-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added YAML configuration and test code
- Loading branch information
Showing
12 changed files
with
262 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
## Logging configuration | ||
logging: | ||
file_only: false | ||
out_path: 'logs' | ||
level: 'DEBUG' | ||
# Number of hours each log file should last before rolling over. | ||
rollover_after_hours: 6 | ||
# Number of log files to keep before deleting old ones. | ||
# 0 = no limit | ||
max_log_files: 0 | ||
|
||
## Service spoofing configuration | ||
services: | ||
# Path to nmap-service-probes. | ||
probe_file_location: 'nmap-service-probes' | ||
|
||
############################################################################################################ | ||
## Re-enabling honeypot services is not recommended and will increase detection rate from shodan/nmap/etc ## | ||
############################################################################################################ | ||
# List of service types to avoid spoofing. | ||
# Defaults to 'honeypot' to reduce detection rates | ||
# Items can be regular expressions and are case insensitive. | ||
disabled_service_types: ['honeypot'] | ||
|
||
# List of product names to avoid spoofing. | ||
# Defaults to patterns matching honeypots to reduce detection rates. | ||
# Items can be regular expressions and are case insensitive. | ||
disabled_product_names: ['.*honeypot.*', '.*honeyd.*', 'Dumbster fake smtpd', '.*nepenthes.*'] | ||
|
||
## Networking-related items | ||
networking: | ||
# Should be a port that does not have a service being spoofed on it, and is not being used currently. | ||
real_port: 11337 | ||
max_ports_per_service: 10 | ||
max_replies: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
click | ||
exrex | ||
exrex | ||
pyyaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
import logging | ||
import re | ||
try: | ||
from yaml import CLoader as Loader | ||
except ImportError: | ||
from yaml import Loader | ||
import yaml | ||
|
||
|
||
class LHConfig(object): | ||
PERMITTED_LOG_LEVELS = [ | ||
'CRITICAL', 'FATAL', 'ERROR', 'WARNING', 'WARN', | ||
'INFO', 'DEBUG', 'NOTSET' | ||
] | ||
|
||
def __init__(self, filename='config.yml'): | ||
with open(filename) as f: | ||
self.conf = yaml.load(f, loader=Loader) | ||
self._parse_logging() | ||
|
||
def _parse_logging(self): | ||
# Logging | ||
log_conf = self.conf.get('logging', {}) | ||
self.file_only = log_conf.get('file_only', False) | ||
self.log_path = log_conf.get('out_path', 'logs') | ||
self.log_level = log_conf.get('level', 'DEBUG') | ||
self.log_rollover = log_conf.get('rollover_after_hours', 6) | ||
self.max_log_files = log_conf.get('max_log_files', 42) | ||
|
||
# Services | ||
service_conf = self.conf.get('services', {}) | ||
self.service_probes_location = service_conf.get('probe_file_location', 'nmap-service-probes') | ||
|
||
omit_services = service_conf.get("disabled_service_types", ["honeypot"]) | ||
self.omit_service_patterns = [re.compile(s, re.IGNORECASE) for s in omit_services] | ||
|
||
omit_products = service_conf.get("disabled_product_names", [".*honeypot.*", | ||
".*honeyd.*", | ||
"Dumbster fake smtpd", | ||
".*nepenthes.*"]) | ||
self.omit_product_patterns = [re.compile(p, re.IGNORECASE) for p in omit_products] | ||
|
||
# Networking | ||
networking_conf = self.conf.get('networking') | ||
self.listen_port = networking_conf.get('real_port', 11337) | ||
self.max_ports_per_service = networking_conf.get('max_ports_per_service', 10) | ||
self.max_replies = networking_conf.get('max_replies', 10) | ||
|
||
def get_log_level(self): | ||
if not self.log_level.upper() in self.PERMITTED_LOG_LEVELS: | ||
print("Unable to parse log level. Level '{}' not recognized." | ||
"Defaulting to DEBUG. Valid options: {}".format(self.log_level.upper(), | ||
self.PERMITTED_LOG_LEVELS)) | ||
return logging.DEBUG | ||
return getattr(logging, self.log_level.upper()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
## Logging configuration | ||
logging: | ||
file_only: false | ||
out_path: 'logs' | ||
level: 'DEBUG' | ||
# Number of hours each log file should last before rolling over. | ||
rollover_after_hours: 6 | ||
# Number of log files to keep before deleting old ones. | ||
# 0 = no limit | ||
max_log_files: 0 | ||
|
||
## Service spoofing configuration | ||
services: | ||
# Path to nmap-service-probes. | ||
probe_file_location: 'nmap-service-probes' | ||
|
||
############################################################################################################ | ||
## Re-enabling honeypot services is not recommended and will increase detection rate from shodan/nmap/etc ## | ||
############################################################################################################ | ||
# List of service types to avoid spoofing. | ||
# Defaults to 'honeypot' to reduce detection rates | ||
# Items can be regular expressions and are case insensitive. | ||
disabled_service_types: ['honeypot'] | ||
|
||
# List of product names to avoid spoofing. | ||
# Defaults to patterns matching honeypots to reduce detection rates. | ||
# Items can be regular expressions and are case insensitive. | ||
disabled_product_names: ['.*honeypot.*', '.*honeyd.*', 'Dumbster fake smtpd', '.*nepenthes.*'] | ||
|
||
## Networking-related items | ||
networking: | ||
# Should be a port that does not have a service being spoofed on it, and is not being used currently. | ||
real_port: 11337 | ||
max_ports_per_service: 10 | ||
max_replies: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
Network Flight Recorder BackOfficer Friendly http honeypot | ||
Dionaea honeypothttpd | ||
Nepenthes honeypot netbios-ssn httpd | ||
Honeyd | ||
Kojoney SSH honeypot | ||
SSHTroll ssh honeypot | ||
Network Flight Recorder BackOfficer Friendly honeypot | ||
Network Flight Recorder BackOfficer Friendly telnet honeypot | ||
honeyd cmdexe.pl | ||
Nepenthes honeypot netbios-ssn | ||
Dionaea honeypot smbd | ||
Dionaea Honeypot httpd | ||
Dionaea Honeypot sipd | ||
Dionaea honeypot MS-SQL server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
Probe TCP GetRequest q|GET / HTTP/1.0\r\n\r\n| | ||
ports 22 | ||
match test-service m|^some-data$| p/Test Service/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
from src.lh.config import LHConfig | ||
|
||
|
||
class TestConfigValues(object): | ||
@classmethod | ||
def setup_class(cls): | ||
cls.conf = LHConfig('config.yml') | ||
|
||
def test_config_categories(self): | ||
assert self.conf.file_only == False | ||
assert self.conf.service_probes_location == 'nmap-service-probes' | ||
assert self.conf.service_probes_location == 'nmap-service-probes' | ||
assert self.conf.listen_port == 11337 | ||
|
||
def test_log_lvl(self): | ||
# logging.DEBUG == 10 | ||
assert self.conf.get_log_level() == 10 | ||
|
||
def test_honeypot_patterns(self): | ||
with open('honeypot-strings.txt') as f: | ||
honeypot_services = f.readlines() | ||
|
||
for service in honeypot_services: | ||
one_matches = False | ||
for pattern in self.conf.omit_product_patterns: | ||
if pattern.match(service): | ||
one_matches = True | ||
break | ||
assert one_matches |
Oops, something went wrong.