ADD: Support for passive attacks on Dionaea honeypots

README.md

@@ -63,10 +63,17 @@ The following instructions will guide you through the process of setting up Hone
 
 - If you prefer to test Honeyscanner against [Kippo](https://github.com/desaster/kippo), you can use the following Docker Image in DockerHub [here](https://hub.docker.com/r/aristofanischionis/kippo).
 
+- For testing Honeyscanner against [Dionaea](https://github.com/DinoTools/dionaea), use the following Docker Image in DockerHub [here](https://hub.docker.com/r/dinotools/dionaea).
+
+- For testing Honeyscanner against [Conpot](https://github.com/mushorg/conpot), use the following Docker Image in DockerHub [here](https://hub.docker.com/r/honeynet/conpot). 
+
 - After running a Honeypot using Docker containers locally, you will be able to specify the following parameters: `--target_ip 127.0.0.1 --port 2222` when running the Honeyscanner.
 
 > **__NOTE__:** NEVER RUN `Honeyscanner` AGAINST HONEYPOTS YOU DO NOT OWN, OR YOU DO NOT HAVE EXPLICIT PERMISSION TO TEST.
 
+> **__NOTE__:** Currently `Honeyscanner` cannot actively attack the `Dionaea` and the `Conpot` honeypots, it can only use its passive scanners and discover vulnerabilities and CVEs on them.
+
+> **__NOTE__:** For `Dionaea` only version 0.11.0 is supported at this stage of `Honeyscanner`. For `Conpot`, all versions up to `0.6.0` are supported.
 ## Usage
 
 Use the following examples as a reference for how to run `Honeyscanner`:
@@ -77,6 +84,12 @@ python3 main.py --honeypot cowrie --honeypot_version 2.5.0 --target_ip 127.0.0.1
 ```bash
 python3 main.py --honeypot kippo --honeypot_version 0.9 --target_ip 127.0.0.1 --port 2222
 ```
+```bash
+python3 main.py --honeypot dionaea --honeypot_version 0.11.0 --target_ip 127.0.0.1 --port 2323
+```
+```bash
+python3 main.py --honeypot conpot --honeypot_version 0.6.0 --target_ip 127.0.0.1 --port 2323
+```
 
 ## Contributors
 

honeyscanner/Pipfile

@@ -15,4 +15,4 @@ boofuzz = "*"
 
 [requires]
 python_version = "3.9"
-python_full_version = "3.9.12"
+python_full_version = "3.9.12"

honeyscanner/active_attacks/attack_orchestrator.py

@@ -3,7 +3,6 @@
 from .fuzzing import Fuzzing
 from .software_exploit import SoftwareExploit
 from .tar_bomb import TarBomb
-# from ssh_keep_aliver import SSHKeepAliver
 # from .honeypot_port_scanner.honeypot_port_scanner import HoneypotPortScanner
 
 class AttackOrchestrator:
@@ -12,9 +11,9 @@ def __init__(self, honeypot):
         self.attacks = [
             Fuzzing(honeypot), # Successfully ran! - not crashing the honeypot - try to get some insights instead of crashing
             TarBomb(honeypot), # should be rechecked, works but doesn't crash the honeypot
-            SoftwareExploit(honeypot), # Successfully ran! - not managed to exploit something
+            # TODO: SoftwareExploit still is slow
+            # SoftwareExploit(honeypot), # Successfully ran! - not managed to exploit something
             DoS(honeypot) # Successfully ran! - crashes the honeypot
-            # SSHKeepAliver(honeypot) # Not working yet... I don't know if I should keep it
         ]
         self.results = []
 
@@ -52,6 +51,4 @@ def generate_report(self):
                 report += f"  Exploits used are saved in: {result[3]}\n\n"
             elif attack_name == "TarBomb":
                 report += f"  Number of bombs used: {result[3]}\n\n"
-            # elif attack_name == "SSHKeepAliver":
-            #     report += f"  Number of keep-alive packets sent: {result[3]}\n\n"
         return report

honeyscanner/core.py

@@ -1,4 +1,4 @@
-from honeypots import Cowrie, Kippo
+from honeypots import Cowrie, Kippo, Dionaea, Conpot
 from passive_attacks import AttackOrchestrator as PassiveAttackOrchestrator
 from active_attacks import AttackOrchestrator as ActiveAttackOrchestrator
 from report_generator import ReportGenerator
@@ -15,7 +15,9 @@ def __init__(self, honeypot_type, honeypot_version, honeypot_ip, honeypot_port,
     def create_honeypot(self, honeypot_type, honeypot_version, honeypot_ip, honeypot_port, honeypot_username, honeypot_password):  
         honeypot_class_map = {  
             'cowrie': Cowrie,  
-            'kippo': Kippo,  
+            'kippo': Kippo,
+            'dionaea': Dionaea,
+            'conpot': Conpot
         }  
         if honeypot_type not in honeypot_class_map:  
             supported_honeypots = ', '.join(honeypot_class_map.keys())
@@ -26,6 +28,9 @@ def run_all_attacks(self):
         # Passive attacks
         self.passive_attack_orchestrator.run_attacks()
         self.passive_attack_results = self.passive_attack_orchestrator.generate_report()
+        if (self.honeypot.name == "dionaea" or self.honeypot.name == "conpot"):
+            print("Dionaea and Conpot do not support active attacks yet, stay tuned for updates!")
+            return
         # Active attacks
         self.active_attack_orchestrator.run_attacks()
         self.active_attack_results = self.active_attack_orchestrator.generate_report()

honeyscanner/honeypots/__init__.py

@@ -1,2 +1,4 @@
 from .cowrie import Cowrie
-from .kippo import Kippo
+from .kippo import Kippo
+from .dionaea import Dionaea
+from .conpot import Conpot

honeyscanner/honeypots/conpot.py

@@ -0,0 +1,64 @@
+from .base_honeypot import BaseHoneypot
+
+class Conpot(BaseHoneypot):
+    def __init__(self, version, ip, port, username='', password=''):
+        if username is None:
+            username = ''
+        if password is None:
+            password = ''
+        super().__init__("conpot", version, ip, port, username, password)
+
+    def set_source_code_url(self):
+        return "https://github.com/mushorg/conpot/archive/refs/tags"
+
+    def set_versions_list(self):
+        return [
+            {
+                "version": "0.6.0",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.6.0/requirements.txt",
+            },
+            {
+                "version": "0.5.2",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.5.2/requirements.txt",
+            },
+            {
+                "version": "0.5.1",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.5.1/requirements.txt",
+            },
+            {
+                "version": "0.5.0",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.5.0/requirements.txt",
+            },
+            {
+                "version": "0.4.0",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.4.0/requirements.txt",
+            },
+            {
+                "version": "0.3.1",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.3.1/requirements.txt",
+            },
+            {
+                "version": "0.3.0",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.3.0/requirements.txt",
+            },
+            # NO Release_ used in front of the version from here on
+            {
+                "version": "0.2.2",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2.2/requirements.txt",
+            },
+            {
+                "version": "0.2.2",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2.2/requirements.txt",
+            },
+            {
+                "version": "0.2.1",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2.1/requirements.txt",
+            },
+            {
+                "version": "0.2",
+                "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2/requirements.txt",
+            }
+        ]
+
+    def set_owner(self):
+        return "mushorg"

honeyscanner/honeypots/dionaea.py

@@ -0,0 +1,29 @@
+from .base_honeypot import BaseHoneypot
+
+class Dionaea(BaseHoneypot):
+    def __init__(self, version, ip, port, username='', password=''):
+        # Dionaea does not have a default username and password
+        if username is None:
+            username = ''
+        if password is None:
+            password = ''
+        super().__init__("dionaea", version, ip, port, username, password)
+
+    def set_source_code_url(self):
+        return "https://github.com/DinoTools/dionaea/archive/refs/tags"
+
+    # I manually inspected the Dockerfile provided from T-pot (https://github.com/telekom-security/tpotce/blob/master/docker/dionaea/Dockerfile)
+    # and I found all the python3 dependencies, then I inspected the date of the last release tag 30 Nov 2020
+    # I could manually create the requirements file for all the versions, it could change just the packages version.
+    # But as there only 3 packages I figured out that is probably not worth the time.
+
+    def set_versions_list(self):
+        return [
+            {
+                "version": "0.11.0",
+                "requirements_url": "https://raw.githubusercontent.com/aristofanischionis/DinoTools-dionaea/main/requirements.txt",
+            }
+        ]
+
+    def set_owner(self):
+        return "DinoTools"

honeyscanner/main.py

@@ -29,8 +29,8 @@ def parse_arguments():
         "--honeypot",
         type=sanitize_string,
         required=True,
-        choices=["cowrie", "kippo"],
-        help="Honeypot to analyze, currently supported: (cowrie and kippo)",
+        choices=["cowrie", "kippo", "dionaea", "conpot"],
+        help="Honeypot to analyze, currently supported: (cowrie, kippo, dionaea and conpot)",
     )
     parser.add_argument(
         "--honeypot_version",
@@ -88,8 +88,4 @@ def main():
 if __name__ == "__main__":
     main()
 
-# Example run: python3 main.py --honeypot cowrie --honeypot_version 2.5.0 --target_ip 127.0.0.1 --port 2222 --username root --password 1234
-# Example run: python3 main.py --honeypot kippo --honeypot_version 0.9 --target_ip 127.0.0.1 --port 2222 --username root --password 123456
-
-# TODO: see again the software exploit module, SUPER SLOW maybe I can somehow speed it up
 # TODO: fix the report