|
|
| Line 1: |
Line 1: |
| − | ==Description==
| |
| − | Rubicon is a multi-threaded python intrustion detection system (IDS). Rubicon works by emulating common TCP services.
| |
| | | | |
| − | ==Features==
| |
| − | * Low-Interaction IDS
| |
| − | * Multi-Threaded
| |
| − | * Activity Monitor
| |
| − | * Logs and Time Stamps Incidents
| |
| − | * Multi-Line Login Banner Emulator
| |
| − |
| |
| − | ==Usage==
| |
| − | ~$ sudo python rubicon.py
| |
| − |
| |
| − | ==Source==
| |
| − | {{code|text=<source lang="python">#!/usr/bin/env python
| |
| − |
| |
| − | # Rubicon (Beta) - Python IDS
| |
| − | # By: inphekt | http://www.blackhatacademy.org/security101/User:Inphekt
| |
| − |
| |
| − | # Copyright (C) 2012 inphekt <inphektious[at]live[dot]com>
| |
| − |
| |
| − | # This program is free software: you can redistribute it and/or modify
| |
| − | # it under the terms of the GNU General Public License as published by
| |
| − | # the Free Software Foundation, either version 3 of the License, or
| |
| − | # (at your option) any later version. If you decide to use any part
| |
| − | # of this source be sure to credit the original author.
| |
| − |
| |
| − | # This program is distributed in the hope that it will be useful,
| |
| − | # but WITHOUT ANY WARRANTY; without even the implied warranty of
| |
| − | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| |
| − | # GNU General Public License for more details.
| |
| − |
| |
| − | # Social Engineer attackers into connecting to one of your mock services
| |
| − |
| |
| − | # *** RUN WITH ROOT PRIVILEGES ***
| |
| − |
| |
| − | import os
| |
| − | import sys
| |
| − | import time
| |
| − | import string
| |
| − | import socket
| |
| − | import threading
| |
| − |
| |
| − | # Make Rubicon sexy
| |
| − | class colors:
| |
| − | BLUE = '\033[94m'
| |
| − | GREEN = '\033[92m'
| |
| − | YELLOW = '\033[93m'
| |
| − | RED = '\033[91m'
| |
| − | ENDC = '\033[0m'
| |
| − |
| |
| − | def disable(self):
| |
| − | self.BLUE = ''
| |
| − | self.GREEN = ''
| |
| − | self.RED = ''
| |
| − | self.YELLOW = ''
| |
| − | self.ENDC = ''
| |
| − |
| |
| − | def title():
| |
| − | print(colors.BLUE + """
| |
| − | ____ __ __ ____ ____ ___ _____ _ _
| |
| − | ( _ \( )( )( _ \(_ _)/ __)( _ )( \( )
| |
| − | ) / )(__)( ) _ < _)(_( (__ )(_)( ) (
| |
| − | (_)\_)(______)(____/(____)\___)(_____)(_)\_) \n""" + colors.ENDC)
| |
| − | print(colors.GREEN + ' *~ 7h3 p01n7 0f n0 r3turn ~*\n' + colors.ENDC)
| |
| − | print(colors.YELLOW + ' inphektious[at]live[dot]com\n\n' + colors.ENDC)
| |
| − |
| |
| − | class rubicon(threading.Thread):
| |
| − | def __init__(self):
| |
| − | self.header = colors.BLUE + "rcon> " + colors.ENDC
| |
| − | self.warning = colors.RED + "[+] " + colors.ENDC
| |
| − | threading.Thread.__init__(self)
| |
| − |
| |
| − | def run(self):
| |
| − |
| |
| − | # list elligable commands
| |
| − | def usage():
| |
| − | print """view logs => Shows logged activity
| |
| − | delete logs => Deletes logged activity
| |
| − | set service => Creates a rubicon service
| |
| − | help => Shows usage
| |
| − | exit => Shutdown"""
| |
| − |
| |
| − | # Read logs from log.txt
| |
| − | def viewLogs():
| |
| − | try:
| |
| − | log = open("log.txt")
| |
| − | while 1:
| |
| − | lines = log.readlines(100000)
| |
| − | if not lines:
| |
| − | break
| |
| − | for line in lines:
| |
| − | print line
| |
| − | print("\n--- end of log ---")
| |
| − | self.run()
| |
| − | except IOError:
| |
| − | print("%sNo logged activity at this time..." % (self.warning))
| |
| − | self.run()
| |
| − |
| |
| − | # delete log.txt to clear logged activity
| |
| − | def deleteLogs():
| |
| − | try:
| |
| − | os.remove("log.txt")
| |
| − | print("%sLogs cleared..." % (self.warning))
| |
| − | except OSError:
| |
| − | print("%sLogs are clear..." % (self.warning))
| |
| − |
| |
| − | # set up Rubicon service
| |
| − | def setService():
| |
| − | self.hst = raw_input("Enter the IP address you wish your service to listen on: ")
| |
| − | self.prt = raw_input("Enter the port you wish your service to listen on: ")
| |
| − | print("Create a deceptive prompt/header for your mock service ([Enter] for new line and input 'done' when complete):")
| |
| − |
| |
| − | # Make multi-lined banner to display for attacker
| |
| − | banner = ''
| |
| − | while 1:
| |
| − | bannerInput = raw_input(colors.BLUE + "~ " + colors.ENDC)
| |
| − | if bannerInput == "done":
| |
| − | break;
| |
| − | else:
| |
| − | banner += bannerInput + "\n"
| |
| − |
| |
| − | # Create socket and start mock service
| |
| − | while 1:
| |
| − | try:
| |
| − | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
| |
| − | s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
| |
| − | HOST = self.hst
| |
| − | PORT = int(self.prt)
| |
| − | s.bind((HOST, PORT))
| |
| − | s.listen(1)
| |
| − | print (self.warning + time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ": Setting up service on port %s..." % (PORT))
| |
| − | rubicon().start()
| |
| − |
| |
| − | # Accept connection and parse data
| |
| − | (insock, address) = s.accept()
| |
| − | # Convert incoming address to a string
| |
| − | straddress = str(address)
| |
| − | # Split the tuple into lists
| |
| − | testlist = string.split(straddress, ",")
| |
| − | # Split the host portion of the list
| |
| − | gethost = string.split(testlist[0], "'")
| |
| − | # Split the port portion of the list
| |
| − | getaddr = string.split(testlist[1], ")")
| |
| − | # Remove just the address from the list
| |
| − | host = gethost[1]
| |
| − | # Remove just the port from the list
| |
| − | inport = int(getaddr[0])
| |
| − |
| |
| − | # interactive alert
| |
| − | print(time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
| |
| − |
| |
| − | # Open log.txt to log information on attacker
| |
| − | log = open("log.txt","a+")
| |
| − | log.write(time.strftime("\n%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
| |
| − | insock.send(banner)
| |
| − | data = insock.recv(1024)
| |
| − | log.write('\nInput: %s\n-----------------' % data)
| |
| − |
| |
| − | # Close socket
| |
| − | insock.close()
| |
| − | s.close()
| |
| − |
| |
| − | # handle socket error
| |
| − | except socket.error, msg:
| |
| − | print ("%sError: %s" % (self.warning, msg))
| |
| − | setService()
| |
| − |
| |
| − | # core code
| |
| − | while 1:
| |
| − | try:
| |
| − | global option
| |
| − | option = raw_input("%s " % (self.header))
| |
| − | if option == 'help':
| |
| − | usage()
| |
| − | elif option == 'view logs':
| |
| − | viewLogs()
| |
| − | elif option == 'delete logs':
| |
| − | deleteLogs()
| |
| − | elif option == 'set service':
| |
| − | setService()
| |
| − | elif option == 'exit':
| |
| − | os._exit(1)
| |
| − | else:
| |
| − | print("%sInvalid Input..." % (self.warning))
| |
| − | except EOFError:
| |
| − | print("\n%sType 'exit' to quit..." % (self.warning))
| |
| − |
| |
| − | if __name__=='__main__':
| |
| − | title()
| |
| − | rubicon().start()
| |
| − | </source>}}
| |
| − |
| |
| − | [[Category:Projects]]
| |
