dvash 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +674 -0
- data/bin/dvash +0 -2
- data/dvash.gemspec +12 -23
- data/lib/dvash.rb +12 -21
- data/lib/dvash/application.rb +32 -49
- data/lib/dvash/core.rb +96 -116
- data/lib/dvash/honeyports/ipv4/http.rb +26 -37
- data/lib/dvash/honeyports/ipv4/rdp.rb +26 -37
- data/lib/dvash/honeyports/ipv4/ssh.rb +26 -37
- data/lib/dvash/honeyports/ipv4/telnet.rb +26 -37
- data/lib/dvash/honeyports/ipv6/http.rb +26 -37
- data/lib/dvash/honeyports/ipv6/rdp.rb +26 -37
- data/lib/dvash/honeyports/ipv6/ssh.rb +26 -37
- data/lib/dvash/os/linux.rb +42 -64
- data/lib/dvash/os/mac.rb +24 -28
- data/lib/dvash/os/windows.rb +23 -24
- metadata +5 -21
- data/etc/dvash-baseline.conf +0 -48
@@ -9,43 +9,32 @@
|
|
9
9
|
#
|
10
10
|
###############################################################################
|
11
11
|
module Dvash
|
12
|
+
#
|
13
|
+
# Main Honeyport class to simulate daemons
|
14
|
+
#
|
15
|
+
class Honeyport < Core
|
12
16
|
|
13
|
-
|
17
|
+
def ipv4_rdp
|
18
|
+
# IPv4 TCPServer object
|
19
|
+
# @return [TCPServer] tcp/3389 RDPd
|
20
|
+
server = TCPServer.new(3389)
|
21
|
+
# Infinite listening loop
|
22
|
+
loop do
|
23
|
+
# Fork a new instance of [TCPServer] when a client connects
|
24
|
+
Thread.fork(server.accept) do |client|
|
25
|
+
# Make sure the client has a valid IP address
|
26
|
+
# @return [Boolean] true|false
|
27
|
+
if valid_ip?(client_ip(client)) then
|
28
|
+
# Send the connected client junk data
|
29
|
+
client.puts(random_data)
|
30
|
+
# Block the IP address
|
31
|
+
@@os.block_ip(client_ip(client))
|
32
|
+
end
|
33
|
+
# Close the connection to the client and kill the forked process
|
34
|
+
client.close
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
14
38
|
|
15
|
-
|
16
|
-
#
|
17
|
-
# Create a new IPv4 TCPServer object
|
18
|
-
#
|
19
|
-
server = TCPServer.new(3389)
|
20
|
-
#
|
21
|
-
# Infinite loop listens on port 3389 pretending to be an RDP server
|
22
|
-
#
|
23
|
-
loop do
|
24
|
-
#
|
25
|
-
# Fork a new instance of the TCPServer object when a client connects
|
26
|
-
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
-
#
|
28
|
-
Thread.fork(server.accept) do |client|
|
29
|
-
#
|
30
|
-
# Send the connected client junk data
|
31
|
-
#
|
32
|
-
client.puts(random_data)
|
33
|
-
#
|
34
|
-
# Make sure the client has a valid IP address
|
35
|
-
#
|
36
|
-
if valid_ip?(client_ip(client)) then
|
37
|
-
#
|
38
|
-
# Block the IP address
|
39
|
-
#
|
40
|
-
@@os.block_ip(client_ip(client))
|
41
|
-
end
|
42
|
-
#
|
43
|
-
# Close the connection to the client and kill the forked process
|
44
|
-
#
|
45
|
-
client.close
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
39
|
+
end
|
51
40
|
end
|
@@ -9,43 +9,32 @@
|
|
9
9
|
#
|
10
10
|
###############################################################################
|
11
11
|
module Dvash
|
12
|
+
#
|
13
|
+
# Main Honeyport class to simulate daemons
|
14
|
+
#
|
15
|
+
class Honeyport < Core
|
12
16
|
|
13
|
-
|
17
|
+
def ipv4_ssh
|
18
|
+
# IPv4 TCPServer object
|
19
|
+
# @return [TCPServer] tcp/22 SSHd
|
20
|
+
server = TCPServer.new(22)
|
21
|
+
# Infinite listening loop
|
22
|
+
loop do
|
23
|
+
# Fork a new instance of [TCPServer] when a client connects
|
24
|
+
Thread.fork(server.accept) do |client|
|
25
|
+
# Make sure the client has a valid IP address
|
26
|
+
# @return [Boolean] true|false
|
27
|
+
if valid_ip?(client_ip(client)) then
|
28
|
+
# Send the connected client junk data
|
29
|
+
client.puts(random_data)
|
30
|
+
# Block the IP address
|
31
|
+
@@os.block_ip(client_ip(client))
|
32
|
+
end
|
33
|
+
# Close the connection to the client and kill the forked process
|
34
|
+
client.close
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
14
38
|
|
15
|
-
|
16
|
-
#
|
17
|
-
# Create a new IPv4 TCPServer object
|
18
|
-
#
|
19
|
-
server = TCPServer.new(22)
|
20
|
-
#
|
21
|
-
# Infinite loop listens on port 22 pretending to be an SSH server
|
22
|
-
#
|
23
|
-
loop do
|
24
|
-
#
|
25
|
-
# Fork a new instance of the TCPServer object when a client connects
|
26
|
-
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
-
#
|
28
|
-
Thread.fork(server.accept) do |client|
|
29
|
-
#
|
30
|
-
# Send the connected client junk data
|
31
|
-
#
|
32
|
-
client.puts(random_data)
|
33
|
-
#
|
34
|
-
# Make sure the client has a valid IP address
|
35
|
-
#
|
36
|
-
if valid_ip?(client_ip(client)) then
|
37
|
-
#
|
38
|
-
# Block the IP address
|
39
|
-
#
|
40
|
-
@@os.block_ip(client_ip(client))
|
41
|
-
end
|
42
|
-
#
|
43
|
-
# Close the connection to the client and kill the forked process
|
44
|
-
#
|
45
|
-
client.close
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
39
|
+
end
|
51
40
|
end
|
@@ -9,43 +9,32 @@
|
|
9
9
|
#
|
10
10
|
###############################################################################
|
11
11
|
module Dvash
|
12
|
+
#
|
13
|
+
# Main Honeyport class to simulate daemons
|
14
|
+
#
|
15
|
+
class Honeyport < Core
|
12
16
|
|
13
|
-
|
17
|
+
def ipv4_telnet
|
18
|
+
# IPv4 TCPServer object
|
19
|
+
# @return [TCPServer] tcp/23 Telnetd
|
20
|
+
server = TCPServer.new(23)
|
21
|
+
# Infinite listening loop
|
22
|
+
loop do
|
23
|
+
# Fork a new instance of [TCPServer] when a client connects
|
24
|
+
Thread.fork(server.accept) do |client|
|
25
|
+
# Make sure the client has a valid IP address
|
26
|
+
# @return [Boolean] true|false
|
27
|
+
if valid_ip?(client_ip(client)) then
|
28
|
+
# Send the connected client junk data
|
29
|
+
client.puts(random_data)
|
30
|
+
# Block the IP address
|
31
|
+
@@os.block_ip(client_ip(client))
|
32
|
+
end
|
33
|
+
# Close the connection to the client and kill the forked process
|
34
|
+
client.close
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
14
38
|
|
15
|
-
|
16
|
-
#
|
17
|
-
# Create a new IPv4 TCPServer object
|
18
|
-
#
|
19
|
-
server = TCPServer.new(23)
|
20
|
-
#
|
21
|
-
# Infinite loop listens on port 23 pretending to be an Telnet server
|
22
|
-
#
|
23
|
-
loop do
|
24
|
-
#
|
25
|
-
# Fork a new instance of the TCPServer object when a client connects
|
26
|
-
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
-
#
|
28
|
-
Thread.fork(server.accept) do |client|
|
29
|
-
#
|
30
|
-
# Send the connected client junk data
|
31
|
-
#
|
32
|
-
client.puts(random_data)
|
33
|
-
#
|
34
|
-
# Make sure the client has a valid IP address
|
35
|
-
#
|
36
|
-
if valid_ip?(client_ip(client)) then
|
37
|
-
#
|
38
|
-
# Block the IP address
|
39
|
-
#
|
40
|
-
@@os.block_ip(client_ip(client))
|
41
|
-
end
|
42
|
-
#
|
43
|
-
# Close the connection to the client and kill the forked process
|
44
|
-
#
|
45
|
-
client.close
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
39
|
+
end
|
51
40
|
end
|
@@ -9,43 +9,32 @@
|
|
9
9
|
#
|
10
10
|
###############################################################################
|
11
11
|
module Dvash
|
12
|
+
#
|
13
|
+
# Main Honeyport class to simulate daemons
|
14
|
+
#
|
15
|
+
class Honeyport < Core
|
12
16
|
|
13
|
-
|
17
|
+
def ipv6_http
|
18
|
+
# IPv6 TCPServer object
|
19
|
+
# @return [TCPServer] tcp/80 HTTPd
|
20
|
+
server = TCPServer.new('::', 80)
|
21
|
+
# Infinite listening loop
|
22
|
+
loop do
|
23
|
+
# Fork a new instance of [TCPServer] when a client connects
|
24
|
+
Thread.fork(server.accept) do |client|
|
25
|
+
# Make sure the client has a valid IP address
|
26
|
+
# @return [Boolean] true|false
|
27
|
+
if valid_ip?(client_ip(client)) then
|
28
|
+
# Send the connected client junk data
|
29
|
+
client.puts(random_data)
|
30
|
+
# Block the IP address
|
31
|
+
@@os.block_ip(client_ip(client))
|
32
|
+
end
|
33
|
+
# Close the connection to the client and kill the forked process
|
34
|
+
client.close
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
14
38
|
|
15
|
-
|
16
|
-
#
|
17
|
-
# Create a new IPv6 TCPServer object
|
18
|
-
#
|
19
|
-
server = TCPServer.new('::', 80)
|
20
|
-
#
|
21
|
-
# Infinite loop listens on port 80 pretending to be an HTTP server
|
22
|
-
#
|
23
|
-
loop do
|
24
|
-
#
|
25
|
-
# Fork a new instance of the TCPServer object when a client connects
|
26
|
-
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
-
#
|
28
|
-
Thread.fork(server.accept) do |client|
|
29
|
-
#
|
30
|
-
# Send the connected client junk data
|
31
|
-
#
|
32
|
-
client.puts(random_data)
|
33
|
-
#
|
34
|
-
# Make sure the client has a valid IP address
|
35
|
-
#
|
36
|
-
if valid_ip?(client_ip(client)) then
|
37
|
-
#
|
38
|
-
# Block the IP address
|
39
|
-
#
|
40
|
-
@@os.block_ip(client_ip(client))
|
41
|
-
end
|
42
|
-
#
|
43
|
-
# Close the connection to the client and kill the forked process
|
44
|
-
#
|
45
|
-
client.close
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
39
|
+
end
|
51
40
|
end
|
@@ -9,43 +9,32 @@
|
|
9
9
|
#
|
10
10
|
###############################################################################
|
11
11
|
module Dvash
|
12
|
+
#
|
13
|
+
# Main Honeyport class to simulate daemons
|
14
|
+
#
|
15
|
+
class Honeyport < Core
|
12
16
|
|
13
|
-
|
17
|
+
def ipv6_rdp
|
18
|
+
# IPv6 TCPServer object
|
19
|
+
# @return [TCPServer] tcp/3389 RDPd
|
20
|
+
server = TCPServer.new('::', 3389)
|
21
|
+
# Infinite listening loop
|
22
|
+
loop do
|
23
|
+
# Fork a new instance of [TCPServer] when a client connects
|
24
|
+
Thread.fork(server.accept) do |client|
|
25
|
+
# Make sure the client has a valid IP address
|
26
|
+
# @return [Boolean] true|false
|
27
|
+
if valid_ip?(client_ip(client)) then
|
28
|
+
# Send the connected client junk data
|
29
|
+
client.puts(random_data)
|
30
|
+
# Block the IP address
|
31
|
+
@@os.block_ip(client_ip(client))
|
32
|
+
end
|
33
|
+
# Close the connection to the client and kill the forked process
|
34
|
+
client.close
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
14
38
|
|
15
|
-
|
16
|
-
#
|
17
|
-
# Create a new IPv6 TCPServer object
|
18
|
-
#
|
19
|
-
server = TCPServer.new('::', 3389)
|
20
|
-
#
|
21
|
-
# Infinite loop listens on port 3389 pretending to be an RDP server
|
22
|
-
#
|
23
|
-
loop do
|
24
|
-
#
|
25
|
-
# Fork a new instance of the TCPServer object when a client connects
|
26
|
-
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
-
#
|
28
|
-
Thread.fork(server.accept) do |client|
|
29
|
-
#
|
30
|
-
# Send the connected client junk data
|
31
|
-
#
|
32
|
-
client.puts(random_data)
|
33
|
-
#
|
34
|
-
# Make sure the client has a valid IP address
|
35
|
-
#
|
36
|
-
if valid_ip?(client_ip(client)) then
|
37
|
-
#
|
38
|
-
# Block the IP address
|
39
|
-
#
|
40
|
-
@@os.block_ip(client_ip(client))
|
41
|
-
end
|
42
|
-
#
|
43
|
-
# Close the connection to the client and kill the forked process
|
44
|
-
#
|
45
|
-
client.close
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
39
|
+
end
|
51
40
|
end
|
@@ -9,43 +9,32 @@
|
|
9
9
|
#
|
10
10
|
###############################################################################
|
11
11
|
module Dvash
|
12
|
+
#
|
13
|
+
# Main Honeyport class to simulate daemons
|
14
|
+
#
|
15
|
+
class Honeyport < Core
|
12
16
|
|
13
|
-
|
17
|
+
def ipv6_ssh
|
18
|
+
# IPv6 TCPServer object
|
19
|
+
# @return [TCPServer] tcp/22 SSHd
|
20
|
+
server = TCPServer.new('::', 22)
|
21
|
+
# Infinite listening loop
|
22
|
+
loop do
|
23
|
+
# Fork a new instance of [TCPServer] when a client connects
|
24
|
+
Thread.fork(server.accept) do |client|
|
25
|
+
# Make sure the client has a valid IP address
|
26
|
+
# @return [Boolean] true|false
|
27
|
+
if valid_ip?(client_ip(client)) then
|
28
|
+
# Send the connected client junk data
|
29
|
+
client.puts(random_data)
|
30
|
+
# Block the IP address
|
31
|
+
@@os.block_ip(client_ip(client))
|
32
|
+
end
|
33
|
+
# Close the connection to the client and kill the forked process
|
34
|
+
client.close
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
14
38
|
|
15
|
-
|
16
|
-
#
|
17
|
-
# Create a new IPv6 TCPServer object
|
18
|
-
#
|
19
|
-
server = TCPServer.new('::', 22)
|
20
|
-
#
|
21
|
-
# Infinite loop listens on port 22 pretending to be an SSH server
|
22
|
-
#
|
23
|
-
loop do
|
24
|
-
#
|
25
|
-
# Fork a new instance of the TCPServer object when a client connects
|
26
|
-
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
-
#
|
28
|
-
Thread.fork(server.accept) do |client|
|
29
|
-
#
|
30
|
-
# Send the connected client junk data
|
31
|
-
#
|
32
|
-
client.puts(random_data)
|
33
|
-
#
|
34
|
-
# Make sure the client has a valid IP address
|
35
|
-
#
|
36
|
-
if valid_ip?(client_ip(client)) then
|
37
|
-
#
|
38
|
-
# Block the IP address
|
39
|
-
#
|
40
|
-
@@os.block_ip(client_ip(client))
|
41
|
-
end
|
42
|
-
#
|
43
|
-
# Close the connection to the client and kill the forked process
|
44
|
-
#
|
45
|
-
client.close
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
end
|
39
|
+
end
|
51
40
|
end
|
data/lib/dvash/os/linux.rb
CHANGED
@@ -1,70 +1,48 @@
|
|
1
1
|
module Dvash
|
2
|
+
#
|
3
|
+
# Used by Linux systems to leverage IPTables for blocking all of the peoples
|
4
|
+
#
|
5
|
+
class Linux < Core
|
2
6
|
|
3
|
-
|
7
|
+
def initialize
|
8
|
+
# Make sure we have binaries for iptables using the paths
|
9
|
+
# set in the configuration file
|
10
|
+
unless File.exist?(@@cfgfile['iptables']['ipv4'])
|
11
|
+
# TODO: Use [logger] gem to output debug information
|
12
|
+
puts "can't find iptables"
|
13
|
+
exit
|
14
|
+
end
|
15
|
+
# Do not create a new iptables chain if one already exists
|
16
|
+
unless `"#{@@cfgfile['iptables']['ipv4']}" -L INPUT`.include?('DVASH')
|
17
|
+
# Create a new DVASH chain
|
18
|
+
system("#{@@cfgfile['iptables']['ipv4']} -N DVASH")
|
19
|
+
# Flush the DVASH chain
|
20
|
+
system("#{@@cfgfile['iptables']['ipv4']} -F DVASH")
|
21
|
+
# Associate the DVASH chain to INPUT chain
|
22
|
+
system("#{@@cfgfile['iptables']['ipv4']} -I INPUT -j DVASH")
|
23
|
+
end
|
24
|
+
# Do not create a new ip6tables chain if one already exists
|
25
|
+
unless `"#{@@cfgfile['iptables']['ipv6']}" -L INPUT`.include?('DVASH')
|
26
|
+
# Create a new DVASH chain
|
27
|
+
system("#{@@cfgfile['iptables']['ipv6']} -N DVASH")
|
28
|
+
# Flush the DVASH chain
|
29
|
+
system("#{@@cfgfile['iptables']['ipv6']} -F DVASH")
|
30
|
+
# Associate the DVASH chain to INPUT chain
|
31
|
+
system("#{@@cfgfile['iptables']['ipv6']} -I INPUT -j DVASH")
|
32
|
+
end
|
33
|
+
end
|
4
34
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
unless File.exist?(@@cfgfile['iptables']['ipv4'])
|
11
|
-
# TODO: Use 'logger' gem to output debug information
|
12
|
-
puts "can't find iptables"
|
13
|
-
exit
|
14
|
-
end
|
35
|
+
def block_ip(address)
|
36
|
+
# Block the client IP address using iptables binaries set in the conf file
|
37
|
+
if IPAddr.new("#{address}").ipv4? then
|
38
|
+
system("#{@@cfgfile['iptables']['ipv4']} -I DVASH -s #{address} -j DROP")
|
39
|
+
end
|
15
40
|
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
# Create a new DVASH chain
|
22
|
-
#
|
23
|
-
system("#{@@cfgfile['iptables']['ipv4']} -N DVASH")
|
24
|
-
#
|
25
|
-
# Flush the DVASH chain
|
26
|
-
#
|
27
|
-
system("#{@@cfgfile['iptables']['ipv4']} -F DVASH")
|
28
|
-
#
|
29
|
-
# Associate the DVASH chain to INPUT chain
|
30
|
-
#
|
31
|
-
system("#{@@cfgfile['iptables']['ipv4']} -I INPUT -j DVASH")
|
32
|
-
end
|
41
|
+
# Block the client IP address using ip6tables binaries set in the conf file
|
42
|
+
if IPAddr.new("#{address}").ipv6? then
|
43
|
+
system("#{@@cfgfile['iptables']['ipv6']} -I DVASH -s #{address} -j DROP")
|
44
|
+
end
|
45
|
+
end
|
33
46
|
|
34
|
-
|
35
|
-
# Do not create a new ip6tables chain if one already exists
|
36
|
-
#
|
37
|
-
unless `"#{@@cfgfile['iptables']['ipv6']}" -L INPUT`.include?('DVASH')
|
38
|
-
#
|
39
|
-
# Create a new DVASH chain
|
40
|
-
#
|
41
|
-
system("#{@@cfgfile['iptables']['ipv6']} -N DVASH")
|
42
|
-
#
|
43
|
-
# Flush the DVASH chain
|
44
|
-
#
|
45
|
-
system("#{@@cfgfile['iptables']['ipv6']} -F DVASH")
|
46
|
-
#
|
47
|
-
# Associate the DVASH chain to INPUT chain
|
48
|
-
#
|
49
|
-
system("#{@@cfgfile['iptables']['ipv6']} -I INPUT -j DVASH")
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def block_ip(address)
|
54
|
-
#
|
55
|
-
# Block the client IP address using iptables binaries set in the configuration file
|
56
|
-
#
|
57
|
-
if IPAddr.new("#{address}").ipv4? then
|
58
|
-
system("#{@@cfgfile['iptables']['ipv4']} -I DVASH -s #{address} -j DROP")
|
59
|
-
end
|
60
|
-
|
61
|
-
#
|
62
|
-
# Block the client IP address using ip6tables binaries set in the configuration file
|
63
|
-
#
|
64
|
-
if IPAddr.new("#{address}").ipv6? then
|
65
|
-
system("#{@@cfgfile['iptables']['ipv6']} -I DVASH -s #{address} -j DROP")
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
end
|
47
|
+
end
|
70
48
|
end
|