir) with open('beeswarmcfg.json', 'r') as config_file: config = json.load(config_file, object_hook=asciify) self.work_dir = work_dir self.config = config self.key = key self.cert = cert self._servers = [] self._server_greenlets = [] # will contain Session objects self._sessions = {} self._session_consumer = None # TODO: pass honeypot otherwise Session.honeypot_id = self.config['general']['id'] self.id = self.config['general']['id'] # write ZMQ keys to files - as expected by pyzmq extract_keys(work_dir, config) if not (os.path.isfile(os.path.join(work_dir, 'server.key'))): cert_info = config['certificate_info'] if cert_info['common_name']: cert_info['common_name'] = cert_info['common_name'] else: cert_info['common_name'] = get_most_likely_ip() cert, priv_key = create_self_signed_cert( cert_info['country'], cert_info['state'], cert_info['organization'], cert_info['locality'], cert_info['organization_unit'], cert_info['common_name']) cert_path = os.path.join(work_dir, 'server.crt') key_path = os.path.join(work_dir, 'server.key') with open(cert_path, 'w') as certfile: certfile.write(cert) with open(key_path, 'w') as keyfile: keyfile.write(priv_key) send_zmq_push('inproc://serverRelay', '{0} {1} {2}'.format(Messages.KEY, self.id, keyfile)) send_zmq_push('inproc://serverRelay', '{0} {1} {2}'.format(Messages.CERT, self.id, cert)) if self.config['general']['fetch_ip']: try: url = 'http://api.externalip.net/ip' req = requests.get(url) self.honeypot_ip = req.text logger.info('Fetched {0} as external ip for Honeypot.'.format( self.honeypot_ip)) except (Timeout, ConnectionError) as e: logger.warning('Could not fetch public ip: {0}'.format(e)) else: self.honeypot_ip = '' # spawning time checker if self.config['timecheck']['enabled']: Greenlet.spawn(self.checktime)