diff --git a/bin/backup_es_folders.sh b/bin/backup_es_folders.sh new file mode 100755 index 00000000..32409e0b --- /dev/null +++ b/bin/backup_es_folders.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Backup all ES relevant folders +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Set vars +myCOUNT=1 +myDATE=$(date +%Y%m%d%H%M) +myELKPATH="/data/elk/data" +myKIBANAINDEXNAME=$(curl -s -XGET ''$myES'_cat/indices/' | grep .kibana | awk '{ print $4 }') +myKIBANAINDEXPATH=$myELKPATH/nodes/0/indices/$myKIBANAINDEXNAME + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + ### Start ELK + systemctl start tpot + echo "### Now starting T-Pot ..." +} +trap fuCLEANUP EXIT + +# Stop T-Pot to lift db lock +echo "### Now stopping T-Pot" +systemctl stop tpot +sleep 2 + +# Backup DB in 2 flavors +echo "### Now backing up Elasticsearch folders ..." +tar cvfz "elkall_"$myDATE".tgz" $myELKPATH +tar cvfz "elkbase_"$myDATE".tgz" $myKIBANAINDEXPATH diff --git a/bin/clean.sh b/bin/clean.sh new file mode 100755 index 00000000..44c805f9 --- /dev/null +++ b/bin/clean.sh @@ -0,0 +1,219 @@ +#!/bin/bash +# T-Pot Container Data Cleaner & Log Rotator + +# Set colors +myRED="" +myGREEN="" +myWHITE="" + +# Set persistence +myPERSISTENCE=$1 + +# Let's create a function to check if folder is empty +fuEMPTY () { + local myFOLDER=$1 + +echo $(ls $myFOLDER | wc -l) +} + +# Let's create a function to rotate and compress logs +fuLOGROTATE () { + local mySTATUS="/opt/tpot/etc/logrotate/status" + local myCONF="/opt/tpot/etc/logrotate/logrotate.conf" + local myCOWRIETTYLOGS="/data/cowrie/log/tty/" + local myCOWRIETTYTGZ="/data/cowrie/log/ttylogs.tgz" + local myCOWRIEDL="/data/cowrie/downloads/" + local myCOWRIEDLTGZ="/data/cowrie/downloads.tgz" + local myDIONAEABI="/data/dionaea/bistreams/" + local myDIONAEABITGZ="/data/dionaea/bistreams.tgz" + local myDIONAEABIN="/data/dionaea/binaries/" + local myDIONAEABINTGZ="/data/dionaea/binaries.tgz" + local myHONEYTRAPATTACKS="/data/honeytrap/attacks/" + local myHONEYTRAPATTACKSTGZ="/data/honeytrap/attacks.tgz" + local myHONEYTRAPDL="/data/honeytrap/downloads/" + local myHONEYTRAPDLTGZ="/data/honeytrap/downloads.tgz" + +# Ensure correct permissions and ownerships for logrotate to run without issues +chmod 760 /data/ -R +chown tpot:tpot /data -R + +# Run logrotate with force (-f) first, so the status file can be written and race conditions (with tar) be avoided +logrotate -f -s $mySTATUS $myCONF + +# Compressing some folders first and rotate them later +if [ "$(fuEMPTY $myCOWRIETTYLOGS)" != "0" ]; then tar cvfz $myCOWRIETTYTGZ $myCOWRIETTYLOGS; fi +if [ "$(fuEMPTY $myCOWRIEDL)" != "0" ]; then tar cvfz $myCOWRIEDLTGZ $myCOWRIEDL; fi +if [ "$(fuEMPTY $myDIONAEABI)" != "0" ]; then tar cvfz $myDIONAEABITGZ $myDIONAEABI; fi +if [ "$(fuEMPTY $myDIONAEABIN)" != "0" ]; then tar cvfz $myDIONAEABINTGZ $myDIONAEABIN; fi +if [ "$(fuEMPTY $myHONEYTRAPATTACKS)" != "0" ]; then tar cvfz $myHONEYTRAPATTACKSTGZ $myHONEYTRAPATTACKS; fi +if [ "$(fuEMPTY $myHONEYTRAPDL)" != "0" ]; then tar cvfz $myHONEYTRAPDLTGZ $myHONEYTRAPDL; fi + +# Ensure correct permissions and ownership for previously created archives +chmod 760 $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ +chown tpot:tpot $myCOWRIETTYTGZ $myCOWRIEDLTGZ $myDIONAEABITGZ $myDIONAEABINTGZ $myHONEYTRAPATTACKSTGZ $myHONEYTRAPDLTGZ + +# Need to remove subfolders since too many files cause rm to exit with errors +rm -rf $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL + +# Recreate subfolders with correct permissions and ownership +mkdir -p $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL +chmod 760 $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL +chown tpot:tpot $myCOWRIETTYLOGS $myCOWRIEDL $myDIONAEABI $myDIONAEABIN $myHONEYTRAPATTACKS $myHONEYTRAPDL + +# Run logrotate again to account for previously created archives - DO NOT FORCE HERE! +logrotate -s $mySTATUS $myCONF +} + +# Let's create a function to clean up and prepare conpot data +fuCONPOT () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi + mkdir -p /data/conpot/log + chmod 760 /data/conpot -R + chown tpot:tpot /data/conpot -R +} + +# Let's create a function to clean up and prepare cowrie data +fuCOWRIE () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/cowrie/*; fi + mkdir -p /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ + chmod 760 /data/cowrie -R + chown tpot:tpot /data/cowrie -R +} + +# Let's create a function to clean up and prepare dionaea data +fuDIONAEA () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/dionaea/*; fi + mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp + chmod 760 /data/dionaea -R + chown tpot:tpot /data/dionaea -R +} + +# Let's create a function to clean up and prepare elasticpot data +fuELASTICPOT () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elasticpot/*; fi + mkdir -p /data/elasticpot/log + chmod 760 /data/elasticpot -R + chown tpot:tpot /data/elasticpot -R +} + +# Let's create a function to clean up and prepare elk data +fuELK () { + # ELK data will be kept for <= 90 days, check /etc/crontab for curator modification + # ELK daemon log files will be removed + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/elk/log/*; fi + mkdir -p /data/elk + chmod 760 /data/elk -R + chown tpot:tpot /data/elk -R +} + +# Let's create a function to clean up and prepare emobility data +fuEMOBILITY () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/emobility/*; fi + mkdir -p /data/emobility/log + chmod 760 /data/emobility -R + chown tpot:tpot /data/emobility -R +} + +# Let's create a function to clean up and prepare glastopf data +fuGLASTOPF () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/glastopf/*; fi + mkdir -p /data/glastopf + chmod 760 /data/glastopf -R + chown tpot:tpot /data/glastopf -R +} + +# Let's create a function to clean up and prepare honeytrap data +fuHONEYTRAP () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/honeytrap/*; fi + mkdir -p /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ + chmod 760 /data/honeytrap/ -R + chown tpot:tpot /data/honeytrap/ -R +} + +# Let's create a function to clean up and prepare mailoney data +fuMAILONEY () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/mailoney/*; fi + mkdir -p /data/mailoney/log/ + chmod 760 /data/mailoney/ -R + chown tpot:tpot /data/mailoney/ -R +} + +# Let's create a function to clean up and prepare rdpy data +fuRDPY () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/rdpy/*; fi + mkdir -p /data/rdpy/log/ + chmod 760 /data/rdpy/ -R + chown tpot:tpot /data/rdpy/ -R +} + +# Let's create a function to prepare spiderfoot db +fuSPIDERFOOT () { + mkdir -p /data/spiderfoot + touch /data/spiderfoot/spiderfoot.db + chmod 760 -R /data/spiderfoot + chown tpot:tpot -R /data/spiderfoot +} + +# Let's create a function to clean up and prepare suricata data +fuSURICATA () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/suricata/*; fi + mkdir -p /data/suricata/log + chmod 760 -R /data/suricata + chown tpot:tpot -R /data/suricata +} + +# Let's create a function to clean up and prepare p0f data +fuP0F () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/p0f/*; fi + mkdir -p /data/p0f/log + chmod 760 -R /data/p0f + chown tpot:tpot -R /data/p0f +} + +# Let's create a function to clean up and prepare vnclowpot data +fuVNCLOWPOT () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/vnclowpot/*; fi + mkdir -p /data/vnclowpot/log/ + chmod 760 /data/vnclowpot/ -R + chown tpot:tpot /data/vnclowpot/ -R +} + + +# Avoid unwanted cleaning +if [ "$myPERSISTENCE" = "" ]; + then + echo $myRED"!!! WARNING !!! - This will delete ALL honeypot logs. "$myWHITE + while [ "$myQST" != "y" ] && [ "$myQST" != "n" ]; + do + read -p "Continue? (y/n) " myQST + done + if [ "$myQST" = "n" ]; + then + echo $myGREEN"Puuh! That was close! Aborting!"$myWHITE + exit + fi +fi + +# Check persistence, if enabled compress and rotate logs +if [ "$myPERSISTENCE" = "on" ]; + then + echo "Persistence enabled, now rotating and compressing logs." + fuLOGROTATE + else + echo "Cleaning up and preparing data folders." + fuCONPOT + fuCOWRIE + fuDIONAEA + fuELASTICPOT + fuELK + fuEMOBILITY + fuGLASTOPF + fuHONEYTRAP + fuMAILONEY + fuRDPY + fuSPIDERFOOT + fuSURICATA + fuP0F + fuVNCLOWPOT + fi + diff --git a/bin/dps.sh b/bin/dps.sh new file mode 100755 index 00000000..8de11cba --- /dev/null +++ b/bin/dps.sh @@ -0,0 +1,71 @@ +#/bin/bash +# Show current status of all running containers +myPARAM="$1" +myIMAGES="$(cat /opt/tpot/etc/tpot.yml | grep -v '#' | grep container_name | cut -d: -f2)" +myRED="" +myGREEN="" +myBLUE="" +myWHITE="" +myMAGENTA="" + +function fuCONTAINERSTATUS { +local myNAME="$1" +local mySTATUS="$(/usr/bin/docker ps -f name=$myNAME --format "table {{.Status}}" -f status=running -f status=exited | tail -n 1)" +myDOWN="$(echo "$mySTATUS" | grep -o -E "(STATUS|NAMES|Exited)")" + +case "$myDOWN" in + STATUS) + mySTATUS="$myRED"DOWN"$myWHITE" + ;; + NAMES) + mySTATUS="$myRED"DOWN"$myWHITE" + ;; + Exited) + mySTATUS="$myRED$mySTATUS$myWHITE" + ;; + *) + mySTATUS="$myGREEN$mySTATUS$myWHITE" + ;; +esac + +printf "$mySTATUS" +} + +function fuCONTAINERPORTS { +local myNAME="$1" +local myPORTS="$(/usr/bin/docker ps -f name=$myNAME --format "table {{.Ports}}" -f status=running -f status=exited | tail -n 1 | sed s/","/",\n\t\t\t\t\t\t\t"/g)" + +if [ "$myPORTS" != "PORTS" ]; + then + printf "$myBLUE$myPORTS$myWHITE" +fi +} + +function fuGETSYS { +printf "========| System |========\n" +printf "%+10s %-20s\n" "Date: " "$(date)" +printf "%+10s %-20s\n" "Uptime: " "$(uptime | cut -b 2-)" +printf "%+10s %-20s\n" "CPU temp: " "$(sensors | grep 'Physical' | awk '{ print $4" " }' | tr -d [:cntrl:])" +echo +} + +while true + do + fuGETSYS + printf "%-19s %-36s %s\n" "NAME" "STATUS" "PORTS" + for i in $myIMAGES; do + myNAME="$myMAGENTA$i$myWHITE" + printf "%-32s %-49s %s" "$myNAME" "$(fuCONTAINERSTATUS $i)" "$(fuCONTAINERPORTS $i)" + echo + if [ "$myPARAM" = "vv" ]; + then + /usr/bin/docker exec -t "$i" /bin/ps awfuwfxwf | egrep -v -E "awfuwfxwf|/bin/ps" + fi + done + if [[ $myPARAM =~ ^([1-9]|[1-9][0-9]|[1-9][0-9][0-9])$ ]]; + then + sleep "$myPARAM" + else + break + fi +done diff --git a/bin/dump_es.sh b/bin/dump_es.sh new file mode 100755 index 00000000..d496a98e --- /dev/null +++ b/bin/dump_es.sh @@ -0,0 +1,45 @@ +#/bin/bash +# Dump all ES data +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf tmp +} +trap fuCLEANUP EXIT + +# Set vars +myDATE=$(date +%Y%m%d%H%M) +myINDICES=$(curl -s -XGET ''$myES'_cat/indices/' | grep logstash | awk '{ print $3 }' | sort | grep -v 1970) +myES="http://127.0.0.1:64298/" +myCOL1="" +myCOL0="" + +# Dumping all ES data +echo $myCOL1"### The following indices will be dumped: "$myCOL0 +echo $myINDICES +echo + +mkdir tmp +for i in $myINDICES; + do + echo $myCOL1"### Now dumping: "$i $myCOL0 + elasticdump --input=$myES$i --output="tmp/"$i --limit 7500 + echo $myCOL1"### Now compressing: tmp/$i" $myCOL0 + gzip -f "tmp/"$i + done; + +# Build tar archive +echo $myCOL1"### Now building tar archive: es_dump_"$myDATE".tgz" $myCOL0 +tar cvf es_dump_$myDATE.tar tmp/* +echo $myCOL1"### Done."$myCOL0 diff --git a/bin/export_kibana-objects.sh b/bin/export_kibana-objects.sh new file mode 100755 index 00000000..a48b9011 --- /dev/null +++ b/bin/export_kibana-objects.sh @@ -0,0 +1,77 @@ +#!/bin/bash +# Export all Kibana objects +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Set vars +myDATE=$(date +%Y%m%d%H%M) +myINDEXCOUNT=$(curl -s -XGET ''$myES'.kibana/index-pattern/logstash-*' | tr '\\' '\n' | grep "scripted" | wc -w) +myDASHBOARDS=$(curl -s -XGET ''$myES'.kibana/dashboard/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') +myVISUALIZATIONS=$(curl -s -XGET ''$myES'.kibana/visualization/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') +mySEARCHES=$(curl -s -XGET ''$myES'.kibana/search/_search?filter_path=hits.hits._id&pretty&size=10000' | jq '.hits.hits[] | {_id}' | jq -r '._id') +myCOL1="" +myCOL0="" + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf patterns/ dashboards/ visualizations/ searches/ +} +trap fuCLEANUP EXIT + +# Export index patterns +mkdir -p patterns +echo $myCOL1"### Now exporting"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +curl -s -XGET ''$myES'.kibana/index-pattern/logstash-*?' | jq '._source' > patterns/index-patterns.json +echo + +# Export dashboards +mkdir -p dashboards +echo $myCOL1"### Now exporting"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 +for i in $myDASHBOARDS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XGET ''$myES'.kibana/dashboard/'$i'' | jq '._source' > dashboards/$i.json + done; +echo + +# Export visualizations +mkdir -p visualizations +echo $myCOL1"### Now exporting"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 +for i in $myVISUALIZATIONS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XGET ''$myES'.kibana/visualization/'$i'' | jq '._source' > visualizations/$i.json + done; +echo + +# Export searches +mkdir -p searches +echo $myCOL1"### Now exporting"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 +for i in $mySEARCHES; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XGET ''$myES'.kibana/search/'$i'' | jq '._source' > searches/$i.json + done; +echo + +# Building tar archive +echo $myCOL1"### Now building archive"$myCOL0 "kibana-objects_"$myDATE".tgz" +tar cvfz kibana-objects_$myDATE.tgz patterns dashboards visualizations searches > /dev/null + +# Stats +echo +echo $myCOL1"### Statistics" +echo $myCOL1"###### Exported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +echo $myCOL1"###### Exported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 +echo $myCOL1"###### Exported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 +echo $myCOL1"###### Exported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 +echo diff --git a/bin/import_kibana-objects.sh b/bin/import_kibana-objects.sh new file mode 100755 index 00000000..2ae37e6a --- /dev/null +++ b/bin/import_kibana-objects.sh @@ -0,0 +1,91 @@ +#!/bin/bash +# Import Kibana objects +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." + echo +fi + +# Set vars +myDUMP=$1 +myCOL1="" +myCOL0="" + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf patterns/ dashboards/ visualizations/ searches/ +} +trap fuCLEANUP EXIT + +# Check if parameter is given and file exists +if [ "$myDUMP" = "" ]; + then + echo $myCOL1"### Please provide a backup file name."$myCOL0 + echo $myCOL1"### restore-kibana-objects.sh "$myCOL0 + echo + exit +fi +if ! [ -a $myDUMP ]; + then + echo $myCOL1"### File not found."$myCOL0 + exit +fi + +# Unpack tar +tar xvfz $myDUMP > /dev/null + +# Restore index patterns +myINDEXCOUNT=$(cat patterns/index-patterns.json | tr '\\' '\n' | grep "scripted" | wc -w) +echo $myCOL1"### Now importing"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +curl -s -XDELETE ''$myES'.kibana/index-pattern/logstash-*' > /dev/null +curl -s -XPUT ''$myES'.kibana/index-pattern/logstash-*' -T patterns/index-patterns.json > /dev/null +echo + +# Restore dashboards +myDASHBOARDS=$(ls dashboards/*.json | cut -c 12- | rev | cut -c 6- | rev) +echo $myCOL1"### Now importing "$myCOL0$(echo $myDASHBOARDS | wc -w)$myCOL1 "dashboards." $myCOL0 +for i in $myDASHBOARDS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XDELETE ''$myES'.kibana/dashboard/'$i'' > /dev/null + curl -s -XPUT ''$myES'.kibana/dashboard/'$i'' -T dashboards/$i.json > /dev/null + done; +echo + +# Restore visualizations +myVISUALIZATIONS=$(ls visualizations/*.json | cut -c 16- | rev | cut -c 6- | rev) +echo $myCOL1"### Now importing "$myCOL0$(echo $myVISUALIZATIONS | wc -w)$myCOL1 "visualizations." $myCOL0 +for i in $myVISUALIZATIONS; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XDELETE ''$myES'.kibana/visualization/'$i'' > /dev/null + curl -s -XPUT ''$myES'.kibana/visualization/'$i'' -T visualizations/$i.json > /dev/null + done; +echo + +# Restore searches +mySEARCHES=$(ls searches/*.json | cut -c 10- | rev | cut -c 6- | rev) +echo $myCOL1"### Now importing "$myCOL0$(echo $mySEARCHES | wc -w)$myCOL1 "searches." $myCOL0 +for i in $mySEARCHES; + do + echo $myCOL1"###### "$i $myCOL0 + curl -s -XDELETE ''$myES'.kibana/search/'$i'' > /dev/null + curl -s -XPUT ''$myES'.kibana/search/'$i'' -T searches/$i.json > /dev/null + done; +echo + +# Stats +echo +echo $myCOL1"### Statistics" +echo $myCOL1"###### Imported"$myCOL0 $myINDEXCOUNT $myCOL1"index patterns." $myCOL0 +echo $myCOL1"###### Imported"$myCOL0 $(echo $myDASHBOARDS | wc -w) $myCOL1"dashboards." $myCOL0 +echo $myCOL1"###### Imported"$myCOL0 $(echo $myVISUALIZATIONS | wc -w) $myCOL1"visualizations." $myCOL0 +echo $myCOL1"###### Imported"$myCOL0 $(echo $mySEARCHES | wc -w) $myCOL1"searches." $myCOL0 +echo + diff --git a/bin/myip.sh b/bin/myip.sh new file mode 100755 index 00000000..86a9114e --- /dev/null +++ b/bin/myip.sh @@ -0,0 +1,88 @@ +#!/bin/bash + +## Get my external IP + +timeout=2 # seconds to wait for a reply before trying next server +verbose=1 # prints which server was used to STDERR + +dnslist=( + "dig +short myip.opendns.com @resolver1.opendns.com" + "dig +short myip.opendns.com @resolver2.opendns.com" + "dig +short myip.opendns.com @resolver3.opendns.com" + "dig +short myip.opendns.com @resolver4.opendns.com" + "dig +short -4 -t a whoami.akamai.net @ns1-1.akamaitech.net" + "dig +short whoami.akamai.net @ns1-1.akamaitech.net" +) + +httplist=( + alma.ch/myip.cgi + api.infoip.io/ip + api.ipify.org + bot.whatismyipaddress.com + canhazip.com + checkip.amazonaws.com + eth0.me + icanhazip.com + ident.me + ipecho.net/plain + ipinfo.io/ip + ipof.in/txt + ip.tyk.nu + l2.io/ip + smart-ip.net/myip + wgetip.com + whatismyip.akamai.com +) + +# function to shuffle the global array "array" +shuffle() { + local i tmp size max rand + size=${#array[*]} + max=$(( 32768 / size * size )) + for ((i=size-1; i>0; i--)); do + while (( (rand=$RANDOM) >= max )); do :; done + rand=$(( rand % (i+1) )) + tmp=${array[i]} array[i]=${array[rand]} array[rand]=$tmp + done +} + +# if we have dig and a list of dns methods, try that first +if hash dig 2>/dev/null && [ ${#dnslist[*]} -gt 0 ]; then + eval array=( \"\${dnslist[@]}\" ) + shuffle + + for cmd in "${array[@]}"; do + [ "$verbose" == 1 ] && echo Trying: $cmd 1>&2 + ip=$(timeout $timeout $cmd) + if [ -n "$ip" ]; then + echo $ip + exit + fi + done +fi + +# if we haven't succeeded with DNS, try HTTP +if [ ${#httplist[*]} == 0 ]; then + echo "No hosts in httplist array!" >&2 + exit 1 +fi + +# use curl or wget, depending on which one we find +curl_or_wget=$(if hash curl 2>/dev/null; then echo curl; elif hash wget 2>/dev/null; then echo "wget -qO-"; fi); + +if [ -z "$curl_or_wget" ]; then + echo "Neither curl nor wget found. Cannot use http method." >&2 + exit 1 +fi + +eval array=( \"\${httplist[@]}\" ) +shuffle + +for url in "${array[@]}"; do + [ "$verbose" == 1 ] && echo Trying: $curl_or_wget -s "$url" 1>&2 + ip=$(timeout $timeout $curl_or_wget -s "$url") + if [ -n "$ip" ]; then + echo $ip + exit + fi +done diff --git a/bin/restore_es.sh b/bin/restore_es.sh new file mode 100755 index 00000000..506a5c8c --- /dev/null +++ b/bin/restore_es.sh @@ -0,0 +1,61 @@ +#/bin/bash +# Restore folder based ES backup +# Make sure ES is available +myES="http://127.0.0.1:64298/" +myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) +if ! [ "$myESSTATUS" = "1" ] + then + echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." + exit + else + echo "### Elasticsearch is available, now continuing." +fi + +# Let's ensure normal operation on exit or if interrupted ... +function fuCLEANUP { + rm -rf tmp +} +trap fuCLEANUP EXIT + +# Set vars +myDUMP=$1 +myCOL1="" +myCOL0="" + +# Check if parameter is given and file exists +if [ "$myDUMP" = "" ]; + then + echo $myCOL1"### Please provide a backup file name."$myCOL0 + echo $myCOL1"### restore-elk.sh "$myCOL0 + echo + exit +fi +if ! [ -a $myDUMP ]; + then + echo $myCOL1"### File not found."$myCOL0 + exit +fi + +# Unpack tar archive +echo $myCOL1"### Now unpacking tar archive: "$myDUMP $myCOL0 +tar xvf $myDUMP + +# Build indices list +myINDICES=$(ls tmp/logstash*.gz | cut -c 5- | rev | cut -c 4- | rev) +echo $myCOL1"### The following indices will be restored: "$myCOL0 +echo $myINDICES +echo + +# Restore indices +for i in $myINDICES; + do + # Delete index if it already exists + curl -s -XDELETE $myES$i > /dev/null + echo $myCOL1"### Now uncompressing: tmp/$i.gz" $myCOL0 + gunzip -f tmp/$i.gz + # Restore index to ES + echo $myCOL1"### Now restoring: "$i $myCOL0 + elasticdump --input=tmp/$i --output=$myES$i --limit 7500 + rm tmp/$i + done; +echo $myCOL1"### Done."$myCOL0 diff --git a/bin/updateip.sh b/bin/updateip.sh new file mode 100755 index 00000000..fb9ff9cd --- /dev/null +++ b/bin/updateip.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Let's add the first local ip to the /etc/issue and external ip to ews.ip file +# If the external IP cannot be detected, the internal IP will be inherited. +source /etc/environment +myLOCALIP=$(hostname -I | awk '{ print $1 }') +myEXTIP=$(/opt/tpot/bin/myip.sh) +if [ "$myEXTIP" = "" ]; + then + myEXTIP=$myLOCALIP +fi +sed -i "s#IP:.*#IP: $myLOCALIP ($myEXTIP)#" /etc/issue +sed -i "s#SSH:.*#SSH: ssh -l tsec -p 64295 $myLOCALIP#" /etc/issue +sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue +tee /data/ews/conf/ews.ip << EOF +[MAIN] +ip = $myEXTIP +EOF +tee /opt/tpot/etc/compose/elk_environment << EOF +MY_EXTIP=$myEXTIP +MY_INTIP=$myLOCALIP +MY_HOSTNAME=$HOSTNAME +EOF +chown tpot:tpot /data/ews/conf/ews.ip +chmod 760 /data/ews/conf/ews.ip diff --git a/etc/compose/all.yml b/etc/compose/all.yml new file mode 100644 index 00000000..0662a310 --- /dev/null +++ b/etc/compose/all.yml @@ -0,0 +1,313 @@ +# T-Pot (Everything) +# For docker-compose ... +version: '2.1' + +networks: + conpot_local: + cowrie_local: + dionaea_local: + elasticpot_local: + emobility_local: + ewsposter_local: + glastopf_local: + mailoney_local: + rdpy_local: + spiderfoot_local: + ui-for-docker_local: + vnclowpot_local: + +services: + +# Conpot service + conpot: + container_name: conpot + restart: always + networks: + - conpot_local + ports: + - "1025:1025" + - "50100:50100" + image: "dtagdevsec/conpot:1710" + volumes: + - /data/conpot/log:/var/log/conpot + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + networks: + - cowrie_local + cap_add: + - NET_BIND_SERVICE + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1710" + volumes: + - /data/cowrie/downloads:/home/cowrie/cowrie/dl + - /data/cowrie/keys:/home/cowrie/cowrie/etc + - /data/cowrie/log:/home/cowrie/cowrie/log + - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty + +# Dionaea service + dionaea: + container_name: dionaea + stdin_open: true + restart: always + networks: + - dionaea_local + cap_add: + - NET_BIND_SERVICE + ports: + - "20:20" + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900/udp" + - "3306:3306" + - "5060:5060" + - "5060:5060/udp" + - "5061:5061" + - "27017:27017" + image: "dtagdevsec/dionaea:1710" + volumes: + - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp + - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp + - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www + - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp + - /data/dionaea:/opt/dionaea/var/dionaea + - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries + - /data/dionaea/log:/opt/dionaea/var/log + - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + networks: + - elasticpot_local + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1710" + volumes: + - /data/elasticpot/log:/opt/ElasticpotPY/log + +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true +# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1710" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:1710" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:1710" + volumes: + - /data:/data + - /var/log:/data/host/log + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1710" + +# Emobility service + emobility: + container_name: emobility + restart: always + networks: + - emobility_local + cap_add: + - NET_ADMIN + ports: + - "8080:8080" + image: "dtagdevsec/emobility:1710" + volumes: + - /data/emobility:/data/eMobility + - /data/ews:/data/ews + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + networks: + - glastopf_local + ports: + - "80:80" + image: "dtagdevsec/glastopf:1710" + volumes: + - /data/glastopf/db:/opt/glastopf/db + - /data/glastopf/log:/opt/glastopf/log + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1710" + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Mailoney service + mailoney: + container_name: mailoney + restart: always + networks: + - mailoney_local + ports: + - "25:2525" + image: "dtagdevsec/mailoney:1710" + volumes: + - /data/mailoney/log:/opt/mailoney/logs + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + depends_on: + elasticsearch: + condition: service_healthy + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1710" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Rdpy service + rdpy: + container_name: rdpy + restart: always + networks: + - rdpy_local + ports: + - "3389:3389" + image: "dtagdevsec/rdpy:1710" + volumes: + - /data/rdpy/log:/var/log/rdpy + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1710" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + networks: + - ui-for-docker_local + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1710" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:1710" + volumes: + - /data/suricata/log:/var/log/suricata + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:1710" + volumes: + - /data/p0f/log:/var/log/p0f + +# Vnclowpot service + vnclowpot: + container_name: vnclowpot + restart: always + networks: + - vnclowpot_local + ports: + - "5900:5900" + image: "dtagdevsec/vnclowpot:1710" + volumes: + - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/etc/compose/hp.yml b/etc/compose/hp.yml new file mode 100644 index 00000000..04649b80 --- /dev/null +++ b/etc/compose/hp.yml @@ -0,0 +1,156 @@ +# T-Pot (HP) +# For docker-compose ... +version: '2.1' + +networks: + cowrie_local: + dionaea_local: + elasticpot_local: + ewsposter_local: + glastopf_local: + mailoney_local: + rdpy_local: + vnclowpot_local: + +services: + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + networks: + - cowrie_local + cap_add: + - NET_BIND_SERVICE + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1710" + volumes: + - /data/cowrie/downloads:/home/cowrie/cowrie/dl + - /data/cowrie/keys:/home/cowrie/cowrie/etc + - /data/cowrie/log:/home/cowrie/cowrie/log + - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty + +# Dionaea service + dionaea: + container_name: dionaea + stdin_open: true + restart: always + networks: + - dionaea_local + cap_add: + - NET_BIND_SERVICE + ports: + - "20:20" + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900/udp" + - "3306:3306" + - "5060:5060" + - "5060:5060/udp" + - "5061:5061" + - "27017:27017" + image: "dtagdevsec/dionaea:1710" + volumes: + - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp + - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp + - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www + - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp + - /data/dionaea:/opt/dionaea/var/dionaea + - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries + - /data/dionaea/log:/opt/dionaea/var/log + - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + networks: + - elasticpot_local + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1710" + volumes: + - /data/elasticpot/log:/opt/ElasticpotPY/log + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + networks: + - glastopf_local + ports: + - "80:80" + image: "dtagdevsec/glastopf:1710" + volumes: + - /data/glastopf/db:/opt/glastopf/db + - /data/glastopf/log:/opt/glastopf/log + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1710" + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Mailoney service + mailoney: + container_name: mailoney + restart: always + networks: + - mailoney_local + ports: + - "25:2525" + image: "dtagdevsec/mailoney:1710" + volumes: + - /data/mailoney/log:/opt/mailoney/logs + +# Rdpy service + rdpy: + container_name: rdpy + restart: always + networks: + - rdpy_local + ports: + - "3389:3389" + image: "dtagdevsec/rdpy:1710" + volumes: + - /data/rdpy/log:/var/log/rdpy + +# Vnclowpot service + vnclowpot: + container_name: vnclowpot + restart: always + networks: + - vnclowpot_local + ports: + - "5900:5900" + image: "dtagdevsec/vnclowpot:1710" + volumes: + - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml new file mode 100644 index 00000000..847b05af --- /dev/null +++ b/etc/compose/industrial.yml @@ -0,0 +1,176 @@ +# T-Pot (Industrial) +# For docker-compose ... +version: '2.1' + +networks: + conpot_local: + emobility_local: + ewsposter_local: + spiderfoot_local: + ui-for-docker_local: + +services: + +# Conpot service + conpot: + container_name: conpot + restart: always + networks: + - conpot_local + ports: + - "1025:1025" + - "50100:50100" + image: "dtagdevsec/conpot:1710" + volumes: + - /data/conpot/log:/var/log/conpot + +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true +# - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1710" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:1710" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:1710" + volumes: + - /data:/data + - /var/log:/data/host/log + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1710" + +# Emobility service + emobility: + container_name: emobility + restart: always + networks: + - emobility_local + cap_add: + - NET_ADMIN + ports: + - "8080:8080" + image: "dtagdevsec/emobility:1710" + volumes: + - /data/emobility:/data/eMobility + - /data/ews:/data/ews + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + depends_on: + elasticsearch: + condition: service_healthy + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1710" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1710" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + networks: + - ui-for-docker_local + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1710" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:1710" + volumes: + - /data/suricata/log:/var/log/suricata + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:1710" + volumes: + - /data/p0f/log:/var/log/p0f diff --git a/etc/compose/tpot.yml b/etc/compose/tpot.yml new file mode 100644 index 00000000..7d09982d --- /dev/null +++ b/etc/compose/tpot.yml @@ -0,0 +1,283 @@ +# T-Pot (Standard) +# For docker-compose ... +version: '2.1' + +networks: + cowrie_local: + dionaea_local: + elasticpot_local: + ewsposter_local: + glastopf_local: + mailoney_local: + rdpy_local: + spiderfoot_local: + ui-for-docker_local: + vnclowpot_local: + +services: + +# Cowrie service + cowrie: + container_name: cowrie + restart: always + networks: + - cowrie_local + cap_add: + - NET_BIND_SERVICE + ports: + - "22:2222" + - "23:2223" + image: "dtagdevsec/cowrie:1710" + volumes: + - /data/cowrie/downloads:/home/cowrie/cowrie/dl + - /data/cowrie/keys:/home/cowrie/cowrie/etc + - /data/cowrie/log:/home/cowrie/cowrie/log + - /data/cowrie/log/tty:/home/cowrie/cowrie/log/tty + +# Dionaea service + dionaea: + container_name: dionaea + stdin_open: true + restart: always + networks: + - dionaea_local + cap_add: + - NET_BIND_SERVICE + ports: + - "20:20" + - "21:21" + - "42:42" + - "69:69/udp" + - "8081:80" + - "135:135" + - "443:443" + - "445:445" + - "1433:1433" + - "1723:1723" + - "1883:1883" + - "1900:1900/udp" + - "3306:3306" + - "5060:5060" + - "5060:5060/udp" + - "5061:5061" + - "27017:27017" + image: "dtagdevsec/dionaea:1710" + volumes: + - /data/dionaea/roots/ftp:/opt/dionaea/var/dionaea/roots/ftp + - /data/dionaea/roots/tftp:/opt/dionaea/var/dionaea/roots/tftp + - /data/dionaea/roots/www:/opt/dionaea/var/dionaea/roots/www + - /data/dionaea/roots/upnp:/opt/dionaea/var/dionaea/roots/upnp + - /data/dionaea:/opt/dionaea/var/dionaea + - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries + - /data/dionaea/log:/opt/dionaea/var/log + - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp + +# Elasticpot service + elasticpot: + container_name: elasticpot + restart: always + networks: + - elasticpot_local + ports: + - "9200:9200" + image: "dtagdevsec/elasticpot:1710" + volumes: + - /data/elasticpot/log:/opt/ElasticpotPY/log + +# ELK services +## Elasticsearch service + elasticsearch: + container_name: elasticsearch + restart: always + environment: + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + cap_add: + - IPC_LOCK + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 +# mem_limit: 2g + ports: + - "127.0.0.1:64298:9200" + image: "dtagdevsec/elasticsearch:1710" + volumes: + - /data:/data + +## Kibana service + kibana: + container_name: kibana + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64296:5601" + image: "dtagdevsec/kibana:1710" + +## Logstash service + logstash: + container_name: logstash + restart: always + depends_on: + elasticsearch: + condition: service_healthy + env_file: + - /opt/tpot/etc/compose/elk_environment + image: "dtagdevsec/logstash:1710" + volumes: + - /data:/data + - /var/log:/data/host/log + +## Elasticsearch-head service + head: + container_name: head + restart: always + depends_on: + elasticsearch: + condition: service_healthy + ports: + - "127.0.0.1:64302:9100" + image: "dtagdevsec/head:1710" + +# Ewsposter service + ewsposter: + container_name: ewsposter + restart: always + networks: + - ewsposter_local + image: "dtagdevsec/ewsposter:1710" + volumes: + - /data:/data + - /data/ews/conf/ews.ip:/opt/ewsposter/ews.ip + +# Glastopf service + glastopf: + container_name: glastopf + restart: always + networks: + - glastopf_local + ports: + - "80:80" + image: "dtagdevsec/glastopf:1710" + volumes: + - /data/glastopf/db:/opt/glastopf/db + - /data/glastopf/log:/opt/glastopf/log + +# Honeytrap service + honeytrap: + container_name: honeytrap + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + image: "dtagdevsec/honeytrap:1710" + volumes: + - /data/honeytrap/attacks:/opt/honeytrap/var/attacks + - /data/honeytrap/downloads:/opt/honeytrap/var/downloads + - /data/honeytrap/log:/opt/honeytrap/var/log + +# Mailoney service + mailoney: + container_name: mailoney + restart: always + networks: + - mailoney_local + ports: + - "25:2525" + image: "dtagdevsec/mailoney:1710" + volumes: + - /data/mailoney/log:/opt/mailoney/logs + +# Netdata service + netdata: + container_name: netdata + restart: always + network_mode: "host" + depends_on: + elasticsearch: + condition: service_healthy + cap_add: + - SYS_PTRACE + security_opt: + - apparmor=unconfined + image: "dtagdevsec/netdata:1710" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock + +# Rdpy service + rdpy: + container_name: rdpy + restart: always + networks: + - rdpy_local + ports: + - "3389:3389" + image: "dtagdevsec/rdpy:1710" + volumes: + - /data/rdpy/log:/var/log/rdpy + +# Spiderfoot service + spiderfoot: + container_name: spiderfoot + restart: always + networks: + - spiderfoot_local + ports: + - "127.0.0.1:64303:8080" + image: "dtagdevsec/spiderfoot:1710" + volumes: + - /data/spiderfoot/spiderfoot.db:/home/spiderfoot/spiderfoot.db + +# Ui-for-docker service + ui-for-docker: + container_name: ui-for-docker + command: -H unix:///var/run/docker.sock --no-auth + restart: always + networks: + - ui-for-docker_local + ports: + - "127.0.0.1:64299:9000" + image: "dtagdevsec/ui-for-docker:1710" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + +# Suricata service + suricata: + container_name: suricata + restart: always + network_mode: "host" + cap_add: + - NET_ADMIN + - SYS_NICE + - NET_RAW + image: "dtagdevsec/suricata:1710" + volumes: + - /data/suricata/log:/var/log/suricata + +# P0f service + p0f: + container_name: p0f + restart: always + network_mode: "host" + image: "dtagdevsec/p0f:1710" + volumes: + - /data/p0f/log:/var/log/p0f + +# Vnclowpot service + vnclowpot: + container_name: vnclowpot + restart: always + networks: + - vnclowpot_local + ports: + - "5900:5900" + image: "dtagdevsec/vnclowpot:1710" + volumes: + - /data/vnclowpot/log:/var/log/vnclowpot diff --git a/etc/curator/actions.yml b/etc/curator/actions.yml new file mode 100644 index 00000000..fe48bfb9 --- /dev/null +++ b/etc/curator/actions.yml @@ -0,0 +1,26 @@ +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete indices older than 90 days (based on index name), for logstash- + prefixed indices. Ignore the error if the filter does not result in an + actionable list of indices (ignore_empty_list) and exit cleanly. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: prefix + value: logstash- + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 90 diff --git a/etc/curator/curator.yml b/etc/curator/curator.yml new file mode 100644 index 00000000..715bcd06 --- /dev/null +++ b/etc/curator/curator.yml @@ -0,0 +1,21 @@ +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +client: + hosts: + - 127.0.0.1 + port: 64298 + url_prefix: + use_ssl: False + certificate: + client_cert: + client_key: + ssl_no_validate: False + http_auth: + timeout: 30 + master_only: False + +logging: + loglevel: INFO + logfile: /var/log/curator.log + logformat: default + blacklist: ['elasticsearch', 'urllib3'] diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf new file mode 100644 index 00000000..85d889bb --- /dev/null +++ b/etc/logrotate/logrotate.conf @@ -0,0 +1,38 @@ +/data/conpot/log/conpot.json +/data/conpot/log/conpot.log +/data/cowrie/log/cowrie.json +/data/cowrie/log/cowrie-textlog.log +/data/cowrie/log/lastlog.txt +/data/cowrie/log/ttylogs.tgz +/data/cowrie/downloads.tgz +/data/dionaea/log/dionaea.json +/data/dionaea/log/dionaea.sqlite +/data/dionaea/bistreams.tgz +/data/dionaea/binaries.tgz +/data/dionaea/dionaea-errors.log +/data/elasticpot/log/elasticpot.log +/data/elk/log/*.log +/data/emobility/log/centralsystem.log +/data/emobility/log/centralsystemEWS.log +/data/glastopf/log/glastopf.log +/data/glastopf/db/glastopf.db +/data/honeytrap/log/*.log +/data/honeytrap/log/*.json +/data/honeytrap/attacks.tgz +/data/honeytrap/downloads.tgz +/data/mailoney/log/commands.log +/data/p0f/log/p0f.json +/data/rdpy/log/rdpy.log +/data/suricata/log/*.log +/data/suricata/log/*.json +/data/vnclowpot/log/vnclowpot.log +{ + su tpot tpot + copytruncate + create 760 tpot tpot + daily + missingok + notifempty + rotate 30 + compress +} diff --git a/etc/objects/elkbase.tgz b/etc/objects/elkbase.tgz new file mode 100644 index 00000000..23a09abc Binary files /dev/null and b/etc/objects/elkbase.tgz differ diff --git a/etc/objects/kibana-objects.tgz b/etc/objects/kibana-objects.tgz new file mode 100644 index 00000000..2382ef87 Binary files /dev/null and b/etc/objects/kibana-objects.tgz differ diff --git a/host/etc/dialogrc b/host/etc/dialogrc new file mode 100644 index 00000000..bb53e1b8 --- /dev/null +++ b/host/etc/dialogrc @@ -0,0 +1,144 @@ +# +# Run-time configuration file for dialog +# +# Automatically generated by "dialog --create-rc " +# +# +# Types of values: +# +# Number - +# String - "string" +# Boolean - +# Attribute - (foreground,background,highlight?) + +# Set aspect-ration. +aspect = 0 + +# Set separator (for multiple widgets output). +separate_widget = "" + +# Set tab-length (for textbox tab-conversion). +tab_len = 0 + +# Make tab-traversal for checklist, etc., include the list. +visit_items = OFF + +# Shadow dialog boxes? This also turns on color. +use_shadow = ON + +# Turn color support ON or OFF +use_colors = ON + +# Screen color +screen_color = (WHITE,MAGENTA,ON) + +# Shadow color +shadow_color = (BLACK,BLACK,ON) + +# Dialog box color +dialog_color = (BLACK,WHITE,OFF) + +# Dialog box title color +title_color = (MAGENTA,WHITE,OFF) + +# Dialog box border color +border_color = (WHITE,WHITE,ON) + +# Active button color +button_active_color = (WHITE,MAGENTA,OFF) + +# Inactive button color +button_inactive_color = dialog_color + +# Active button key color +button_key_active_color = button_active_color + +# Inactive button key color +button_key_inactive_color = (RED,WHITE,OFF) + +# Active button label color +button_label_active_color = (YELLOW,MAGENTA,ON) + +# Inactive button label color +button_label_inactive_color = (BLACK,WHITE,OFF) + +# Input box color +inputbox_color = dialog_color + +# Input box border color +inputbox_border_color = dialog_color + +# Search box color +searchbox_color = dialog_color + +# Search box title color +searchbox_title_color = title_color + +# Search box border color +searchbox_border_color = border_color + +# File position indicator color +position_indicator_color = title_color + +# Menu box color +menubox_color = dialog_color + +# Menu box border color +menubox_border_color = border_color + +# Item color +item_color = dialog_color + +# Selected item color +item_selected_color = button_active_color + +# Tag color +tag_color = title_color + +# Selected tag color +tag_selected_color = button_label_active_color + +# Tag key color +tag_key_color = button_key_inactive_color + +# Selected tag key color +tag_key_selected_color = (RED,MAGENTA,ON) + +# Check box color +check_color = dialog_color + +# Selected check box color +check_selected_color = button_active_color + +# Up arrow color +uarrow_color = (MAGENTA,WHITE,ON) + +# Down arrow color +darrow_color = uarrow_color + +# Item help-text color +itemhelp_color = (WHITE,BLACK,OFF) + +# Active form text color +form_active_text_color = button_active_color + +# Form text color +form_text_color = (WHITE,CYAN,ON) + +# Readonly form item color +form_item_readonly_color = (CYAN,WHITE,ON) + +# Dialog box gauge color +gauge_color = title_color + +# Dialog box border2 color +border2_color = dialog_color + +# Input box border2 color +inputbox_border2_color = dialog_color + +# Search box border2 color +searchbox_border2_color = dialog_color + +# Menu box border2 color +menubox_border2_color = dialog_color diff --git a/host/etc/issue b/host/etc/issue new file mode 100644 index 00000000..30dc8604 --- /dev/null +++ b/host/etc/issue @@ -0,0 +1,20 @@ + +┌──────────────────────────────────────────────┐ +│ _____ ____ _ _ _____ _ ___ │ +│|_ _| | _ \\ ___ | |_ / |___ / |/ _ \\ │ +│ | |_____| |_) / _ \\| __| | | / /| | | | |│ +│ | |_____| __/ (_) | |_ | | / /_| | |_| |│ +│ |_| |_| \\___/ \\__| |_|/_/(_)_|\\___/ │ +│ │ +└──────────────────────────────────────────────┘ + + +,---- [ \n ] [ \d ] [ \t ] +| +| IP: +| SSH: +| WEB: +| +`---- + + diff --git a/host/etc/nginx/nginx.conf b/host/etc/nginx/nginx.conf new file mode 100644 index 00000000..2e3e786e --- /dev/null +++ b/host/etc/nginx/nginx.conf @@ -0,0 +1,96 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + log_format le_json '{ "timestamp": "$time_iso8601", ' + '"src_ip": "$remote_addr", ' + '"remote_user": "$remote_user", ' + '"body_bytes_sent": "$body_bytes_sent", ' + '"request_time": "$request_time", ' + '"status": "$status", ' + '"request": "$request", ' + '"request_method": "$request_method", ' + '"http_referrer": "$http_referer", ' + '"http_user_agent": "$http_user_agent" }'; + + access_log /var/log/nginx/access.log le_json; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/host/etc/nginx/ssl/dhparam4096.pem b/host/etc/nginx/ssl/dhparam4096.pem new file mode 100644 index 00000000..78cbf6d7 --- /dev/null +++ b/host/etc/nginx/ssl/dhparam4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEAiHmfakVLOStSULBdaTbZY/zeFyEeQ19GY9Z5CJg06dIIgIzhxk9L +4xsQdQk8giKOjP6SfX0ZgF5CYaurQ3ljYlP0UlAQQo9+fEErbqj3hCzAxtIpd6Yj +SV6zFdnSjwxWuKAPPywiQNljnHH+Y1KBdbl5VQ9gC3ehtaLo1A4y8q96f6fC5rGU +nfgw4lTxLvPD7NwaOdFTCyK8tTxvUGNJIvf7805IxZ0BvAiBuVaXStaMcqf5BHLP +fYpvIiVaCrtto4elu18nL0tf2CN5n9ai4hlr0nPmNrE/Zrrur78Re5F4Ien9kr4d +xabXvVJJQa9j2NdQO7vk7Cz/dAIiqt/1XKFhll4TTYBqrFVXIwF+FNx636zyOjcO +nlZk/V+IL/UTPnZOv2PGt5+WetvJJubi6B9XgOgVLduI07woAp5qnRJJt6fJW1aA +M86By6WLy5P31Py6eFj8nYgj1V703XgQ5lESKYpeVgqA0bh7daNzOCoGQvvUKlTP +RTu6fs7clw5ta4yYUyvuIKTngH5yGBNdTuP0GWo6Y+Dy1BctVwl2xSw+FhYeuIf/ +EB2A3129H59HhbWyNH337+1dfntHfQRXBsT0YSyDxPurI5/FNGcmw+GZEYk4BB8j +g7TwH3GBjbKnjnr7SnhanqmWgybgQw6oR9gDC399eR4LiOk9sbxpX1MCAQI= +-----END DH PARAMETERS----- diff --git a/host/etc/nginx/ssl/gen-cert.sh b/host/etc/nginx/ssl/gen-cert.sh new file mode 100644 index 00000000..388e51ee --- /dev/null +++ b/host/etc/nginx/ssl/gen-cert.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# Got root? +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + exit +fi + +openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "nginx.key" -out "nginx.crt" -days 3650 + diff --git a/host/etc/nginx/ssl/gen-dhparam.sh b/host/etc/nginx/ssl/gen-dhparam.sh new file mode 100644 index 00000000..b4af43e6 --- /dev/null +++ b/host/etc/nginx/ssl/gen-dhparam.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Got root? +myWHOAMI=$(whoami) +if [ "$myWHOAMI" != "root" ] + then + echo "Need to run as root ..." + exit +fi + +if [ "$1" = "2048" ] || [ "$1" = "4096" ] || [ "$1" = "8192" ] + then + openssl dhparam -outform PEM -out dhparam$1.pem $1 + else + echo "Usage: ./gen-dhparam [2048, 4096, 8192]..." +fi diff --git a/host/etc/nginx/tpotweb.conf b/host/etc/nginx/tpotweb.conf new file mode 100644 index 00000000..00eb95ee --- /dev/null +++ b/host/etc/nginx/tpotweb.conf @@ -0,0 +1,155 @@ +############################################ +### NGINX T-Pot configuration file by mo ### +############################################ + +################################### +### Allow for 60 reloads per minute +################################### +limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s; + +server { + + ######################### + ### Basic server settings + ######################### + listen 64297 ssl http2; + index tpotweb.html; + ssl_protocols TLSv1.2; + server_name example.com; + error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html; + + + ############################################## + ### Remove version number add different header + ############################################## + server_tokens off; + more_set_headers 'Server: apache'; + + + ############################################## + ### SSL settings and Cipher Suites + ############################################## + ssl_certificate /etc/nginx/ssl/nginx.crt; + ssl_certificate_key /etc/nginx/ssl/nginx.key; + + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256'; + ssl_ecdh_curve secp384r1; + ssl_dhparam /etc/nginx/ssl/dhparam4096.pem; + + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + + #################################### + ### OWASP recommendations / settings + #################################### + + ### Size Limits & Buffer Overflows + ### the size may be configured based on the needs. + client_body_buffer_size 100K; + client_header_buffer_size 1k; + client_max_body_size 100k; + large_client_header_buffers 2 1k; + + ### Mitigate Slow HHTP DoS Attack + ### Timeouts definition ## + client_body_timeout 10; + client_header_timeout 10; + keepalive_timeout 5 5; + send_timeout 10; + + ### X-Frame-Options is to prevent from clickJacking attack + add_header X-Frame-Options SAMEORIGIN; + + ### disable content-type sniffing on some browsers. + add_header X-Content-Type-Options nosniff; + + ### This header enables the Cross-site scripting (XSS) filter + add_header X-XSS-Protection "1; mode=block"; + + ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + + + ################################## + ### Restrict access and basic auth + ################################## + + # satisfy all; + satisfy any; + + # allow 10.0.0.0/8; + # allow 172.16.0.0/12; + # allow 192.168.0.0/16; + allow 127.0.0.1; + allow ::1; + deny all; + + auth_basic "closed site"; + auth_basic_user_file /etc/nginx/nginxpasswd; + + + ############################## + ### Limit brute-force attempts + ############################## + location = / { + limit_req zone=base burst=1 nodelay; + } + + + ################# + ### Proxied sites + ################# + + ### Kibana + location /kibana/ { + proxy_pass http://localhost:64296; + rewrite /kibana/(.*)$ /$1 break; + } + + ### ES + location /es/ { + proxy_pass http://localhost:64298/; + rewrite /es/(.*)$ /$1 break; + } + + ### head standalone + location /myhead/ { + proxy_pass http://localhost:64302/; + rewrite /myhead/(.*)$ /$1 break; + } + + ### portainer + location /ui { + proxy_pass http://127.0.0.1:64299; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_redirect off; + rewrite /ui/(.*)$ /$1 break; + } + ### web tty + location /wetty { + proxy_pass http://127.0.0.1:64300/wetty; + } + + ### netdata + location /netdata/ { + proxy_pass http://localhost:64301; + rewrite /netdata/(.*)$ /$1 break; + } + + ### spiderfoot + location /spiderfoot { + proxy_pass http://127.0.0.1:64303; + } + + location /static { + proxy_pass http://127.0.0.1:64303/spiderfoot/static; + } + + location /scanviz { + proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz; + } +} diff --git a/host/etc/rc.local b/host/etc/rc.local new file mode 100755 index 00000000..06bd9865 --- /dev/null +++ b/host/etc/rc.local @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/host/etc/systemd/tpot.service b/host/etc/systemd/tpot.service new file mode 100644 index 00000000..bcad4477 --- /dev/null +++ b/host/etc/systemd/tpot.service @@ -0,0 +1,57 @@ +[Unit] +Description=tpot +Requires=docker.service +After=docker.service + +[Service] +Restart=always +RestartSec=5 + +# Get and set internal, external IP infos, but ignore errors +ExecStartPre=-/opt/tpot/bin/updateip.sh + +# Clear state or if persistence is enabled rotate and compress logs from /data +ExecStartPre=-/bin/bash -c '/opt/tpot/bin/clean.sh on' + +# Remove old containers, images and volumes +ExecStartPre=-/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v +ExecStartPre=-/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml rm -v +ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)' +ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)' +ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "" | awk \'{print $3}\')' + +# Get IF, disable offloading, enable promiscious mode for p0f and suricata +ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off' +ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off' +ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on' + +# Modify access rights on docker.sock for netdata +ExecStartPre=-/bin/chmod 666 /var/run/docker.sock + +# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE +# Forward all other connections to honeytrap / NFQUEUE +ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE + +# Compose T-Pot up +ExecStart=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color + +# Compose T-Pot down, remove containers and volumes +ExecStop=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v + +# Remove only previously set iptables rules +ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE + +[Install] +WantedBy=multi-user.target diff --git a/host/etc/systemd/wetty.service b/host/etc/systemd/wetty.service new file mode 100644 index 00000000..5f6b9717 --- /dev/null +++ b/host/etc/systemd/wetty.service @@ -0,0 +1,13 @@ +[Unit] +Description=wetty +Requires=sshd.service +After=sshd.service + +[Service] +Restart=always +User=tsec +Group=tsec +ExecStart=/usr/bin/node /usr/local/lib/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295 + +[Install] +WantedBy=multi-user.target diff --git a/host/usr/share/dict/a.txt b/host/usr/share/dict/a.txt new file mode 100644 index 00000000..a663034c --- /dev/null +++ b/host/usr/share/dict/a.txt @@ -0,0 +1,1466 @@ +average +big +colossal +fat +giant +gigantic +great +huge +immense +large +little +long +mammoth +massive +miniature +petite +puny +short +small +tall +tiny +boiling +breezy +broken +bumpy +chilly +cold +cool +creepy +crooked +cuddly +curly +damaged +damp +dirty +dry +dusty +filthy +flaky +fluffy +wet +broad +chubby +crooked +curved +deep +flat +high +hollow +low +narrow +round +shallow +skinny +square +steep +straight +wide +ancient +brief +early +fast +late +long +modern +old +oldfashioned +quick +rapid +short +slow +swift +young +abundant +empty +few +heavy +light +many +numerous +Sound +cooing +deafening +faint +harsh +highpitched +hissing +hushed +husky +loud +melodic +moaning +mute +noisy +purring +quiet +raspy +resonant +screeching +shrill +silent +soft +squealing +thundering +voiceless +whispering +bitter +delicious +fresh +juicy +ripe +rotten +salty +sour +spicy +stale +sticky +strong +sweet +tasteless +tasty +thirsty +fluttering +fuzzy +greasy +grubby +hard +hot +icy +loose +melted +plastic +prickly +rainy +rough +scattered +shaggy +shaky +sharp +shivering +silky +slimy +slippery +smooth +soft +solid +steady +sticky +tender +tight +uneven +weak +wet +wooden +afraid +angry +annoyed +anxious +arrogant +ashamed +awful +bad +bewildered +bored +combative +condemned +confused +creepy +cruel +dangerous +defeated +defiant +depressed +disgusted +disturbed +eerie +embarrassed +envious +evil +fierce +foolish +frantic +frightened +grieving +helpless +homeless +hungry +hurt +ill +jealous +lonely +mysterious +naughty +nervous +obnoxious +outrageous +panicky +repulsive +scary +scornful +selfish +sore +tense +terrible +thoughtless +tired +troubled +upset +uptight +weary +wicked +worried +agreeable +amused +brave +calm +charming +cheerful +comfortable +cooperative +courageous +delightful +determined +eager +elated +enchanting +encouraging +energetic +enthusiastic +excited +exuberant +fair +faithful +fantastic +fine +friendly +funny +gentle +glorious +good +happy +healthy +helpful +hilarious +jolly +joyous +kind +lively +lovely +lucky +obedient +perfect +pleasant +proud +relieved +silly +smiling +splendid +successful +thoughtful +victorious +vivacious +witty +wonderful +zealous +zany +other +good +new +old +great +high +small +different +large +local +social +important +long +young +national +british +right +early +possible +big +little +political +able +late +general +full +far +low +public +available +bad +main +sure +clear +major +economic +only +likely +real +black +particular +international +special +difficult +certain +open +whole +white +free +short +easy +strong +european +central +similar +human +common +necessary +single +personal +hard +private +poor +financial +wide +foreign +simple +recent +concerned +american +various +close +fine +english +wrong +present +royal +natural +individual +nice +french +following +current +modern +labour +legal +happy +final +red +normal +serious +previous +total +prime +significant +industrial +sorry +dead +specific +appropriate +top +soviet +basic +military +original +successful +aware +hon +popular +heavy +professional +direct +dark +cold +ready +green +useful +effective +western +traditional +scottish +german +independent +deep +interesting +considerable +involved +physical +left +hot +existing +responsible +complete +medical +blue +extra +past +male +interested +fair +essential +beautiful +civil +primary +obvious +future +environmental +positive +senior +nuclear +annual +relevant +huge +rich +commercial +safe +regional +practical +official +separate +key +chief +regular +due +additional +active +powerful +complex +standard +impossible +light +warm +middle +fresh +sexual +front +domestic +actual +united +technical +ordinary +cheap +strange +internal +excellent +quiet +soft +potential +northern +religious +quick +very +famous +cultural +proper +broad +joint +formal +limited +conservative +lovely +usual +ltd +unable +rural +initial +substantial +christian +bright +average +leading +reasonable +immediate +suitable +equal +detailed +working +overall +female +afraid +democratic +growing +sufficient +scientific +eastern +correct +inc +irish +expensive +educational +mental +dangerous +critical +increased +familiar +unlikely +double +perfect +slow +tiny +dry +historical +thin +daily +southern +increasing +wild +alone +urban +empty +married +narrow +liberal +supposed +upper +apparent +tall +busy +bloody +prepared +russian +moral +careful +clean +attractive +japanese +vital +thick +alternative +fast +ancient +elderly +rare +external +capable +brief +wonderful +grand +typical +entire +grey +constant +vast +surprised +ideal +terrible +academic +funny +minor +pleased +severe +ill +corporate +negative +permanent +weak +brown +fundamental +odd +crucial +inner +used +criminal +contemporary +sharp +sick +near +roman +massive +unique +secondary +parliamentary +african +unknown +subsequent +angry +alive +guilty +lucky +enormous +well +communist +yellow +unusual +net +longterm +tough +dear +extensive +glad +remaining +agricultural +alright +healthy +italian +principal +tired +efficient +comfortable +chinese +relative +friendly +conventional +willing +sudden +proposed +voluntary +slight +valuable +dramatic +golden +temporary +federal +keen +flat +silent +indian +videotaped +worried +pale +statutory +welsh +dependent +firm +wet +competitive +armed +radical +outside +acceptable +sensitive +living +pure +global +emotional +sad +secret +rapid +adequate +fixed +sweet +administrative +wooden +remarkable +comprehensive +surprising +solid +rough +mere +mass +brilliant +maximum +absolute +tory +electronic +visual +electric +cool +spanish +literary +continuing +supreme +chemical +genuine +exciting +written +stupid +advanced +extreme +classical +fit +favourite +socialist +widespread +confident +straight +catholic +proud +numerous +opposite +distinct +mad +helpful +given +disabled +consistent +anxious +nervous +awful +stable +constitutional +satisfied +conscious +developing +strategic +holy +smooth +dominant +remote +theoretical +outstanding +pink +pretty +clinical +minimum +honest +impressive +related +residential +extraordinary +plain +visible +accurate +distant +still +greek +complicated +musical +precise +gentle +broken +live +silly +fat +tight +monetary +round +psychological +violent +unemployed +inevitable +junior +sensible +grateful +pleasant +dirty +structural +welcome +socalled +deaf +above +continuous +blind +overseas +mean +entitled +delighted +loose +occasional +evident +desperate +fellow +universal +square +steady +classic +equivalent +intellectual +victorian +level +ultimate +creative +lost +medieval +clever +linguistic +convinced +judicial +raw +sophisticated +asleep +vulnerable +illegal +outer +revolutionary +bitter +changing +australian +native +imperial +strict +wise +informal +flexible +collective +frequent +experimental +spiritual +intense +rational +ethnic +generous +inadequate +prominent +logical +bare +historic +modest +dutch +acute +electrical +valid +weekly +gross +automatic +loud +reliable +mutual +liable +multiple +ruling +curious +arab +sole +jewish +managing +pregnant +latin +nearby +exact +underlying +identical +satisfactory +marginal +distinctive +electoral +urgent +presidential +controversial +oral +everyday +encouraging +organic +continued +expected +statistical +desirable +innocent +improved +exclusive +marked +experienced +unexpected +superb +sheer +disappointed +frightened +fulltime +gastric +capitalist +romantic +naked +reluctant +magnificent +convenient +established +closed +uncertain +artificial +diplomatic +tremendous +marine +mechanical +retail +institutional +mixed +required +biological +known +functional +straightforward +superior +digital +parttime +spectacular +unhappy +confused +unfair +aggressive +spare +painful +abstract +asian +associated +legislative +monthly +intelligent +hungry +explicit +nasty +just +faint +coloured +ridiculous +amazing +comparable +successive +workingclass +realistic +back +decent +unnecessary +flying +fucking +random +influential +dull +genetic +neat +marvellous +crazy +damp +giant +secure +bottom +skilled +subtle +elegant +brave +lesser +parallel +steep +intensive +casual +tropical +lonely +partial +preliminary +concrete +alleged +assistant +vertical +upset +delicate +mild +occupational +excessive +progressive +iraqi +exceptional +integrated +striking +continental +okay +harsh +combined +fierce +handsome +characteristic +chronic +compulsory +interim +objective +splendid +magic +shortterm +systematic +obliged +payable +fun +horrible +primitive +fascinating +ideological +metropolitan +surrounding +estimated +peaceful +premier +operational +technological +kind +advisory +hostile +precious +gay +accessible +determined +excited +impressed +provincial +smart +endless +isolated +postwar +drunk +geographical +like +dynamic +boring +forthcoming +unfortunate +definite +super +notable +indirect +stiff +wealthy +awkward +lively +neutral +artistic +content +mature +colonial +ambitious +evil +magnetic +verbal +legitimate +sympathetic +wellknown +empirical +head +shallow +vague +naval +depressed +shared +added +shocked +mid +worthwhile +qualified +missing +blank +absent +favourable +polish +israeli +developed +profound +representative +enthusiastic +dreadful +rigid +reduced +cruel +coastal +peculiar +racial +ugly +swiss +crude +extended +selected +eager +feminist +canadian +bold +relaxed +corresponding +running +planned +applicable +immense +allied +comparative +uncomfortable +conservation +productive +beneficial +bored +charming +minimal +mobile +turkish +orange +rear +passive +suspicious +overwhelming +fatal +resulting +symbolic +registered +neighbouring +calm +irrelevant +patient +compact +profitable +rival +loyal +moderate +distinguished +interior +noble +insufficient +eligible +mysterious +varying +middleclass +managerial +molecular +olympic +linear +prospective +printed +parental +diverse +elaborate +furious +fiscal +burning +useless +semantic +embarrassed +inherent +philosophical +deliberate +awake +variable +promising +unpleasant +varied +sacred +selective +inclined +tender +hidden +worthy +intermediate +sound +protective +fortunate +slim +islamic +defensive +divine +stuck +driving +invisible +misleading +circular +mathematical +inappropriate +liquid +persistent +solar +doubtful +manual +architectural +intact +incredible +devoted +prior +tragic +respectable +optimistic +convincing +unacceptable +decisive +competent +spatial +respective +binding +relieved +nursing +toxic +select +redundant +integral +then +probable +amateur +fond +passing +specified +territorial +horizontal +oldfashioned +inland +cognitive +regulatory +miserable +resident +polite +scared +marxist +gothic +civilian +instant +lengthy +adverse +korean +unconscious +anonymous +aesthetic +orthodox +static +unaware +costly +fantastic +foolish +fashionable +causal +compatible +wee +implicit +dual +ok +cheerful +subjective +forward +surviving +exotic +purple +cautious +visiting +aggregate +ethical +protestant +teenage +largescale +dying +disastrous +delicious +confidential +underground +thorough +grim +autonomous +atomic +frozen +colourful +injured +uniform +ashamed +glorious +wicked +coherent +rising +shy +novel +balanced +delightful +arbitrary +adjacent +psychiatric +worrying +weird +unchanged +rolling +evolutionary +intimate +sporting +disciplinary +formidable +lexical +noisy +gradual +accused +homeless +supporting +coming +renewed +excess +retired +rubber +chosen +outdoor +embarrassing +preferred +bizarre +appalling +agreed +imaginative +governing +accepted +vocational +palestinian +mighty +puzzled +worldwide +handicapped +organisational +sunny +eldest +eventual +spontaneous +vivid +rude +nineteenthcentury +faithful +ministerial +innovative +controlled +conceptual +unwilling +civic +meaningful +disturbing +alive +brainy +breakable +busy +careful +cautious +clever +concerned +crazy +curious +dead +different +difficult +doubtful +easy +famous +fragile +helpful +helpless +important +impossible +innocent +inquisitive +modern +open +outstanding +poor +powerful +puzzled +real +rich +shy +sleepy +stupid +super +tame +uninterested +wandering +wild +wrong +adorable +alert +average +beautiful +blonde +bloody +blushing +bright +clean +clear +cloudy +colorful +crowded +cute +dark +drab +distinct +dull +elegant +fancy +filthy +glamorous +gleaming +graceful +grotesque +homely +light +misty +motionless +muddy +plain +poised +quaint +shiny +smoggy +sparkling +spotless +stormy +strange +ugly +unsightly +unusual +bad +better +beautiful +big +black +blue +bright +clumsy +crazy +dizzy +dull +fat +frail +friendly +funny +great +green +gigantic +gorgeous +grumpy +handsome +happy +horrible +itchy +jittery +jolly +kind +long +lazy +magnificent +magenta +many +mighty +mushy +nasty +new +nice +nosy +nutty +nutritious +odd +orange +ordinary +pretty +precious +prickly +purple +quaint +quiet +quick +quickest +rainy +rare +ratty +red +roasted +robust +round +sad +scary +scrawny +short +silly +stingy +strange +striped +spotty +tart +tall +tame +tan +tender +testy +tricky +tough +ugly +ugliest +vast +watery +wasteful +wideeyed +wonderful +yellow +yummy +zany diff --git a/host/usr/share/dict/n.txt b/host/usr/share/dict/n.txt new file mode 100644 index 00000000..0e5f2c37 --- /dev/null +++ b/host/usr/share/dict/n.txt @@ -0,0 +1,4401 @@ +aardvark +abacus +abbey +abdomen +ability +abolishment +abroad +accelerant +accelerator +accident +accompanist +accordion +account +accountant +achieve +achiever +acid +acknowledgment +acoustic +acoustics +acrylic +act +action +active +activity +actor +actress +acupuncture +ad +adapter +addiction +addition +address +adjustment +administration +adrenalin +adult +advancement +advantage +advertisement +advertising +advice +affair +affect +afghanistan +africa +aftermath +afternoon +aftershave +aftershock +afterthought +age +agency +agenda +agent +aglet +agreement +air +airbag +airbus +airfare +airforce +airline +airmail +airplane +airport +airship +alarm +alb +albatross +alcohol +alcove +alder +algebra +algeria +alibi +allergist +alley +alligator +alloy +almanac +almond +alpaca +alpenglow +alpenhorn +alpha +alphabet +alternative +altitude +alto +aluminium +aluminum +ambassador +ambition +ambulance +amendment +america +amount +amusement +anagram +analgesia +analog +analysis +analyst +anatomy +anesthesiology +anethesiologist +anger +angiosperm +angle +angora +angstrom +anguish +animal +anime +ankle +anklet +annual +anorak +answer +ant +antarctica +anteater +antechamber +antelope +anthony +anthropology +antler +anxiety +anybody +anything +anywhere +apartment +ape +aperitif +apology +apparatus +apparel +appeal +appearance +appendix +apple +applewood +appliance +application +appointment +approval +april +apron +apse +aquarius +aquifer +arch +archaeology +archeology +archer +architect +architecture +archrival +area +argentina +argument +aries +arithmetic +arm +armadillo +armament +armchair +armoire +armor +armrest +army +arrival +arrow +art +artichoke +article +artificer +ascot +ash +ashram +ashtray +asia +asparagus +aspect +asphalt +assignment +assistance +assistant +associate +association +assumption +asterisk +astrakhan +astrolabe +astrologer +astrology +astronomy +atelier +athelete +athlete +atm +atmosphere +atom +atrium +attachment +attack +attempt +attendant +attention +attenuation +attic +attitude +attorney +attraction +audience +auditorium +august +aunt +australia +author +authorisation +authority +authorization +automaton +avalanche +avenue +average +awareness +azimuth +babe +babies +baboon +babushka +baby +back +backbone +backdrop +backpack +bacon +bad +badge +badger +bafflement +bag +bagel +bagpipe +bagpipes +bail +bait +bake +baker +bakery +bakeware +balaclava +balalaika +balance +balcony +balinese +ball +balloon +ballpark +bamboo +banana +band +bandana +bandanna +bandolier +bangladesh +bangle +banjo +bank +bankbook +banker +banquette +baobab +bar +barbara +barbeque +barber +barbiturate +barge +baritone +barium +barn +barometer +barracks +barstool +base +baseball +basement +basin +basis +basket +basketball +bass +bassinet +bassoon +bat +bath +bather +bathhouse +bathrobe +bathroom +bathtub +batter +battery +batting +battle +battleship +bay +bayou +beach +bead +beak +beam +bean +beanie +beanstalk +bear +beard +beast +beat +beautician +beauty +beaver +bed +bedroom +bee +beech +beef +beer +beet +beetle +beggar +beginner +begonia +behavior +beheading +behest +belfry +belief +believe +bell +belligerency +bellows +belly +belt +bench +bend +beneficiary +benefit +bengal +beret +berry +bestseller +bestseller +betty +beverage +beyond +bibliography +bicycle +bid +bidet +bifocals +big +bigrig +bijou +bike +bikini +bill +billboard +bin +biology +biplane +birch +bird +birdbath +birdcage +birdhouse +birdwatcher +birth +birthday +bit +bite +black +blackberry +blackboard +blackfish +bladder +blade +blame +blank +blanket +blazer +blight +blinker +blister +blizzard +block +blocker +blood +bloodflow +bloom +bloomers +blossom +blouse +blow +blowgun +blowhole +blue +blueberry +boar +board +boat +boatbuilding +boatload +boatyard +bobcat +body +bog +bolero +bolt +bomb +bomber +bondsman +bone +bongo +bonnet +bonsai +bonus +boogeyman +book +bookcase +bookend +booklet +booster +boot +bootee +bootie +boots +booty +border +bore +bosom +botany +bottle +bottling +bottom +bottomline +boudoir +bough +boundary +bow +bower +bowl +bowler +bowling +bowtie +box +boxer +boxspring +boy +boyfriend +bra +brace +bracelet +bracket +brain +brake +branch +brand +brandy +brass +brassiere +bratwurst +brazil +bread +breadcrumb +break +breakfast +breakpoint +breast +breastplate +breath +breeze +bribery +brick +bricklaying +bridge +brief +briefs +brilliant +british +broccoli +brochure +broiler +broker +brome +bronchitis +bronco +bronze +brooch +brood +brook +broom +brother +brotherinlaw +brow +brown +brush +brushfire +brushing +bubble +bucket +buckle +bud +budget +buffer +buffet +bug +buggy +bugle +building +bulb +bull +bulldozer +bullet +bullfighter +bumper +bun +bunch +bungalow +bunghole +bunkhouse +burglar +burlesque +burma +burn +burnout +burst +bus +bush +business +bust +bustle +butane +butcher +butter +button +buy +buyer +buzzard +cabana +cabbage +cabin +cabinet +cable +caboose +cacao +cactus +caddy +cadet +cafe +caftan +cake +calcification +calculation +calculator +calculus +calendar +calf +calico +call +calm +camel +cameo +camera +camp +campaign +campanile +can +canada +canal +cancel +cancer +candelabra +candidate +candle +candy +cane +cannon +canoe +canon +canopy +canteen +canvas +cap +cape +capital +capitulation +capon +cappelletti +cappuccino +capricorn +captain +caption +car +caravan +carbon +card +cardboard +cardigan +care +cargo +carload +carnation +carol +carotene +carp +carpenter +carpet +carport +carriage +carrier +carrot +carry +cart +cartilage +cartload +cartoon +cartridge +cascade +case +casement +cash +cashier +casino +casserole +cassock +cast +castanet +castanets +castle +cat +catacomb +catamaran +category +caterpillar +cathedral +catsup +cattle +cauliflower +cause +caution +cave +cclamp +cd +ceiling +celebration +celeriac +celery +celeste +cell +cellar +cello +celsius +cement +cemetery +cenotaph +census +cent +centenarian +center +centimeter +centurion +century +cephalopod +ceramic +cereal +certification +cesspool +chador +chafe +chain +chainstay +chair +chairlift +chairman +chairperson +chairwoman +chaise +chalet +chalice +chalk +champion +championship +chance +chandelier +change +channel +chap +chapel +chapter +character +chard +charge +charity +charlatan +charles +charm +chart +chastity +chasuble +chateau +chauffeur +chauvinist +check +checkroom +cheek +cheese +cheetah +chef +chemistry +cheque +cherries +cherry +chess +chest +chick +chicken +chicory +chief +chiffonier +child +childhood +children +chill +chime +chimpanzee +chin +china +chinese +chino +chipmunk +chitchat +chivalry +chive +chocolate +choice +choker +chop +chopstick +chord +chowder +christmas +christopher +chrome +chromolithograph +chronograph +chronometer +chub +chug +church +churn +cicada +cigarette +cinema +circle +circulation +circumference +cirrus +citizenship +city +civilisation +clam +clank +clapboard +clarinet +clasp +class +classroom +claus +clave +clavicle +clavier +cleaner +cleat +cleavage +clef +cleric +clerk +click +client +cliff +climate +climb +clip +clipper +cloak +cloakroom +clock +clockwork +clogs +cloister +close +closet +cloth +clothes +clothing +cloud +cloudburst +cloudy +clove +clover +club +clutch +coach +coal +coast +coat +cob +cobweb +cockpit +cockroach +cocktail +cocoa +cod +codon +codpiece +coevolution +coffee +coffin +coil +coin +coinsurance +coke +cold +coliseum +collar +collection +college +collision +colloquia +colombia +colon +colonisation +colony +color +colt +column +columnist +comb +combat +combination +comfort +comfortable +comic +comma +command +commercial +commission +committee +communicant +communication +community +company +comparison +competition +competitor +complaint +complement +complex +component +comportment +composer +composition +compost +compulsion +computer +comradeship +concept +concert +conclusion +concrete +condition +condominium +condor +conductor +cone +confectionery +conference +confidence +confirmation +conflict +confusion +conga +congo +congressman +congressperson +congresswoman +conifer +connection +consent +consequence +console +consonant +conspirator +constant +constellation +construction +consul +consulate +contactlens +contagion +contest +context +continent +contract +contrail +contrary +contribution +control +convection +conversation +convert +convertible +cook +cookie +cooking +coonskin +cope +copout +copper +coproducer +copy +copyright +copywriter +cord +corduroy +cork +cormorant +corn +cornerstone +cornet +corral +correspondent +corridor +corsage +cost +costume +cot +cottage +cotton +couch +cougar +cough +council +councilman +councilor +councilperson +councilwoman +counter +counterforce +countess +country +county +couple +courage +course +court +cousin +covariate +cover +coverall +cow +cowbell +cowboy +crab +crack +cracker +crackers +cradle +craftsman +crash +crate +cravat +craw +crawdad +crayfish +crayon +cream +creative +creator +creature +creche +credenza +credit +creditor +creek +cremebrulee +crest +crew +crib +cribbage +cricket +cricketer +crime +criminal +crinoline +criteria +criterion +criticism +crocodile +crocus +croissant +crook +crop +cross +crosscontamination +crossstitch +crotch +croup +crow +crowd +crown +crude +crush +cry +crystallography +cub +cuban +cuckoo +cucumber +cufflinks +cultivar +cultivator +culture +culvert +cummerbund +cup +cupboard +cupcake +cupola +curio +curl +curler +currency +current +cursor +curtain +curve +cushion +custard +custodian +customer +cut +cuticle +cutlet +cutover +cutting +cyclamen +cycle +cyclone +cylinder +cymbal +cymbals +cynic +cyst +cytoplasm +dad +daffodil +dagger +dahlia +daisy +damage +dame +dance +dancer +danger +daniel +dark +dart +dash +dashboard +data +database +date +daughter +david +day +daybed +dead +deadline +deal +dealer +dear +death +deathwatch +deborah +debt +debtor +decade +december +decimal +decision +deck +declination +decongestant +decrease +decryption +dedication +deer +defense +deficit +definition +deformation +degree +delete +delivery +demand +demur +den +denim +dentist +deodorant +department +departure +dependent +deployment +deposit +depression +depressive +depth +deputy +derby +derrick +description +desert +design +designer +desire +desk +dessert +destiny +destroyer +destruction +detail +detainment +detective +detention +determination +development +deviance +device +dew +dhow +diadem +diamond +diaphragm +diarist +dibble +dickey +dictaphone +diction +dictionary +diet +dietician +difference +differential +difficulty +digestion +digger +digital +dilapidation +dill +dime +dimension +dimple +diner +dinghy +dinner +dinosaur +diploma +dipstick +direction +director +dirndl +dirt +disadvantage +disarmament +disaster +disco +disconnection +discount +discovery +discrepancy +discussion +disease +disembodiment +disengagement +disguise +disgust +dish +dishes +dishwasher +disk +display +disposer +distance +distribution +distributor +district +divan +diver +divide +divider +diving +division +dock +doctor +document +doe +dog +dogsled +dogwood +doll +dollar +dolman +dolphin +domain +donald +donkey +donna +door +doorknob +doorpost +dorothy +dory +dot +double +doubling +doubt +doubter +downforce +downgrade +downtown +draft +dragon +dragonfly +dragster +drain +drake +drama +dramaturge +draw +drawbridge +drawer +drawing +dream +dredger +dress +dresser +dressing +drill +drink +drive +driver +driveway +driving +drizzle +dromedary +drop +drug +drum +drummer +drunk +dry +dryer +duck +duckling +dud +duffel +dugout +dulcimer +dumbwaiter +dumptruck +dunebuggy +dungarees +dungeon +duplexer +dust +duststorm +duster +duty +dwarf +dwelling +dynamo +eagle +ear +eardrum +earmuffs +earplug +earrings +earth +earthquake +earthworm +ease +easel +east +eave +eavesdropper +ebook +ecclesia +eclipse +ecliptic +economics +ecumenist +eddy +edge +edger +editor +editorial +education +edward +eel +effacement +effect +effective +efficacy +efficiency +effort +egg +egghead +eggnog +eggplant +egypt +eight +ejector +elbow +election +electrocardiogram +element +elephant +elevator +elixir +elizabeth +elk +ellipse +elm +elongation +embossing +emergence +emergent +emery +emotion +emphasis +employ +employee +employer +employment +empowerment +emu +encirclement +encyclopedia +end +endothelium +enemy +energy +engine +engineer +engineering +english +enigma +enquiry +entertainment +enthusiasm +entrance +entry +environment +epauliere +epee +ephemera +ephemeris +epoch +eponym +epoxy +equinox +equipment +era +ereader +error +escape +espadrille +espalier +establishment +estate +estimate +estrogen +estuary +ethernet +ethiopia +euphonium +eurocentrism +europe +evaluator +evening +eveningwear +event +eviction +evidence +evocation +exam +examination +examiner +example +exchange +excitement +exclamation +excuse +executor +exhaust +exhusband +exile +existence +exit +expansion +expansionism +experience +expert +explanation +exposition +expression +extension +extent +extreme +exwife +eye +eyeball +eyebrow +eyebrows +eyeglasses +eyelash +eyelashes +eyelid +eyelids +eyeliner +eyestrain +face +facelift +facet +facilities +facsimile +fact +factor +factory +faculty +fahrenheit +failure +fairies +fairy +fall +fallingout +familiar +family +fan +fang +fanlight +fanny +fannypack +farm +farmer +fascia +fat +father +fatherinlaw +fatigues +faucet +fault +fawn +fax +fear +feast +feather +feature +february +fedelini +fedora +feed +feedback +feeling +feet +felony +female +fen +fence +fencing +fender +ferry +ferryboat +fertilizer +few +fiber +fiberglass +fibre +fiction +fiddle +field +fifth +fight +fighter +figurine +file +fill +filly +filth +final +finance +find +finding +fine +finger +fingernail +finisher +fir +fire +fireman +fireplace +firewall +fish +fishbone +fisherman +fishery +fishing +fishmonger +fishnet +fisting +fix +fixture +flag +flame +flanker +flare +flash +flat +flatboat +flavor +flax +fleck +fleece +flesh +flight +flintlock +flipflops +flock +flood +floor +floozie +flower +flu +flugelhorn +fluke +flute +fly +flytrap +foam +fob +focus +fog +fold +folder +fondue +font +food +foot +football +footnote +footrest +footrest +footstool +foray +force +forearm +forebear +forecast +forehead +forest +forestry +forgery +fork +form +formal +format +former +fort +fortnight +fortress +fortune +forum +foundation +fountain +fowl +fox +foxglove +fragrance +frame +france +fratricide +fraudster +frazzle +freckle +freedom +freeplay +freeze +freezer +freight +freighter +french +freon +fresco +friction +friday +fridge +friend +friendship +frigate +fringe +frock +frog +front +frost +frown +fruit +frustration +fuel +fulfillment +full +function +fundraising +funeral +funny +fur +furnace +furniture +fusarium +futon +future +gaffer +gaiters +gale +gallbladder +galleon +gallery +galley +gallon +galoshes +game +gamebird +gammaray +gander +gap +garage +garb +garbage +garden +garlic +garment +garter +gas +gasoline +gastropod +gate +gateway +gather +gauge +gauntlet +gazebo +gazelle +gear +gearshift +geese +gelding +gem +gemini +gemsbok +gender +gene +general +genetics +geography +geology +geometry +george +geranium +gerbil +geriatrician +german +germany +geyser +ghana +gherkin +ghost +giant +gigantism +ginseng +giraffe +girdle +girl +girlfriend +git +glad +gladiolus +gland +glass +glasses +glen +glider +gliding +glockenspiel +glove +gloves +glue +glut +goal +goat +gobbler +godmother +goggles +gokart +gold +goldfish +golf +gondola +gong +good +goodbye +goodbye +goodie +goose +gopher +goretex +gorilla +gosling +governance +government +governor +gown +grabbag +grade +grain +gram +granddaughter +grandfather +grandmom +grandmother +grandson +granny +grape +grapefruit +graph +graphic +grass +grasshopper +grassland +gray +grease +great +greatgrandfather +greatgrandmother +greece +greek +green +greenhouse +grenade +grey +grief +grill +grip +grit +grocery +ground +group +grouper +grouse +growth +guarantee +guatemalan +guest +guestbook +guidance +guide +guilty +guitar +guitarist +gum +gumshoes +gun +gutter +guy +gym +gymnast +gynaecology +gyro +hacienda +hacksaw +hackwork +hail +hair +haircut +half +halfbrother +halfsister +halibut +hall +hallway +hamaki +hamburger +hammer +hammock +hamster +hand +handball +handholding +handicap +handle +handlebar +handmaiden +handsaw +hang +harbor +harbour +hardboard +hardcover +hardening +hardhat +hardhat +hardware +harm +harmonica +harmony +harp +harpooner +harpsichord +hassock +hat +hatbox +hatchet +hate +haunt +haversack +hawk +hay +head +headlight +headline +headrest +health +hearing +heart +heartache +hearth +hearthside +heartthrob +heartwood +heat +heater +heaven +heavy +hedge +hedgehog +heel +height +heirloom +helen +helicopter +helium +hell +hellcat +helmet +helo +help +hemp +hen +herb +heron +herring +hexagon +heyday +hide +high +highlight +highrise +highway +hill +himalayan +hip +hippodrome +hippopotamus +historian +history +hit +hive +hobbies +hobbit +hobby +hockey +hoe +hog +hold +hole +holiday +home +homework +homogenate +homonym +honey +honeybee +honoree +hood +hoof +hook +hope +hops +horn +hornet +horse +hose +hosiery +hospice +hospital +host +hostel +hostess +hot +hotdog +hotel +hour +hourglass +house +houseboat +housing +hovel +hovercraft +howitzer +hub +hubcap +hugger +human +humidity +humor +hunger +hurdler +hurricane +hurry +hurt +husband +hut +hutch +hyacinth +hybridisation +hydrant +hydraulics +hydrofoil +hydrogen +hyena +hygienic +hyphenation +hypochondria +hypothermia +ice +icebreaker +icecream +icecream +icicle +icon +idea +ideal +igloo +ikebana +illegal +image +imagination +impact +implement +importance +impress +impression +imprisonment +improvement +impudence +impulse +inbox +incandescence +inch +income +increase +independence +independent +index +india +indication +indigence +indonesia +industry +infancy +inflammation +inflation +information +infusion +inglenook +ingrate +initial +initiative +injoke +injury +ink +inlaws +inlay +inn +innervation +innocent +input +inquiry +inscription +insect +inside +insolence +inspection +inspector +instance +instruction +instrument +instrumentalist +instrumentation +insulation +insurance +insurgence +intelligence +intention +interaction +interactive +interest +interferometer +interior +interloper +internal +internet +interpreter +intervenor +interview +interviewer +intestine +intestines +introduction +invention +inventor +inventory +investment +invite +invoice +iPad +iran +iraq +iridescence +iris +iron +ironclad +island +israel +issue +italy +jackal +jacket +jaguar +jail +jailhouse +jam +james +january +japan +japanese +jar +jasmine +jason +jaw +jeans +jeep +jeff +jelly +jellyfish +jennifer +jet +jewel +jewelry +jiffy +job +jockey +jodhpurs +joey +jogging +john +join +joke +joseph +jot +journey +judge +judgment +judo +juggernaut +juice +july +jumbo +jump +jumper +jumpsuit +june +junior +junk +junker +junket +jury +justice +jute +kale +kamikaze +kangaroo +karate +karen +kayak +kazoo +kendo +kenneth +kenya +ketch +ketchup +kettle +kettledrum +kevin +key +keyboard +keyboarding +keystone +kick +kickoff +kid +kidney +kidneys +kielbasa +kill +kilogram +kilometer +kilt +kimberly +kimono +kind +king +kingfish +kiosk +kiss +kitchen +kite +kitten +kitty +kleenex +klomps +knee +kneejerk +knickers +knife +knifeedge +knight +knitting +knot +knowledge +knuckle +koala +kohlrabi +korean +lab +laborer +lace +lacquerware +ladder +lady +ladybug +lake +lamb +lamp +lan +lanai +land +landform +landmine +language +lantern +lap +laparoscope +lapdog +laptop +larch +larder +lark +laryngitis +lasagna +latency +latex +lathe +latte +laugh +laundry +laura +law +lawn +lawsuit +lawyer +layer +lead +leader +leadership +leaf +league +leaker +learning +leash +leather +leaver +lecture +leek +leg +legal +legging +legume +lei +lemon +lemonade +lemur +length +lentil +leo +leopard +leotard +leprosy +let +letter +lettuce +level +lever +leverage +libra +librarian +library +license +lier +life +lift +light +lighting +lightning +lilac +lily +limit +limo +line +linen +liner +link +linseed +lion +lip +lipstick +liquid +liquor +lisa +list +literature +litigation +litter +liver +living +lizard +llama +loaf +loafer +loan +lobotomy +lobster +location +lock +locker +locket +locomotive +locust +loft +log +loggia +loincloth +look +loss +lot +lotion +lounge +lout +love +low +loyalty +luck +luggage +lumber +lumberman +lunch +luncheonette +lunchroom +lung +lunge +lute +luttuce +lycra +lye +lymphocyte +lynx +lyocell +lyre +lyric +macadamia +macaroni +machine +macrame +macrofauna +maelstrom +maestro +magazine +magic +magician +maid +maiden +mail +mailbox +mailman +maintenance +major +majorleague +makeup +malaysia +male +mall +mallet +mambo +mammoth +man +management +manager +mandarin +mandolin +mangrove +manhunt +maniac +manicure +manner +manor +mansard +manservant +mansion +mantel +mantle +mantua +manufacturer +manx +map +maple +maraca +maracas +marble +march +mare +margaret +margin +maria +mariachi +marimba +mark +market +marketing +marksman +marriage +marsh +marshland +marxism +mary +mascara +mask +mass +massage +master +mastication +mastoid +mat +match +material +math +mattock +mattress +maximum +may +maybe +mayonnaise +mayor +meal +meaning +measure +measurement +meat +mechanic +media +medicine +medium +meet +meeting +megalomaniac +melody +member +membership +memory +men +menorah +mention +menu +mercury +mess +message +metal +metallurgist +meteor +meteorology +meter +methane +method +methodology +metro +metronome +mexican +mexico +mezzanine +mice +michael +michelle +microlending +microwave +midcourse +middle +middleman +midi +midline +midnight +midwife +might +migrant +mile +milk +milkshake +millennium +millimeter +millisecond +mime +mimosa +mind +mine +mini +minibus +minion +miniskirt +minister +minor +minorleague +mint +minute +mirror +miscarriage +miscommunication +misfit +misogyny +misplacement +misreading +missile +mission +mist +mistake +mister +miter +mitten +mix +mixer +mixture +moat +mobile +moccasins +mocha +mode +model +modem +mole +mom +moment +monastery +monasticism +monday +money +monger +monitor +monkey +monocle +monotheism +monsoon +monster +month +mood +moon +moonscape +moonshine +mop +Mormon +morning +morocco +morsel +mortise +mosque +mosquito +most +motel +moth +mother +motherinlaw +motion +motor +motorboat +motorcar +motorcycle +mound +mountain +mouse +mouser +mousse +moustache +mouth +mouton +move +mover +movie +mower +mud +mug +mukluk +mule +multimedia +muscle +musculature +museum +music +musicbox +musician +musicmaking +mustache +mustard +mutt +myanmar +mycoplasma +nail +name +naming +nancy +nanoparticle +napkin +narcissus +nation +naturalisation +nature +neat +neck +necklace +necktie +necromancer +need +needle +negligee +negotiation +neologism +neon +nepal +nephew +nerve +nest +net +netball +netbook +netsuke +network +neurobiologist +neuropathologist +neuropsychiatry +news +newspaper +newsprint +newsstand +nexus +nic +nicety +niche +nickel +niece +nigeria +night +nightclub +nightgown +nightingale +nightlight +nitrogen +node +noise +nonbeliever +nonconformist +nondisclosure +noodle +normal +norse +north +northamerica +northkorea +nose +note +notebook +notice +notify +notoriety +nougat +novel +november +nudge +number +numeracy +numeric +numismatist +nurse +nursery +nurture +nut +nylon +oak +oar +oasis +oatmeal +obi +objective +obligation +oboe +observation +observatory +occasion +occupation +ocean +ocelot +octagon +octave +octavo +octet +october +octopus +odometer +oeuvre +offence +offer +office +official +offramp +oil +okra +oldie +olive +omega +omelet +oncology +one +onion +open +opening +opera +operation +ophthalmologist +opinion +opium +opossum +opportunist +opportunity +opposite +option +orange +orangutan +orator +orchard +orchestra +orchid +order +ordinary +ordination +organ +organisation +organization +original +ornament +osmosis +osprey +ostrich +others +otter +ottoman +ounce +outback +outcome +outfit +outhouse +outlay +output +outrigger +outset +outside +oval +ovary +oven +overcharge +overclocking +overcoat +overexertion +overflight +overnighter +overshoot +owl +owner +ox +oxen +oxford +oxygen +oyster +pacemaker +pack +package +packet +pad +paddle +paddock +page +pagoda +pail +pain +paint +painter +painting +paintwork +pair +pajama +pajamas +pakistan +paleontologist +paleontology +palm +pamphlet +pan +pancake +pancreas +panda +panic +pannier +panpipe +pansy +panther +panties +pantry +pants +pantsuit +panty +pantyhose +paper +paperback +parable +parachute +parade +parallelogram +paramedic +parcel +parchment +parent +parentheses +park +parka +parrot +parsnip +part +participant +particle +particular +partner +partridge +party +passage +passbook +passenger +passion +passive +pasta +paste +pastor +pastoralist +pastry +patch +path +patience +patient +patina +patio +patriarch +patricia +patrimony +patriot +patrol +pattern +paul +pavement +pavilion +paw +pawnshop +payee +payment +pea +peace +peach +peacoat +peacock +peak +peanut +pear +pearl +pedal +pedestrian +pediatrician +peen +peer +peertopeer +pegboard +pelican +pelt +pen +penalty +pencil +pendant +pendulum +penicillin +pension +pentagon +peony +people +pepper +percentage +perception +perch +performance +perfume +period +periodical +peripheral +permafrost +permission +permit +perp +person +personality +perspective +peru +pest +pet +petal +petticoat +pew +pharmacist +pharmacopoeia +phase +pheasant +philippines +philosopher +philosophy +phone +photo +photographer +phrase +physical +physician +physics +pianist +piano +piccolo +pick +pickax +picket +pickle +picture +pie +piece +pier +piety +pig +pigeon +pike +pile +pilgrimage +pillbox +pillow +pilot +pimp +pimple +pin +pinafore +pincenez +pine +pineapple +pinecone +ping +pink +pinkie +pinstripe +pint +pinto +pinworm +pioneer +pipe +piracy +piranha +pisces +piss +pitch +pitching +pith +pizza +place +plain +plane +planet +plant +plantation +planter +plaster +plasterboard +plastic +plate +platform +platinum +platypus +play +player +playground +playroom +pleasure +pleated +plier +plot +plough +plover +plow +plowman +plume +plunger +plywood +pneumonia +pocket +pocketbook +pocketwatch +poem +poet +poetry +poignance +point +poison +poisoning +poland +pole +polenta +police +policeman +policy +polish +politician +politics +pollution +polo +polyester +pompom +poncho +pond +pony +poof +pool +popcorn +poppy +popsicle +population +populist +porch +porcupine +port +porter +portfolio +porthole +position +positive +possession +possibility +postage +postbox +poster +pot +potato +potential +potty +pouch +poultry +pound +pounding +powder +power +precedent +precipitation +preface +preference +prelude +premeditation +premier +preoccupation +preparation +presence +presentation +president +pressroom +pressure +pressurisation +price +pride +priest +priesthood +primary +primate +prince +princess +principal +print +printer +priority +prison +prize +prizefight +probation +problem +procedure +process +processing +produce +producer +product +production +profession +professional +professor +profit +program +project +promotion +prompt +proofreader +propane +property +proposal +prose +prosecution +protection +protest +protocol +prow +pruner +pseudoscience +psychiatrist +psychoanalyst +psychologist +psychology +ptarmigan +publisher +pudding +puddle +puffin +pull +pulley +puma +pump +pumpkin +pumpkinseed +punch +punishment +pupa +pupil +puppy +purchase +puritan +purple +purpose +purse +push +pusher +put +pvc +pyjama +pyramid +quadrant +quail +quality +quantity +quart +quarter +quartz +queen +question +quicksand +quiet +quill +quilt +quince +quit +quiver +quotation +rabbi +rabbit +raccoon +race +racer +racing +racist +rack +radar +radiator +radio +radiosonde +radish +raffle +raft +rag +rage +rail +railway +raiment +rain +rainbow +raincoat +rainmaker +rainstorm +raise +rake +ram +rambler +ramie +ranch +random +randomisation +range +rank +raspberry +rat +rate +ratio +raven +ravioli +raw +rawhide +ray +rayon +reactant +reaction +read +reading +reality +reamer +rear +reason +receipt +reception +recess +recipe +recliner +recognition +recommendation +record +recorder +recording +recover +recruit +rectangle +red +redesign +rediscovery +reduction +reef +refectory +reflection +refrigerator +refund +refuse +region +register +regret +regular +regulation +reindeer +reinscription +reject +relation +relationship +relative +religion +relish +reminder +rent +repair +reparation +repeat +replace +replacement +replication +reply +report +representative +reprocessing +republic +reputation +request +requirement +resale +research +resident +resist +resolution +resource +respect +respite +response +responsibility +rest +restaurant +result +retailer +rethinking +retina +retouch +return +reveal +revenant +revenue +review +revolution +revolve +revolver +reward +rheumatism +rhinoceros +rhyme +rhythm +rice +richard +riddle +ride +rider +ridge +rifle +right +rim +ring +ringworm +ripple +rise +riser +risk +river +riverbed +rivulet +road +roadway +roast +robe +robert +robin +rock +rocker +rocket +rocketship +rod +role +roll +roller +romania +ronald +roof +room +rooster +root +rope +rose +rostrum +rotate +roundabout +route +router +routine +row +rowboat +royal +rub +rubber +rubric +ruckus +ruffle +rugby +rule +run +runaway +runner +russia +rutabaga +ruth +sabre +sack +sad +saddle +safe +safety +sage +sagittarius +sail +sailboat +sailor +salad +salary +sale +salesman +salmon +salon +saloon +salt +samovar +sampan +sample +samurai +sand +sandals +sandbar +sandra +sandwich +santa +sarah +sardine +sari +sarong +sash +satellite +satin +satire +satisfaction +saturday +sauce +saudiarabia +sausage +save +saving +savior +saviour +saw +saxophone +scale +scallion +scanner +scarecrow +scarf +scarification +scene +scent +schedule +scheme +schizophrenic +schnitzel +school +schoolhouse +schooner +science +scimitar +scissors +scooter +score +scorn +scorpio +scorpion +scow +scraper +screamer +screen +screenwriting +screw +screwdriver +screwup +scrim +scrip +sculpting +sculpture +sea +seagull +seal +seaplane +search +seashore +season +seat +second +secretariat +secretary +section +sectional +sector +secure +security +seed +seeder +segment +select +selection +self +sell +semicircle +semicolon +senator +sense +sentence +sepal +september +septicaemia +series +servant +server +service +session +set +setting +settler +sewer +sex +shack +shade +shadow +shadowbox +shake +shakedown +shaker +shallot +shame +shampoo +shanty +shape +share +shark +sharon +shawl +shearling +shears +sheath +shed +sheep +sheet +shelf +shell +sherry +shield +shift +shin +shine +shingle +ship +shirt +shirtdress +shoat +shock +shoe +shoehorn +shoehorn +shoelace +shoemaker +shoes +shoestring +shofar +shoot +shootdown +shop +shopper +shopping +shore +shortage +shorts +shortwave +shot +shoulder +shovel +show +shower +showstopper +shred +shrimp +shrine +siamese +sibling +sick +side +sideboard +sideburns +sidecar +sidestream +sidewalk +siding +sign +signature +signet +significance +signup +silica +silk +silkworm +sill +silo +silver +simple +sing +singer +single +sink +sir +sister +sisterinlaw +sit +sitar +situation +size +skate +skiing +skill +skin +skirt +skulduggery +skull +skullcap +skullduggery +skunk +sky +skylight +skyscraper +skywalk +slapstick +slash +slave +sled +sledge +sleep +sleet +sleuth +slice +slider +slime +slip +slipper +slippers +slope +sloth +smash +smell +smelting +smile +smock +smog +smoke +smuggling +snail +snake +snakebite +sneakers +sneeze +snob +snorer +snow +snowboarding +snowflake +snowman +snowmobiling +snowplow +snowstorm +snowsuit +snuggle +soap +soccer +society +sociology +sock +socks +soda +sofa +softball +softdrink +softening +software +soil +soldier +solid +solitaire +solution +sombrero +somersault +somewhere +son +song +songbird +sonnet +soot +soprano +sorbet +sort +soulmate +sound +soup +source +sourwood +sousaphone +south +southafrica +southamerica +southkorea +sow +soy +soybean +space +spacing +spade +spaghetti +spain +spandex +spank +spark +sparrow +spasm +speaker +speakerphone +spear +special +specialist +specific +spectacle +spectacles +spectrograph +speech +speedboat +spend +sphere +sphynx +spider +spike +spinach +spine +spiral +spirit +spiritual +spite +spleen +split +sponge +spoon +sport +spot +spotlight +spray +spread +spring +sprinter +sprout +spruce +spume +spur +spy +square +squash +squatter +squeegee +squid +squirrel +stable +stack +stacking +stadium +staff +stag +stage +stain +stair +staircase +stallion +stamen +stamina +stamp +stance +standoff +star +start +starter +state +statement +station +stationwagon +statistic +statistician +steak +steal +steam +steamroller +steel +steeple +stem +stencil +step +stepaunt +stepbrother +stepdaughter +stepdaughter +stepfather +stepgrandfather +stepgrandmother +stepmother +stepmother +steppingstone +steps +stepsister +stepson +stepson +stepuncle +steven +stew +stick +stiletto +still +stinger +stitch +stock +stocking +stockings +stockintrade +stole +stomach +stone +stonework +stool +stop +stopsign +stopwatch +storage +store +storey +storm +story +storyboard +storytelling +stove +strait +stranger +strap +strategy +straw +strawberry +stream +street +streetcar +stress +stretch +strike +string +strip +structure +struggle +stud +student +studio +study +stuff +stumbling +sturgeon +style +styling +stylus +subcomponent +subconscious +submarine +subroutine +subsidence +substance +suburb +subway +success +suck +sudan +suede +suffocation +sugar +suggestion +suit +suitcase +sultan +summer +sun +sunbeam +sunbonnet +sunday +sundial +sunflower +sunglasses +sunlamp +sunroom +sunshine +supermarket +supply +support +supporter +suppression +surface +surfboard +surgeon +surgery +surname +surprise +susan +sushi +suspect +suspenders +sustainment +SUV +swallow +swamp +swan +swath +sweat +sweater +sweats +sweatshirt +sweatshop +sweatsuit +swedish +sweets +swell +swim +swimming +swimsuit +swing +swiss +switch +switchboard +swivel +sword +swordfish +sycamore +sympathy +syndicate +synergy +synod +syria +syrup +system +tabby +tabernacle +table +tablecloth +tabletop +tachometer +tackle +tadpole +tail +tailor +tailspin +taiwan +tale +talk +tam +tambour +tambourine +tamo'shanter +tandem +tangerine +tank +tanker +tankful +tanktop +tanzania +tap +target +tassel +taste +tatami +tattler +tattoo +taurus +tavern +tax +taxi +taxicab +tea +teacher +teaching +team +tear +technician +technologist +technology +teen +teeth +telephone +telescreen +teletype +television +teller +temp +temper +temperature +temple +tempo +temporariness +temptress +tendency +tenement +tennis +tenor +tension +tent +tepee +term +terracotta +terrapin +territory +test +text +textbook +texture +thailand +thanks +thaw +theater +theism +theme +theoretician +theory +therapist +thermals +thermometer +thigh +thing +thinking +thistle +thomas +thong +thongs +thorn +thought +thread +thrill +throat +throne +thrush +thumb +thunder +thunderbolt +thunderhead +thunderstorm +thursday +tiara +tic +ticket +tie +tiger +tight +tights +tile +till +timbale +time +timeline +timeout +timer +timpani +tin +tinderbox +tinkle +tintype +tip +tire +tissue +titanium +title +toad +toast +toe +toenail +toga +togs +toilet +tom +tomato +tomography +tomorrow +tomtom +ton +tongue +toot +tooth +toothbrush +toothpaste +toothpick +top +tophat +topic +topsail +toque +torchiere +toreador +tornado +torso +tortellini +tortoise +tosser +total +tote +touch +tough +toughguy +tour +tourist +towel +tower +town +townhouse +towtruck +toy +trachoma +track +tracksuit +tractor +trade +tradition +traditionalism +traffic +trail +trailer +train +trainer +training +tram +tramp +transaction +translation +transmission +transom +transport +transportation +trapdoor +trapezium +trapezoid +trash +travel +tray +treatment +tree +trellis +tremor +trench +trial +triangle +tribe +trick +trigonometry +trim +trinket +trip +tripod +trolley +trombone +trooper +trouble +trousers +trout +trove +trowel +truck +truckit +trumpet +trunk +trust +truth +try +tshirt +tsunami +tub +tuba +tube +tuesday +tugboat +tulip +tummy +tuna +tune +tuneup +tunic +tunnel +turban +turkey +turkish +turn +turnip +turnover +turnstile +turret +turtle +tussle +tutu +tuxedo +tv +twig +twilight +twine +twist +twister +two +typewriter +typhoon +tyvek +uganda +ukraine +ukulele +umbrella +unblinking +uncle +underclothes +underground +underneath +underpants +underpass +undershirt +understanding +underwear +underwire +unibody +uniform +union +unit +unitedkingdom +university +urn +use +user +usher +utensil +uzbekistan +vacation +vacuum +vagrant +valance +valley +valuable +value +van +vane +vanity +variation +variety +vase +vast +vault +vaulting +veal +vegetable +vegetarian +vehicle +veil +vein +veldt +vellum +velodrome +velvet +venezuela +venezuelan +venom +veranda +verdict +vermicelli +verse +version +vertigo +verve +vessel +vest +vestment +vibe +vibraphone +vibration +video +vietnam +view +villa +village +vineyard +vinyl +viola +violet +violin +virginal +virgo +virtue +virus +viscose +vise +vision +visit +visitor +visor +vixen +voice +volcano +volleyball +volume +voyage +vulture +wad +wafer +waffle +waist +waistband +waiter +waitress +walk +walker +walkway +wall +wallaby +wallet +walnut +walrus +wampum +wannabe +war +warden +warlock +warmup +warning +wash +washbasin +washcloth +washer +washtub +wasp +waste +wastebasket +watch +watchmaker +water +waterbed +waterfall +waterskiing +waterspout +wave +wax +way +weakness +wealth +weapon +weasel +weather +web +wedding +wedge +wednesday +weed +weeder +weedkiller +week +weekend +weekender +weight +weird +well +west +western +wetbar +wetsuit +whale +wharf +wheel +whip +whirlpool +whirlwind +whisker +whiskey +whistle +white +whole +wholesale +wholesaler +whorl +wife +wilderness +will +william +willow +wind +windage +windchime +window +windscreen +windshield +wine +wing +wingman +wingtip +winner +winter +wire +wiseguy +wish +wisteria +witch +witchhunt +withdrawal +witness +wolf +woman +wombat +women +wood +woodland +woodshed +woodwind +wool +woolen +word +work +workbench +worker +workhorse +worklife +workshop +world +worm +worthy +wound +wrap +wraparound +wrecker +wren +wrench +wrestler +wrinkle +wrist +writer +writing +wrong +xylophone +yacht +yak +yam +yard +yarmulke +yarn +yawl +year +yellow +yesterday +yew +yin +yogurt +yoke +young +youth +yurt +zampone +zebra +zebrafish +zephyr +ziggurat +zinc +zipper +zither +zone +zoo +zoologist +zoology +zootsuit +zucchini diff --git a/host/usr/share/dict/names b/host/usr/share/dict/names new file mode 100644 index 00000000..9bd0182e --- /dev/null +++ b/host/usr/share/dict/names @@ -0,0 +1,3947 @@ +charlestiger +silvergore-tex +changebutter +bonsaiscrew +pajamabuilding +roosterrainbow +dungeongender +tempergrenade +fronttadpole +slavecarpenter +schoolcreator +mimosapayment +heronmexico +airportjudge +cuticleemery +rubberflute +timbaleselection +jellyfishforgery +hyenarabbit +revolveramie +biologygasoline +detailprofit +increaseverdict +hamsterguitar +patiodiamond +dugouthimalayan +turkeypropane +earthcollision +fleshlyocell +cablekilogram +athletealgeria +trombonethrill +carpentercement +bumperbrandy +transportcover +stockingdollar +spainaddress +whalegrade +denimhalibut +watchbritish +custardberry +penaltysecure +beardpendulum +activitycurtain +octopustsunami +ferrynumeric +snowflakecomposer +sentencemaraca +patioelizabeth +buttonblade +dessertattack +pansydetail +trianglehandle +gliderpound +jameschristmas +scannergalley +pimpletrumpet +governorfridge +parcelcrime +aluminiumfather +epochrevolve +hyacinthparent +museumchina +powertramp +patiocapital +frameeight +buglemichael +sharkowner +chickmouth +dressgiant +glidingtitanium +lotioncyclone +swordfishspider +bongobarometer +hockeypants +signaturevalley +headlightalibi +sundialattempt +layerraven +advantagefloor +mexicokayak +balineseoxygen +goldfishrelation +witnesstoilet +anglefireman +chequecomma +offernotify +margaretpolyester +insurancemetal +copperlinda +metalselection +pastekettle +bomberdoubt +canoegore-tex +whaleturret +frownpatio +brownchime +porchincome +sailboatturnover +kitchencheck +shrimpairbus +secondeagle +pictureplayroom +timerbroker +libraroute +copyrightaustralia +patchwoolen +rutabagavelvet +cannonthought +tsunamikeyboard +africaprison +airplaneexhaust +bandanacover +polandcandle +trumpetscreen +bufferdeadline +asteriskdrink +susancongo +respectgliding +enquiryhammer +coughhacksaw +malaysiahardhat +kayaktendency +peonydanger +separatedgearshift +desserteurope +shovelalmanac +lotioncabinet +airshipseashore +believeblinker +tortoiseapparatus +saturdayverse +chimefebruary +umbrellaquince +mosquepuppy +signaturecarnation +pantyslice +routercornet +nephewpassenger +georgefriday +locustgerman +screenfedelini +expertscorpio +trainswimming +comfortsundial +scarecrowradiator +kilometerrayon +poultrycreditor +februaryproperty +lungehacksaw +grillfibre +jumbosociology +bonsairainbow +equinoxfibre +coffeeinput +caravanshade +communityporcupine +sycamorelaugh +browngender +tradevacuum +troubleairport +pastepizza +octobersugar +reportmaraca +routenitrogen +helmetgemini +rocketpayment +ostrichknickers +inputbankbook +staircaseprofit +wristcrayon +blacksuede +objectivepackage +mailboxmailman +printshrine +octagonformat +almanacrotate +boardgeology +alibicello +willowmotion +radioclaus +wednesdayboard +microwavewitness +tuliptongue +xylophoneequinox +ronaldhearing +teethtempo +buttonattention +eggplantcredit +regretarcher +scorpionolive +crimecaptain +joggingspade +creamdeadline +jasonmusician +blacksparrow +hobbiescancer +aftermathpheasant +quicksandmiddle +brokerforce +kevinspain +cornetsidecar +brickselect +spherepillow +sharkhelen +pockettyvek +repairfrench +studycommunity +bladderlawyer +riverbedforecast +continenttuesday +laborerpressure +arrowquiver +larchcherry +whorlradiator +scarfboundary +partnersidecar +coloncloudy +dipsticktramp +vesselsandwich +salesmanlawyer +reductionmargin +quotationgender +mousewindow +secretarydentist +guidespandex +batteryweasel +banjorevolver +glassdorothy +elbowheron +africasandwich +kittynumber +japansoftdrink +bargecellar +bricktreatment +pyjamadrake +eggplantcrocus +templedoubt +francenapkin +wealthfactory +titaniumjourney +galleyclimb +bettysoftball +propanehardcover +doubtsausage +cupcakebowling +fighterseason +paymentquart +eyelinerbrick +manageracoustic +michaelsoldier +wristfriction +currentteaching +humorsociology +sneezeapparatus +underwearbirth +spinachbookcase +cattlespinach +touchcopper +octavehardware +copyrightlinen +processpantry +birchnapkin +downtownmacrame +typhoonargument +daisycello +relishfootball +disgustadvantage +diaphragmmeasure +doctorchildren +offenceoutput +meetingweapon +spherestation +portercylinder +piscescougar +dinnerfather +foreheadtsunami +optionnerve +whitequarter +marriedcough +quivercanoe +larchstomach +woundspain +forestwoolen +ministerfreeze +cookingkorean +treatmentdamage +shamecurrent +gardenknife +bladdergraphic +tankershelf +grapemechanic +bombercarrot +fedeliniwalrus +holidaywhite +supportriverbed +businesseggnog +captionevening +rangelotion +sparkvault +sausagemexican +colombiaorder +oliveacoustic +tadpoleslice +footballgoldfish +snowstormchinese +saturdaybalance +fairiessusan +directioncloudy +belieftreatment +butcherspring +marginsense +activechurch +clavesurname +decadetrowel +tempometal +buildingattempt +peacenight +railwayjudge +celerybrian +footnoteagreement +kettlegiraffe +geometrysaturday +lyocellbathtub +francebuffet +spearcattle +relativeshrimp +lycradigger +creditorrevolve +carrotpolice +tulipmosquito +kilometerdiploma +scrapertrial +cycleoctopus +pasteprose +printearth +smellkevin +flutemountain +marchkidney +typhoonstool +salmonmemory +statesurgeon +bronzedirection +handsawradar +crushexpert +trafficsturgeon +grasscomic +freezethought +dragonflylobster +luttucewrench +notebookporch +faucetbumper +systemscience +singerliquor +swimmingenquiry +tornadoteeth +partybakery +thronesquash +bassoonnotify +flavorpotato +rainbowscent +bookleteffect +pantryitaly +layerromanian +graphicavenue +meterslope +riddleslime +chineseshrine +ganderfragrance +teachingblack +magazinecalendar +servantorange +graincurler +carriageplaster +reportblowgun +sproutpeony +creditorinnocent +communityapparatus +editorpaper +featurereading +gazelleindia +routeattempt +sprucepuppy +equipmentglass +sleetcrack +cannonregret +capricornnigeria +surnamebench +dentisthedge +swedishaddition +mouseexpansion +firewallindustry +librallama +flaredecade +prosesquash +clippersubmarine +witchturnip +forecastlunge +inventionlunge +josephshallot +mimosacable +snowflakeharmonica +rewardposition +octavemedicine +circleasphalt +beechgymnast +conditiontimer +pantyhoseforehead +skatebrush +screenpromotion +playroomswamp +brasscannon +clarinetmailman +cameldiploma +wheelsquare +creammeter +michellepackage +noveldiploma +malaysiabottom +aluminumsingle +plaincamel +turkeyhimalayan +inventorycharacter +blowgunturnover +lunchroommuseum +vacuumathlete +kamikazerifle +clausweight +visionvision +networkplatinum +chicorymother +engineclarinet +treatmentoffence +bobcatturtle +exhaustmicrowave +snowplowprotest +dipstickguarantee +successrespect +afternoonpurple +smellknowledge +gradeeyebrow +leatherbarbara +chimeweight +eyelashrutabaga +dinghyproperty +postboxaccount +squarebattery +gore-texcomma +marchquicksand +brazilcucumber +securerailway +kenyaverse +weederitalian +frontbrian +selectionhandicap +squareweapon +licenseasterisk +flarecommunity +step-sonbaseball +toastmimosa +ceramicstopsign +heroncolon +snailskirt +congabreak +dieticianbeginner +cabinetrainbow +tyvekceleste +basketpoliceman +spiderlimit +chemistryfight +buildingdredger +benchplaster +oysterattic +networkpowder +servantzipper +saturdayflute +laundrycrocus +spoondryer +otterguarantee +livernoodle +designpigeon +cloudcraftsman +protocolgallon +britishpyjama +ocelotcrocodile +fendercartoon +digitalbehavior +limitsword +bumperbasket +americaexchange +placecatsup +cathedralalphabet +incomeshorts +wealthactivity +forecastparsnip +ministertortoise +swisserror +signaturesamurai +stampspeedboat +c-clampbulldozer +peanutindia +reductiondeborah +rugbyeyelash +euphoniumbrandy +matchstove +watchattention +basementhandball +commandapril +hedgedetective +separatedcolon +smellswing +currentflame +clutchferry +bloodcushion +stockliquid +odometerchristmas +napkincough +porcupineresult +clutchsalad +relativeskiing +saxophonedresser +readingdamage +goslingbrush +waterfallspoon +glidingwallet +cocoacotton +shouldergovernor +chillincrease +supplymessage +footballgrandson +heightsudan +collegestatistic +pilotornament +novembersusan +clothgroup +susanmaraca +hardwarelimit +treatmentlunge +badgerrotate +refundbandana +ostrichlightning +prefacepostage +drakeauthority +captionnigeria +barberbumper +radishskiing +quietporter +teethraincoat +fedeliniactor +jellybeaver +frameshake +employeehobbies +asparagusbrick +shearstreatment +davidswimming +herringpoint +pleasuresalad +breakdiscovery +waiterthrill +giantmilkshake +daughteroxygen +pendulumbirth +clarinetchill +novelcondor +magazinealibi +ouncedimple +scentpressure +skillspeedboat +novelbagel +umbrellariddle +frenchcatsup +riflevessel +processskate +sweetsvacuum +shampoocreator +passiverepair +bubbleprofit +rowboatdollar +earthbonsai +aluminiumcharacter +racingsubway +viscoseharmonica +ministerbrush +footnotefriday +agreementforehead +helenexpert +professorsuccess +mercurygeography +deathfight +chillvessel +quarterwitch +incomealcohol +armchairfemale +methanesleep +octavedorothy +pilotfeedback +valuespoon +lunchauthority +revolveapology +emerynewsprint +rubberdesert +floodlunchroom +spooncapricorn +islandrubber +authoritycelery +saturdaypenalty +businesscouch +cirrusorgan +periodnotebook +adviceshrine +waterfallgrowth +capricorntimpani +wealthrelish +brothercarbon +macaronigliding +powderleopard +invoicewhiskey +clockkarate +goslingdeficit +deadlinelatex +nursecuban +separatedjapanese +cricketpenalty +thingpotato +swallowwomen +glidingraven +powderex-wife +seederfedelini +candlecowbell +snailgazelle +step-auntaccordion +burstapparel +cheetahcongo +karenposition +armenianrooster +pencildancer +employerchocolate +burmaalbatross +clockcarrot +burglardomain +forestargument +tenorfaucet +enemynylon +nitrogendisgust +christmassoftball +mexicanscanner +desiredatabase +lentiltaurus +pyramidstone +effectswimming +courseacoustic +hourglassgrowth +marketdiscovery +cardiganyacht +tyvekstinger +graphicwhistle +handballchance +wristbeast +ethiopiastomach +croissanttaste +cinemaplywood +learningpuffin +chesspruner +backbonecattle +batteryarmenian +pricesurfboard +carnationcopyright +mittensuede +dramacircle +activedashboard +scheduleathlete +closedelete +kittencabinet +good-byemimosa +insectsalesman +bottledrama +meterseptember +hydrofoilrowboat +slopesushi +coastmarble +robertorder +cloudyjoseph +zebramouth +levelthought +mechanicpumpkin +kettlegrass +scienceriddle +radarjennifer +basketchicken +creamnickel +shieldbucket +michellefield +radiatorchocolate +revolvernylon +shortsfreon +bottomchance +dreampancreas +kendobanana +handballtrapezoid +euphoniumproperty +crackhearing +spinachbalance +housetimer +oysterjustice +linenmaraca +braceacrylic +zebraknowledge +needlepoint +legalrevolve +bathtubdress +drainsearch +balancecommand +liquidbanker +magicmaple +supportsneeze +marblecrocodile +stingerorange +accountdegree +freongliding +thailandfriend +freezerwallet +plasterronald +policefriday +garagetyphoon +alarmcollege +targetkamikaze +larchnumber +childrenpatio +keyboardradish +attentionpeony +effectburglar +castanetfeature +heavenukrainian +databasetwilight +mountainsister +postagecentury +witchcollision +knowledgemouth +temperceleste +prosebaseball +waterfallmailman +memoryankle +clothapple +exhaustwaste +belgianmattock +queenlipstick +threadrefund +mailboxmotorboat +daffodilviola +snailprocess +gearshiftseaplane +walrusfebruary +featurerayon +quarterelephant +schoolpastor +mimosaporter +breadglider +shamesanta +turnipreading +multi-hopintestine +glassbarber +preparedviolin +kettlecrime +fireplaceadapter +inventorybuffet +kittenbelief +elizabethtyphoon +postagepostbox +raincoatfootnote +softballmailbox +stretchliquid +francelevel +impulsecurve +innocentpumpkin +puppymirror +brandyillegal +quotationchess +climbschedule +discoverysusan +medicinediploma +thailandhardcover +cucumbernylon +freonghana +aardvarkdietician +draindesire +cloakroomprison +romanianblade +ashtrayshadow +visioncinema +nationprofit +crocusspring +kevinpants +feedbackpatio +popcornquartz +twilightbanker +storeagreement +dahliabiology +dieticianinsurance +hygienicraincoat +elizabethpizza +microwavescent +vaultbalance +notifycolon +epochpicture +animalchannel +deathcobweb +sheepmaple +semicolontanker +sproutbranch +edwardpaint +earthshoemaker +servergeometry +journeywheel +brazilarmenian +deborahcarriage +systempassbook +routearmchair +platecatsup +budgetstinger +bageleditorial +lathepropane +chainlumber +lumbercroissant +sausageshorts +giantchain +breakdistance +eyebrowpanther +babiescormorant +plieraluminum +curlerdaniel +parsnipbritish +septembersweater +radarcloud +ptarmiganturkey +operationchive +creditorbedroom +bucketcourse +clippermarble +ariescracker +velvetspeedboat +purpledeficit +ambulancehydrogen +driversushi +titlesatin +dugoutoctober +trouserscolumnist +dahliaattic +snowstormramie +athletethread +steeldigital +silveraddition +industryfender +buzzarddipstick +writerbroccoli +snowflakecelsius +denimnumber +birthshoemaker +beardmarch +sushilyric +sharkstation +policegarage +algebrahalibut +frontconsonant +languagewrecker +softballbadger +leatherbetty +garlicgender +giantlyric +asparaguswater +craftsmandistance +croissantladybug +scarecrownewsprint +pencilteeth +elbowstock +edwardbrazil +decademustard +birchacrylic +riddleporter +badgechauffeur +liquorghost +roastathlete +hydrantwrench +salmonexpansion +softdrinkkaren +skirtpromotion +cornetanthony +kittydrain +chinaapology +birchseeder +appliancesardine +napkintaiwan +priestquicksand +avenuewaiter +mimosatrunk +sphynxchalk +measurecolor +thursdayptarmigan +pollutionschool +clientprose +guitarhalibut +plantafternoon +dorothybrown +journeyfactory +viscosechain +rhythmscience +timerrefund +congobacon +squiddeficit +skillswordfish +skatesteel +bangleinput +orchestradorothy +reactionmulti-hop +rutabagafurniture +flameronald +actorcredit +condorronald +euphoniumsmash +accordionafternoon +seaplanenancy +mailmanrevolver +reindeerrailway +tablepound +pantsbronze +michellepilot +trampsugar +footballlettuce +circleground +employerstreetcar +numbercheese +theorybabies +australiaplane +quotationplace +ex-wifequiet +shapeincrease +handballcharles +branchguide +violincanvas +familyaugust +crayfishcompany +laughmeasure +perchliquid +bedroomincome +mittenvacation +februaryscorpion +japanpassenger +employeeground +judgetenor +conditionchauffeur +englishtwine +birchbutter +refundmistake +phoneaccordion +alloywrist +valleygliding +clockcourt +tradesurname +reductioncaution +pimpleclarinet +equipmenttexture +geesediamond +elementsemicolon +trafficporter +deficitfired +letterfortnight +burstcolony +novelchange +saucecracker +marketwasher +selectionbracket +shoulderdeborah +ellipsecopyright +denimastronomy +surprisecrown +locustturkish +zipperbrick +partridgesemicolon +stormsemicolon +secretaryjennifer +intestinecornet +fedelinisupport +writercough +divingblack +growthtrick +deficitrepair +wrinklegauge +classcomma +divorcedspade +trailfront +networkcream +frownbrochure +garlicdrawer +trumpetstock +beavertrouble +exchangemichelle +farmercover +adaptergoose +latexapparel +edgerstretch +thoughtquality +firemansession +berrycomfort +cancercolon +pastrystructure +marbleblanket +dentistcocktail +scenelicense +kenyabengal +questiondebtor +actionplant +jeansbassoon +damageoption +frameattack +mouthselect +bicyclediaphragm +divingsquirrel +switchjapan +recessillegal +comichurricane +turnipsoftware +hygienicjaguar +kennethvietnam +brianpamphlet +latencyclave +collarcymbal +rainboworgan +yellowcaravan +equipmentedger +fairiesbegonia +illegalappliance +routersurgeon +handlestation +badgelipstick +reportframe +soldiertexture +knowledgesandra +addressalphabet +harmonicaaftermath +gaugebrand +georgegosling +editorsupport +custardattic +reasonantelope +drakeshrimp +tradeappeal +driveoffice +morningmyanmar +cylinderpoison +fedelinizoology +vegetablevelvet +graphicchair +surgeongeranium +antelopeshoemaker +cupboardbassoon +handsawbudget +knifegymnast +mouthvalley +guiltyhydrofoil +heavenblack +startlathe +edwardterritory +odometerlobster +magiciannumeric +nylonobjective +smashdowntown +perchgateway +pendulumaccount +chemistrytreatment +bloodpollution +turkishbrian +ladybugsalary +authorsoprano +familyadapter +seagullalarm +periodtrunk +companygrass +jumperrouter +halibutbronze +optionelbow +reporttenor +airplaneblinker +kenyagrape +jewelclick +lentillevel +sweatshopkimberly +eagledimple +jamessampan +mexicansundial +partnerbrazil +romaniahelium +thrillharmony +mirrororchestra +subwayschool +mailboxravioli +secretarycloth +frownconifer +cicadapeanut +tankersword +sleepniece +recessschedule +healthdashboard +plywoodmagic +captionbasket +cucumbertraffic +pimpleairport +limitadult +customerbooklet +flowercement +diamondcandle +monkeyfender +romanianstinger +leopardlanguage +pajamaknowledge +arrowcricket +coverbomber +cartoonclass +fieldpiano +stevenwhite +badgesecurity +galleystamp +hexagonfisherman +timerchinese +dragonminute +slicereaction +hardboardnoise +dinnermosque +peanutopera +propanestation +diggerwinter +eggnoggirdle +milkshakearmenian +italiancooking +revolvetrain +languagefactory +textbookpreface +blinkerblock +pepperbeauty +eggplantheadlight +daffodilbeach +pantherwitch +michaelsword +alleycousin +indiachina +softballfrench +agreementcough +moustachehumor +forecastcloth +rocketprison +actresssilver +libradugout +beautyocean +sweatshopswitch +celsiusfeast +pepperskill +curlerreligion +cymbalbangle +mustardethiopia +ankleclimb +coughtower +sturgeonjelly +cautionchina +aquariusbankbook +stopsignperch +slicecreek +sprucezephyr +utensilcarbon +creatorsmash +tableprison +operationdeadline +rewardpantyhose +decreasehydrant +cookingairmail +frecklepurple +castanetellipse +shinglecamel +hurricanecousin +feastshingle +planetaccount +steeldolphin +ballooncheek +glidingshears +sheepchest +platinumrepair +bronzesundial +entrancecopyright +snowstormclock +gorillanylon +sunshinedivision +tortoiseharbor +tailordecision +dahliadowntown +thoughtintestine +cyclecolumn +bridgedahlia +cautionspinach +tabletopbrake +refundkeyboard +subwaybarge +carnationbladder +rabbirutabaga +cemeteryrussian +sparkthomas +bamboohardcover +michaelproduct +downtownsiberian +professorwasher +uncleshoemaker +colorbucket +wrenchbrake +decisionviola +climbgoldfish +closetplanet +elementbillboard +windowwrinkle +groundpoliceman +butanemattock +frictionvoice +dredgersurfboard +accordionbadge +canoebillboard +fridayslipper +middlecalendar +bombersilver +answerisrael +daviddrake +enquiryaluminium +scissorsstage +davidstatement +butchersmoke +aprilemployer +hardboardpheasant +downtownchime +kenyapigeon +hospitalcotton +offencequail +fatherclave +salmonamerica +dipstickwinter +bookcasedeposit +clipperdredger +defensepurpose +lentilceramic +rutabagaviolet +alibidefense +paintsilica +backboneclimb +saturdayanime +passivebasin +yachtwrecker +ferrycommittee +musicianspinach +asparaguspyramid +feathercheetah +vesseltanker +prosebrass +rocketyogurt +propertysoybean +collarplaster +startshovel +messagecello +thumboctave +diggerrecord +shapeargentina +chequevessel +peacebarometer +laughsuede +committeestamp +skiingshrine +crookcartoon +swallowcousin +apparatusinventory +successcougar +alarmantelope +nitrogenmanicure +typhoonbeggar +radarraven +nationdietician +trainheight +aquariusbutcher +angorasunflower +baseballstarter +ketchupmichael +structureostrich +crackskate +shellbadge +mistakepocket +stormmustard +bonsaistreetcar +aardvarkcommunity +packageorchid +directioneyebrow +whorlperch +systemcurtain +wednesdaymailbox +pumpkinreminder +requestbrochure +plastercroissant +refundbudget +fathernumeric +effectcardigan +canoecapricorn +wedgecandle +epochpepper +popcorndivision +turnoversubstance +headlinegallon +edwardsnowstorm +thingkilogram +childrensauce +middlestudy +aardvarkshark +cornetstatement +dieticianmouse +kilogrammallet +platescissors +courtshingle +lilacdistance +newsprintsegment +pyramidmustard +badgeskill +weederillegal +benchdenim +sweaterplier +innocentcontrol +budgetchristmas +jasonchristmas +sheetrutabaga +bomberpancreas +creaturedisease +ceilingcreature +securebamboo +chickcolumnist +tankerclipper +ramiechalk +libratyphoon +vaultshampoo +prefaceformat +serverminister +childanswer +museumukrainian +sharontheater +swingequinox +nancycatamaran +metalbankbook +marimbacentury +piccolomotion +clockdigger +buffereurope +successshark +reductioncustomer +vacuumdomain +sidecarmotion +englishbasement +salarysweatshop +sandrakilogram +commandbaker +appleoctagon +gaugecloakroom +glassbalinese +actorfired +gradeemery +olivesoprano +jumbolawyer +narcissusutensil +producenovember +secretaryairplane +discoverystore +inputproperty +trapezoidpropane +decisioncongo +fightscene +sweatshopcobweb +cupcakescrew +grapelilac +chiefnovember +receipttoenail +chesshydrant +parrotlaundry +signaturefrown +cirruscatsup +dresserblanket +trombonecrime +asphaltwhiskey +weightmagician +shellfeedback +throneprinter +flowerastronomy +storyrobert +josephcement +geesemarimba +yogurtclave +sopranodessert +germanwaitress +cottonweeder +shirtbathroom +narcissusstick +groupcathedral +dreamstranger +pastortrial +davidpaperback +cougarvirgo +recordturkish +rangetooth +vacuumoxygen +mirrorlinen +soybeanlibra +softwareradar +emerycrack +capitaldebtor +catamaranpolice +scallionsecurity +hallwayexpansion +cousinclaus +cylinderreason +harbordavid +shearsstomach +airportfather +kitchennight +doubtapparatus +ferryarrow +dibblesegment +tanzaniamissile +pancreasvision +beggarpriest +calculuscucumber +suedechicken +diggerriver +signaturemosquito +joggingdamage +effectbarbara +limitthrill +manicurecrown +centuryjelly +seaplanestaircase +penaltycooking +policemanegypt +beastrefund +attentioncushion +collisionsampan +humorvalley +skiingmargin +backbonegorilla +jameshistory +chickberry +titledesert +hamsterdredger +prefaceattic +relativeeditor +sweetschannel +crayonimpulse +frenchhumor +violetbritish +carolchurch +hardhatshorts +cockroachspark +whalespeedboat +pollutioncherry +brothercrown +raincoatdecision +septembertendency +willowdesire +lobstervinyl +carbonstep-son +sweatersoftball +shrinecelsius +cloversturgeon +passivelocket +daviddesign +selectionoperation +utensilairplane +accounttower +moustacheturtle +coveranger +northcemetery +glidingantelope +kittydivision +maracashrimp +herondrawer +goslingroute +stingershame +postboxvietnam +smokecrayon +cloudground +middlealcohol +continentgazelle +applecustard +goldfishattic +handballhexagon +chessmistake +grainmorocco +orchidpencil +pyramiddetective +diplomaegypt +brakemercury +guiltybehavior +mandolinnovel +eggnogfireman +shovelwitch +ounceaccordion +mercuryburglar +gymnastmother +harboranime +bakerysinger +blackbrain +kevinskill +yellowsilver +marbleflame +polanddaffodil +bronzespring +womanproperty +sidecarsprout +radiatorestimate +pakistanoxygen +quillsaturday +featherhelen +orchestraniece +kayaktoast +birthdaybronze +nephewhistory +condorjanuary +creditorchannel +almanacdesire +cirrusbiplane +brickcello +willowshare +quartzronald +cheeseglider +pandasnowflake +coursechick +domainarmenian +planebacon +marginoyster +currentcroissant +footballargentina +swimmingstraw +dressingbrother +vacuumhyena +americabeaver +porchpackage +blowgunvisitor +writercello +bladderroute +radiounderwear +potatohistory +titaniummagic +brazilweapon +dressflare +clothdigger +middletemple +crayonwinter +factoryattempt +hallwaybranch +giantptarmigan +troubletaste +sweatshoptyphoon +customerrespect +singledigger +authorrespect +siberianpriest +countrydecrease +nervegauge +handleerror +chickendigger +canadiandelivery +shapechalk +litterxylophone +seaplanesword +barbaraseaplane +mercuryhimalayan +algebramirror +clockwhite +ploughguilty +honeythistle +receiptwilliam +feastfootnote +grapeparent +waitereight +zoologyvinyl +frenchbomber +sudantrail +donnaacrylic +wedgecarrot +mechaniccomic +geographyfeather +noisefield +motherblouse +februarygender +visioncommittee +selectioncello +sailoreight +fatherappendix +frictionblinker +septemberwhiskey +routesphere +helenapartment +rubberreason +separatedcamel +sphynxbackbone +sheetdrink +jellydress +inventorythrone +lathemichael +pendulumblizzard +birthdayexchange +emerynancy +banglecattle +decisionbanker +voyagepuppy +rowboathardware +ornamentforehead +truckthumb +enquirycheese +turnipblowgun +arieswhite +nephewquiet +numericoption +napkinmicrowave +characterbaboon +uncleorder +moustachewater +thursdayinvention +angletarget +stationshovel +activeangora +fleshconga +sudanpheasant +musicianschedule +actorrotate +appealpakistan +purposesideboard +bathroomrevolve +insuranceeyebrow +tellerraincoat +powdercircle +collegegoose +drainmarble +commandhamster +thursdayfisherman +malletteaching +deliverymethane +mimosacarol +nursecloakroom +grousepantyhose +rewardcoast +commanddrizzle +kittydashboard +heavenbutter +diseasepromotion +drivercrocodile +ticketgarden +lyocellpickle +wreckerleopard +lasagnadonald +aprilarmchair +sugarsearch +cougaraustralia +moroccofridge +startquart +pantrysalary +badgerchauffeur +hamburgerlaugh +lunchapparatus +indexchain +congoavenue +phonegarden +butcherbugle +decisionslime +locustcoast +retailermanager +statevoice +sistercousin +roastpopcorn +mouthlotion +locustmacaroni +climbadvice +turretcrate +cyclehedge +soccertemper +donaldrichard +cautioncomma +softwarechina +clausraven +diaphragmbladder +digitalsneeze +canadianreading +locketspade +sunflowerapproval +sweatshopdefense +skatestory +thistlejapan +litterramie +herringwindow +missileminute +structurestep-son +revolverhydrogen +heavencrate +jumperdrake +sweaterpentagon +soybeancreature +crayfishdonna +washerchicory +haircutscarecrow +luttucebrake +dungeontwine +estimatebrother +broccoliravioli +angoraalcohol +camelwrecker +custardtenor +twilightconga +frictionnephew +chairgoldfish +hacksawsubmarine +sarahrichard +japanknowledge +latencyrhythm +chivepyramid +oxygenhobbies +bakeryspark +laundrysampan +ownertyphoon +croissantdredger +turtleladybug +thoughtmandolin +troublequilt +raincoatmailbox +kittystocking +damageflame +gardenbulldozer +printercrown +calculusepoch +wallabycontrol +bowlingticket +armeniantrapezoid +interestbeast +fibrewhorl +eventlocust +odometersunshine +blizzardpropane +ceramicgirdle +gondolatitanium +cloverprice +ghanabicycle +liquorjellyfish +eyebrowcreek +bandanapilot +volcanoclimb +shampoosardine +screwdrain +chocolatecolor +poppyaries +animalmarble +stickhedge +balancejogging +cockroachopinion +seederverdict +separatedshelf +grassglider +dungeonpeanut +toenailoutrigger +hospitalkimberly +turkeyfather +operaengine +mattockaccordion +baseballadult +birchtitanium +baseballnoise +grapeswallow +vegetablechest +landminebubble +satinsquare +familybrian +skiingcoast +squidsoprano +buzzardpassbook +deathlinda +quietmiddle +smokeoctagon +secondimpulse +skiingintestine +messageoctober +babiestextbook +snailmachine +workshopasterisk +cemeteryquestion +macaronisleet +uncleagreement +reindeershelf +pyjamaparent +decreasegerman +crawdadwasher +supplyrichard +ouncesarah +pigeonapple +drillselection +bicycleramie +chessjourney +eventclover +hygieniccamel +prunercemetery +cricketsteam +physicianhexagon +celeryindia +expertcontrol +argentinapaper +bladegasoline +cardboardtexture +floorgasoline +asphaltlight +botanycarnation +bomberswiss +friendhalibut +diamondhydrofoil +octopussidecar +franceclient +octopushockey +pastoremployer +saucepencil +comicinvoice +nigeriarange +guiltyankle +pricefelony +authorrichard +scalebattery +skirtpolice +romaniadaniel +pointwrinkle +animalimpulse +ukrainiannephew +scarecrowtrombone +chimecicada +romanialunge +ornamenttrout +partyfortnight +eggnogquestion +peacefaucet +nightwednesday +cherrysneeze +ravendeborah +coachradar +hedgebattery +cheesetreatment +ikebanajeans +ladybugeuphonium +badgerliver +pansysingle +lizardbabies +postboxplatinum +eyelinerberry +antelopeleopard +screwmanicure +priestjellyfish +tightsmonth +lightningperfume +liquorscorpio +hubcappyramid +squidmorning +enemyreminder +ministerturret +nationroadway +ravenpickle +racingstate +foresteffect +turnipcuban +lathemanager +churchhandball +groupcondor +lyocellsweatshop +fighterbranch +threadsteven +humidityvolcano +karenspandex +bathtubdamage +barberforgery +drinkceramic +faucettimpani +oliveapartment +heavenvault +checkequipment +hardwareinterest +separatedgasoline +attemptblanket +indextrumpet +controlsecure +georgerooster +textbookslave +greenwinter +randomthumb +violetmilkshake +eggplantpurpose +shellpeanut +flowersecure +middlebarge +numberdollar +layerpackage +gymnastwaitress +canoewaitress +oxygenperson +thrillflame +zephyrstate +washerseaplane +chequedigger +kayakbelgian +tanzaniapartridge +swedishcable +notebookdrizzle +lasagnapromotion +parcelforgery +needleslime +stitchbagel +knickersantelope +footballanthony +liquidtimer +ethernetgrease +zebraskill +jellyfishopera +valuemascara +camelbelgian +strangerbooklet +snakefeedback +stingerformat +englishegypt +cactuslyocell +clockalbatross +cocktailbabies +bangledrill +jellyfishswordfish +internetmicrowave +quillyellow +organdinghy +thunderplane +couchaugust +tom-tomanime +hydrantattic +greenblock +gazellesoftware +plastermalaysia +geologycartoon +statementbumper +woolenconsonant +velvetchemistry +successviolet +signatureaction +wallabygrandson +lizardrussian +coughhardware +womanadapter +objectiveinventory +stopsignearth +framevalley +karatehoney +canoeaddress +harmonicacheese +ticketpatch +engineerdavid +eightbucket +hamburgerhexagon +alleyairmail +selectionaugust +judgejames +quartzcrack +spandextwist +weederliver +successex-wife +illegalhimalayan +hardcovervinyl +sushicouch +witchdiscovery +pancreaslatex +bamboobattle +magicianskill +armadillobritish +cymbaleagle +buzzardtom-tom +behaviorsystem +turtlemilkshake +lemonadepamphlet +donalddefense +flowerteacher +mistakeslice +objectiveattempt +capitaldatabase +stateprotest +jennifergrowth +handlebritish +jeanshobbies +slopemethane +professoruncle +silverlyocell +crayonneedle +francekendo +heronairplane +pounddimple +fridgesoftball +tsunamiactivity +troutharmony +purchasebutane +stagecolumnist +skateberry +romanianbagel +storerange +croissantcrate +protestgateway +detectivekangaroo +polyesterchick +fleshkohlrabi +riverpancake +questionbench +argentinachicory +flaresupply +norwegianpartner +mexicanbarbara +checkbrochure +coachpantyhose +larchdungeon +toothhexagon +passivearmadillo +dentistindex +reasonoctopus +secondadvantage +sweaterswallow +porchbiplane +heightswitch +brassniece +femaledream +notifypilot +statementjudge +fieldfather +diaphragmgrandson +bonsaiscanner +bufferjumbo +myanmarfifth +circlecurtain +toastcopyright +woolencherries +pocketbakery +shadowpromotion +vacuumlaugh +nightstreetcar +recordnotebook +magicianobjective +chardexpansion +crackflare +blousealuminium +capricornwhiskey +mirrorpatch +apartmentbrace +bottomaluminium +substancepressure +apparatussecretary +ukrainiansecure +roadwaynepal +answerhubcap +juicewheel +spaghettiethernet +gladiolushardboard +ukrainiansentence +donkeyemployer +beggarparrot +zoologyalphabet +policemanoctopus +leathertemper +basementclient +postageviolet +ladybugfreon +sentenceparty +batteryptarmigan +memoryfiber +shaperussian +amusementparent +japanesesiamese +elementvacation +aftermathaftermath +columnistgoose +transportstove +networkbronze +butterlatex +lunchgemini +apartmentspark +trafficequinox +employeecanadian +tugboatcontrol +cancerpantry +sciencethistle +letterbanana +fatherhedge +lyocellasparagus +ugandasheet +employersecure +patientcouch +workshopparticle +femaledatabase +willowgreen +whalecrocodile +quivertrumpet +thoughtwillow +airbusjapanese +kamikazealphabet +edwarddiscovery +courtclaus +meetingenquiry +beretplanet +pepperreceipt +theorysalary +pointmarimba +missilenotebook +spikepentagon +gorillaex-wife +williamchief +scissorsdaisy +noisemissile +cherryburglar +skatefield +searchborder +womandance +dinghybranch +swingwriter +argentinamichelle +causeweather +radishbiology +linensquash +vinyloutrigger +outputsurfboard +anteaterumbrella +captainpakistan +bankerspark +quicksandepoch +consonantground +networktrombone +pantrypartridge +objectivepolice +fighthospital +roastsardine +gazelleviscose +debtorairship +bangleplayroom +wedgestate +dungeonarcher +washerdonkey +versesquirrel +bookcasepiccolo +templelocket +crooktraffic +nephewchord +coniferstore +pricebuilding +beginnerspleen +stormtsunami +weaponcoach +airshipcactus +hospitalpound +quailvirgo +brotherprose +effecttimpani +asphaltroadway +crackbanjo +spongeweapon +visitorelizabeth +belgianmarket +dragontitanium +spainsquid +insectchina +walrustanker +divisionrabbit +ashtraystart +margaretbandana +oxygenbattery +velvetumbrella +tom-tommandolin +radiosidewalk +strawsurfboard +oceaneditor +rubberoffence +smokeblowgun +chairshingle +bumperhygienic +robertbrochure +partyutensil +croissantvacuum +timerrugby +karenhalibut +blackoctopus +sprucegorilla +chestdiploma +hexagongeorge +poisonbasin +buildingplate +ketchupskill +humorzipper +drizzleenquiry +planecocktail +shallotspinach +crackerstove +spoonraincoat +sweatertractor +moneylipstick +thronec-clamp +seagullflame +fridaycommand +mirrorshield +beastrobert +towersaxophone +halibutgrape +statementbrush +boardcrowd +appendixchalk +bracedinner +lilacturnip +thoughtperson +poundsteel +chancethrone +mailboxemery +rainstormbugle +climbquail +step-sonevening +swedishoctober +modemhedge +airshipcredit +scissorsalmanac +digitalaccordion +jaguarsyria +houseramie +radarwilliam +creaturesunshine +preparedrotate +relationbumper +baboonframe +passivegemini +wedgebiplane +roosterhaircut +liquidwasher +bufferhaircut +cablenylon +asparagusdress +euphoniumflight +stampbroker +equinoxghost +pilotmatch +octobershoulder +pakistansponge +ashtraydefense +lunchroomwindchime +signaturescooter +witnessprison +knickersdelete +soldierniece +resultsinger +shapecloud +rhythmcurrency +fruitdiploma +trowelcrush +crocuspants +partridgeclipper +fedeliniknowledge +daffodiltrombone +narcissuscycle +geometryjuice +paintgoose +successappliance +marchopera +desiredanger +edwardbakery +bargelarch +faucetcrook +weederlinen +apparatusrobin +velvetclipper +prosetoilet +postboxswedish +replacemistake +fragranceweasel +syriadrive +pantiesapartment +theorydoctor +saxophonepilot +nitrogenquince +swallowpastor +prosematch +bubblepamphlet +novelgrease +appendixbandana +tom-tomregret +berrynurse +nursememory +soybeancatsup +sharonpenalty +smellcapital +step-auntarmadillo +alcoholpreface +israeldorothy +bengalaftermath +memoryfridge +computerlaundry +timbaleapology +germanysound +nitrogenstranger +ronaldairport +thunderrainstorm +streamparade +denimpanty +freighterforehead +beardbench +weaponsurgeon +nickeltheater +strangertaste +cobwebcurler +musclehandicap +cushionspark +cymbalscene +donaldchalk +shelfghost +bathroompuppy +educationpickle +creaturespear +continentorange +cylindersociety +transportketchup +lindapopcorn +mirroraluminum +turretcardboard +brainniece +quaildrake +haircutslipper +packagekitchen +lotionnoise +freighteremployer +minibusstart +attentionmattock +thailandpatio +parsnipamerica +kevinchain +spherequart +educationporter +riveryellow +geometryindustry +sweatshopreminder +karenalbatross +raincoatwaiter +hexagonglass +skirtscrew +canadianweasel +libraryquality +tulippanther +piscesemployee +gradepressure +amusementcocoa +accountwallaby +drivingsemicolon +crossclose +networkstool +exhaustparade +forcekevin +luttucedigger +cirrusbotany +propertylathe +basketcloakroom +armchairdinghy +bladehumor +hyacinthpaste +dinosaurmacaroni +greenfloor +stretchbrand +sparrowfebruary +reminderinternet +snailbeast +trousersshelf +algeriajacket +printerdaughter +capitalaustralia +creamhyena +voyageweight +timbalehurricane +spearpanties +frametexture +herringbeach +jenniferstep-aunt +saxophonenancy +agendajudge +fedelinipolish +giantfreeze +zoologydomain +cyclealloy +ptarmigansleep +printpuffin +voicetrade +dahliacheque +cockroachlaugh +currentgirdle +bettyplastic +mexicancirrus +williamhouse +arrowappendix +quartmercury +octoberbedroom +rainstormantelope +streamblock +cormorantyogurt +channelbaboon +orangepiano +balinesequotation +romanianromanian +bufferscorpion +indonesiaradiator +buildingvolcano +cucumberrouter +consonantbotany +seagulljuice +rocketjoseph +anteatertortoise +oatmealrecess +celerytrial +thingwrecker +underweardiaphragm +step-sonanthony +celestecousin +purpleequinox +chimespruce +taxicabshame +jenniferitalian +separatedmeter +bagelhalibut +butanepollution +grandsonkevin +timermulti-hop +quailsquare +haircutrussian +zephyrmakeup +baseballcheque +sugartanzania +potatoathlete +ceilingsardine +croissantsquash +offerswiss +borderpakistan +bettypolish +educationsharon +bumperbeard +pajamaoctave +messagebadger +healthglove +goldfishbowling +spruceagreement +witnesspostage +housewitness +pansystitch +armchairblade +replacequince +kidneyracing +childsubstance +gymnastdrink +chestherring +kennethmessage +thundersycamore +gianttruck +chauffeurfrost +tongueopinion +alloytemper +turnoverdaughter +controldigestion +musclepiano +chardreligion +securefight +clothbladder +quincetrial +melodyrequest +internetmakeup +epoxymitten +featureethernet +airmailbabies +peonycyclone +mirrorpassenger +rotatemosquito +checksupport +degreesphere +mexicolentil +whaleminute +beasttights +timerblanket +ceilingslice +computerdavid +singlebeetle +blockanimal +ronaldtoast +educationraincoat +partnerbudget +forestromanian +illegalfortnight +draineditor +ariescrayon +spoonrussia +coniferphone +interestcapital +shellsanta +toenailharbor +numerictsunami +bracetsunami +bettysociology +sphynxnorwegian +hobbiesformat +formatobjective +marimbatouch +magicblowgun +adapterprofessor +carriagebrandy +apparatusservant +plantsinger +collarpyramid +patchsoldier +propertyshingle +scorpioncurtain +januaryquarter +porcupinephysician +criminalcheque +debtorcactus +indiainternet +invoicepatricia +fightertrail +kendovenezuela +medicinecircle +streetcarnigeria +mistakethrone +comfortsearch +cirrusnickel +agendaamerica +turkeyevent +woundnoodle +scorpiongondola +greasechime +galleyvenezuela +frienddinghy +scorpioheaven +breadlegal +missiletheory +queencucumber +snowplowegypt +stretchdragonfly +beetlepurchase +teachingscanner +tendencymotorboat +wastecactus +zebraroute +boundaryamerica +bugleisland +cushionaftermath +algeriasquid +alcoholikebana +oniontrial +williamquestion +templegreen +saucebagel +dryerriver +tomatochild +sundialscorpion +animetextbook +processhardcover +firemansardine +ukraineadvice +dorothytooth +dressingquince +bookcasehistory +hacksawarmadillo +cuticlesilica +condorgender +eventtreatment +animewatch +floodbrass +rubberfibre +ghanafamily +inputpassbook +pyjamascooter +partyriver +chalkimpulse +tornadonewsstand +historygallon +carnationpastry +davidwound +forecasttuesday +actionsmell +backbonebladder +canadacancer +targetjapan +meterradiator +flightslave +offencereceipt +incomeairport +squirrelenergy +trialbrake +davidmachine +insectchurch +gliderturnover +airplaneorchid +colonvalue +motorboatinput +cherrypoison +stickmascara +pastorsparrow +alphabetcello +digitalnickel +hallwayflight +carolpimple +glovebutane +printoutput +salarybread +timpaniparsnip +changeburst +licensecougar +timpanilunch +cartoonbreak +brackethacksaw +searchtitle +driveprofessor +georgetaxicab +israelavenue +recordblock +hammertrunk +cottonraven +notifybeech +pancakequotation +chalkheadline +washerlentil +actionverdict +christmascreature +sarahpizza +chalkhoney +sturgeonwedge +cementmacrame +bracketorchid +harbordelivery +singlesurfboard +innocentunderwear +chainviolin +keyboarddream +typhoonmarket +zephyramount +davidsemicolon +algebraclick +profitvolcano +saturdaycanada +pendulummusic +sharksaxophone +orchiderror +recordprotocol +foxgloveaugust +cougargermany +spiderspinach +rutabagaspark +roadwaycrayfish +zephyrwhale +hubcaprussian +trialavenue +kayakaries +studymarket +blockfamily +chequeoutrigger +divorcedalphabet +blockdirection +potatospinach +basintornado +graphicgosling +numericdeficit +temperscreen +englishmustard +sopranohoney +airportbranch +oceanspoon +seashoresuede +inputcable +fairiesappliance +drizzleenglish +mexicoschool +turnipduckling +propertysideboard +bargefountain +bobcatbarometer +baritonecrowd +creatoractivity +porcupinelimit +breathfreezer +leopardbanana +breakdaisy +engineerhealth +forgerylibrary +treatmentobjective +dinghyikebana +ticketpromotion +systemchair +brokervision +liquidbutcher +russiashrine +siameseperson +drizzleincome +snowflakeceleste +ministerriver +picklemarble +dungeonbedroom +americatrial +tastehumidity +recesskenneth +trickaccount +newsstandfeather +brownswamp +crushhouse +pyjamaopinion +equipmentbookcase +musicianguilty +sugarquestion +englishswedish +closetcolumn +notifyotter +rainbowmarimba +healthbanjo +tsunamistomach +freighteraquarius +clockinvoice +reportankle +weaponsunshine +linenfeedback +coastpocket +distancedecrease +packethyena +companysurgeon +bargepeony +debtorbongo +jellyfishhearing +believemother +butchercuban +advantagemexico +friendstone +brazilearth +burglarwhite +kangaroocurtain +saucedrain +lyocellsidewalk +ownerwedge +crayonjewel +buffetwealth +pantrycemetery +threadclipper +orangejason +pastryplaster +algeriaagenda +cylinderarcher +monthbillboard +partyshears +fortnightharmonica +lightdeadline +lungepatient +burstapartment +companyknight +patchsalesman +securitywhite +spaghetticrook +storyvolcano +armenianbicycle +peacebroker +grouprepair +customerstocking +landminesurfboard +consonantrevolver +halibutcolor +officedessert +swordfishequinox +sailorsidecar +industryapparel +gore-texchinese +couchdorothy +englishanger +shoemakergemini +walletpayment +donnaapartment +chestpoint +brandtractor +answerbasket +cricketshrine +trunkcathedral +drawercarpenter +plasticknight +dinghysushi +subwayoatmeal +cartoonbudget +streetcaropera +studycomic +submarinebasement +elizabethwednesday +luttucechildren +squashinsurance +tastecontinent +patientteacher +jacketaftermath +japaneseexistence +plasticclaus +bedroomtrumpet +resultsanta +powersidecar +spaghettivalley +cyclefrench +bedroommiddle +tendencytrain +seagullravioli +latexpackage +streamselection +washerrelish +zoologyemployee +pantyhosedesign +managercentury +mascarahumor +edgerrhythm +trumpetcousin +romaniansoybean +microwavemoustache +ghostmaria +cricketdance +freoncondor +pentagontouch +magazineeight +cardboardwitness +optionjapanese +aprilbrake +mondayblouse +attackpickle +thoughtguide +harmonicatruck +shallotcarol +repairsmash +crosswalrus +streetclose +zoologyorchestra +cirruskitten +kilogrambaseball +shortstoenail +acrylicbooklet +cloudyblock +waitresscurrency +africaeyelash +jenniferalcohol +diaphragmslipper +pencilsprout +harborstreetcar +magicgarden +monkeybeggar +stockingbabies +novelgearshift +wastegemini +ministerpajama +egyptgazelle +armadilloplant +powderlizard +forcecougar +hallwayhydrofoil +clarinetswallow +womenpyjama +ariesbrand +kayakcollar +viscoseliquid +buzzarddouble +melodyschedule +outputyogurt +dipstickasparagus +hyenaneedle +cupcakebulldozer +messageorchestra +beachfisherman +clothexistence +recorderlunge +dorothycoast +propertyplough +karatemargaret +hallwaylearning +asteriskreindeer +mariabreakfast +creditsister +airbusholiday +trunkexhaust +aftermathgrenade +officesurprise +accordionthistle +moustacheanteater +eggplantbuffet +myanmarchord +spaghettisaturday +dahliahobbies +stingernight +stationwitness +interestburst +britishasparagus +snakegroup +gooseexample +step-sonpackage +cardigandorothy +printergeology +brokercellar +jewelbuzzard +jasoncaption +benchtoast +lightcellar +windowjelly +successtanker +insuranceicicle +sleepswiss +carolfrench +produceonion +pocketsnail +schedulelotion +brushkamikaze +guaranteemexico +cerealunderwear +sweatercourt +bottomcaption +crossepoch +wastelasagna +dogsledbranch +skilleffect +passivelemonade +congotiger +newsstandclass +tastethread +spaindetail +sandwichfather +statisticitalian +turtleolive +greekstring +ferryboattwilight +cheesealgeria +lobsterbeach +spinachlettuce +sentencewrench +ravioliquartz +mimosawriter +motherliver +felonywilliam +croissantchinese +inventoryex-wife +honeyperson +germanytrail +zipperracing +touchdrive +angoravault +offencecriminal +chinesedollar +bugleapril +celloplant +dinosaurshock +beliefvault +cupcakeberet +shadowbadger +educationorange +camelodometer +riverprofit +lindaburglar +dimplebladder +biplanemoney +periodrouter +japanindex +squirrelsheep +ariessmell +celsiuskorean +recordbirch +tailorbabies +barberkevin +baboonalarm +disgustfemale +packageshallot +halibutoxygen +norwegiannarcissus +sistercouch +kittenreport +dancercurler +stovefrance +islandsunflower +fluteinventory +decadeverse +heliumbarometer +creatorfrance +depositplate +richardunderwear +ferryboatcymbal +broccolialbatross +sentencebreakfast +saturdayleopard +barometergateway +cymbalsecure +hacksawswordfish +orchestratiger +accountporcupine +shearsaftermath +vinyljennifer +gallonparticle +pressurestart +handballplant +chalkmicrowave +inventorymallet +skillmexican +digestionpollution +garagenewsstand +sproutcelery +octopusaddition +raviolibugle +edwardperfume +violetprice +prunerhallway +apparatuscause +wreckerhyena +aprilrainbow +desiredivorced +anatomycannon +chairmarch +bargegarden +scalliongrandson +footnoteharmony +hurricanedragon +debtorsunflower +governorblanket +coastchurch +activebutcher +parsnipjoseph +fluteniece +priceafrica +tromboneheight +lobsterstick +discoverytrick +slopemustard +footnotequestion +stevensnowplow +bathtubvolcano +raviolilicense +chauffeurbubble +crayongeese +comictrial +patiotom-tom +europechick +snowstormfamily +anthonyregret +seashorecurrency +enquirygiant +dinosaurhamburger +cougarcricket +internetukraine +spandexcanadian +jeansgladiolus +asphaltedger +storyagenda +equinoxactive +spearrelative +columnistsoybean +vulturefisherman +scentastronomy +bufferbrace +treatmentplier +sunshineblizzard +collegeamount +breakfastspear +gasolineaddition +throneactivity +lightheart +stepsonbrass +williambuffet +thingsociety +bathtubcornet +nursewoolen +organstep-son +cinemapassbook +womenchill +newsprintethiopia +tendencytugboat +cactusepoch +tanzaniadoctor +spherepayment +cobwebmusic +postboxdollar +creaturemexico +disgustfountain +spadepajama +paperbackwaiter +italiantanzania +myanmardoubt +trialpoppy +slashrowboat +hacksawdeodorant +blizzardsweatshop +physicianpoland +nightriddle +sweetsmonday +vegetabledisgust +oniontoilet +strawgrandson +cowbellthursday +dibblemelody +stockingfactory +c-clampharmony +advantageknowledge +crawdadfireman +drivechicory +woundparsnip +yachtengine +venezuelanickel +chickjeans +enquirystopsign +rutabagashrimp +geminisuede +pancreaslatex +ikebanapatio +turtlecaptain +shellpassbook +glidingspoon +whorlmaraca +japanesescraper +kohlrabieggnog +marriedsharon +sweatshopsnowman +streamthrill +targethydrofoil +blizzardrooster +saxophonedollar +laborerpanty +purchaseyogurt +cyclonepromotion +sociologysnowflake +armchairprofit +whistlequeen +schoolstick +arrowuganda +creatureaddition +freonutensil +buildingflight +tenorroadway +poppysociology +chickenhorse +bearddorothy +crayonplatinum +susanmonday +trouserslumber +goosedrizzle +octavenigeria +kevinmachine +clipperclerk +disgustbelieve +pamphletsnowman +ex-wifeforehead +toiletscent +crackercuban +swordfishbritish +fishermancomposer +foxglovenephew +soybeangrandson +depositbobcat +sturgeoncaravan +waterfallcheese +potatoblood +broccoliforce +productseashore +treatmentshell +cricketaluminium +chickensponge +territorygondola +reportferry +chordchest +consonantniece +juicelentil +cherriesitaly +calendarpelican +throatporch +gore-texfeedback +outputclass +calendarlyocell +spaghettipants +bloodliquor +mustardspider +twistthing +libramosque +firewallkilogram +continentsheep +tradequeen +ploughcockroach +smokeheadlight +searchwhale +zebramotion +handicapcover +willowjames +apologylaborer +grousexylophone +cousindonkey +timbalesneeze +mosquitolatency +leopardseagull +criminalpersian +whiskeywalrus +multi-hopstep-aunt +radiatorgorilla +handledrizzle +coastdeborah +softwarestory +crossdryer +streetketchup +stoollipstick +silversaxophone +angledigger +angoraaugust +mandolindress +stoolactive +afternoonocelot +skillwheel +ladybugshape +centurysturgeon +girdleindonesia +walruslatex +discoverysheep +snowmanshark +williamengine +energyguilty +canvaswillow +cinemacherries +throneornament +shoemakerplayroom +giantalibi +formathandball +tuesdaynitrogen +moneypoint +ceramicpostage +timbaleskiing +scissorsamusement +glidertom-tom +ukrainianbuffer +borderlimit +lycradrama +additionhimalayan +eventagenda +barometerliquid +slipperrocket +bracketagreement +aquariusmichael +octavemacaroni +effectsignature +copperenemy +melodydirection +lizardflower +sandwichladybug +spinachcaution +turretvision +motherspoon +mistakeeggnog +jumpersnail +professordamage +pickletsunami +pyjamabelieve +decreaseronald +weaponfifth +theaterfirewall +belgiandugout +scorpionrubber +searchodometer +marketresult +sweetssalary +minibusketchup +mailboxbench +spleeneurope +geraniumhouse +dramamakeup +banglecrime +gondolacaption +dahliaparent +violettoenail +peppereducation +japanesefeeling +onionquotation +furnituretongue +surgeonselect +angercrate +knifecarrot +marginsearch +luttucesense +sessionforce +plainbongo +custardburglar +thursdayfreezer +historyscanner +mascarafelony +paperexample +recorderglider +marginbillboard +fluteavenue +collarvoyage +prosepantyhose +drilllyric +hexagonpancreas +sudanjellyfish +syrupforest +cubancaution +throatconifer +cemeterycornet +donnawaitress +clipperappeal +lentilestimate +jumperreduction +wastelatex +approvalplanet +dieticianshark +pencilsyrup +communitygoldfish +strangersubway +governormelody +thailandheron +georgetennis +springtimbale +cloverrabbit +chinesefemale +banjoswimming +shovelsalary +waterfallplier +calculusmaple +syrupbeard +babiestoast +step-auntgraphic +step-sonclaus +smokecoffee +skirtcactus +ferrybathroom +driverex-wife +pelicanconifer +riverbedmarket +actressbakery +trailretailer +mechaniccontrol +magicdeadline +epochkenya +broccolimulti-hop +alloyshield +drainspeedboat +geologymacrame +violetstorm +cicadarabbit +forecastheadline +companyaddition +featherstore +illegalheadlight +baboonoffice +herringaluminium +blanketdenim +tenorkettle +freightermailbox +furnitureeducation +pointsurprise +weaponflood +farmercanvas +chineseattention +versequiet +centurystudy +goldfishdungeon +slopesquirrel +canvasclaus +yogurtcanvas +lilacfaucet +bottlethumb +harmonicacereal +pantrycapricorn +tortoisenotify +toenailfloor +middletheater +calendarswallow +celestecopyright +monthcountry +zebraspace +alloyasphalt +propanewound +knickerssurfboard +deficitsmile +matchtriangle +paperdinner +teachingbrick +stopwatchthomas +authorbridge +readinggrade +minibusknowledge +armadilloformat +kittyminute +relativeindia +feelingaftermath +mustardquartz +gatewaybranch +prosechief +statisticthread +towerhaircut +processwalrus +temperreason +drilltoilet +karatefriction +summerpersian +tsunamibeard +pancreashelmet +separatedtugboat +shadowrespect +brakemotion +step-soncalendar +printerror +femalecomposer +chocolatesmash +taiwanvoice +formatrubber +apparatushourglass +shelfdugout +positionpollution +clothmuscle +visitorshrine +enquirykayak +anglepasta +kohlrabibronze +pansyequinox +susanpastor +liquormelody +canadianstraw +popcornpassenger +deadlinebamboo +bankbooksquare +pastordaniel +cuticlefarmer +bookcaseparsnip +ikebanabathroom +catsupjason +papergoose +syriawinter +scraperrainbow +exchangewinter +segmentwound +flavorjuice +clausquartz +chocolateminibus +layergermany +successsunflower +stepsonhealth +gallontyvek +nervebengal +pamphletspace +soccershorts +kevinparcel +timbalearies +paraderocket +yogurtcathedral +candlecreature +mountaincontinent +juiceradio +passbooksoccer +juiceknight +priestpurpose +shieldapartment +lizardangle +snowflakeclient +religionfireman +multi-hopbottle +februarysmell +zephyrrutabaga +effectnigeria +nickelbalance +apartmentquiet +impulsesidewalk +beavercrush +titlehistory +congojacket +aftermathgander +woundbamboo +mondayjaguar +titaniumbladder +beechwealth +ramieoxygen +blacktaiwan +tendencyclimb +lizardmoney +minutecylinder +carpenterinventory +richardperiod +operationpayment +bumpersharon +bargehammer +onionbutcher +ferrystore +surfboardviscose +numericpiccolo +successdogsled +quincemarket +softwarerelish +canadageese +cubannovember +liverbracket +babiesbulldozer +fightercarnation +sessionjewel +anteaterminibus +mondaypaper +gearshiftfelony +adaptertornado +shrimpcactus +valleygauge +lyocellpilot +applesparrow +atticdrink +step-sonsweatshop +elephantstocking +producefireman +macaroniwomen +decimaldresser +doctorrhythm +channelphysician +camerapyjama +cirruschicory +mandolinpurchase +pandacoast +laborerpolice +fridgemusician +decadehoney +summersycamore +stationlemonade +communityswimming +collisiongliding +educationbookcase +formatpersian +aluminumrhythm +colorweather +boardscarecrow +bumpersnowstorm +meetinggeese +couchbuffer +chancesoftdrink +airplanemeasure +muscletongue +adaptervirgo +mimosaalloy +bladderhamburger +childcolor +stopwatchtrial +middleletter +wallabyjeans +musicdenim +broccolination +slopecatsup +waterchick +currentnarcissus +quivermailman +selectiondanger +angerslime +avenueparrot +ukrainiansarah +davidradar +pelicanmascara +hurricanetimbale +liquorriver +drawerberry +replacehobbies +underwearseason +firewallbreak +sproutlarch +bracecarol +bottompolyester +hockeyheight +peonyseeder +clientmeter +wastetwilight +peppergarlic +gymnasthearing +drivingbutton +sliceikebana +zephyrviolet +badgerambulance +asteriskenglish +pantyhoseplanet +karatemodem +scalechildren +baseballpastor +crateoutput +recorderpanda +broccolitrumpet +brochureporcupine +passivehurricane +vulturevacation +pyjamaforgery +bubblecopyright +octavecloudy +grousestream +supplycannon +bagelbench +punchairplane +copperwhale +polandshears +canvasseptember +friendlight +lipstickrevolver +shrimpjewel +scorpionairship +bagpipeturkish +timpanivessel +airbustyvek +makeupbeetle +egyptriverbed +clutchpencil +equinoxbobcat +bronzesyria +brokersecure +astronomylilac +wrenchsponge +flightapproval +bucketmorning +lemonadestudy +condoreagle +diaphragmmanager +melodyheadline +decimaldrill +carolgoldfish +illegalferryboat +faucetfeather +mountaindebtor +trickgosling +knifejason +personreindeer +postboxknowledge +backbonesnowman +capricorncattle +shoemakerbirthday +shamecrawdad +pheasantsidecar +christmasburst +rainbowexhaust +monthholiday +hacksawradio +machinethailand +letterchildren +bracetoenail +edwardbudget +screenstation +giraffedeficit +eyelashpiccolo +workshopbrain +swordferryboat +quiverswing +animeturret +yellowsecure +pantsselection +edgeremery +donnadinosaur +fedelinielephant +latheposition +calculussushi +alligatorlicense +divingorchestra +custardankle +apparatusglass +librablanket +cheekdesign +dugouttwist +kangarooitalian +strawbarometer +friendappliance +cocoacoast +relationgirdle +kayakevent +tenorsauce +streamcurtain +ugandabuffet +questionappendix +rangesardine +mistakeliquor +italyoatmeal +bandanastep-son +swallowbrian +libraryrooster +guitarcormorant +alligatorarmadillo +olivediploma +mandolinvietnam +chequeonion +moustachestaircase +tugboatpepper +babiesmandolin +chickenbobcat +sleeptrade +ticketfeature +governortanker +priestsubstance +squarelegal +badgemacaroni +hospitalcream +chieffriction +birthdaycloudy +sandrapancreas +licensepimple +chauffeurstraw +sandrabalinese +sailboatboard +eyelinergreece +ceramicvulture +wasteturtle +dragonflybiplane +squareglass +doubleplywood +aluminumeyelash +cougarlearning +swordcanvas +digestioncloset +kittycuban +cratebarge +timbaleepoxy +mosquitocolor +stoolsurname +brushlocust +noisestatement +blockcrocus +weedermusic +ounceedward +preparedrabbi +umbrellatimbale +eveningpuffin +mondayoffence +ferrydrain +multi-hopfriday +clerkcollege +yogurtpatio +coastlotion +elizabethepoxy +denimlanguage +estimatelaugh +blackeffect +bugleheight +jasonrectangle +sneezebusiness +drainsarah +countryattack +fifthnephew +blacklaura +parcelbangle +russiaforce +australiavoice +linenviola +shelfcicada +sidewalkbusiness +slashhospital +saxophonereceipt +dressingmeasure +heavendressing +spinachsweets +marriedspeedboat +tendencyhobbies +barbarafront +doublemirror +pantiesnumeric +shademailman +hobbiesgarage +tradepyjama +engineerashtray +thunderlizard +targetbench +hydrantspleen +trunkfisherman +africapastry +violintrain +spoonstep-son +managereducation +brickalibi +kangaroofirewall +stovehydrogen +internetpassbook +expansioncupcake +operationsecretary +methanesmash +skillopera +prefacebulldozer +scorpionsaxophone +valleyangora +twistacrylic +puppymaria +acousticniece +nephewemployee +turretrelish +potatosleet +cupboardthistle +apartmentpunch +smelljaguar +sociologyquilt +modemfelony +otterlizard +guiltyharmony +spandexfridge +groundferryboat +onionwillow +cocoascience +pizzaentrance +mouthbattery +soccerviolet +tortoiseenemy +radiatorceiling +boardblood +grandsonwhite +fieldcushion +chequeelbow +freondriving +birthalbatross +armeniangirdle +davidbulldozer +applelipstick +policemanlatex +wristbranch +gendershare +yachtchest +macramefeeling +adaptercoach +successtennis +teacherfeeling +innocentsubmarine +furnituregalley +biplanetexture +coverwrinkle +cucumberspider +hobbiespriest +womenmichael +harmonicaskirt +valleypatch +agreementdungeon +quivermirror +crickethygienic +humorpoultry +fleshdolphin +broccolibrand +cylindermarried +noodlecanadian +leopardcowbell +chestglove +singlejames +cocktailsundial +inventoryconifer +nationnerve +swisspostage +hyacinthsociety +surgeonsidecar +otterswamp +pocketperson +cousinnoise +epoxyllama +teacherzipper +asphaltalarm +aluminiumdouble +submarinekarate +singerenquiry +airmailgermany +coppersquash +quicksandquartz +cucumbermotorboat +ostrichcurrent +numericparrot +pancakecolor +bracketflower +requestcicada +seaplanerouter +softballtoilet +segmentlibrary +lemonadeyacht +vacationmuseum +yellowtheater +officemagician +mechaniccheck +randomswallow +bargearcher +cricketbrother +guitarronald +fedeliniinnocent +spongecreek +firemandebtor +discoverytimpani +tigerbelgian +camelworkshop +yogurtmilkshake +himalayanferryboat +ceilingwhale +kidneyfortnight +japandancer +questionflight +chiveleopard +woolenanthony +indonesiatennis +greecehimalayan +jellydatabase +orchidsoybean +pelicanferryboat +luttucepancake +featuregander +spacebanjo +spherefoxglove +cormorantpaste +housebladder +dancercraftsman +pyramidjanuary +cicadachime +singlesweatshop +pancreasdebtor +kittyprice +cubansalad +prunergeorge +doubtbanjo +blowgunsquash +syriageranium +sentencebagel +substancekenya +ukrainianplatinum +camelitalian +kittytheory +relativeconga +alleypoland +wastebeast +dahliaflood +cannongeranium +objectiveappendix +parsnipspace +humorsmash +kimberlytractor +cookingbrand +paintnitrogen +asterisklyocell +calendarrainbow +lindadinner +interestbanana +richardmercury +algeriadragon +featuremarch +offencepackage +entrancesession +donkeyglove +messagehyacinth +slashsugar +invoicebiology +slavestock +fightfeather +wallabyhacksaw +bucketalloy +methaneliver +carolhalibut +pricecolony +staircasesoftdrink +insectcolor +telleremery +siberianrooster +messagerussian +gatewaymuseum +columnistpajama +adapterinterest +chemistrygeorge +flightporch +c-clampbeginner +egyptwalrus +honeyvessel +spherelentil +brandyjasmine +shadowshovel +ellipseshoulder diff --git a/host/usr/share/nginx/html/error.html b/host/usr/share/nginx/html/error.html new file mode 100644 index 00000000..e69de29b diff --git a/host/usr/share/nginx/html/favicon.ico b/host/usr/share/nginx/html/favicon.ico new file mode 100644 index 00000000..a40c2372 Binary files /dev/null and b/host/usr/share/nginx/html/favicon.ico differ diff --git a/host/usr/share/nginx/html/navbar.html b/host/usr/share/nginx/html/navbar.html new file mode 100644 index 00000000..d3b311a8 --- /dev/null +++ b/host/usr/share/nginx/html/navbar.html @@ -0,0 +1,21 @@ + + + + + + T-Pot + + + + +
+ Home + Kibana + ES Head + Netdata + Spiderfoot + Portainer + WebTTY +
+ + diff --git a/host/usr/share/nginx/html/style.css b/host/usr/share/nginx/html/style.css new file mode 100644 index 00000000..2696a613 --- /dev/null +++ b/host/usr/share/nginx/html/style.css @@ -0,0 +1,17 @@ +.btn { + -webkit-border-radius: 0; + -moz-border-radius: 0; + border-radius: 0px; + font-family: Arial; + color: #ffffff; + font-size: 12px; + background: #E20074; + padding: 2px 30px 2px 30px; + text-decoration: none; +} + +.btn:hover { + background: #c2c2c2; + text-decoration: none; +} + diff --git a/host/usr/share/nginx/html/tpotweb.html b/host/usr/share/nginx/html/tpotweb.html new file mode 100644 index 00000000..6f3a0146 --- /dev/null +++ b/host/usr/share/nginx/html/tpotweb.html @@ -0,0 +1,15 @@ + + + + + + T-Pot + + + + + + + + + diff --git a/iso/installer/dialogrc b/iso/installer/dialogrc new file mode 100644 index 00000000..bb53e1b8 --- /dev/null +++ b/iso/installer/dialogrc @@ -0,0 +1,144 @@ +# +# Run-time configuration file for dialog +# +# Automatically generated by "dialog --create-rc " +# +# +# Types of values: +# +# Number - +# String - "string" +# Boolean - +# Attribute - (foreground,background,highlight?) + +# Set aspect-ration. +aspect = 0 + +# Set separator (for multiple widgets output). +separate_widget = "" + +# Set tab-length (for textbox tab-conversion). +tab_len = 0 + +# Make tab-traversal for checklist, etc., include the list. +visit_items = OFF + +# Shadow dialog boxes? This also turns on color. +use_shadow = ON + +# Turn color support ON or OFF +use_colors = ON + +# Screen color +screen_color = (WHITE,MAGENTA,ON) + +# Shadow color +shadow_color = (BLACK,BLACK,ON) + +# Dialog box color +dialog_color = (BLACK,WHITE,OFF) + +# Dialog box title color +title_color = (MAGENTA,WHITE,OFF) + +# Dialog box border color +border_color = (WHITE,WHITE,ON) + +# Active button color +button_active_color = (WHITE,MAGENTA,OFF) + +# Inactive button color +button_inactive_color = dialog_color + +# Active button key color +button_key_active_color = button_active_color + +# Inactive button key color +button_key_inactive_color = (RED,WHITE,OFF) + +# Active button label color +button_label_active_color = (YELLOW,MAGENTA,ON) + +# Inactive button label color +button_label_inactive_color = (BLACK,WHITE,OFF) + +# Input box color +inputbox_color = dialog_color + +# Input box border color +inputbox_border_color = dialog_color + +# Search box color +searchbox_color = dialog_color + +# Search box title color +searchbox_title_color = title_color + +# Search box border color +searchbox_border_color = border_color + +# File position indicator color +position_indicator_color = title_color + +# Menu box color +menubox_color = dialog_color + +# Menu box border color +menubox_border_color = border_color + +# Item color +item_color = dialog_color + +# Selected item color +item_selected_color = button_active_color + +# Tag color +tag_color = title_color + +# Selected tag color +tag_selected_color = button_label_active_color + +# Tag key color +tag_key_color = button_key_inactive_color + +# Selected tag key color +tag_key_selected_color = (RED,MAGENTA,ON) + +# Check box color +check_color = dialog_color + +# Selected check box color +check_selected_color = button_active_color + +# Up arrow color +uarrow_color = (MAGENTA,WHITE,ON) + +# Down arrow color +darrow_color = uarrow_color + +# Item help-text color +itemhelp_color = (WHITE,BLACK,OFF) + +# Active form text color +form_active_text_color = button_active_color + +# Form text color +form_text_color = (WHITE,CYAN,ON) + +# Readonly form item color +form_item_readonly_color = (CYAN,WHITE,ON) + +# Dialog box gauge color +gauge_color = title_color + +# Dialog box border2 color +border2_color = dialog_color + +# Input box border2 color +inputbox_border2_color = dialog_color + +# Search box border2 color +searchbox_border2_color = dialog_color + +# Menu box border2 color +menubox_border2_color = dialog_color diff --git a/iso/installer/install.sh b/iso/installer/install.sh new file mode 100755 index 00000000..cdb398ff --- /dev/null +++ b/iso/installer/install.sh @@ -0,0 +1,509 @@ +#!/bin/bash +# T-Pot post install script + +# Set TERM, DIALOGRC +export TERM=linux +export DIALOGRC=/etc/dialogrc + +# Let's load dialog color theme +cp /root/installer/dialogrc /etc/ + +# Some global vars +myPROXYFILEPATH="/root/installer/proxy" +myNTPCONFPATH="/root/installer/ntp" +myPFXPATH="/root/installer/keys/8021x.pfx" +myPFXPWPATH="/root/installer/keys/8021x.pw" +myPFXHOSTIDPATH="/root/installer/keys/8021x.id" +myTPOTCOMPOSE="/opt/tpot/etc/tpot.yml" +myBACKTITLE="T-Pot-Installer" +mySITES="https://index.docker.io https://github.com https://pypi.python.org https://ubuntu.com" +myPROGRESSBOXCONF=" --backtitle "$myBACKTITLE" --progressbox 24 80" + +fuRANDOMWORD () { + local myWORDFILE="$1" + local myLINES=$(cat $myWORDFILE | wc -l) + local myRANDOM=$((RANDOM % $myLINES)) + local myNUM=$((myRANDOM * myRANDOM % $myLINES + 1)) + echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z) +} + +# Let's wait a few seconds to avoid interference with service messages +sleep 3 +tput civis +dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Wait to avoid interference with service messages ]" --pause "" 6 80 7 + +# Let's setup the proxy for env +if [ -f $myPROXYFILEPATH ]; +then +dialog --title "[ Setting up the proxy ]" $myPROGRESSBOXCONF <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Stop docker service ]" $myPROGRESSBOXCONF +systemctl start docker 2>&1 | dialog --title "[ Start docker service ]" $myPROGRESSBOXCONF +fi + +# Let's test the internet connection +mySITESCOUNT=$(echo $mySITES | wc -w) +j=0 +for i in $mySITES; + do + dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1>/dev/null + if [ $? -ne 0 ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nInternet connection test failed. This might indicate some problems with your connection. You can continue, but the installation might fail." 10 50 + if [ $? = 1 ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Abort ]" --msgbox "\nInstallation aborted. Exiting the installer." 7 50 + exit + else + break; + fi; + fi; + let j+=1 + dialog --title "[ Testing the internet connection ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now checking: $i\n" 8 80 $(expr 100 \* $j / $mySITESCOUNT) <&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; +rm -rf /etc/nginx/sites-available/default 2>&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; +rm -rf /usr/share/nginx/html/index.html 2>&1 | dialog --title "[ Removing NGINX default website. ]" $myPROGRESSBOXCONF; + +# Let's ask user for install flavor +# Install types are TPOT, HP, INDUSTRIAL, ALL +tput cnorm +myFLAVOR=$(dialog --no-cancel --backtitle "$myBACKTITLE" --title "[ Choose your edition ]" --no-tags --menu \ +"\nRequired: 4GB RAM, 64GB disk\nRecommended: 8GB RAM, 128GB SSD" 14 60 4 \ +"TPOT" "Standard Honeypots, Suricata & ELK" \ +"HP" "Honeypots only, w/o Suricata & ELK" \ +"INDUSTRIAL" "Conpot, eMobility, Suricata & ELK" \ +"EVERYTHING" "Everything" 3>&1 1>&2 2>&3 3>&-) + +# Let's ask for a secure tsec password +myUSER="tsec" +myPASS1="pass1" +myPASS2="pass2" +mySECURE="0" +while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] + do + myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for console user (tsec) ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myPASS1" != "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myPASS1="pass1" + myPASS2="pass2" + fi + mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myPASS1="pass1" + myPASS2="pass2" + fi + fi + done +printf "%s" "$myUSER:$myPASS1" | chpasswd + +# Let's ask for a web username with secure password +myOK="1" +myUSER="tsec" +myPASS1="pass1" +myPASS2="pass2" +mySECURE="0" +while [ 1 != 2 ] + do + myUSER=$(dialog --backtitle "$myBACKTITLE" --title "[ Enter your web user name ]" --inputbox "\nUsername (tsec not allowed)" 9 50 3>&1 1>&2 2>&3 3>&-) + myUSER=$(echo $myUSER | tr -cd "[:alnum:]_.-") + dialog --backtitle "$myBACKTITLE" --title "[ Your username is ]" --yesno "\n$myUSER" 7 50 + myOK=$? + if [ "$myOK" = "0" ] && [ "$myUSER" != "tsec" ] && [ "$myUSER" != "" ]; + then + break + fi + done +while [ "$myPASS1" != "$myPASS2" ] && [ "$mySECURE" == "0" ] + do + while [ "$myPASS1" == "pass1" ] || [ "$myPASS1" == "" ] + do + myPASS1=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Enter password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + done + myPASS2=$(dialog --insecure --backtitle "$myBACKTITLE" \ + --title "[ Repeat password for your web user ]" \ + --passwordbox "\nPassword" 9 60 3>&1 1>&2 2>&3 3>&-) + if [ "$myPASS1" != "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Passwords do not match. ]" \ + --msgbox "\nPlease re-enter your password." 7 60 + myPASS1="pass1" + myPASS2="pass2" + fi + mySECURE=$(printf "%s" "$myPASS1" | cracklib-check | grep -c "OK") + if [ "$mySECURE" == "0" ] && [ "$myPASS1" == "$myPASS2" ]; + then + dialog --backtitle "$myBACKTITLE" --title "[ Password is not secure ]" --defaultno --yesno "\nKeep insecure password?" 7 50 + myOK=$? + if [ "$myOK" == "1" ]; + then + myPASS1="pass1" + myPASS2="pass2" + fi + fi + done +htpasswd -b -c /etc/nginx/nginxpasswd "$myUSER" "$myPASS1" 2>&1 | dialog --title "[ Setting up user and password ]" $myPROGRESSBOXCONF; + +# Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway) +tput civis +mkdir -p /etc/nginx/ssl 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; +openssl req \ + -nodes \ + -x509 \ + -sha512 \ + -newkey rsa:8192 \ + -keyout "/etc/nginx/ssl/nginx.key" \ + -out "/etc/nginx/ssl/nginx.crt" \ + -days 3650 \ + -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF; + +# Let's setup the ntp server +if [ -f $myNTPCONFPATH ]; + then +dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF +fi + +# Let's setup 802.1x networking +if [ -f $myPFXPATH ]; + then +dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF <&1 | dialog --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF + if [ -f $myPFXPWPATH ]; + then +dialog --title "[ Setting up 802.1x password ]" $myPROGRESSBOXCONF <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1>/dev/null < with the name of your physical interface name +# +#auto eth0 +#iface eth0 inet static +# address 192.168.1.1 +# netmask 255.255.255.0 +# network 192.168.1.0 +# broadcast 192.168.1.255 +# gateway 192.168.1.1 +# dns-nameservers 192.168.1.1 + +### Example wireless config without 802.1x +### This configuration was tested with the IntelNUC series +### If problems occur you can try and change wpa-driver to "iwlwifi" +# +#auto wlan0 +#iface wlan0 inet dhcp +# wpa-driver wext +# wpa-ssid +# wpa-ap-scan 1 +# wpa-proto RSN +# wpa-pairwise CCMP +# wpa-group CCMP +# wpa-key-mgmt WPA-PSK +# wpa-psk "" +EOF + +# Let's modify the sources list +sed -i '/cdrom/d' /etc/apt/sources.list + +# Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778) +fuECHO "### Let's make sure SSH roaming is turned off." +tee -a /etc/ssh/ssh_config 2>&1>/dev/null <&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF +apt-get upgrade -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF + +# Let's clean up apt +apt-get autoclean -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF +apt-get autoremove -y 2>&1 | dialog --title "[ Pulling updates ]" $myPROGRESSBOXCONF + +# Installing docker-compose, wetty, ctop, elasticdump, tpot +pip install --upgrade pip 2>&1 | dialog --title "[ Installing pip ]" $myPROGRESSBOXCONF +pip install docker-compose==1.12.0 2>&1 | dialog --title "[ Installing docker-compose ]" $myPROGRESSBOXCONF +pip install elasticsearch-curator==5.1.1 2>&1 | dialog --title "[ Installing elasticsearch-curator ]" $myPROGRESSBOXCONF +ln -s /usr/bin/nodejs /usr/bin/node 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF +npm install https://github.com/t3chn0m4g3/wetty -g 2>&1 | dialog --title "[ Installing wetty ]" $myPROGRESSBOXCONF +npm install https://github.com/t3chn0m4g3/elasticsearch-dump -g 2>&1 | dialog --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF +wget https://github.com/bcicen/ctop/releases/download/v0.6.1/ctop-0.6.1-linux-amd64 -O ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +git clone https://github.com/dtag-dev-sec/tpotce -b autoupdate /opt/tpot 2>&1 | dialog --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF +mv ctop /usr/bin/ 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +chmod +x /usr/bin/ctop 2>&1 | dialog --title "[ Installing ctop ]" $myPROGRESSBOXCONF +# Let's add a new user +addgroup --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF +adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --title "[ Adding new user ]" $myPROGRESSBOXCONF + +# Let's set the hostname +a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt) +n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt) +myHOST=$a$n +hostnamectl set-hostname $myHOST 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF +sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --title "[ Setting new hostname ]" $myPROGRESSBOXCONF + +# Let's patch sshd_config +sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF +sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config 2>&1 | dialog --title "[ SSH password authentication only from RFC1918 networks ]" $myPROGRESSBOXCONF +tee -a /etc/ssh/sshd_config 2>&1>/dev/null <&1>/dev/null + ;; + INDUSTRIAL) + echo "### Preparing INDUSTRIAL flavor installation." + cp /opt/tpot/etc/compose/industrial.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + TPOT) + echo "### Preparing TPOT flavor installation." + cp /opt/tpot/etc/compose/tpot.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; + EVERYTHING) + echo "### Preparing EVERYTHING flavor installation." + cp /opt/tpot/etc/compose/all.yml $myTPOTCOMPOSE 2>&1>/dev/null + ;; +esac + +# Let's load docker images +myIMAGESCOUNT=$(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d: -f2 | wc -l) +j=0 +for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2) + do + dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null + let j+=1 + dialog --title "[ Downloading docker images, please be patient ]" --backtitle "$myBACKTITLE" \ + --gauge "\n Now downloading: $name\n" 8 80 $(expr 100 \* $j / $myIMAGESCOUNT) <&1>/dev/null <&1>/dev/null <&1>/dev/null <&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF +touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF + +# Let's copy some files +tar xvfz /opt/tpot/etc/objetcs/elkbase.tgz -C / 2>&1 | dialog --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/issue /etc/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp -R /opt/tpot/host/etc/nginx/ssl /etc/nginx/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/nginx/tpotweb.conf /etc/nginx/sites-available/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/etc/nginx/nginx.conf /etc/nginx/nginx.conf 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /opt/tpot/host/usr/share/nginx/html/* /usr/share/nginx/html/ 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +cp /root/installer/keys/authorized_keys /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Copy configs ]" $myPROGRESSBOXCONF +systemctl enable tpot 2>&1 | dialog --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF +systemctl enable wetty 2>&1 | dialog --title "[ Enabling service for wetty ]" $myPROGRESSBOXCONF + +# Let's enable T-Pot website +ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf 2>&1 | dialog --title "[ Enabling T-Pot website ]" $myPROGRESSBOXCONF + +# Let's take care of some files and permissions +chmod 760 -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chown tpot:tpot -R /data 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chmod 600 /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF +chown tsec:tsec /home/tsec/.ssh /home/tsec/.ssh/authorized_keys 2>&1 | dialog --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF + +# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub +sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub 2>&1>/dev/null +sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null +update-grub 2>&1 | dialog --title "[ Update grub ]" $myPROGRESSBOXCONF +cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/ +gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz +sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup +sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup +update-initramfs -u 2>&1 | dialog --title "[ Update initramfs ]" $myPROGRESSBOXCONF + +# Let's enable a color prompt and add /opt/tpot/bin to path +myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"' +tee -a /root/.bashrc 2>&1>/dev/null <&1>/dev/null <&1>/dev/null + +# Final steps +cp /opt/tpot/host/etc/rc.local /etc/rc.local 2>&1>/dev/null && \ +rm -rf /root/installer 2>&1>/dev/null && \ +dialog --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Thanks for your patience. Now rebooting. ]" --pause "" 6 80 2 && \ +reboot diff --git a/iso/installer/keys/authorized_keys b/iso/installer/keys/authorized_keys new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/iso/installer/keys/authorized_keys @@ -0,0 +1 @@ + diff --git a/iso/installer/rc.local.install b/iso/installer/rc.local.install new file mode 100755 index 00000000..edb417d5 --- /dev/null +++ b/iso/installer/rc.local.install @@ -0,0 +1,2 @@ +#!/bin/bash +openvt -w -s /root/installer/install.sh diff --git a/iso/isolinux/txt.cfg b/iso/isolinux/txt.cfg new file mode 100755 index 00000000..e93d49f7 --- /dev/null +++ b/iso/isolinux/txt.cfg @@ -0,0 +1,7 @@ +default install +label install + menu label ^T-Pot 17.10 (Alpha) + menu default + kernel linux + append vga=788 initrd=initrd.gz console-setup/ask_detect=true -- + #append vga=788 initrd=initrd.gz console-setup/ask_detect=true DEBCONF_DEBUG=developer diff --git a/iso/preseed/tpot.seed b/iso/preseed/tpot.seed new file mode 100755 index 00000000..be71342d --- /dev/null +++ b/iso/preseed/tpot.seed @@ -0,0 +1,125 @@ +############################################## +### T-Pot Preseed Configuration File by mo ### +############################################## + +#################### +### Locale Selection +#################### +#d-i debian-installer/country string DE +d-i debian-installer/language string en +d-i debian-installer/locale string en_US.UTF-8 +d-i localechooser/preferred-locale string en_US.UTF-8 + +###################### +### Keyboard Selection +###################### +#d-i console-setup/ask_detect boolean true +#d-i keyboard-configuration/layoutcode string de +d-i console-setup/detected note + +############################# +### Unmount Active Partitions +############################# +#d-i preseed/early_command string umount /media || : + +######################### +### Network Configuration +######################### +#d-i netcfg/choose_interface select auto +#d-i netcfg/dhcp_timeout string 60 +d-i netcfg/get_hostname string t-pot + +############### +### Disk Layout +############### +d-i partman/early_command string \ +debconf-set partman-auto/disk $(parted_devices | sort -k2nr | head -1 | cut -f1) + +d-i partman-auto/method string regular +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-auto/choose_recipe select atomic +d-i partman-auto/expert_recipe string \ + root :: \ + 8192 8888 8192 linux-swap \ + $primary{ } \ + method{ swap } format{ } \ + . \ + 40960 44444 -1 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +###################### +### User Configuration +###################### +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i passwd/user-fullname string tsec +d-i passwd/username string tsec +d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71 +d-i user-setup/encrypt-home boolean false + +######################################## +### Country Mirror & Proxy Configuration +######################################## +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/http/proxy string + +########################### +### Skip Grub Configuration +########################### +#d-i grub-installer/confirm boolean true +#d-i grub-installer/only_debian boolean true +#d-i grub-installer/with_other_os boolean true +d-i grub-installer/skip boolean true +d-i lilo-installer/skip boolean true + +###################### +### Time Configuration +###################### +#d-i time/zone string Europe/Berlin +d-i clock-setup/utc boolean true +d-i time/zone string UTC +d-i clock-setup/ntp boolean true +d-i clock-setup/ntp-server string ntp.ubuntu.com + +################## +### Package Groups +################## +tasksel tasksel/first multiselect ubuntu-server + +######################## +### Package Installation +######################## +d-i pkgsel/include string apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io dstat ethtool genisoimage git glances html2text htop iptables iw jq libcrack2 libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl prips syslinux psmisc pv python-pip unzip vim wireless-tools wpasupplicant + +################# +### Update Policy +################# +d-i pkgsel/update-policy select unattended-upgrades + +######################################### +### Post install (Grub & T-Pot Installer) +######################################### +d-i preseed/late_command string \ +in-target apt-get -y install grub-pc; \ +in-target grub-install --force $(debconf-get partman-auto/disk); \ +in-target update-grub; \ +cp /opt/installer/rc.local.install /target/etc/rc.local; \ +cp /opt/installer -R /target/root/; + +########## +### Reboot +########## +d-i nobootloader/confirmation_common note +d-i finish-install/reboot_in_progress note +d-i cdrom-detect/eject boolean true diff --git a/makeiso.sh b/makeiso.sh index 1101802a..911f22bc 100755 --- a/makeiso.sh +++ b/makeiso.sh @@ -12,15 +12,15 @@ myUBUNTULINK="http://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/install myUBUNTUISO="mini.iso" myTPOTISO="tpot.iso" myTPOTDIR="tpotiso" -myTPOTSEED="preseed/tpot.seed" +myTPOTSEED="iso/preseed/tpot.seed" myPACKAGES="dialog genisoimage syslinux syslinux-utils pv udisks2" -myAUTHKEYSPATH="installer/keys/authorized_keys" -myPFXPATH="installer/keys/8021x.pfx" -myPFXPWPATH="installer/keys/8021x.pw" -myPFXHOSTIDPATH="installer/keys/8021x.id" -myINSTALLERPATH="installer/install.sh" -myPROXYCONFIG="installer/etc/proxy" -myNTPCONFPATH="installer/etc/ntp" +myAUTHKEYSPATH="iso/installer/keys/authorized_keys" +myPFXPATH="iso/installer/keys/8021x.pfx" +myPFXPWPATH="iso/installer/keys/8021x.pw" +myPFXHOSTIDPATH="iso/installer/keys/8021x.id" +myINSTALLERPATH="iso/installer/install.sh" +myPROXYCONFIG="iso/installer/proxy" +myNTPCONFPATH="iso/installer/ntp" myTMP="tmp" # Got root? @@ -33,7 +33,7 @@ if [ "$myWHOAMI" != "root" ] fi # Let's load dialog color theme -cp installer/etc/dialogrc /etc/ +cp host/etc/dialogrc /etc/ # Let's clean up at the end or if something goes wrong ... function fuCLEANUP { @@ -228,10 +228,10 @@ rm initrd cd .. # Let's add the files for the automated install -mkdir -p $myTPOTDIR/tmp/opt/tpot -cp installer/* -R $myTPOTDIR/tmp/opt/tpot/ -cp isolinux/* $myTPOTDIR/ -cp preseed/tpot.seed $myTPOTDIR/tmp/preseed.cfg +mkdir -p $myTPOTDIR/tmp/opt/ +cp iso/installer -R $myTPOTDIR/tmp/opt/ +cp iso/isolinux/* $myTPOTDIR/ +cp iso/preseed/tpot.seed $myTPOTDIR/tmp/preseed.cfg # Let's create the new initrd cd $myTPOTDIR/tmp