def show_honeypot(honeypot_id):
honeypot_details = Honeypot.objects(id=honeypot_id).first()
if not honeypot_details:
abort(404)
# Lets hack in flask code.
honey_salt_base = os.path.join(current_app.config['SALT_BASE'],
'honeypots', honeypot_id)
dirname = os.path.basename(honey_salt_base)
dtree = dir_tree(honey_salt_base, honey_salt_base + '/')
# I want to rebuild the tree slightlt differently.
new_tree = dict(name=os.path.basename(honey_salt_base),
path_name='',
children=[{
'name': honeypot_id,
'path_name': honeypot_id,
'children': dtree['children']
}])
return render_template('flaskcode/honeypot_editor.html',
honeypot_details=honeypot_details,
dirname=dirname,
dtree=new_tree,
editor_theme="vs-dark",
honeypot_id=honeypot_id,
object_id=honeypot_id,
data_url="honeypots")
def delete_honeypot(honeypot_id):
# This one is harder.
json_response = {"success": False}
honeypot = Honeypot.objects(id=honeypot_id).first()
if not honeypot:
return abort(404)
# Remove all the instances from hives
hives = Hive.objects()
for hive in hives:
for instance in hive.honeypots:
if instance.honeypot == honeypot:
container_name = honeypot.container_name
pepper_api.docker_remove(str(hive.id), container_name)
# remove the instance from the hive honeypot list
hive.update(pull__honeypots=instance)
# Delete the instance
instance.delete()
hive.save()
# Remove the Honeypot
honeypot.delete()
json_response['success'] = True
return redirect(url_for('honeypots.honeypot_list'))
def update_honeypot(honeypot_id):
honeypot_details = Honeypot.objects(id=honeypot_id).first()
if not honeypot_details:
abort(404)
form_vars = request.form.to_dict()
json_response = {"success": False}
honeypot_details.name = request.form.get('honeypot_name')
honeypot_details.honey_type = request.form.get('honeypot_type')
honeypot_details.description = request.form.get('honeypot_description')
honeypot_details.container_name = request.form.get(
'honeypot_container_name')
honeypot_details.channels = request.form.get('honeypot_channels').split(
'\r\n')
honeypot_details.report_fields = request.form.get(
'honeypot_report_fields').split('\r\n')
honeypot_details.honeypot_state_file = request.form.get(
'honeypot_state_file')
# Now add any Pillar States
pillar_states = []
for field in form_vars.items():
if field[0].startswith('pillar-key'):
key_id = field[0].split('-')[-1]
key_name = field[1]
key_value = request.form.get("pillar-value-{0}".format(key_id))
if key_name == '' or key_value == '':
continue
pillar_pair = [key_name, key_value]
pillar_states.append(pillar_pair)
honeypot_details.pillar = pillar_states
# Update HoneySwarm HP Master Subscriber
channel_list = request.form.get('honeypot_channels').split('\r\n')
honeyswarm_subscriber = AuthKey.objects(identifier="honeyswarm").first()
if honeyswarm_subscriber:
for channel in channel_list:
if channel not in honeyswarm_subscriber.subscribe:
honeyswarm_subscriber.subscribe.append(channel)
honeyswarm_subscriber.save()
honeypot_details.save()
json_response['success'] = True
return jsonify(json_response)
def honeypot_deployments(honeypot_id):
honeypot_details = Honeypot.objects(id=honeypot_id).first()
if not honeypot_details:
abort(404)
all_hives = Hive.objects(frame__exists=True, salt_alive=True)
modal_form = render_template("honeypot_deployment.html",
all_hives=all_hives,
honeypot_details=honeypot_details)
json_response = {
"modal_form": modal_form,
"honeypot_details": honeypot_details
}
return jsonify(json_response)
def honeypot_deploy(honeypot_id):
form_vars = request.form.to_dict()
json_response = {"success": False}
honeypot_details = Honeypot.objects(id=honeypot_id).first()
if not honeypot_details:
json_response['message'] = "Can not find honeypot"
return jsonify(json_response)
hive_id = request.form.get('target_hive')
hive = Hive.objects(id=hive_id).first()
if not hive:
json_response['message'] = "Can not find Hive"
return jsonify(json_response)
# Does this hive have the correct frame installed
if not hive.frame:
json_response['message'] = "Can not find Hive"
return jsonify(json_response)
# Do we already have an instance of this honeypot type on this hive?#
# Get it and its auth_key
honeypot_instance = None
for instance in hive.honeypots:
if instance.honeypot.id == honeypot_details.id:
honeypot_instance = instance
auth_key = AuthKey.objects(
identifier=str(honeypot_instance.id)).first()
# Else we create an instance and a new auth_key
if not honeypot_instance:
# Create honeypot instance
honeypot_instance = HoneypotInstance(honeypot=honeypot_details,
hive=hive)
honeypot_instance.save()
instance_id = str(honeypot_instance.id)
# Create an AuthKey
auth_key = AuthKey(identifier=instance_id,
secret=instance_id,
publish=honeypot_details.channels)
auth_key.save()
instance_id = str(honeypot_instance.id)
# Now add any Pillar States
base_config = Config.objects.first()
config_pillar = {
"HIVEID": hive_id,
"HONEYPOTID": honeypot_id,
"INSTANCEID": instance_id,
"HPFIDENT": instance_id,
"HPFSECRET": instance_id,
"HPFPORT": 10000,
"HPFSERVER": base_config.broker_host
}
for field in form_vars.items():
if field[0].startswith('pillar-key'):
key_id = field[0].split('-')[-1]
key_name = field[1]
key_value = request.form.get("pillar-value-{0}".format(key_id))
if key_name == '' or key_value == '':
continue
config_pillar[key_name] = key_value
# update key / config and save again
auth_key.save()
honeypot_instance.hpfeeds = auth_key
honeypot_instance.pillar = config_pillar
honeypot_instance.save()
# Create the job
honeypot_state_file = 'honeypots/{0}/{1}'.format(
honeypot_details.id, honeypot_details.honeypot_state_file)
pillar_string = ", ".join(
('"{}": "{}"'.format(*i) for i in config_pillar.items()))
try:
job_id = pepper_api.apply_state(
hive_id,
[honeypot_state_file, "pillar={{{0}}}".format(pillar_string)])
hive = Hive.objects(id=hive_id).first()
job = PepperJobs(
hive=hive,
job_id=job_id,
job_type="Apply Honeypot",
job_short="Apply State {0}".format(honeypot_details.name),
job_description="Apply honeypot {0} to Hive {1}".format(
honeypot_state_file, hive_id))
job.save()
if honeypot_instance not in hive.honeypots:
hive.honeypots.append(honeypot_instance)
hive.save()
json_response['success'] = True
json_response['message'] = "Job Created with Job ID: {0}".format(
str(job.id))
except Exception as err:
json_response['message'] = "Error creating job: {0}".format(err)
return jsonify(json_response)
def create_honeypot():
json_response = {"success": False}
try:
new_honeypot = Honeypot()
new_honeypot.name = request.form.get('honeypot_name')
new_honeypot.honey_type = request.form.get('honeypot_type')
new_honeypot.description = request.form.get('honeypot_description')
new_honeypot.container_name = request.form.get(
'honeypot_container_name')
new_honeypot.channels = request.form.get('honeypot_channels').split(
'\r\n')
new_honeypot.report_fields = request.form.get(
'honeypot_report_fields').split('\r\n')
new_honeypot.honeypot_state_file = request.form.get(
'honeypot_state_file')
# We need to save here to get the ID then carry on updating
new_honeypot.save()
honeypot_id = new_honeypot.id
# Add a default state file so that we have something to edit.
state_path = os.path.join(
current_app.config['FLASKCODE_RESOURCE_BASEPATH'], 'honeypots',
str(honeypot_id))
state_name = "{0}.sls".format(new_honeypot.honeypot_state_file)
state_file_path = os.path.join(state_path, state_name)
if not os.path.exists(state_path):
os.mkdir(state_path)
os.mknod(state_file_path)
os.chmod(state_file_path, 0o777)
# Add all channels to the master subscriber
channel_list = request.form.get('honeypot_channels').split('\r\n')
sub_key = AuthKey.objects(identifier="honeyswarm").first()
for channel in channel_list:
if channel not in sub_key.subscribe:
sub_key.subscribe.append(channel)
sub_key.save()
json_response['success'] = True
json_response['message'] = "Honypot Created"
except Exception as err:
json_response['message'] = err
logger.error("Error creating honeypot ", err)
return redirect(url_for('honeypots.honeypot_list'))
def base_install():
if request.method == "GET":
# Do we already have an active installation and need a reboot?
try:
user_count = User.objects.count()
if user_count > 0:
reboot = True
else:
reboot = False
except Exception as err:
logger.error(err)
reboot = False
if reboot:
flash('Honeyswarm has been installed. \
You need to stop / start the docker-compose \
to complete the installation')
return redirect(url_for('installer.base_install'))
token1 = token_hex(16)
token2 = token_hex(16)
return render_template("install.html", token1=token1, token2=token2)
# Assuming we are at post now.
# Create user groups
try:
user_datastore.create_role(name="admin", description="Admin Role")
user_datastore.create_role(name="user",
description="Generic User accounts")
user_datastore.create_role(
name="editor",
description="Can create and edit frames and honeypots")
user_datastore.create_role(
name="deploy", description="Can deploy honeypots and frames")
except Exception as err:
flash('Error creating roles: {0}'.format(err))
return redirect(url_for('installer.base_install'))
# Create admin account from submitted details.
try:
user_email = request.form.get('adminEmail')
user_pass = request.form.get('adminPassword1')
user_name = request.form.get('adminName')
if user_email and user_pass:
new_admin = user_datastore.create_user(
email=user_email,
password=encrypt_password(user_pass),
name=user_name,
active=True)
else:
flash('No details provided')
return redirect(url_for('installer.base_install'))
admin_role = user_datastore.find_role('admin')
user_datastore.add_role_to_user(new_admin, admin_role)
except Exception as err:
flash('Error creating admin user: {0}'.format(err))
return redirect(url_for('installer.base_install'))
# Create Master HPFeeds for the broker
hpfeeds_subscriber = AuthKey(identifier="honeyswarm",
secret=request.form.get('brokerSecret'),
publish=[],
subscribe=[])
# A Small Config
configs = Config.objects
if len(configs) > 0:
master_config = Config.objects.first()
else:
master_config = Config()
master_config.honeyswarm_host = request.form.get('honeyHost')
master_config.broker_host = request.form.get("brokerHost")
master_config.honeyswarm_api = request.form.get("honeyAPI")
master_config.save()
# Fetch and write all the states to the correct path
try:
install_states(current_app.config['SALT_BASE'])
except Exception as err:
flash('Error installing base states: {0}'.format(err))
return redirect(url_for('installer.base_install'))
# Add Frames
try:
frame_path = os.path.join(current_app.config['SALT_BASE'], 'frames')
for frame in os.listdir(frame_path):
state_config_file = os.path.join(frame_path, frame, "state.json")
with open(state_config_file) as json_file:
state_config = json.load(json_file)
new_frame = Frame(**state_config)
new_frame.save()
frame_id = str(new_frame.id)
os.rename(os.path.join(frame_path, frame),
os.path.join(frame_path, frame_id))
except Exception as err:
flash('Error creating frames: {0}'.format(err))
return redirect(url_for('installer.base_install'))
# Add honeypots
try:
honeypot_path = os.path.join(current_app.config['SALT_BASE'],
'honeypots')
for honeypot in os.listdir(honeypot_path):
state_config_file = os.path.join(honeypot_path, honeypot,
"state.json")
with open(state_config_file) as json_file:
state_config = json.load(json_file)
new_honeypot = Honeypot(**state_config)
new_honeypot.save()
honeypot_id = str(new_honeypot.id)
channels = state_config['channels']
os.rename(os.path.join(honeypot_path, honeypot),
os.path.join(honeypot_path, honeypot_id))
for channel in channels:
hpfeeds_subscriber.subscribe.append(channel)
new_honeypot.save()
except Exception as err:
flash('Error creating honeypots: {0}'.format(err))
return redirect(url_for('installer.base_install'))
# The master subscriber should now have all our channels so save it
hpfeeds_subscriber.save()
return redirect(url_for('index'))