|
|
(4 intermediate revisions by one other user not shown) |
Line 1: |
Line 1: |
− | ==Description==
| + | All your executables are belong to me |
− | Rubicon is a multi-threaded python intrustion detection system (IDS). Rubicon works by emulating common TCP services.
| + | |
| | | |
− | ==Features==
| + | '''Notable Contributions''' |
− | * Low-Interaction IDS
| + | * [[User:Inphekt/rubicon|Rubicon - Python Honeypot]] |
− | * Multi-Threaded
| + | |
− | * Activity Monitor
| + | |
− | * Logs and Time Stamps Incidents
| + | |
− | * Multi-Line Login Banner Emulator
| + | |
− | | + | |
− | ==Usage==
| + | |
− | ~$ sudo python rubicon.py
| + | |
− | | + | |
− | ==Source==
| + | |
− | {{code|text=<source lang="python">#!/usr/bin/env python
| + | |
− | | + | |
− | # Rubicon (Beta) - Python IDS
| + | |
− | # By: inphekt | http://www.blackhatacademy.org/security101/User:Inphekt
| + | |
− | | + | |
− | # Copyright (C) 2012 inphekt <inphektious[at]live[dot]com>
| + | |
− | | + | |
− | # This program is free software: you can redistribute it and/or modify
| + | |
− | # it under the terms of the GNU General Public License as published by
| + | |
− | # the Free Software Foundation, either version 3 of the License, or
| + | |
− | # (at your option) any later version. If you decide to use any part
| + | |
− | # of this source be sure to credit the original author.
| + | |
− | | + | |
− | # This program is distributed in the hope that it will be useful,
| + | |
− | # but WITHOUT ANY WARRANTY; without even the implied warranty of
| + | |
− | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| + | |
− | # GNU General Public License for more details.
| + | |
− | | + | |
− | # Social Engineer attackers into connecting to one of your mock services
| + | |
− | | + | |
− | # *** RUN WITH ROOT PRIVILEGES ***
| + | |
− | | + | |
− | import os
| + | |
− | import sys
| + | |
− | import time
| + | |
− | import string
| + | |
− | import socket
| + | |
− | import threading
| + | |
− | | + | |
− | # Make Rubicon sexy
| + | |
− | class colors:
| + | |
− | BLUE = '\033[94m'
| + | |
− | GREEN = '\033[92m'
| + | |
− | YELLOW = '\033[93m'
| + | |
− | RED = '\033[91m'
| + | |
− | ENDC = '\033[0m'
| + | |
− |
| + | |
− | def disable(self):
| + | |
− | self.BLUE = ''
| + | |
− | self.GREEN = ''
| + | |
− | self.RED = ''
| + | |
− | self.YELLOW = ''
| + | |
− | self.ENDC = ''
| + | |
− | | + | |
− | def title():
| + | |
− | print(colors.BLUE + """
| + | |
− | ____ __ __ ____ ____ ___ _____ _ _
| + | |
− | ( _ \( )( )( _ \(_ _)/ __)( _ )( \( )
| + | |
− | ) / )(__)( ) _ < _)(_( (__ )(_)( ) (
| + | |
− | (_)\_)(______)(____/(____)\___)(_____)(_)\_) \n""" + colors.ENDC)
| + | |
− | print(colors.GREEN + ' *~ 7h3 p01n7 0f n0 r3turn ~*\n' + colors.ENDC)
| + | |
− | print(colors.YELLOW + ' inphektious[at]live[dot]com\n\n' + colors.ENDC)
| + | |
− |
| + | |
− | class rubicon(threading.Thread):
| + | |
− | def __init__(self):
| + | |
− | self.header = colors.BLUE + "rcon> " + colors.ENDC
| + | |
− | self.warning = colors.RED + "[+] " + colors.ENDC
| + | |
− | threading.Thread.__init__(self)
| + | |
− | | + | |
− | def run(self):
| + | |
− |
| + | |
− | # list elligable commands
| + | |
− | def usage():
| + | |
− | print """view logs => Shows logged activity
| + | |
− | delete logs => Deletes logged activity
| + | |
− | set service => Creates a rubicon service
| + | |
− | help => Shows usage
| + | |
− | exit => Shutdown"""
| + | |
− |
| + | |
− | # Read logs from log.txt
| + | |
− | def viewLogs():
| + | |
− | try:
| + | |
− | log = open("log.txt")
| + | |
− | while 1:
| + | |
− | lines = log.readlines(100000)
| + | |
− | if not lines:
| + | |
− | break
| + | |
− | for line in lines:
| + | |
− | print line
| + | |
− | print("\n--- end of log ---")
| + | |
− | self.run()
| + | |
− | except IOError:
| + | |
− | print("%sNo logged activity at this time..." % (self.warning))
| + | |
− | self.run()
| + | |
− |
| + | |
− | # delete log.txt to clear logged activity
| + | |
− | def deleteLogs():
| + | |
− | try:
| + | |
− | os.remove("log.txt")
| + | |
− | print("%sLogs cleared..." % (self.warning))
| + | |
− | except OSError:
| + | |
− | print("%sLogs are clear..." % (self.warning))
| + | |
− |
| + | |
− | # set up Rubicon service
| + | |
− | def setService():
| + | |
− | self.hst = raw_input("Enter the IP address you wish your service to listen on: ")
| + | |
− | self.prt = raw_input("Enter the port you wish your service to listen on: ")
| + | |
− | print("Create a deceptive prompt/header for your mock service ([Enter] for new line and input 'done' when complete):")
| + | |
− |
| + | |
− | # Make multi-lined banner to display for attacker
| + | |
− | banner = ''
| + | |
− | while 1:
| + | |
− | bannerInput = raw_input(colors.BLUE + "~ " + colors.ENDC)
| + | |
− | if bannerInput == "done":
| + | |
− | break;
| + | |
− | else:
| + | |
− | banner += bannerInput + "\n"
| + | |
− |
| + | |
− | # Create socket and start mock service
| + | |
− | while 1:
| + | |
− | try:
| + | |
− | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
| + | |
− | s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
| + | |
− | HOST = self.hst
| + | |
− | PORT = int(self.prt)
| + | |
− | s.bind((HOST, PORT))
| + | |
− | s.listen(1)
| + | |
− | print (self.warning + time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ": Setting up service on port %s..." % (PORT))
| + | |
− | rubicon().start()
| + | |
− |
| + | |
− | # Accept connection and parse data
| + | |
− | (insock, address) = s.accept()
| + | |
− | # Convert incoming address to a string
| + | |
− | straddress = str(address)
| + | |
− | # Split the tuple into lists
| + | |
− | testlist = string.split(straddress, ",")
| + | |
− | # Split the host portion of the list
| + | |
− | gethost = string.split(testlist[0], "'")
| + | |
− | # Split the port portion of the list
| + | |
− | getaddr = string.split(testlist[1], ")")
| + | |
− | # Remove just the address from the list
| + | |
− | host = gethost[1]
| + | |
− | # Remove just the port from the list
| + | |
− | inport = int(getaddr[0])
| + | |
− |
| + | |
− | # interactive alert
| + | |
− | print(time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
| + | |
− |
| + | |
− | # Open log.txt to log information on attacker
| + | |
− | log = open("log.txt","a+")
| + | |
− | log.write(time.strftime("\n%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
| + | |
− | insock.send(banner)
| + | |
− | data = insock.recv(1024)
| + | |
− | log.write('\nInput: %s\n-----------------' % data)
| + | |
− |
| + | |
− | # Close socket
| + | |
− | insock.close()
| + | |
− | s.close()
| + | |
− |
| + | |
− | # handle socket error
| + | |
− | except socket.error, msg:
| + | |
− | print ("%sError: %s" % (self.warning, msg))
| + | |
− | setService()
| + | |
− |
| + | |
− | # core code
| + | |
− | while 1:
| + | |
− | try:
| + | |
− | global option
| + | |
− | option = raw_input("%s " % (self.header))
| + | |
− | if option == 'help':
| + | |
− | usage()
| + | |
− | elif option == 'view logs':
| + | |
− | viewLogs()
| + | |
− | elif option == 'delete logs':
| + | |
− | deleteLogs()
| + | |
− | elif option == 'set service':
| + | |
− | setService()
| + | |
− | elif option == 'exit':
| + | |
− | os._exit(1)
| + | |
− | else:
| + | |
− | print("%sInvalid Input..." % (self.warning))
| + | |
− | except EOFError:
| + | |
− | print("\n%sType 'exit' to quit..." % (self.warning))
| + | |
− |
| + | |
− | if __name__=='__main__':
| + | |
− | title()
| + | |
− | rubicon().start()
| + | |
− | </source>}}
| + | |
− | | + | |
− | [[Category:Projects]]
| + | |