dvash 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +3 -0
- data/bin/dvash +6 -0
- data/dvash.gemspec +33 -0
- data/lib/dvash.rb +49 -0
- data/lib/dvash/application.rb +28 -0
- data/lib/dvash/honeyports/ipv4/http.rb +28 -0
- data/lib/dvash/honeyports/ipv6/http.rb +28 -0
- data/lib/dvash/os/linux.rb +16 -0
- data/lib/dvash/os/mac.rb +10 -0
- data/lib/dvash/os/windows.rb +11 -0
- data/lib/dvash/validation.rb +70 -0
- metadata +90 -0
data/Gemfile
ADDED
data/bin/dvash
ADDED
data/dvash.gemspec
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = "dvash"
|
5
|
+
s.version = "0.0.1"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Ari Mizrahi"]
|
9
|
+
s.date = "2013-04-01"
|
10
|
+
s.description = "Part honeypot, part defense system. Opens up ports and simulates services in order to look like an attractive target. Hosts that try to connect to the fake services are considered attackers and blocked from all access."
|
11
|
+
s.email = "codemunchies@gmail.com"
|
12
|
+
s.executables = ["dvash"]
|
13
|
+
s.files = ["lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/validation.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
|
14
|
+
s.homepage = "http://github.com/codemunchies/dvash"
|
15
|
+
s.require_paths = ["lib"]
|
16
|
+
s.rubygems_version = "1.8.25"
|
17
|
+
s.summary = "Very alpha honeypot defense system"
|
18
|
+
|
19
|
+
if s.respond_to? :specification_version then
|
20
|
+
s.specification_version = 3
|
21
|
+
|
22
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
23
|
+
s.add_runtime_dependency(%q<parseconfig>, ["~> 1.0"])
|
24
|
+
s.add_runtime_dependency(%q<bundler>, ["~> 1.3"])
|
25
|
+
else
|
26
|
+
s.add_dependency(%q<parseconfig>, ["~> 1.0"])
|
27
|
+
s.add_dependency(%q<bundler>, ["~> 1.3"])
|
28
|
+
end
|
29
|
+
else
|
30
|
+
s.add_dependency(%q<parseconfig>, ["~> 1.0"])
|
31
|
+
s.add_dependency(%q<bundler>, ["~> 1.3"])
|
32
|
+
end
|
33
|
+
end
|
data/lib/dvash.rb
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'dvash/application'
|
2
|
+
|
3
|
+
require 'optparse'
|
4
|
+
|
5
|
+
# Dvash Defense
|
6
|
+
#
|
7
|
+
# Written By: Ari Mizrahi
|
8
|
+
#
|
9
|
+
# Part honeypot, part defense system. Opens up ports and simulates services
|
10
|
+
# in order to look like an attractive target. Hosts that try to connect to
|
11
|
+
# the fake services are considered attackers and blocked from all access.
|
12
|
+
#
|
13
|
+
# Heavily inspired by The Artillery Project by Dave Kennedy (ReL1K) with a
|
14
|
+
# passion for ruby and a thirst for knowledge.
|
15
|
+
|
16
|
+
module Dvash
|
17
|
+
|
18
|
+
# Start a new Dvash instance
|
19
|
+
def self.start(paths={})
|
20
|
+
|
21
|
+
# Set default options
|
22
|
+
paths[:config_path] = '/etc/dvash.conf'
|
23
|
+
paths[:log_path] = '/var/log/dvash.conf'
|
24
|
+
|
25
|
+
# Command-line interface
|
26
|
+
OptionParser.new do |opts|
|
27
|
+
opts.banner = "Usage: #{__FILE__} [options]"
|
28
|
+
|
29
|
+
opts.on("--config-file [PATH]", "Set path to config file") do |arg|
|
30
|
+
paths[:config_path] = arg
|
31
|
+
end
|
32
|
+
|
33
|
+
opts.on("--log-file [PATH]", "Set path to log file") do |arg|
|
34
|
+
paths[:log_path] = arg
|
35
|
+
end
|
36
|
+
end.parse!
|
37
|
+
|
38
|
+
# Create and start an Application instance
|
39
|
+
#begin
|
40
|
+
application = Dvash::Application.new(paths)
|
41
|
+
application.start
|
42
|
+
#rescue
|
43
|
+
# puts "couldn't start application" # replace me
|
44
|
+
# exit
|
45
|
+
#end
|
46
|
+
|
47
|
+
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'dvash/validation'
|
2
|
+
|
3
|
+
require 'parseconfig'
|
4
|
+
|
5
|
+
module Dvash
|
6
|
+
|
7
|
+
class Application < Validation
|
8
|
+
|
9
|
+
def initialize(paths)
|
10
|
+
@honey_threads = Array.new
|
11
|
+
@paths = paths
|
12
|
+
|
13
|
+
validate_os
|
14
|
+
end
|
15
|
+
|
16
|
+
def start
|
17
|
+
unless valid_user?
|
18
|
+
puts "invalid user" # replace me
|
19
|
+
exit
|
20
|
+
end
|
21
|
+
|
22
|
+
load_conf
|
23
|
+
load_honeyport
|
24
|
+
@honey_threads.each { |thr| thr.join }
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Defense - HTTPd IPv4 Honeyport
|
4
|
+
# version 1.0
|
5
|
+
#
|
6
|
+
# Written By: Ari Mizrahi
|
7
|
+
#
|
8
|
+
# Honeyport to simulate httpd server
|
9
|
+
#
|
10
|
+
###############################################################################
|
11
|
+
module Dvash
|
12
|
+
|
13
|
+
class Honeyport < Validation
|
14
|
+
|
15
|
+
def ipv4_http
|
16
|
+
server = TCPServer.new(80)
|
17
|
+
loop do
|
18
|
+
Thread.fork(server.accept) do |client|
|
19
|
+
# send the client junk data
|
20
|
+
client.puts(random_data)
|
21
|
+
@@os.block_ip(client_ip(client))
|
22
|
+
client.close
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Defense - HTTPd IPv6 Honeyport
|
4
|
+
# version 1.0
|
5
|
+
#
|
6
|
+
# Written By: Ari Mizrahi
|
7
|
+
#
|
8
|
+
# Honeyport to simulate httpd server
|
9
|
+
#
|
10
|
+
###############################################################################
|
11
|
+
module Dvash
|
12
|
+
|
13
|
+
class Honeyport < Validation
|
14
|
+
|
15
|
+
def ipv4_http
|
16
|
+
server = TCPServer.new('::', 80)
|
17
|
+
loop do
|
18
|
+
Thread.fork(server.accept) do |client|
|
19
|
+
# send the client junk data
|
20
|
+
client.puts(random_data)
|
21
|
+
@@os.block_ip(client_ip(client))
|
22
|
+
client.close
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
28
|
+
end
|
data/lib/dvash/os/mac.rb
ADDED
@@ -0,0 +1,70 @@
|
|
1
|
+
require 'ipaddr'
|
2
|
+
require 'securerandom'
|
3
|
+
|
4
|
+
module Dvash
|
5
|
+
|
6
|
+
class Validation
|
7
|
+
|
8
|
+
def valid_user?
|
9
|
+
Process.uid == 0
|
10
|
+
end
|
11
|
+
|
12
|
+
def valid_ip?(address)
|
13
|
+
begin
|
14
|
+
IPAddr.new("#{address}")
|
15
|
+
true
|
16
|
+
rescue
|
17
|
+
false
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def validate_os
|
22
|
+
system = RUBY_PLATFORM
|
23
|
+
case system
|
24
|
+
when /mswin|msys|mingw|cygwin|bccwin|wince|emc/
|
25
|
+
require 'dvash/os/windows'
|
26
|
+
@@os = Dvash::Windows.new
|
27
|
+
when /darwin|mac os/
|
28
|
+
require 'dvash/os/mac'
|
29
|
+
@@os = Dvash::Mac.new
|
30
|
+
when /linux/
|
31
|
+
require 'dvash/os/linux'
|
32
|
+
@@os = Dvash::Linux.new
|
33
|
+
when /solaris|bsd/
|
34
|
+
# TODO: BSD support
|
35
|
+
exit
|
36
|
+
else
|
37
|
+
puts "invalid operating system" # replace me
|
38
|
+
exit
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def load_conf
|
43
|
+
begin
|
44
|
+
@@cfgfile = ParseConfig.new(@paths[:config_path])
|
45
|
+
rescue
|
46
|
+
puts "invalid configuration file" # replace me
|
47
|
+
exit
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def load_honeyport
|
52
|
+
@@cfgfile['honeyports'].each do |key, value|
|
53
|
+
if value == 'true' then
|
54
|
+
ipver, proto = key.split("_")
|
55
|
+
require "dvash/honeyports/#{ipver}/#{proto}"
|
56
|
+
@honey_threads << Thread.new { Dvash::Honeyport.new.send(key) }
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
def random_data
|
62
|
+
SecureRandom.random_bytes(64)
|
63
|
+
end
|
64
|
+
|
65
|
+
def client_ip(client)
|
66
|
+
client.peeraddr[3]
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
end
|
metadata
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: dvash
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Ari Mizrahi
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2013-04-01 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: parseconfig
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '1.0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1.0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: bundler
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ~>
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '1.3'
|
38
|
+
type: :runtime
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '1.3'
|
46
|
+
description: Part honeypot, part defense system. Opens up ports and simulates services
|
47
|
+
in order to look like an attractive target. Hosts that try to connect to the fake
|
48
|
+
services are considered attackers and blocked from all access.
|
49
|
+
email: codemunchies@gmail.com
|
50
|
+
executables:
|
51
|
+
- dvash
|
52
|
+
extensions: []
|
53
|
+
extra_rdoc_files: []
|
54
|
+
files:
|
55
|
+
- lib/dvash/honeyports/ipv4/http.rb
|
56
|
+
- lib/dvash/honeyports/ipv6/http.rb
|
57
|
+
- lib/dvash/os/linux.rb
|
58
|
+
- lib/dvash/os/mac.rb
|
59
|
+
- lib/dvash/os/windows.rb
|
60
|
+
- lib/dvash/application.rb
|
61
|
+
- lib/dvash/validation.rb
|
62
|
+
- lib/dvash.rb
|
63
|
+
- dvash.gemspec
|
64
|
+
- Gemfile
|
65
|
+
- bin/dvash
|
66
|
+
homepage: http://github.com/codemunchies/dvash
|
67
|
+
licenses: []
|
68
|
+
post_install_message:
|
69
|
+
rdoc_options: []
|
70
|
+
require_paths:
|
71
|
+
- lib
|
72
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ! '>='
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
78
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
79
|
+
none: false
|
80
|
+
requirements:
|
81
|
+
- - ! '>='
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '0'
|
84
|
+
requirements: []
|
85
|
+
rubyforge_project:
|
86
|
+
rubygems_version: 1.8.25
|
87
|
+
signing_key:
|
88
|
+
specification_version: 3
|
89
|
+
summary: Very alpha honeypot defense system
|
90
|
+
test_files: []
|