micetrap 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/.gemtest +0 -0
  2. data/Gemfile.lock +1 -2
  3. data/Rakefile +1 -0
  4. data/Readme.md +16 -16
  5. data/lib/micetrap/version.rb +1 -1
  6. metadata +4 -3
data/.gemtest ADDED
File without changes
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- micetrap (0.0.1)
4
+ micetrap (0.1.0)
5
5
  trollop
6
6
 
7
7
  GEM
@@ -40,4 +40,3 @@ DEPENDENCIES
40
40
  guard-rspec
41
41
  micetrap!
42
42
  rspec (~> 2.3.0)
43
- trollop
data/Rakefile CHANGED
@@ -8,3 +8,4 @@ RSpec::Core::RakeTask.new(:spec) do |spec|
8
8
  end
9
9
 
10
10
  task :default => :spec
11
+ task :test => [:spec]
data/Readme.md CHANGED
@@ -6,7 +6,7 @@
6
6
  .--'-`-. _((_ `^--' /_< \
7
7
  .+|______|__.-||__)`-'(((/ (((/
8
8
 
9
- Catch hackers on the fly with micetrap!
9
+ Catch hackers on the fly with *micetrap*!
10
10
 
11
11
  Micetrap opens a server on either a given or random port, emulating fake
12
12
  vulnerable services. Port scanners such as Nmap, when fingerprinting ports
@@ -15,7 +15,7 @@ responses from common services such as FTP, HTTP or MySQL servers,
15
15
  therefore misleading potential attackers with false information.
16
16
 
17
17
  Depending on the operating system you are using, micetrap will try its best
18
- to +look feasible+ by choosing the appropriate fake services and versions
18
+ to _look feasible_ by choosing the appropriate fake services and versions
19
19
  to emulate. Whenever possible, micetrap will provide a bit outdated versions
20
20
  which are more likely to be vulnerable, and thus making the attacker focus
21
21
  on those ports. While the attacker tries to exploit these ports, she is
@@ -29,11 +29,11 @@ which may give you advantage at tricking a smart attacker.
29
29
 
30
30
  ##Install
31
31
 
32
- gem install micetrap
32
+ gem install micetrap
33
33
 
34
34
  ...or, if you want to be able to use it with sudo:
35
35
 
36
- sudo gem install micetrap
36
+ sudo gem install micetrap
37
37
 
38
38
  Micetrap currently runs on Ruby versions 1.8.7 and 1.9.2.
39
39
 
@@ -41,13 +41,13 @@ Micetrap currently runs on Ruby versions 1.8.7 and 1.9.2.
41
41
 
42
42
  Just fire up the server with some fake service, such an ftp server:
43
43
 
44
- micetrap ftp --port 8765
44
+ micetrap ftp --port 8765
45
45
 
46
46
  If everything is ok, you will see something like this:
47
47
 
48
- (some timestamp) ::: Ftp trap listening on ::ffff:0.0.0.0:8765 :::
48
+ (some timestamp) ::: Ftp trap listening on ::ffff:0.0.0.0:8765 :::
49
49
 
50
- TL;DR: Most port scanners such as _nmap_ have some kind of fingerprinting
50
+ TL;DR: Most port scanners such as *nmap* have some kind of fingerprinting
51
51
  capabilities. This means that, in order to discover which services and
52
52
  versions run behind a specific port, they send special packets or _probes_
53
53
  which make different services and versions react differently. By capturing
@@ -59,24 +59,24 @@ respond with a welcome banner telling interesting stuff about them. Micetrap
59
59
  only responds to those early blank probes. Let's try to port-scan this fake
60
60
  ftp service with nmap fingerprinting:
61
61
 
62
- nmap 127.0.0.1 -p 8765 -A
62
+ nmap 127.0.0.1 -p 8765 -A
63
63
 
64
64
  We are scanning localhost, port 8765, and -A means service version detection
65
65
  and OS guessing. After a while, in our micetrap server terminal we see:
66
66
 
67
- (timestamp) Recorded a probe coming from ::ffff:127.0.0.1:51082 containing
68
- the following: (empty line)
67
+ (timestamp) Recorded a probe coming from ::ffff:127.0.0.1:51082 containing
68
+ the following: (empty line)
69
69
 
70
- (timestamp) ::: Responded misleadingly: let's drive those hackers nuts! :::
70
+ (timestamp) ::: Responded misleadingly: let's drive those hackers nuts! :::
71
71
 
72
72
  These gets logged inside a .log file within the current directory.
73
73
  And in the nmap terminal:
74
74
 
75
- Starting Nmap 5.35DC1 ( http://nmap.org ) at (timestamp)
76
- Nmap scan report for localhost (127.0.0.1)
77
- Host is up (0.00017s latency).
78
- PORT STATE SERVICE VERSION
79
- 8765/tcp open ftp Mac OS X Server ftpd
75
+ Starting Nmap 5.35DC1 ( http://nmap.org ) at (timestamp)
76
+ Nmap scan report for localhost (127.0.0.1)
77
+ Host is up (0.00017s latency).
78
+ PORT STATE SERVICE VERSION
79
+ 8765/tcp open ftp Mac OS X Server ftpd
80
80
 
81
81
  The faked service/version is random (you can start an ftp server which looks
82
82
  like lukemftpd, Mac OS X server ftpd or PureFTPd for example), but it is
data/lib/micetrap/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Micetrap
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 1
8
- - 0
9
- version: 0.1.0
8
+ - 1
9
+ version: 0.1.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - Josep M. Bach
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2011-01-06 00:00:00 +01:00
17
+ date: 2011-02-02 00:00:00 +01:00
18
18
  default_executable: micetrap
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -96,6 +96,7 @@ extensions: []
96
96
  extra_rdoc_files: []
97
97
 
98
98
  files:
99
+ - .gemtest
99
100
  - .gitignore
100
101
  - .rspec
101
102
  - .rvmrc