def connectionMade(self):
if self.transport.getHost().port == Config.smtp.port:
self.name = Config.smtp.name
elif self.transport.getHost().port == Config.smtps.port:
self.name = Config.smtps.name
else:
log.err("Please check SMTP/SMTPS port Configuration!")
self.name = "SMTP/SMTPS"
self.setTimeout(self.timeoutPreAuth)
log.info(self.name + " established connection to " +
str(self.transport.getPeer().host) + ":" +
str(self.transport.getPeer().port))
# add connection to dictionary
self.factory.clients[self] = (str(self.transport.getPeer().host) +
":" + str(self.transport.getPeer().port))
# protocol state
self.state["connected"] = True
self.peerOfAttacker = self.transport.getPeer().host
response = "220 Service ready ESMTP\r\n"
self.transport.write(response.encode("UTF-8"))
def save_database():
try:
with open(str(Config.ssh.database_path), 'w') as fp:
fp.write(json.dumps(lastLoginTime))
except Exception:
# e.g. insufficient write permissions, io error etc.
log.err("Failed to write lastLoginTime to file \""+str(Config.ssh.database_path)+"\"")
def stopService(self):
self._stop = True
self._transport.stopListening()
try:
self._transport.connectionLost("Force close/cleanup due to next service scheduling")
except AttributeError as err:
log.err("HTTPService.connectionLost threw AttributeError: " + err)
def connectionMade(self):
if (self.transport.getHost().port == Config.imap.port):
self.name = Config.imap.name
elif (self.transport.getHost().port == Config.imaps.port):
self.name = Config.imaps.name
else:
log.err("Please check IMAP/IMAPS port Configuration!")
self.name = "IMAP/IMAPS"
self.setTimeout(self.timeoutPreAuth)
log.info(self.name + " established connection to " +
str(self.transport.getPeer().host) + ":" +
str(self.transport.getPeer().port))
# add connection to dictionary
self.factory.clients[self] = (str(self.transport.getPeer().host) +
":" + str(self.transport.getPeer().port))
# protocol state
self.state["connected"] = True
self.stateRFC = IMAPState.NotAuth
self.peerOfAttacker = self.transport.getPeer().host
# server hello
response = "* OK IMAP4rev1 Service Ready\r\n"
self.transport.write(response.encode("UTF-8"))
def lookupChannel(self, channelType, windowSize, maxPacket, data):
klass = self.channelLookup.get(channelType, None)
if not klass:
log.err("Channel {} requested but not found!".format(channelType.decode()))
else:
return klass(remoteWindow=windowSize,
remoteMaxPacket=maxPacket,
data=data, avatar=self)
def load_database():
global lastLoginTime
try:
with open(str(Config.ssh.database_path), 'r') as fp:
lastLoginTime = json.loads(fp.read())
except FileNotFoundError:
pass
except Exception:
# e.g. damaged json encoding
log.err("Failed to load lastLoginTime from existing file \""+str(Config.ssh.database_path)+"\"")
def write_to_database(self, user, pw, services):
if type(user) is bytes:
user = user.decode()
if type(pw) is bytes:
pw = pw.decode()
try:
with open(self.filepath, "a") as fp:
log.info("Begin Honeytoken creation: {} : {}".format(user, pw)) # TODO make this a proper log type
fp.write("\n" + services + self.sep + user + self.sep + pw + self.sep)
except Exception as e:
log.err("Honeytoken DB write exception: {}".format(e))
def stopService(self):
"""
Closes all open ports and stops the Service
"""
if not self._stop:
for key, _ in self._transport.items():
self._transport[key].stopListening()
try:
self._transport[key].connectionLost(
"Force close/cleanup due to next service scheduling")
except AttributeError:
log.err(
"ListenService connectionLost wirft AttributeError!",
key)
self._stop = True
self._active = False
def stopOnPort(self, port):
"""
Stop service on a specific port.
:param port: the port where the service should stop listening
"""
if port in self._transport and self._active:
self._transport[port].stopListening()
try:
self._transport[port].connectionLost(
"Force close/cleanup due to next service scheduling")
except AttributeError:
log.err("ListenService connectionLost wirft AttributeError!",
port)
self._transport.pop(port, None)
# Dict is Empty
if not self._transport:
self._stop = True
def startService(self):
"""
Start service on all ports defined in Config.py.
Ignores ports where it can't listen.
:return:
"""
try:
self._stop = False
for port in self._ports:
try:
self._transport[port] = reactor.listenTCP(
port, self._fService, interface=self._interface)
except CannotListenError:
pass
self._active = True
except Exception as e:
log.err(e)
self._stop = True
def connectionMade(self):
if (self.transport.getHost().port == Config.pop3.port):
self.name = Config.pop3.name
elif (self.transport.getHost().port == Config.pop3s.port):
self.name = Config.pop3s.name
else:
log.err("Please check POP3/POP3S port Configuration!")
self.name = "POP3/POP3S"
self.setTimeout(self.timeoutPreAuth)
log.info(self.name+" established connection to "+str(self.transport.getPeer().host)+":"+str(self.transport.getPeer().port))
# add connection to dictionary
self.factory.clients[self] = (str(self.transport.getPeer().host) + ":" + str(self.transport.getPeer().port))
# protocol state
self.state["connected"] = True
self.peerOfAttacker = self.transport.getPeer().host
# TODO: modify server name
response = "+OK example.com POP3 server\r\n"
self.transport.write(response.encode("UTF-8"))
def __init__(self):
"""
Opens a RAW socket which is able to monitor all TCP/IP Traffic within the machine.
Root priv. are needed!
"""
super(TCPFlagSniffer, self).__init__()
self._name = Config.tcp_scan.name
self.synConnections = dict([])
self.finConnections = dict([])
self.xmasConnections = dict([])
self.reInstanceThreads()
self.synConnectionsLock = threading.Lock()
self.rootStatus = True
try:
self.rSock = socket.socket(socket.AF_INET, socket.SOCK_RAW,
socket.IPPROTO_TCP)
except socket.error:
log.info("RAW Socket could not be created. You are root?")
log.err(
"TCPFlagSniffer wird nicht ordnungsgemäß ausgeführt werden!")
self.rootStatus = False
