dvash 0.0.1

data/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gemspec

data/bin/dvash

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'dvash'
+
+Dvash.start

data/dvash.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "dvash"
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Ari Mizrahi"]
+  s.date = "2013-04-01"
+  s.description = "Part honeypot, part defense system.  Opens up ports and simulates services in order to look like an attractive target.  Hosts that try to connect to the fake services are considered attackers and blocked from all access."
+  s.email = "codemunchies@gmail.com"
+  s.executables = ["dvash"]
+  s.files = ["lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/validation.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
+  s.homepage = "http://github.com/codemunchies/dvash"
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.25"
+  s.summary = "Very alpha honeypot defense system"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<parseconfig>, ["~> 1.0"])
+      s.add_runtime_dependency(%q<bundler>, ["~> 1.3"])
+    else
+      s.add_dependency(%q<parseconfig>, ["~> 1.0"])
+      s.add_dependency(%q<bundler>, ["~> 1.3"])
+    end
+  else
+    s.add_dependency(%q<parseconfig>, ["~> 1.0"])
+    s.add_dependency(%q<bundler>, ["~> 1.3"])
+  end
+end

data/lib/dvash.rb

@@ -0,0 +1,49 @@
+require 'dvash/application'
+
+require 'optparse'
+
+# Dvash Defense
+# 
+# Written By: Ari Mizrahi
+# 
+# Part honeypot, part defense system.  Opens up ports and simulates services
+# in order to look like an attractive target.  Hosts that try to connect to
+# the fake services are considered attackers and blocked from all access.
+# 
+# Heavily inspired by The Artillery Project by Dave Kennedy (ReL1K) with a
+# passion for ruby and a thirst for knowledge.
+
+module Dvash
+  
+  # Start a new Dvash instance
+  def self.start(paths={})
+
+    # Set default options
+    paths[:config_path] = '/etc/dvash.conf'
+    paths[:log_path] = '/var/log/dvash.conf'
+    
+    # Command-line interface
+    OptionParser.new do |opts|
+      opts.banner = "Usage: #{__FILE__} [options]"
+
+      opts.on("--config-file [PATH]", "Set path to config file") do |arg|
+        paths[:config_path] = arg
+      end
+
+      opts.on("--log-file [PATH]", "Set path to log file") do |arg|
+        paths[:log_path] = arg
+      end
+    end.parse!
+
+    # Create and start an Application instance
+    #begin
+      application = Dvash::Application.new(paths)
+      application.start
+    #rescue
+    #  puts "couldn't start application" # replace me
+    #  exit
+    #end
+
+
+  end
+end

data/lib/dvash/application.rb

@@ -0,0 +1,28 @@
+require 'dvash/validation'
+
+require 'parseconfig'
+
+module Dvash
+
+	class Application < Validation
+
+		def initialize(paths)
+			@honey_threads = Array.new
+			@paths = paths
+
+			validate_os
+		end
+
+		def start
+			unless valid_user?
+				puts "invalid user" # replace me
+				exit
+			end
+
+			load_conf
+			load_honeyport
+			@honey_threads.each { |thr| thr.join }
+		end
+
+	end
+end

data/lib/dvash/honeyports/ipv4/http.rb

@@ -0,0 +1,28 @@
+###############################################################################
+#
+#  Dvash Defense - HTTPd IPv4 Honeyport
+#  version 1.0
+#
+#  Written By: Ari Mizrahi
+#
+#  Honeyport to simulate httpd server
+#
+###############################################################################
+module Dvash
+
+	class Honeyport < Validation
+
+		def ipv4_http
+			server = TCPServer.new(80)
+			loop do
+			    Thread.fork(server.accept) do |client| 
+			        # send the client junk data
+			        client.puts(random_data)
+			        @@os.block_ip(client_ip(client))
+			        client.close
+			    end
+			end
+		end
+
+	end
+end

data/lib/dvash/honeyports/ipv6/http.rb

@@ -0,0 +1,28 @@
+###############################################################################
+#
+#  Dvash Defense - HTTPd IPv6 Honeyport
+#  version 1.0
+#
+#  Written By: Ari Mizrahi
+#
+#  Honeyport to simulate httpd server
+#
+###############################################################################
+module Dvash
+
+	class Honeyport < Validation
+
+		def ipv4_http
+			server = TCPServer.new('::', 80)
+			loop do
+			    Thread.fork(server.accept) do |client| 
+			        # send the client junk data
+			        client.puts(random_data)
+			        @@os.block_ip(client_ip(client))
+			        client.close
+			    end
+			end
+		end
+
+	end
+end

data/lib/dvash/os/linux.rb

@@ -0,0 +1,16 @@
+module Dvash
+
+	class Linux
+
+		def initialize
+
+			# TODO: prepare iptables
+		end
+
+		def block_ip(address)
+
+			# TODO
+		end
+
+	end
+end

data/lib/dvash/os/mac.rb

@@ -0,0 +1,10 @@
+module Dvash
+
+	class Mac < Validation
+
+		def block_ip(address)
+			system("#{@@cfgfile['ipfw']['ipfw']} -q add deny src-ip #{address}")
+		end
+
+	end
+end

data/lib/dvash/os/windows.rb

@@ -0,0 +1,11 @@
+module Dvash
+	
+	class Windows
+
+		def block_ip(address)
+
+			# TODO
+		end
+
+	end
+end

data/lib/dvash/validation.rb

@@ -0,0 +1,70 @@
+require 'ipaddr'
+require 'securerandom'
+
+module Dvash
+
+	class Validation
+
+		def valid_user?
+			Process.uid == 0
+		end
+
+		def valid_ip?(address)
+			begin
+				IPAddr.new("#{address}")
+				true
+			rescue
+				false
+			end
+		end
+
+		def validate_os
+			system = RUBY_PLATFORM
+			case system
+			when /mswin|msys|mingw|cygwin|bccwin|wince|emc/
+				require 'dvash/os/windows'
+	      @@os = Dvash::Windows.new
+			when /darwin|mac os/
+				require 'dvash/os/mac'
+	      @@os = Dvash::Mac.new
+			when /linux/
+				require 'dvash/os/linux'
+	      @@os = Dvash::Linux.new
+			when /solaris|bsd/
+				# TODO: BSD support
+				exit
+			else
+				puts "invalid operating system" # replace me
+	      exit
+			end
+		end
+
+		def load_conf
+			begin
+				@@cfgfile = ParseConfig.new(@paths[:config_path])
+			rescue
+				puts "invalid configuration file" # replace me
+				exit
+			end
+		end
+
+		def load_honeyport
+			@@cfgfile['honeyports'].each do |key, value|
+				if value == 'true' then
+					ipver, proto = key.split("_")
+					require "dvash/honeyports/#{ipver}/#{proto}"
+					@honey_threads << Thread.new { Dvash::Honeyport.new.send(key) }
+				end
+			end
+		end
+
+		def random_data
+			SecureRandom.random_bytes(64)
+		end
+
+		def client_ip(client)
+			client.peeraddr[3]
+		end
+
+	end
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: dvash
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Ari Mizrahi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-04-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: parseconfig
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+description: Part honeypot, part defense system.  Opens up ports and simulates services
+  in order to look like an attractive target.  Hosts that try to connect to the fake
+  services are considered attackers and blocked from all access.
+email: codemunchies@gmail.com
+executables:
+- dvash
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dvash/honeyports/ipv4/http.rb
+- lib/dvash/honeyports/ipv6/http.rb
+- lib/dvash/os/linux.rb
+- lib/dvash/os/mac.rb
+- lib/dvash/os/windows.rb
+- lib/dvash/application.rb
+- lib/dvash/validation.rb
+- lib/dvash.rb
+- dvash.gemspec
+- Gemfile
+- bin/dvash
+homepage: http://github.com/codemunchies/dvash
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Very alpha honeypot defense system
+test_files: []