dvash 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- data/dvash.gemspec +3 -3
- data/lib/dvash.rb +1 -1
- data/lib/dvash/honeyports/ipv4/rdp.rb +51 -0
- data/lib/dvash/honeyports/ipv4/ssh.rb +51 -0
- data/lib/dvash/honeyports/ipv4/telnet.rb +51 -0
- data/lib/dvash/honeyports/ipv6/rdp.rb +51 -0
- data/lib/dvash/honeyports/ipv6/ssh.rb +51 -0
- metadata +7 -2
data/dvash.gemspec
CHANGED
@@ -2,15 +2,15 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "dvash"
|
5
|
-
s.version = "0.0.
|
5
|
+
s.version = "0.0.7"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Ari Mizrahi"]
|
9
|
-
s.date = "2013-04-
|
9
|
+
s.date = "2013-04-29"
|
10
10
|
s.description = "Part honeypot, part defense system. Opens up ports and simulates services in order to look like an attractive target. Hosts that try to connect to the fake services are considered attackers and blocked from all access."
|
11
11
|
s.email = "codemunchies@gmail.com"
|
12
12
|
s.executables = ["dvash"]
|
13
|
-
s.files = ["etc/dvash-baseline.conf", "lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/core.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
|
13
|
+
s.files = ["etc/dvash-baseline.conf", "lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv4/rdp.rb", "lib/dvash/honeyports/ipv4/ssh.rb", "lib/dvash/honeyports/ipv4/telnet.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/honeyports/ipv6/rdp.rb", "lib/dvash/honeyports/ipv6/ssh.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/core.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
|
14
14
|
s.homepage = "http://github.com/codemunchies/dvash"
|
15
15
|
s.require_paths = ["lib"]
|
16
16
|
s.rubygems_version = "1.8.25"
|
data/lib/dvash.rb
CHANGED
@@ -30,7 +30,7 @@ module Dvash
|
|
30
30
|
# A command-line interface using OptionParser
|
31
31
|
#
|
32
32
|
OptionParser.new do |opts|
|
33
|
-
opts.banner = "Dvash 0.0.
|
33
|
+
opts.banner = "Dvash 0.0.7 ( http://www.github.com/codemunchies/dvash )\n"
|
34
34
|
opts.banner += "Usage: dvash [options]"
|
35
35
|
#
|
36
36
|
# Option to set an alternate configuration file
|
@@ -0,0 +1,51 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Defense - RDP IPv4 Honeyport
|
4
|
+
# version 1.0
|
5
|
+
#
|
6
|
+
# Written By: Ari Mizrahi
|
7
|
+
#
|
8
|
+
# Honeyport to simulate rdp server
|
9
|
+
#
|
10
|
+
###############################################################################
|
11
|
+
module Dvash
|
12
|
+
|
13
|
+
class Honeyport < Core
|
14
|
+
|
15
|
+
def ipv4_rdp
|
16
|
+
#
|
17
|
+
# Create a new IPv4 TCPServer object
|
18
|
+
#
|
19
|
+
server = TCPServer.new(3389)
|
20
|
+
#
|
21
|
+
# Infinite loop listens on port 3389 pretending to be an RDP server
|
22
|
+
#
|
23
|
+
loop do
|
24
|
+
#
|
25
|
+
# Fork a new instance of the TCPServer object when a client connects
|
26
|
+
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
+
#
|
28
|
+
Thread.fork(server.accept) do |client|
|
29
|
+
#
|
30
|
+
# Send the connected client junk data
|
31
|
+
#
|
32
|
+
client.puts(random_data)
|
33
|
+
#
|
34
|
+
# Make sure the client has a valid IP address
|
35
|
+
#
|
36
|
+
if valid_ip?(client_ip(client)) then
|
37
|
+
#
|
38
|
+
# Block the IP address
|
39
|
+
#
|
40
|
+
@@os.block_ip(client_ip(client))
|
41
|
+
end
|
42
|
+
#
|
43
|
+
# Close the connection to the client and kill the forked process
|
44
|
+
#
|
45
|
+
client.close
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Defense - SSHd IPv4 Honeyport
|
4
|
+
# version 1.0
|
5
|
+
#
|
6
|
+
# Written By: Ari Mizrahi
|
7
|
+
#
|
8
|
+
# Honeyport to simulate sshd server
|
9
|
+
#
|
10
|
+
###############################################################################
|
11
|
+
module Dvash
|
12
|
+
|
13
|
+
class Honeyport < Core
|
14
|
+
|
15
|
+
def ipv4_ssh
|
16
|
+
#
|
17
|
+
# Create a new IPv4 TCPServer object
|
18
|
+
#
|
19
|
+
server = TCPServer.new(22)
|
20
|
+
#
|
21
|
+
# Infinite loop listens on port 22 pretending to be an SSH server
|
22
|
+
#
|
23
|
+
loop do
|
24
|
+
#
|
25
|
+
# Fork a new instance of the TCPServer object when a client connects
|
26
|
+
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
+
#
|
28
|
+
Thread.fork(server.accept) do |client|
|
29
|
+
#
|
30
|
+
# Send the connected client junk data
|
31
|
+
#
|
32
|
+
client.puts(random_data)
|
33
|
+
#
|
34
|
+
# Make sure the client has a valid IP address
|
35
|
+
#
|
36
|
+
if valid_ip?(client_ip(client)) then
|
37
|
+
#
|
38
|
+
# Block the IP address
|
39
|
+
#
|
40
|
+
@@os.block_ip(client_ip(client))
|
41
|
+
end
|
42
|
+
#
|
43
|
+
# Close the connection to the client and kill the forked process
|
44
|
+
#
|
45
|
+
client.close
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Defense - Telnetd IPv4 Honeyport
|
4
|
+
# version 1.0
|
5
|
+
#
|
6
|
+
# Written By: Ari Mizrahi
|
7
|
+
#
|
8
|
+
# Honeyport to simulate telnetd server
|
9
|
+
#
|
10
|
+
###############################################################################
|
11
|
+
module Dvash
|
12
|
+
|
13
|
+
class Honeyport < Core
|
14
|
+
|
15
|
+
def ipv4_telnet
|
16
|
+
#
|
17
|
+
# Create a new IPv4 TCPServer object
|
18
|
+
#
|
19
|
+
server = TCPServer.new(23)
|
20
|
+
#
|
21
|
+
# Infinite loop listens on port 23 pretending to be an Telnet server
|
22
|
+
#
|
23
|
+
loop do
|
24
|
+
#
|
25
|
+
# Fork a new instance of the TCPServer object when a client connects
|
26
|
+
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
+
#
|
28
|
+
Thread.fork(server.accept) do |client|
|
29
|
+
#
|
30
|
+
# Send the connected client junk data
|
31
|
+
#
|
32
|
+
client.puts(random_data)
|
33
|
+
#
|
34
|
+
# Make sure the client has a valid IP address
|
35
|
+
#
|
36
|
+
if valid_ip?(client_ip(client)) then
|
37
|
+
#
|
38
|
+
# Block the IP address
|
39
|
+
#
|
40
|
+
@@os.block_ip(client_ip(client))
|
41
|
+
end
|
42
|
+
#
|
43
|
+
# Close the connection to the client and kill the forked process
|
44
|
+
#
|
45
|
+
client.close
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Defense - RDP IPv6 Honeyport
|
4
|
+
# version 1.0
|
5
|
+
#
|
6
|
+
# Written By: Ari Mizrahi
|
7
|
+
#
|
8
|
+
# Honeyport to simulate rdp server
|
9
|
+
#
|
10
|
+
###############################################################################
|
11
|
+
module Dvash
|
12
|
+
|
13
|
+
class Honeyport < Core
|
14
|
+
|
15
|
+
def ipv6_rdp
|
16
|
+
#
|
17
|
+
# Create a new IPv6 TCPServer object
|
18
|
+
#
|
19
|
+
server = TCPServer.new('::', 3389)
|
20
|
+
#
|
21
|
+
# Infinite loop listens on port 3389 pretending to be an RDP server
|
22
|
+
#
|
23
|
+
loop do
|
24
|
+
#
|
25
|
+
# Fork a new instance of the TCPServer object when a client connects
|
26
|
+
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
+
#
|
28
|
+
Thread.fork(server.accept) do |client|
|
29
|
+
#
|
30
|
+
# Send the connected client junk data
|
31
|
+
#
|
32
|
+
client.puts(random_data)
|
33
|
+
#
|
34
|
+
# Make sure the client has a valid IP address
|
35
|
+
#
|
36
|
+
if valid_ip?(client_ip(client)) then
|
37
|
+
#
|
38
|
+
# Block the IP address
|
39
|
+
#
|
40
|
+
@@os.block_ip(client_ip(client))
|
41
|
+
end
|
42
|
+
#
|
43
|
+
# Close the connection to the client and kill the forked process
|
44
|
+
#
|
45
|
+
client.close
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# Dvash Defense - SSHd IPv4 Honeyport
|
4
|
+
# version 1.0
|
5
|
+
#
|
6
|
+
# Written By: Ari Mizrahi
|
7
|
+
#
|
8
|
+
# Honeyport to simulate sshd server
|
9
|
+
#
|
10
|
+
###############################################################################
|
11
|
+
module Dvash
|
12
|
+
|
13
|
+
class Honeyport < Core
|
14
|
+
|
15
|
+
def ipv6_ssh
|
16
|
+
#
|
17
|
+
# Create a new IPv6 TCPServer object
|
18
|
+
#
|
19
|
+
server = TCPServer.new('::', 22)
|
20
|
+
#
|
21
|
+
# Infinite loop listens on port 22 pretending to be an SSH server
|
22
|
+
#
|
23
|
+
loop do
|
24
|
+
#
|
25
|
+
# Fork a new instance of the TCPServer object when a client connects
|
26
|
+
# TODO: Maybe we should not send junk data until after the client IP has been validated
|
27
|
+
#
|
28
|
+
Thread.fork(server.accept) do |client|
|
29
|
+
#
|
30
|
+
# Send the connected client junk data
|
31
|
+
#
|
32
|
+
client.puts(random_data)
|
33
|
+
#
|
34
|
+
# Make sure the client has a valid IP address
|
35
|
+
#
|
36
|
+
if valid_ip?(client_ip(client)) then
|
37
|
+
#
|
38
|
+
# Block the IP address
|
39
|
+
#
|
40
|
+
@@os.block_ip(client_ip(client))
|
41
|
+
end
|
42
|
+
#
|
43
|
+
# Close the connection to the client and kill the forked process
|
44
|
+
#
|
45
|
+
client.close
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dvash
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-04-
|
12
|
+
date: 2013-04-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: parseconfig
|
@@ -54,7 +54,12 @@ extra_rdoc_files: []
|
|
54
54
|
files:
|
55
55
|
- etc/dvash-baseline.conf
|
56
56
|
- lib/dvash/honeyports/ipv4/http.rb
|
57
|
+
- lib/dvash/honeyports/ipv4/rdp.rb
|
58
|
+
- lib/dvash/honeyports/ipv4/ssh.rb
|
59
|
+
- lib/dvash/honeyports/ipv4/telnet.rb
|
57
60
|
- lib/dvash/honeyports/ipv6/http.rb
|
61
|
+
- lib/dvash/honeyports/ipv6/rdp.rb
|
62
|
+
- lib/dvash/honeyports/ipv6/ssh.rb
|
58
63
|
- lib/dvash/os/linux.rb
|
59
64
|
- lib/dvash/os/mac.rb
|
60
65
|
- lib/dvash/os/windows.rb
|