mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-26 02:04:42 +00:00 
			
		
		
		
	Compare commits
	
		
			No commits in common. "5da84a5c74379bbb2979cf49855d7276db1223b2" and "a7a621267b03f74c040e6dd3239a7c3ad8a32969" have entirely different histories.
		
	
	
		
			5da84a5c74
			...
			a7a621267b
		
	
		
					 8 changed files with 431 additions and 35 deletions
				
			
		|  | @ -4,15 +4,15 @@ FROM alpine:3.20 AS builder | |||
| COPY dist/ /root/dist/ | ||||
| # | ||||
| # Install packages | ||||
| RUN	apk --no-cache -U add \ | ||||
| RUN	echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ | ||||
| 	apk --no-cache -U add \ | ||||
| 		build-base \ | ||||
| 		git \ | ||||
| 		procps \ | ||||
| 		py3-psutil \ | ||||
| 		py3-requests \ | ||||
| 		py3-pip \ | ||||
| 		py3-pyinstaller@testing \ | ||||
| 		python3 && \ | ||||
| 		pip3 install --break-system-packages pyinstaller && \ | ||||
| # | ||||
| # Install adbhoney from git | ||||
|     git clone https://github.com/t3chn0m4g3/ADBHoney -b pyinstaller /opt/adbhoney && \ | ||||
|  |  | |||
|  | @ -1,4 +1,7 @@ | |||
| FROM alpine:3.20 AS builder | ||||
| FROM alpine:3.19 | ||||
| # | ||||
| # Include dist | ||||
| COPY dist/ /root/dist/ | ||||
| # | ||||
| # Install packages | ||||
| RUN apk --no-cache -U add build-base \ | ||||
|  | @ -12,22 +15,33 @@ RUN apk --no-cache -U add build-base \ | |||
| 		python3 \ | ||||
| 		python3-dev && \ | ||||
| # | ||||
| # Setup user | ||||
|     addgroup -g 2000 ciscoasa && \ | ||||
|     adduser -S -s /bin/bash -u 2000 -D -g 2000 ciscoasa && \ | ||||
| # | ||||
| # Get and install packages | ||||
|     mkdir -p /opt/ && \ | ||||
|     cd /opt/ && \ | ||||
|     git clone https://github.com/t3chn0m4g3/ciscoasa_honeypot && \ | ||||
|     git clone https://github.com/cymmetria/ciscoasa_honeypot && \ | ||||
|     cd ciscoasa_honeypot && \ | ||||
|     git checkout d6e91f1aab7fe6fc01fabf2046e76b68dd6dc9e2 && \ | ||||
|     sed -i "s/git+git/git+https/g" requirements.txt && \ | ||||
|     pip3 install --break-system-packages pyinstaller && \ | ||||
|     pip3 install --break-system-packages --no-cache-dir -r requirements.txt | ||||
| WORKDIR /opt/ciscoasa_honeypot | ||||
| RUN pyinstaller asa_server.py --add-data "./asa:./asa" | ||||
|     pip3 install --break-system-packages --no-cache-dir -r requirements.txt && \ | ||||
|     cp /root/dist/asa_server.py /opt/ciscoasa_honeypot && \ | ||||
|     chown -R ciscoasa:ciscoasa /opt/ciscoasa_honeypot && \ | ||||
| # | ||||
| FROM alpine:3.20 | ||||
| COPY --from=builder /opt/ciscoasa_honeypot/dist/ /opt/ | ||||
| # Clean up | ||||
|     apk del --purge build-base \ | ||||
|                     git \ | ||||
|                     libffi-dev \ | ||||
|                     openssl-dev \ | ||||
|                     python3-dev && \ | ||||
|     rm -rf /root/* \ | ||||
|            /opt/ciscoasa_honeypot/.git \ | ||||
|            /var/cache/apk/* | ||||
| # | ||||
| # Start ciscoasa | ||||
| STOPSIGNAL SIGINT | ||||
| WORKDIR /opt/asa_server/ | ||||
| USER 2000:2000 | ||||
| CMD ./asa_server --ike-port 5000 --enable_ssl --port 8443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1 | ||||
| WORKDIR /tmp/ciscoasa/ | ||||
| USER ciscoasa:ciscoasa | ||||
| CMD cp -R /opt/ciscoasa_honeypot/* /tmp/ciscoasa && exec python3 asa_server.py --ike-port 5000 --enable_ssl --port 8443 --verbose >> /var/log/ciscoasa/ciscoasa.log 2>&1 | ||||
|  |  | |||
							
								
								
									
										307
									
								
								docker/ciscoasa/dist/asa_server.py
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										307
									
								
								docker/ciscoasa/dist/asa_server.py
									
									
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1,307 @@ | |||
| #!/usr/bin/env python3 | ||||
| # -*- coding: utf-8 -*- | ||||
| import os | ||||
| import time | ||||
| import socket | ||||
| import logging | ||||
| logging.basicConfig(format='%(message)s') | ||||
| import threading | ||||
| from io import BytesIO | ||||
| from xml.etree import ElementTree | ||||
| from http.server import HTTPServer | ||||
| from socketserver import ThreadingMixIn | ||||
| from http.server import SimpleHTTPRequestHandler | ||||
| import ike_server | ||||
| import datetime | ||||
| 
 | ||||
| 
 | ||||
| class NonBlockingHTTPServer(ThreadingMixIn, HTTPServer): | ||||
|     pass | ||||
| 
 | ||||
| class hpflogger: | ||||
|     def __init__(self, hpfserver, hpfport, hpfident, hpfsecret, hpfchannel, serverid, verbose): | ||||
|         self.hpfserver=hpfserver | ||||
|         self.hpfport=hpfport | ||||
|         self.hpfident=hpfident | ||||
|         self.hpfsecret=hpfsecret | ||||
|         self.hpfchannel=hpfchannel | ||||
|         self.serverid=serverid | ||||
|         self.hpc=None | ||||
|         self.verbose=verbose | ||||
|         if (self.hpfserver and self.hpfport and self.hpfident and self.hpfport and self.hpfchannel and self.serverid): | ||||
|             import hpfeeds | ||||
|             try: | ||||
|                 self.hpc = hpfeeds.new(self.hpfserver, self.hpfport, self.hpfident, self.hpfsecret) | ||||
|                 logger.debug("Logging to hpfeeds using server: {0}, channel {1}.".format(self.hpfserver, self.hpfchannel)) | ||||
|             except (hpfeeds.FeedException, socket.error, hpfeeds.Disconnect): | ||||
|                 logger.critical("hpfeeds connection not successful") | ||||
| 
 | ||||
|     def log(self, level, message): | ||||
|         if self.hpc: | ||||
|             if level in ['debug', 'info'] and not self.verbose: | ||||
|                 return | ||||
|             self.hpc.publish(self.hpfchannel, "["+self.serverid+"] ["+level+"] ["+datetime.datetime.now().isoformat() +"] "  + str(message)) | ||||
| 
 | ||||
| 
 | ||||
| def header_split(h): | ||||
|     return [list(map(str.strip, l.split(': ', 1))) for l in h.strip().splitlines()] | ||||
| 
 | ||||
| 
 | ||||
| class WebLogicHandler(SimpleHTTPRequestHandler): | ||||
|     logger = None | ||||
|     hpfl = None | ||||
| 
 | ||||
|     protocol_version = "HTTP/1.1" | ||||
| 
 | ||||
|     EXPLOIT_STRING = b"host-scan-reply" | ||||
|     RESPONSE = b"""<?xml version="1.0" encoding="UTF-8"?> | ||||
| <config-auth client="vpn" type="complete"> | ||||
| <version who="sg">9.0(1)</version> | ||||
| <error id="98" param1="" param2="">VPN Server could not parse request.</error> | ||||
| </config-auth>""" | ||||
| 
 | ||||
|     basepath = os.path.dirname(os.path.abspath(__file__)) | ||||
| 
 | ||||
|     alert_function = None | ||||
| 
 | ||||
|     def setup(self): | ||||
|         SimpleHTTPRequestHandler.setup(self) | ||||
|         self.request.settimeout(3) | ||||
| 
 | ||||
|     def send_header(self, keyword, value): | ||||
|         if keyword.lower() == 'server': | ||||
|             return | ||||
|         SimpleHTTPRequestHandler.send_header(self, keyword, value) | ||||
| 
 | ||||
|     def send_head(self): | ||||
|         # send_head will return a file object that do_HEAD/GET will use | ||||
|         # do_GET/HEAD are already implemented by SimpleHTTPRequestHandler | ||||
|         filename = os.path.basename(self.path.rstrip('/').split('?', 1)[0]) | ||||
| 
 | ||||
|         if self.path == '/': | ||||
|             self.send_response(200) | ||||
|             for k, v in header_split(""" | ||||
|                 Content-Type: text/html | ||||
|                 Cache-Control: no-cache | ||||
|                 Pragma: no-cache | ||||
|                 Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|                 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|                 Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|                 Set-Cookie: webvpn_portal=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|                 Set-Cookie: webvpnSharePoint=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|                 Set-Cookie: webvpnlogin=1; path=/; secure | ||||
|                 Set-Cookie: sdesktop=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|             """): | ||||
|                 self.send_header(k, v) | ||||
|             self.end_headers() | ||||
|             return BytesIO(b'<html><script>document.location.replace("/+CSCOE+/logon.html")</script></html>\n') | ||||
|         elif filename == 'asa':  # don't allow dir listing | ||||
|             return self.send_file('wrong_url.html', 403) | ||||
|         else: | ||||
|             return self.send_file(filename) | ||||
| 
 | ||||
|     def redirect(self, loc): | ||||
|         self.send_response(302) | ||||
|         for k, v in header_split(""" | ||||
|             Content-Type: text/html | ||||
|             Content-Length: 0 | ||||
|             Cache-Control: no-cache | ||||
|             Pragma: no-cache | ||||
|             Location: %s | ||||
|             Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|         """ % (loc,)): | ||||
|             self.send_header(k, v) | ||||
|         self.end_headers() | ||||
| 
 | ||||
|     def do_GET(self): | ||||
|         if self.path == '/+CSCOE+/logon.html': | ||||
|             self.redirect('/+CSCOE+/logon.html?fcadbadd=1') | ||||
|             return | ||||
|         elif self.path.startswith('/+CSCOE+/logon.html?') and 'reason=1' in self.path: | ||||
|             self.wfile.write(self.send_file('logon_failure').getvalue()) | ||||
|             return | ||||
|         SimpleHTTPRequestHandler.do_GET(self) | ||||
| 
 | ||||
|     def do_POST(self): | ||||
|         data_len = int(self.headers.get('Content-length', 0)) | ||||
|         data = self.rfile.read(data_len) if data_len else b'' | ||||
|         body = self.RESPONSE | ||||
|         if self.EXPLOIT_STRING in data: | ||||
|             xml = ElementTree.fromstring(data) | ||||
|             payloads = [] | ||||
|             for x in xml.iter('host-scan-reply'): | ||||
|                 payloads.append(x.text) | ||||
| 
 | ||||
|             self.alert_function(self.client_address[0], self.client_address[1], payloads) | ||||
| 
 | ||||
|         elif self.path == '/': | ||||
|             self.redirect('/+webvpn+/index.html') | ||||
|             return | ||||
|         elif self.path == '/+CSCOE+/logon.html': | ||||
|             self.redirect('/+CSCOE+/logon.html?fcadbadd=1') | ||||
|             return | ||||
|         elif self.path.split('?', 1)[0] == '/+webvpn+/index.html': | ||||
|             with open(os.path.join(self.basepath, 'asa', "logon_redir.html"), 'rb') as fh: | ||||
|                 body = fh.read() | ||||
| 
 | ||||
|         self.send_response(200) | ||||
|         self.send_header('Content-Length', int(len(body))) | ||||
|         self.send_header('Content-Type', 'text/html; charset=UTF-8') | ||||
|         self.end_headers() | ||||
|         self.wfile.write(body) | ||||
|         return | ||||
| 
 | ||||
|     def send_file(self, filename, status_code=200, headers=[]): | ||||
|         try: | ||||
|             with open(os.path.join(self.basepath, 'asa', filename), 'rb') as fh: | ||||
|                 body = fh.read() | ||||
|                 self.send_response(status_code) | ||||
|                 for k, v in headers: | ||||
|                     self.send_header(k, v) | ||||
|                 if status_code == 200: | ||||
|                     for k, v in header_split(""" | ||||
|                         Cache-Control: max-age=0 | ||||
|                         Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|                         Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure | ||||
|                         Set-Cookie: webvpnlogin=1; secure | ||||
|                         X-Transcend-Version: 1 | ||||
|                     """): | ||||
|                         self.send_header(k, v) | ||||
|                 self.send_header('Content-Length', int(len(body))) | ||||
|                 self.send_header('Content-Type', 'text/html') | ||||
|                 self.end_headers() | ||||
|                 return BytesIO(body) | ||||
|         except IOError: | ||||
|             return self.send_file('wrong_url.html', 404) | ||||
| 
 | ||||
|     def log_message(self, format, *args): | ||||
|         self.logger.debug("{'timestamp': '%s', 'src_ip': '%s', 'payload_printable': '%s'}" % | ||||
|                           (datetime.datetime.now().isoformat(), | ||||
|                            self.client_address[0], | ||||
|                            format % args)) | ||||
|         self.hpfl.log('debug', "%s - - [%s] %s" % | ||||
|                           (self.client_address[0], | ||||
|                            self.log_date_time_string(), | ||||
|                            format % args)) | ||||
| 
 | ||||
|     def handle_one_request(self): | ||||
|         """Handle a single HTTP request. | ||||
|         Overriden to not send 501 errors | ||||
|         """ | ||||
|         self.close_connection = True | ||||
|         try: | ||||
|             self.raw_requestline = self.rfile.readline(65537) | ||||
|             if len(self.raw_requestline) > 65536: | ||||
|                 self.requestline = '' | ||||
|                 self.request_version = '' | ||||
|                 self.command = '' | ||||
|                 self.close_connection = 1 | ||||
|                 return | ||||
|             if not self.raw_requestline: | ||||
|                 self.close_connection = 1 | ||||
|                 return | ||||
|             if not self.parse_request(): | ||||
|                 # An error code has been sent, just exit | ||||
|                 return | ||||
|             mname = 'do_' + self.command | ||||
|             if not hasattr(self, mname): | ||||
|                 self.log_request() | ||||
|                 self.close_connection = True | ||||
|                 return | ||||
|             method = getattr(self, mname) | ||||
|             method() | ||||
|             self.wfile.flush()  # actually send the response if not already done. | ||||
|         except socket.timeout as e: | ||||
|             # a read or a write timed out.  Discard this connection | ||||
|             self.log_error("Request timed out: %r", e) | ||||
|             self.close_connection = 1 | ||||
|             return | ||||
| 
 | ||||
| 
 | ||||
| if __name__ == '__main__': | ||||
|     import click | ||||
| 
 | ||||
|     logging.basicConfig(level=logging.INFO) | ||||
|     logger = logging.getLogger() | ||||
|     logger.info('info') | ||||
| 
 | ||||
|     @click.command() | ||||
|     @click.option('-h', '--host', default='0.0.0.0', help='Host to listen') | ||||
|     @click.option('-p', '--port', default=8443, help='Port to listen', type=click.INT) | ||||
|     @click.option('-i', '--ike-port', default=5000, help='Port to listen for IKE', type=click.INT) | ||||
|     @click.option('-s', '--enable_ssl', default=False, help='Enable SSL', is_flag=True) | ||||
|     @click.option('-c', '--cert', default=None, help='Certificate File Path (will generate self signed ' | ||||
|                                                      'cert if not supplied)') | ||||
|     @click.option('-v', '--verbose', default=False, help='Verbose logging', is_flag=True) | ||||
| 
 | ||||
|     # hpfeeds options | ||||
|     @click.option('--hpfserver', default=os.environ.get('HPFEEDS_SERVER'), help='HPFeeds Server') | ||||
|     @click.option('--hpfport', default=os.environ.get('HPFEEDS_PORT'), help='HPFeeds Port', type=click.INT) | ||||
|     @click.option('--hpfident', default=os.environ.get('HPFEEDS_IDENT'), help='HPFeeds Ident') | ||||
|     @click.option('--hpfsecret', default=os.environ.get('HPFEEDS_SECRET'), help='HPFeeds Secret') | ||||
|     @click.option('--hpfchannel', default=os.environ.get('HPFEEDS_CHANNEL'), help='HPFeeds Channel') | ||||
|     @click.option('--serverid', default=os.environ.get('SERVERID'), help='Verbose logging') | ||||
| 
 | ||||
| 
 | ||||
|     def start(host, port, ike_port, enable_ssl, cert, verbose, hpfserver, hpfport, hpfident, hpfsecret, hpfchannel, serverid): | ||||
|         """ | ||||
|            A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, | ||||
|            a DoS and remote code execution vulnerability | ||||
|         """ | ||||
| 
 | ||||
|         hpfl=hpflogger(hpfserver, hpfport, hpfident, hpfsecret, hpfchannel, serverid, verbose) | ||||
| 
 | ||||
|         def alert(cls, host, port, payloads): | ||||
|             logger.critical({ | ||||
|                  'timestamp': datetime.datetime.utcnow().isoformat(), | ||||
|                  'src_ip': host, | ||||
|                  'src_port': port, | ||||
|                  'payload_printable': payloads, | ||||
|             }) | ||||
|             #log to hpfeeds | ||||
|             hpfl.log("critical", { | ||||
|                  'src': host, | ||||
|                  'spt': port, | ||||
|                  'data': payloads, | ||||
|              }) | ||||
| 
 | ||||
|         if verbose: | ||||
|             logger.setLevel(logging.DEBUG) | ||||
| 
 | ||||
|         requestHandler = WebLogicHandler | ||||
|         requestHandler.alert_function = alert | ||||
|         requestHandler.logger = logger | ||||
|         requestHandler.hpfl = hpfl | ||||
| 
 | ||||
|         def log_date_time_string(): | ||||
|             """Return the current time formatted for logging.""" | ||||
|             now = datetime.datetime.now().isoformat() | ||||
|             return now | ||||
| 
 | ||||
|         def ike(): | ||||
|             ike_server.start(host, ike_port, alert, logger, hpfl) | ||||
|         t = threading.Thread(target=ike) | ||||
|         t.daemon = True | ||||
|         t.start() | ||||
| 
 | ||||
|         httpd = HTTPServer((host, port), requestHandler) | ||||
|         if enable_ssl: | ||||
|             import ssl | ||||
|             if not cert: | ||||
|                 import gencert | ||||
|                 cert = gencert.gencert() | ||||
|             httpd.socket = ssl.wrap_socket(httpd.socket, certfile=cert, server_side=True) | ||||
| 
 | ||||
|         logger.info('Starting server on port {:d}/tcp, use <Ctrl-C> to stop'.format(port)) | ||||
|         hpfl.log('info', 'Starting server on port {:d}/tcp, use <Ctrl-C> to stop'.format(port)) | ||||
| 
 | ||||
|         try: | ||||
|             httpd.serve_forever() | ||||
|         except KeyboardInterrupt: | ||||
|             pass | ||||
|         logger.info('Stopping server.') | ||||
|         hpfl.log('info', 'Stopping server.') | ||||
| 
 | ||||
|         httpd.server_close() | ||||
| 
 | ||||
|     start() | ||||
|  | @ -1,21 +1,21 @@ | |||
| FROM alpine:3.20 AS builder | ||||
| FROM alpine:3.19 | ||||
| # | ||||
| # Install packages | ||||
| RUN apk --no-cache -U add \ | ||||
|         build-base \ | ||||
| 		git \ | ||||
| 		libcap \ | ||||
| 		openssl \ | ||||
| 		py3-pip \ | ||||
| 		python3 && \ | ||||
| # | ||||
|     pip3 install --break-system-packages --no-cache-dir \ | ||||
|         pyinstaller \ | ||||
|         python-json-logger | ||||
|     pip3 install --break-system-packages --no-cache-dir python-json-logger && \ | ||||
| # | ||||
| # Install CitrixHoneypot from GitHub | ||||
| RUN git clone https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot && \ | ||||
|     git clone https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot && \ | ||||
|     cd /opt/citrixhoneypot && \ | ||||
|     git checkout f59ad7320dc5bbb8c23c8baa5f111b52c52fbef3 && \ | ||||
| # | ||||
| # Setup user, groups and configs | ||||
|     mkdir -p /opt/citrixhoneypot/logs /opt/citrixhoneypot/ssl && \ | ||||
|     openssl req \ | ||||
|           -nodes \ | ||||
|  | @ -25,18 +25,20 @@ RUN git clone https://github.com/t3chn0m4g3/CitrixHoneypot /opt/citrixhoneypot & | |||
|           -out "/opt/citrixhoneypot/ssl/cert.pem" \ | ||||
|           -days 365 \ | ||||
|           -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' && \ | ||||
|     chown 2000:2000 -R ssl/ | ||||
|     addgroup -g 2000 citrixhoneypot && \ | ||||
|     adduser -S -H -s /bin/ash -u 2000 -D -g 2000 citrixhoneypot && \ | ||||
|     chown -R citrixhoneypot:citrixhoneypot /opt/citrixhoneypot && \ | ||||
|     setcap cap_net_bind_service=+ep $(readlink -f $(type -P python3)) && \ | ||||
| # | ||||
| WORKDIR /opt/citrixhoneypot | ||||
| RUN pyinstaller CitrixHoneypot.py | ||||
| # | ||||
| FROM alpine:3.20 | ||||
| COPY --from=builder /opt/citrixhoneypot/dist/CitrixHoneypot/ /opt/citrixhoneypot | ||||
| COPY --from=builder /opt/citrixhoneypot/ssl /opt/citrixhoneypot/ssl | ||||
| COPY --from=builder /opt/citrixhoneypot/responses/ /opt/citrixhoneypot/responses | ||||
| # Clean up | ||||
|     apk del --purge git \ | ||||
|                     openssl && \ | ||||
|     rm -rf /root/* \ | ||||
|            /opt/citrixhoneypot/.git \ | ||||
|            /var/cache/apk/* | ||||
| # | ||||
| # Set workdir and start citrixhoneypot | ||||
| STOPSIGNAL SIGINT | ||||
| USER 2000:2000 | ||||
| USER citrixhoneypot:citrixhoneypot | ||||
| WORKDIR /opt/citrixhoneypot/ | ||||
| CMD nohup ./CitrixHoneypot | ||||
| CMD nohup /usr/bin/python3 CitrixHoneypot.py | ||||
|  |  | |||
							
								
								
									
										2
									
								
								docker/conpot/dist/requirements.txt
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								docker/conpot/dist/requirements.txt
									
									
									
									
										vendored
									
									
								
							|  | @ -2,7 +2,7 @@ pysnmp-mibs | |||
| pysmi==0.3.4 | ||||
| libtaxii>=1.1.0 | ||||
| crc16 | ||||
| scapy==2.4.5 | ||||
| scapy==2.4.3rc1 | ||||
| hpfeeds3 | ||||
| modbus-tk | ||||
| stix-validator | ||||
|  |  | |||
|  | @ -1,4 +1,4 @@ | |||
| FROM alpine:3.20 | ||||
| FROM alpine:3.19 | ||||
| # | ||||
| # Include dist | ||||
| COPY dist/ /root/dist/ | ||||
|  | @ -40,9 +40,10 @@ RUN apk --no-cache -U add \ | |||
| # Install cowrie | ||||
|     mkdir -p /home/cowrie && \ | ||||
|     cd /home/cowrie && \ | ||||
|     # git clone --depth=1 https://github.com/cowrie/cowrie -b v2.5.0 && \ | ||||
|     git clone https://github.com/cowrie/cowrie && \ | ||||
|     cd cowrie && \ | ||||
|     git checkout 347b61fb081d68ae6e15e3d6d0da65c82985014a && \ | ||||
|     git checkout 3394082040c02d91e79efa2c640ad68da9fe2231 && \ | ||||
|     mkdir -p log && \ | ||||
|     cp /root/dist/requirements.txt . && \ | ||||
|     pip3 install --break-system-packages --upgrade pip && \ | ||||
|  |  | |||
							
								
								
									
										4
									
								
								docker/cowrie/dist/cowrie.cfg
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								docker/cowrie/dist/cowrie.cfg
									
									
									
									
										vendored
									
									
								
							|  | @ -18,8 +18,8 @@ auth_class_parameters = 2, 5, 10 | |||
| data_path = /tmp/cowrie/data | ||||
| 
 | ||||
| [shell] | ||||
| filesystem = src/cowrie/data/fs.pickle | ||||
| processes = src/cowrie/data/cmdoutput.json | ||||
| filesystem = share/cowrie/fs.pickle  | ||||
| processes = share/cowrie/cmdoutput.json | ||||
| #arch = linux-x64-lsb | ||||
| arch = bsd-aarch64-lsb, bsd-aarch64-msb, bsd-bfin-msb, bsd-mips-lsb, bsd-mips-msb, bsd-mips64-lsb, bsd-mips64-msb, bsd-powepc-msb, bsd-powepc64-lsb, bsd-riscv64-lsb, bsd-sparc-msb, bsd-sparc64-msb, bsd-x32-lsb, bsd-x64-lsb, linux-aarch64-lsb, linux-aarch64-msb, linux-alpha-lsb, linux-am33-lsb, linux-arc-lsb, linux-arc-msb, linux-arm-lsb, linux-arm-msb, linux-avr32-lsb, linux-bfin-lsb, linux-c6x-lsb, linux-c6x-msb, linux-cris-lsb, linux-frv-msb, linux-h8300-msb, linux-hppa-msb, linux-hppa64-msb, linux-ia64-lsb, linux-m32r-msb, linux-m68k-msb, linux-microblaze-msb, linux-mips-lsb, linux-mips-msb, linux-mips64-lsb, linux-mips64-msb, linux-mn10300-lsb, linux-nios-lsb, linux-nios-msb, linux-powerpc-lsb, linux-powerpc-msb, linux-powerpc64-lsb, linux-powerpc64-msb, linux-riscv64-lsb, linux-s390x-msb, linux-sh-lsb, linux-sh-msb, linux-sparc-msb, linux-sparc64-msb, linux-tilegx-lsb, linux-tilegx-msb, linux-tilegx64-lsb, linux-tilegx64-msb, linux-x64-lsb, linux-x86-lsb, linux-xtensa-msb, osx-x32-lsb, osx-x64-lsb | ||||
| kernel_version = 5.15.0-23-generic-amd64 | ||||
|  |  | |||
							
								
								
									
										72
									
								
								docker/cowrie/dist/cowrie_tpot.cfg
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										72
									
								
								docker/cowrie/dist/cowrie_tpot.cfg
									
									
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1,72 @@ | |||
| [honeypot] | ||||
| hostname = ubuntu | ||||
| log_path = log | ||||
| download_path = dl | ||||
| share_path= share/cowrie | ||||
| state_path = /tmp/cowrie/data | ||||
| etc_path = etc | ||||
| contents_path = honeyfs | ||||
| txtcmds_path = txtcmds | ||||
| ttylog = true | ||||
| ttylog_path = log/tty | ||||
| interactive_timeout = 180 | ||||
| authentication_timeout = 120 | ||||
| backend = shell | ||||
| timezone = UTC | ||||
| auth_class = AuthRandom | ||||
| auth_class_parameters = 2, 5, 10 | ||||
| data_path = /tmp/cowrie/data | ||||
| 
 | ||||
| [shell] | ||||
| filesystem = share/cowrie/fs.pickle  | ||||
| processes = share/cowrie/cmdoutput.json | ||||
| #arch = linux-x64-lsb | ||||
| arch = bsd-aarch64-lsb, bsd-aarch64-msb, bsd-bfin-msb, bsd-mips-lsb, bsd-mips-msb, bsd-mips64-lsb, bsd-mips64-msb, bsd-powepc-msb, bsd-powepc64-lsb, bsd-riscv64-lsb, bsd-sparc-msb, bsd-sparc64-msb, bsd-x32-lsb, bsd-x64-lsb, linux-aarch64-lsb, linux-aarch64-msb, linux-alpha-lsb, linux-am33-lsb, linux-arc-lsb, linux-arc-msb, linux-arm-lsb, linux-arm-msb, linux-avr32-lsb, linux-bfin-lsb, linux-c6x-lsb, linux-c6x-msb, linux-cris-lsb, linux-frv-msb, linux-h8300-msb, linux-hppa-msb, linux-hppa64-msb, linux-ia64-lsb, linux-m32r-msb, linux-m68k-msb, linux-microblaze-msb, linux-mips-lsb, linux-mips-msb, linux-mips64-lsb, linux-mips64-msb, linux-mn10300-lsb, linux-nios-lsb, linux-nios-msb, linux-powerpc-lsb, linux-powerpc-msb, linux-powerpc64-lsb, linux-powerpc64-msb, linux-riscv64-lsb, linux-s390x-msb, linux-sh-lsb, linux-sh-msb, linux-sparc-msb, linux-sparc64-msb, linux-tilegx-lsb, linux-tilegx-msb, linux-tilegx64-lsb, linux-tilegx64-msb, linux-x64-lsb, linux-x86-lsb, linux-xtensa-msb, osx-x32-lsb, osx-x64-lsb | ||||
| kernel_version = 3.2.0-4-amd64 | ||||
| kernel_build_string = #1 SMP Debian 3.2.68-1+deb7u1 | ||||
| hardware_platform = x86_64 | ||||
| operating_system = GNU/Linux | ||||
| ssh_version = OpenSSH_7.9p1, OpenSSL 1.1.1a  20 Nov 2018 | ||||
| 
 | ||||
| [ssh] | ||||
| enabled = true | ||||
| rsa_public_key = etc/ssh_host_rsa_key.pub | ||||
| rsa_private_key = etc/ssh_host_rsa_key | ||||
| dsa_public_key = etc/ssh_host_dsa_key.pub | ||||
| dsa_private_key = etc/ssh_host_dsa_key | ||||
| ecdsa_public_key = etc/ssh_host_ecdsa_key.pub | ||||
| ecdsa_private_key = etc/ssh_host_ecdsa_key | ||||
| ed25519_public_key = etc/ssh_host_ed25519_key.pub | ||||
| ed25519_private_key = etc/ssh_host_ed25519_key | ||||
| public_key_auth = ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 | ||||
| #version = SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 | ||||
| version = SSH-2.0-OpenSSH_7.9p1 | ||||
| ciphers = aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc | ||||
| macs = hmac-sha2-512,hmac-sha2-384,hmac-sha2-56,hmac-sha1,hmac-md5 | ||||
| compression = zlib@openssh.com,zlib,none | ||||
| listen_endpoints = tcp:22:interface=0.0.0.0 | ||||
| sftp_enabled = true | ||||
| forwarding = true | ||||
| forward_redirect = false | ||||
| forward_tunnel = false | ||||
| auth_none_enabled = false | ||||
| auth_keyboard_interactive_enabled = true | ||||
| 
 | ||||
| [telnet] | ||||
| enabled = true | ||||
| listen_endpoints = tcp:23:interface=0.0.0.0 | ||||
| reported_port = 23 | ||||
| 
 | ||||
| [output_jsonlog] | ||||
| enabled = true | ||||
| logfile = log/cowrie.json | ||||
| epoch_timestamp = false | ||||
| 
 | ||||
| [output_textlog] | ||||
| enabled = false | ||||
| logfile = log/cowrie-textlog.log | ||||
| format = text | ||||
| 
 | ||||
| [output_crashreporter] | ||||
| enabled = false | ||||
| debug = false | ||||
		Loading…
	
		Reference in a new issue