Questions about this topic? Sign up to ask in the talk tab.

User:Inphekt

From NetSec
Revision as of 06:17, 17 May 2012 by RockyMackay (Talk | contribs) (Created page with "==Description== Rubicon is a multi-threaded python intrustion detection system (IDS). Rubicon works by emulating common TCP services. ==Features== * Low-Interaction IDS * Multi...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Description

Rubicon is a multi-threaded python intrustion detection system (IDS). Rubicon works by emulating common TCP services.

Features

  • Low-Interaction IDS
  • Multi-Threaded
  • Activity Monitor
  • Logs and Time Stamps Incidents
  • Multi-Line Login Banner Emulator

Usage

~$ sudo python rubicon.py

Source

#!/usr/bin/env python
 
# Rubicon (Beta) - Python IDS
# By: inphekt | http://www.blackhatacademy.org/security101/User:Inphekt
 
#  Copyright (C) 2012 inphekt <inphektious[at]live[dot]com>
 
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.  If you decide to use any part
#  of this source be sure to credit the original author.
 
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
 
# Social Engineer attackers into connecting to one of your mock services
 
# *** RUN WITH ROOT PRIVILEGES ***
 
import os
import sys
import time
import string
import socket
import threading
 
# Make Rubicon sexy
class colors:
  BLUE = '\033[94m'
  GREEN = '\033[92m'
  YELLOW = '\033[93m'
  RED = '\033[91m'
  ENDC = '\033[0m'
 
  def disable(self):
    self.BLUE = ''
    self.GREEN = ''
    self.RED = ''
    self.YELLOW = ''
    self.ENDC = ''
 
def title():
  print(colors.BLUE + """
 ____  __  __  ____  ____  ___  _____  _  _ 
(  _ \(  )(  )(  _ \(_  _)/ __)(  _  )( \( )
 )   / )(__)(  ) _ < _)(_( (__  )(_)(  )  ( 
(_)\_)(______)(____/(____)\___)(_____)(_)\_) \n""" + colors.ENDC)
  print(colors.GREEN + '      *~ 7h3 p01n7 0f n0 r3turn ~*\n' + colors.ENDC)
  print(colors.YELLOW + '      inphektious[at]live[dot]com\n\n' + colors.ENDC)
 
class rubicon(threading.Thread):
  def __init__(self):
    self.header = colors.BLUE + "rcon> " + colors.ENDC
    self.warning = colors.RED + "[+] " + colors.ENDC
    threading.Thread.__init__(self)
 
  def run(self):
 
    # list elligable commands
    def usage():
      print """view logs => Shows logged activity
delete logs => Deletes logged activity
set service => Creates a rubicon service
help => Shows usage
exit => Shutdown"""
 
    # Read logs from log.txt
    def viewLogs():
      try:
	log = open("log.txt")
	while 1:
	  lines = log.readlines(100000)
	  if not lines:
	    break
	  for line in lines:
	    print line
	print("\n--- end of log ---")
	self.run()
      except IOError:
	print("%sNo logged activity at this time..." % (self.warning))
	self.run()
 
    # delete log.txt to clear logged activity
    def deleteLogs():
      try:
	os.remove("log.txt")
	print("%sLogs cleared..." % (self.warning))
      except OSError:
	print("%sLogs are clear..." % (self.warning))
 
    # set up Rubicon service
    def setService():
      self.hst = raw_input("Enter the IP address you wish your service to listen on: ")
      self.prt = raw_input("Enter the port you wish your service to listen on: ")
      print("Create a deceptive prompt/header for your mock service ([Enter] for new line and input 'done' when complete):")
 
      # Make multi-lined banner to display for attacker
      banner = ''
      while 1:
	bannerInput = raw_input(colors.BLUE + "~ " + colors.ENDC)
	if bannerInput == "done":
	  break;
	else:
	  banner += bannerInput + "\n"
 
      # Create socket and start mock service
      while 1:
	try:
	  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	  s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
	  HOST = self.hst
	  PORT = int(self.prt)
	  s.bind((HOST, PORT))
	  s.listen(1)
	  print (self.warning + time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ": Setting up service on port %s..." % (PORT))
	  rubicon().start()
 
	  # Accept connection and parse data
	  (insock, address) = s.accept()
	  # Convert incoming address to a string
	  straddress = str(address)  
	  # Split the tuple into lists
	  testlist = string.split(straddress, ",") 
	  # Split the host portion of the list
	  gethost = string.split(testlist[0], "'")
	  # Split the port portion of the list
	  getaddr = string.split(testlist[1], ")")
	  # Remove just the address from the list
	  host = gethost[1]    
	  # Remove just the port from the list
	  inport = int(getaddr[0])
 
	  # interactive alert
	  print(time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
 
	  # Open log.txt to log information on attacker
	  log = open("log.txt","a+")
	  log.write(time.strftime("\n%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
	  insock.send(banner)
	  data = insock.recv(1024)
	  log.write('\nInput: %s\n-----------------' % data)
 
	  # Close socket
	  insock.close()
	  s.close()
 
	# handle socket error
	except socket.error, msg:
	  print ("%sError: %s" % (self.warning, msg))
	  setService()
 
    # core code
    while 1:
      try:
	global option
	option = raw_input("%s " % (self.header))
	if option == 'help':
	  usage()
	elif option == 'view logs':
	  viewLogs()
	elif option == 'delete logs':
	  deleteLogs()
	elif option == 'set service':
	  setService()
	elif option == 'exit':
	  os._exit(1)
	else:
	  print("%sInvalid Input..." % (self.warning))
      except EOFError:
	print("\n%sType 'exit' to quit..." % (self.warning))
 
if __name__=='__main__':
  title()
  rubicon().start()
 
Retrieved from "http://nets.ec/index.php?title=User:Inphekt&oldid=5532"