|
|
| (4 intermediate revisions by one other user not shown) |
| Line 1: |
Line 1: |
| − | ==Description==
| + | All your executables are belong to me |
| − | Rubicon is a multi-threaded python intrustion detection system (IDS). Rubicon works by emulating common TCP services.
| + | |
| | | | |
| − | ==Features==
| + | '''Notable Contributions''' |
| − | * Low-Interaction IDS
| + | * [[User:Inphekt/rubicon|Rubicon - Python Honeypot]] |
| − | * Multi-Threaded
| + | |
| − | * Activity Monitor
| + | |
| − | * Logs and Time Stamps Incidents
| + | |
| − | * Multi-Line Login Banner Emulator
| + | |
| − | | + | |
| − | ==Usage==
| + | |
| − | ~$ sudo python rubicon.py
| + | |
| − | | + | |
| − | ==Source==
| + | |
| − | {{code|text=<source lang="python">#!/usr/bin/env python
| + | |
| − | | + | |
| − | # Rubicon (Beta) - Python IDS
| + | |
| − | # By: inphekt | http://www.blackhatacademy.org/security101/User:Inphekt
| + | |
| − | | + | |
| − | # Copyright (C) 2012 inphekt <inphektious[at]live[dot]com>
| + | |
| − | | + | |
| − | # This program is free software: you can redistribute it and/or modify
| + | |
| − | # it under the terms of the GNU General Public License as published by
| + | |
| − | # the Free Software Foundation, either version 3 of the License, or
| + | |
| − | # (at your option) any later version. If you decide to use any part
| + | |
| − | # of this source be sure to credit the original author.
| + | |
| − | | + | |
| − | # This program is distributed in the hope that it will be useful,
| + | |
| − | # but WITHOUT ANY WARRANTY; without even the implied warranty of
| + | |
| − | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| + | |
| − | # GNU General Public License for more details.
| + | |
| − | | + | |
| − | # Social Engineer attackers into connecting to one of your mock services
| + | |
| − | | + | |
| − | # *** RUN WITH ROOT PRIVILEGES ***
| + | |
| − | | + | |
| − | import os
| + | |
| − | import sys
| + | |
| − | import time
| + | |
| − | import string
| + | |
| − | import socket
| + | |
| − | import threading
| + | |
| − | | + | |
| − | # Make Rubicon sexy
| + | |
| − | class colors:
| + | |
| − | BLUE = '\033[94m'
| + | |
| − | GREEN = '\033[92m'
| + | |
| − | YELLOW = '\033[93m'
| + | |
| − | RED = '\033[91m'
| + | |
| − | ENDC = '\033[0m'
| + | |
| − |
| + | |
| − | def disable(self):
| + | |
| − | self.BLUE = ''
| + | |
| − | self.GREEN = ''
| + | |
| − | self.RED = ''
| + | |
| − | self.YELLOW = ''
| + | |
| − | self.ENDC = ''
| + | |
| − | | + | |
| − | def title():
| + | |
| − | print(colors.BLUE + """
| + | |
| − | ____ __ __ ____ ____ ___ _____ _ _
| + | |
| − | ( _ \( )( )( _ \(_ _)/ __)( _ )( \( )
| + | |
| − | ) / )(__)( ) _ < _)(_( (__ )(_)( ) (
| + | |
| − | (_)\_)(______)(____/(____)\___)(_____)(_)\_) \n""" + colors.ENDC)
| + | |
| − | print(colors.GREEN + ' *~ 7h3 p01n7 0f n0 r3turn ~*\n' + colors.ENDC)
| + | |
| − | print(colors.YELLOW + ' inphektious[at]live[dot]com\n\n' + colors.ENDC)
| + | |
| − |
| + | |
| − | class rubicon(threading.Thread):
| + | |
| − | def __init__(self):
| + | |
| − | self.header = colors.BLUE + "rcon> " + colors.ENDC
| + | |
| − | self.warning = colors.RED + "[+] " + colors.ENDC
| + | |
| − | threading.Thread.__init__(self)
| + | |
| − | | + | |
| − | def run(self):
| + | |
| − |
| + | |
| − | # list elligable commands
| + | |
| − | def usage():
| + | |
| − | print """view logs => Shows logged activity
| + | |
| − | delete logs => Deletes logged activity
| + | |
| − | set service => Creates a rubicon service
| + | |
| − | help => Shows usage
| + | |
| − | exit => Shutdown"""
| + | |
| − |
| + | |
| − | # Read logs from log.txt
| + | |
| − | def viewLogs():
| + | |
| − | try:
| + | |
| − | log = open("log.txt")
| + | |
| − | while 1:
| + | |
| − | lines = log.readlines(100000)
| + | |
| − | if not lines:
| + | |
| − | break
| + | |
| − | for line in lines:
| + | |
| − | print line
| + | |
| − | print("\n--- end of log ---")
| + | |
| − | self.run()
| + | |
| − | except IOError:
| + | |
| − | print("%sNo logged activity at this time..." % (self.warning))
| + | |
| − | self.run()
| + | |
| − |
| + | |
| − | # delete log.txt to clear logged activity
| + | |
| − | def deleteLogs():
| + | |
| − | try:
| + | |
| − | os.remove("log.txt")
| + | |
| − | print("%sLogs cleared..." % (self.warning))
| + | |
| − | except OSError:
| + | |
| − | print("%sLogs are clear..." % (self.warning))
| + | |
| − |
| + | |
| − | # set up Rubicon service
| + | |
| − | def setService():
| + | |
| − | self.hst = raw_input("Enter the IP address you wish your service to listen on: ")
| + | |
| − | self.prt = raw_input("Enter the port you wish your service to listen on: ")
| + | |
| − | print("Create a deceptive prompt/header for your mock service ([Enter] for new line and input 'done' when complete):")
| + | |
| − |
| + | |
| − | # Make multi-lined banner to display for attacker
| + | |
| − | banner = ''
| + | |
| − | while 1:
| + | |
| − | bannerInput = raw_input(colors.BLUE + "~ " + colors.ENDC)
| + | |
| − | if bannerInput == "done":
| + | |
| − | break;
| + | |
| − | else:
| + | |
| − | banner += bannerInput + "\n"
| + | |
| − |
| + | |
| − | # Create socket and start mock service
| + | |
| − | while 1:
| + | |
| − | try:
| + | |
| − | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
| + | |
| − | s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
| + | |
| − | HOST = self.hst
| + | |
| − | PORT = int(self.prt)
| + | |
| − | s.bind((HOST, PORT))
| + | |
| − | s.listen(1)
| + | |
| − | print (self.warning + time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ": Setting up service on port %s..." % (PORT))
| + | |
| − | rubicon().start()
| + | |
| − |
| + | |
| − | # Accept connection and parse data
| + | |
| − | (insock, address) = s.accept()
| + | |
| − | # Convert incoming address to a string
| + | |
| − | straddress = str(address)
| + | |
| − | # Split the tuple into lists
| + | |
| − | testlist = string.split(straddress, ",")
| + | |
| − | # Split the host portion of the list
| + | |
| − | gethost = string.split(testlist[0], "'")
| + | |
| − | # Split the port portion of the list
| + | |
| − | getaddr = string.split(testlist[1], ")")
| + | |
| − | # Remove just the address from the list
| + | |
| − | host = gethost[1]
| + | |
| − | # Remove just the port from the list
| + | |
| − | inport = int(getaddr[0])
| + | |
| − |
| + | |
| − | # interactive alert
| + | |
| − | print(time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
| + | |
| − |
| + | |
| − | # Open log.txt to log information on attacker
| + | |
| − | log = open("log.txt","a+")
| + | |
| − | log.write(time.strftime("\n%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
| + | |
| − | insock.send(banner)
| + | |
| − | data = insock.recv(1024)
| + | |
| − | log.write('\nInput: %s\n-----------------' % data)
| + | |
| − |
| + | |
| − | # Close socket
| + | |
| − | insock.close()
| + | |
| − | s.close()
| + | |
| − |
| + | |
| − | # handle socket error
| + | |
| − | except socket.error, msg:
| + | |
| − | print ("%sError: %s" % (self.warning, msg))
| + | |
| − | setService()
| + | |
| − |
| + | |
| − | # core code
| + | |
| − | while 1:
| + | |
| − | try:
| + | |
| − | global option
| + | |
| − | option = raw_input("%s " % (self.header))
| + | |
| − | if option == 'help':
| + | |
| − | usage()
| + | |
| − | elif option == 'view logs':
| + | |
| − | viewLogs()
| + | |
| − | elif option == 'delete logs':
| + | |
| − | deleteLogs()
| + | |
| − | elif option == 'set service':
| + | |
| − | setService()
| + | |
| − | elif option == 'exit':
| + | |
| − | os._exit(1)
| + | |
| − | else:
| + | |
| − | print("%sInvalid Input..." % (self.warning))
| + | |
| − | except EOFError:
| + | |
| − | print("\n%sType 'exit' to quit..." % (self.warning))
| + | |
| − |
| + | |
| − | if __name__=='__main__':
| + | |
| − | title()
| + | |
| − | rubicon().start()
| + | |
| − | </source>}}
| + | |
| − | | + | |
| − | [[Category:Projects]]
| + | |
