dvash 0.1.0 → 0.1.1

data/bin/dvash

@@ -1,6 +1,4 @@
 #!/usr/bin/env ruby
-
-require 'bundler/setup'
 require 'dvash'
 
 Dvash.start

data/dvash.gemspec

@@ -1,34 +1,23 @@
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
+  # Variables:
   s.name = "dvash"
-  s.version = "0.1.0"
-
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Ari Mizrahi"]
-  s.date = "2013-05-02"
+  s.version = "0.1.1"
+  s.authors = "Ari Mizrahi"
+  s.date = "2013-07-21"
   s.description = "Part honeypot, part defense system.  Opens up ports and simulates services in order to look like an attractive target.  Hosts that try to connect to the fake services are considered attackers and blocked from all access."
+  s.summary = "Honeypot defense system"
   s.email = "codemunchies@gmail.com"
-  s.executables = ["dvash"]
-  s.files = ["etc/dvash-baseline.conf", "lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv4/rdp.rb", "lib/dvash/honeyports/ipv4/ssh.rb", "lib/dvash/honeyports/ipv4/telnet.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/honeyports/ipv6/rdp.rb", "lib/dvash/honeyports/ipv6/ssh.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/core.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile", "README.md"]
   s.homepage = "http://github.com/codemunchies/dvash"
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.25"
-  s.summary = "Honeypot defense system"
   s.license = "GPL-3"
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
+  # Pragmatically Gathered
+  s.executables = "dvash"
+  s.files = Dir["{lib,bin}/**/*"]
+  s.files += [File.basename(__FILE__), "Gemfile", "README.md", "LICENSE"]
+  s.require_paths = ["lib"]
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<parseconfig>, ["~> 1.0"])
-      s.add_runtime_dependency(%q<bundler>, ["~> 1.3"])
-    else
-      s.add_dependency(%q<parseconfig>, ["~> 1.0"])
-      s.add_dependency(%q<bundler>, ["~> 1.3"])
-    end
-  else
-    s.add_dependency(%q<parseconfig>, ["~> 1.0"])
-    s.add_dependency(%q<bundler>, ["~> 1.3"])
-  end
+  # Dependencies
+  s.add_dependency("parseconfig", "~> 1.0")
 end

data/lib/dvash.rb

@@ -1,5 +1,4 @@
 require 'dvash/application'
-
 require 'optparse'
 
 #
@@ -20,48 +19,40 @@ require 'optparse'
 #
 
 module Dvash
-  
+  # Start the CLI and instantiate [Dvash]
+  # @params [Hash] instantiate paths to set default config values
   def self.start(paths={})
 
-    #
     # Set default path to config and log files
-    # TODO: These settings assume Linux default paths, should determine the operating system then configure accordingly
-    #
+    # TODO: These settings assume Linux default paths, it should determine the 
+    # operating system then configure accordingly
     paths[:config_path] = '/etc/dvash.conf'
     paths[:log_path] = '/var/log/dvash.conf'
     
-    #
-    # A command-line interface using OptionParser
-    #
+    # Command-line interface
     OptionParser.new do |opts|
-      opts.banner = "Dvash 0.1.0 ( http://www.github.com/codemunchies/dvash )\n"
+      # Banner information
+      opts.banner = "Dvash 0.1.1 ( http://www.github.com/codemunchies/dvash )\n"
       opts.banner += "Usage: dvash [options]"
-      #
-      # Option to set an alternate configuration file
-      #
+      # Set an alternate configuration file
       opts.on("--config-file [PATH]", "Set path to config file") do |arg|
         paths[:config_path] = arg
       end
-      #
-      # Option to set an alternate log file destination and filename
-      #
+      # Set an alternate log file destination and filename
       opts.on("--log-file [PATH]", "Set path to log file") do |arg|
         paths[:log_path] = arg
       end
     end.parse!
 
-    #
-    # Create and start an Application instance
-    #
+    # Create and start an application instance on Dvash
+    # @return [Dvash] application instance
     begin
       application = Dvash::Application.new(paths)
       application.start
     rescue
-      # TODO: Use 'logger' gem to output debug information
+      # TODO: Use [logger] gem to output debug information
       puts "couldn't start application"
       exit
     end
-
-
   end
 end

data/lib/dvash/application.rb

@@ -1,57 +1,40 @@
 require 'dvash/core'
-
 require 'parseconfig'
 
 module Dvash
+  #
+  # Main application methods, the glue that holds it all together
+  #
+  class Application < Core
 
-	class Application < Core
-
-		#
-		# Methods that should run when the Dvash Application object is created
-		# Requires one argument of type Array including paths to configuration
-		# file and destination for log file
-		#
-		def initialize(paths)
-			#
-			# Create @honey_threads Array to hold all 'honeyport' threads
-			#
-			@honey_threads = Array.new
-			#
-			# Load passed Array paths into @paths for use in the class
-			#
-			@paths = paths
-			#
-			# Call method to load the configuration file
-			#
-			load_conf
-			#
-			# Call method to validate the operating system and load necessary Dvash methods
-			#
-			validate_os
-		end
-
-		#
-		# Fire in the hole!
-		#
-		def start
-			#
-			# Make sure we are running with elevated privileges
-			#
-			unless valid_user?
-				# TODO: Use 'logger' gem to output debug information
-				puts "invalid user"
-				exit
-			end
+    # Methods that should run when [Dvash] is created
+    # @params [Hash] includes paths to config and log file
+    def initialize(paths)
+      # Instantiate @honey_threads [Array] to hold all honeyport threads
+      @honey_threads = Array.new
+      # Load passed [paths]
+      @paths = paths
+      # Load the configuration file
+      load_conf
+      # Validate the operating system and load necessary [Dvash] methods
+      validate_os
+    end
 
-			#
-			# Call method to load all 'honeyports' set as 'true' in the configuration file
-			#
-			load_honeyport
-			#
-			# Start all loaded threads
-			#
-			@honey_threads.each { |thr| thr.join }
-		end
+    # Fire in the hole!
+    def start
+      # Make sure we are running with elevated privileges
+      unless valid_user?
+        # TODO: Use [logger] gem to output debug information
+        puts "invalid user"
+        exit
+      end
+      # Load all honeyports set true in the configuration file
+      load_honeyport
+      # Let the user know we're running
+      puts "Dvash is running..."
+      # Start all loaded threads
+      @honey_threads.each { |thr| thr.join }
+    end
 
-	end
+  end
 end

data/lib/dvash/core.rb

@@ -2,128 +2,108 @@ require 'ipaddr'
 require 'securerandom'
 
 module Dvash
+  #
+  # Core class contains methods all other classes depend on to function properly.
+  #
+  class Core
 
-	class Core
+    # Validates user
+    # We must be root to create entries in the firewall
+    # @return [Boolean] true|false
+    def valid_user?
+      Process.uid == 0
+    end
 
-		#
-		# Validates user, must be root
-		#
-		def valid_user?
-			Process.uid == 0
-		end
+    # Validates an IP address
+    # IP Address should be valid IPv4 or IPv6 addresses
+    # @return [Boolean] true|false
+    def valid_ip?(address)
+      begin
+        IPAddr.new("#{address}")
+        true
+      rescue
+        false
+      end
+    end
 
-		#
-		# Validates an IP address, must be valid IPv4 or IPv6 address
-		#
-		def valid_ip?(address)
-			begin
-				IPAddr.new("#{address}")
-				true
-			rescue
-				false
-			end
-		end
+    # Validates the operating system
+    # OS must be Windows 7+, OS X, or Linux
+    # Creates a new instance of the operating system specific Dvash libraries 
+    # required to block IP addresses properly, @@os is used as a class variable 
+    # to call its methods from within a Honeyport
+    def validate_os
+      # Rubygems platform data
+      system = RUBY_PLATFORM
+      # Use regular expressions to determine operating system
+      case system
+      # WINDOWS
+      when /mswin|msys|mingw|cygwin|bccwin|wince|emc/
+        # Create Dvash Windows object for use within 'honeyports' modules
+        require 'dvash/os/windows'
+            @@os = Dvash::Windows.new
+        # MAC OS X
+      when /darwin|mac os/
+        # Create Dvash Mac OS X object for use within 'honeyports' modules
+        require 'dvash/os/mac'
+            @@os = Dvash::Mac.new
+        # LINUX
+      when /linux/
+        # Create Dvash Linux object for use within 'honeyports' modules
+        require 'dvash/os/linux'
+            @@os = Dvash::Linux.new
+        # BSD
+      when /solaris|bsd/
+        # TODO: BSD support
+        exit
+      else
+        # TODO: Use [logger] gem to output debug information
+        puts "invalid operating system"
+            exit
+      end
+    end
 
-		#
-		# Validates the operating system, must be windows, os x, or linux
-		# Creates a new instance the operating system specific Dvash libraries required to block IP addresses properly
-		# @@os is used as a class variable to call its methods from within a Honeyport
-		#
-		def validate_os
-			#
-			# Store rubygems platform data
-			#
-			system = RUBY_PLATFORM
-			#
-			# Use regular expressions to determine operating system
-			#
-			case system
-			# WINDOWS
-			when /mswin|msys|mingw|cygwin|bccwin|wince|emc/
-				#
-				# Create Dvash Windows object for use within 'honeyports' modules
-				#
-				require 'dvash/os/windows'
-	      @@os = Dvash::Windows.new
-	    # MAC OS X
-			when /darwin|mac os/
-				#
-				# Create Dvash Mac OS X object for use within 'honeyports' modules
-				#
-				require 'dvash/os/mac'
-	      @@os = Dvash::Mac.new
-	    # LINUX
-			when /linux/
-				#
-				# Create Dvash Linux object for use within 'honeyports' modules
-				#
-				require 'dvash/os/linux'
-	      @@os = Dvash::Linux.new
-	    # BSD
-			when /solaris|bsd/
-				# TODO: BSD support
-				exit
-			else
-				# TODO: Use 'logger' gem to output debug information
-				puts "invalid operating system"
-	      exit
-			end
-		end
+    # Loads the configuration file using [ParseConfig]
+    def load_conf
+      begin
+        @@cfgfile = ParseConfig.new(@paths[:config_path])
+      rescue
+        # TODO: Use 'logger' gem to output debug information
+        puts "invalid configuration file"
+        exit
+      end
+    end
 
-		#
-		# Loads the configuration file using ParseConfig
-		#
-		def load_conf
-			begin
-				@@cfgfile = ParseConfig.new(@paths[:config_path])
-			rescue
-				# TODO: Use 'logger' gem to output debug information
-				puts "invalid configuration file"
-				exit
-			end
-		end
+    # Load all Honeyports set true in the configuration file
+    def load_honeyport
+      # Read honeyports group in configuration file, parse keys and values
+      @@cfgfile['honeyports'].each do |key, value|
+        if value == 'true' then
+          ipver, proto = key.split("_")
+          # Load methods for all honeyports set true
+          begin
+            require "dvash/honeyports/#{ipver}/#{proto}"
+          rescue
+            # TODO: Use [logger] gem to output debug information
+            puts "couldn't load dvash/honeyports/#{ipver}/#{proto}"
+            exit
+          end
+          # Push the loaded honeyport into a thread
+          @honey_threads << Thread.new { Dvash::Honeyport.new.send(key) }
+        end
+      end
+    end
 
-		#
-		# Load all Honeyports set 'true' in the configuration file
-		# 
-		def load_honeyport
-			# 
-			# Read 'honeyports' group in configuration file, parse keys and values
-			#
-			@@cfgfile['honeyports'].each do |key, value|
-				if value == 'true' then
-					ipver, proto = key.split("_")
-					#
-					# Load methods for all 'honeyports' set to 'true'
-					#
-					begin
-						require "dvash/honeyports/#{ipver}/#{proto}"
-					rescue
-						# TODO: Use 'logger' gem to output debug information
-						puts "couldn't load dvash/honeyports/#{ipver}/#{proto}"
-						exit
-					end
-					#
-					# Push the loaded 'honeyport' into a thread
-					#
-					@honey_threads << Thread.new { Dvash::Honeyport.new.send(key) }
-				end
-			end
-		end
+    # Generate a random string 64 bytes long
+    # @return [String] random bytes
+    def random_data
+      SecureRandom.random_bytes(64)
+    end
 
-		#
-		# Return a string of random characters 64 bytes long
-		#
-		def random_data
-			SecureRandom.random_bytes(64)
-		end
+    # Client source IP address in a [TCPServer]
+    # @return [String] client IP
+    def client_ip(client)
+      client.peeraddr[3]
+    end
 
-		#
-		# Return the client source IP address from a TCPServer object
-		#
-		def client_ip(client)
-			client.peeraddr[3]
-		end
-
-	end
+  end
 end

data/lib/dvash/honeyports/ipv4/http.rb

@@ -9,43 +9,32 @@
 #
 ###############################################################################
 module Dvash
+  #
+  # Main Honeyport class to simulate daemons
+  #
+  class Honeyport < Core
 
-	class Honeyport < Core
+    def ipv4_http
+      # IPv4 TCPServer object
+      # @return [TCPServer] tcp/80 HTTPd
+      server = TCPServer.new(80)
+      # Infinite listening loop
+      loop do
+        # Fork a new instance of [TCPServer] when a client connects
+          Thread.fork(server.accept) do |client| 
+              # Validate client has a valid IP address
+              # @return [Boolean] true|false
+              if valid_ip?(client_ip(client)) then 
+                # Send the connected client junk data
+                client.puts(random_data)
+                # Block the IP address
+                @@os.block_ip(client_ip(client))
+              end
+              # Close the connection to the client and kill the forked process
+              client.close
+          end
+      end
+    end
 
-		def ipv4_http
-			#
-			# Create a new IPv4 TCPServer object
-			#
-			server = TCPServer.new(80)
-			#
-			# Infinite loop listens on port 80 pretending to be an HTTP server
-			#
-			loop do
-					#
-					# Fork a new instance of the TCPServer object when a client connects
-					# TODO: Maybe we should not send junk data until after the client IP has been validated
-					#	
-			    Thread.fork(server.accept) do |client| 
-			    		#
-			        # Send the connected client junk data
-			        #
-			        client.puts(random_data)
-			        #
-			        # Make sure the client has a valid IP address
-			        #
-			        if valid_ip?(client_ip(client)) then 
-			        	#
-			        	# Block the IP address
-			        	#
-			        	@@os.block_ip(client_ip(client))
-			        end
-			        #
-			        # Close the connection to the client and kill the forked process
-			        #
-			        client.close
-			    end
-			end
-		end
-
-	end
+  end
 end