Skip to content

Commit 325c748

Browse files
committed
new honeypot
[;,,;] new honeypot
1 parent f595543 commit 325c748

5 files changed

Lines changed: 230 additions & 7 deletions

File tree

app.py

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,13 @@ def __init__(self):
5757
"startip":"192.168.1.1",
5858
"endip":"192.168.1.254",
5959
"spoof_ip":"185.199.110.153",
60-
"device":"eth0"
60+
"device":"eth0",
61+
"email_from":"email@gmail.com",
62+
"email_to":"email@gmail.com",
63+
"email_username":"email@gmail.com",
64+
"email_password":"pa$$w0rd",
65+
"smtp_server":"smtp.server.com",
66+
"smtp_port":"587"
6167
}
6268
self.scripts = [
6369
"lazysearch",
@@ -71,13 +77,14 @@ def __init__(self):
7177
"lazymetaextract0r",
7278
"lazyreverse_shell",
7379
"lazyattack",
74-
"lazyownclient",
75-
"lazyownserver",
80+
"lazyownratcli",
81+
"lazyownrat",
7682
"lazygath",
7783
"lazysniff",
7884
"lazynetbios",
7985
"lazybotnet",
80-
"lazybotcli"
86+
"lazybotcli",
87+
"lazyhoneypot"
8188
]
8289

8390
def do_set(self, line):
@@ -161,6 +168,13 @@ def run_lazynetbios(self):
161168
spoof_ip = self.params["spoof_ip"]
162169
subprocess.run(["python3", "modules/lazynetbios.py", startip, endip, spoof_ip])
163170

171+
def run_lazyhoneypot(self):
172+
173+
email_from = self.params["email_from"]
174+
email_to = self.params["email_to"]
175+
email_username = self.params["email_username"]
176+
email_password = self.params["email_password"]
177+
self.run_script("modules/lazyhoneypot.py", "--email_from", email_from, "--email_to", email_to, "--email_username", email_username, "--email_password", email_password)
164178
def run_lazygptcli(self):
165179
prompt = self.params["prompt"]
166180
api_key = self.params["api_key"]
@@ -177,7 +191,7 @@ def run_lazymetaextract0r(self):
177191
return
178192
self.run_script("modules/lazyown_metaextract0r.py", "--path", path)
179193

180-
def run_lazyownclient(self):
194+
def run_lazyownratcli(self):
181195
lhost = self.params["lhost"]
182196
lport = self.params["lport"]
183197
rat_key = self.params["rat_key"]
@@ -186,7 +200,7 @@ def run_lazyownclient(self):
186200
return
187201
self.run_script("modules/lazyownclient.py", "--host", lhost, "--port", str(lport), "--key", rat_key)
188202

189-
def run_lazyownserver(self):
203+
def run_lazyownrat(self):
190204
rhost = self.params["rhost"]
191205
rport = self.params["rport"]
192206
rat_key = self.params["rat_key"]

modules/lazyhonneypot.py

Lines changed: 175 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,175 @@
1+
import socket
2+
import paramiko
3+
import threading
4+
import logging
5+
import os
6+
import time
7+
import json
8+
import argparse
9+
from scapy.all import sniff, IP, TCP
10+
import smtplib
11+
from email.mime.text import MIMEText
12+
13+
def parse_args():
14+
parser = argparse.ArgumentParser(description='SSH Honeypot')
15+
parser.add_argument('--host', type=str, default='0.0.0.0', help='IP address to bind the honeypot')
16+
parser.add_argument('--port', type=int, default=2222, help='Port to bind the honeypot')
17+
parser.add_argument('--downloads_dir', type=str, default='downloads', help='Directory to save downloaded files')
18+
parser.add_argument('--log_file', type=str, default='honeypot.log', help='Log file path')
19+
parser.add_argument('--commands_log', type=str, default='commands.log', help='Commands log file path')
20+
parser.add_argument('--downloads_log', type=str, default='downloads.log', help='Downloads log file path')
21+
parser.add_argument('--smtp_server', type=str, default='smtp.gmail.com', help='SMTP server for sending alerts')
22+
parser.add_argument('--smtp_port', type=int, default=587, help='SMTP server port')
23+
parser.add_argument('--email_from', type=str, required=True, help='Email address to send alerts from')
24+
parser.add_argument('--email_to', type=str, required=True, help='Email address to send alerts to')
25+
parser.add_argument('--email_subject', type=str, default='Honeypot Alert', help='Subject of alert emails')
26+
parser.add_argument('--email_username', type=str, required=True, help='Username for the SMTP server')
27+
parser.add_argument('--email_password', type=str, required=True, help='Password for the SMTP server')
28+
return parser.parse_args()
29+
30+
# Configuración de registro
31+
def setup_logging(log_file):
32+
logging.basicConfig(filename=log_file, level=logging.INFO, format='%(asctime)s - %(message)s')
33+
34+
# Generar la clave RSA si no existe
35+
def generate_rsa_key(key_filename):
36+
if not os.path.exists(key_filename):
37+
os.system(f'ssh-keygen -t rsa -b 2048 -f {key_filename} -N ""')
38+
39+
class Server(paramiko.ServerInterface):
40+
def __init__(self):
41+
self.event = threading.Event()
42+
43+
def check_channel_request(self, kind, chanid):
44+
if kind == 'session':
45+
return paramiko.OPEN_SUCCEEDED
46+
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
47+
48+
def check_auth_password(self, username, password):
49+
logging.info(f"Login attempt with username: {username} and password: {password}")
50+
alert_admin(f"Login attempt with username: {username} and password: {password}")
51+
return paramiko.AUTH_FAILED
52+
53+
def handle_connection(client_socket, host_key, commands_log, downloads_log, downloads_dir):
54+
try:
55+
transport = paramiko.Transport(client_socket)
56+
transport.add_server_key(host_key)
57+
58+
server = Server()
59+
try:
60+
transport.start_server(server=server)
61+
except paramiko.SSHException:
62+
logging.error("SSH negotiation failed")
63+
return
64+
65+
chan = transport.accept(20)
66+
if chan is None:
67+
logging.error("No channel")
68+
return
69+
70+
chan.send("Welcome to the SSH honeypot!\n")
71+
72+
while True:
73+
command = chan.recv(1024).decode('utf-8')
74+
if not command:
75+
break
76+
logging.info(f"Command received: {command}")
77+
log_command(command, commands_log)
78+
chan.send(f"Command '{command}' received.\n")
79+
80+
if command.startswith('wget') or command.startswith('curl'):
81+
handle_file_download(command, downloads_dir, downloads_log)
82+
83+
chan.close()
84+
except Exception as e:
85+
logging.error(f"Exception: {str(e)}")
86+
finally:
87+
client_socket.close()
88+
89+
def handle_file_download(command, downloads_dir, downloads_log):
90+
try:
91+
if 'wget' in command:
92+
url = command.split(' ')[1]
93+
elif 'curl' in command:
94+
url = command.split(' ')[2]
95+
96+
filename = url.split('/')[-1]
97+
os.system(f"wget {url} -O {downloads_dir}/{filename}")
98+
logging.info(f"File downloaded: {filename}")
99+
log_downloaded_file(filename, url, downloads_log)
100+
except Exception as e:
101+
logging.error(f"Error downloading file: {str(e)}")
102+
103+
def log_command(command, commands_log):
104+
with open(commands_log, 'a') as f:
105+
f.write(f"{time.ctime()} - Command: {command}\n")
106+
107+
def log_downloaded_file(filename, url, downloads_log):
108+
with open(downloads_log, 'a') as f:
109+
f.write(f"{time.ctime()} - File: {filename}, URL: {url}\n")
110+
111+
def analyze_traffic():
112+
def process_packet(packet):
113+
if packet.haslayer(TCP) and packet.haslayer(IP):
114+
ip_src = packet[IP].src
115+
ip_dst = packet[IP].dst
116+
tcp_sport = packet[TCP].sport
117+
tcp_dport = packet[TCP].dport
118+
logging.info(f"Traffic - SRC: {ip_src}:{tcp_sport} DST: {ip_dst}:{tcp_dport}")
119+
120+
sniff(prn=process_packet, filter="tcp", store=0)
121+
122+
def alert_admin(message):
123+
args = parse_args()
124+
try:
125+
msg = MIMEText(message)
126+
msg['Subject'] = args.email_subject
127+
msg['From'] = args.email_from
128+
msg['To'] = args.email_to
129+
130+
server = smtplib.SMTP(args.smtp_server, args.smtp_port)
131+
server.starttls()
132+
server.login(args.email_username, args.email_password)
133+
server.sendmail(args.email_from, [args.email_to], msg.as_string())
134+
server.quit()
135+
136+
logging.info(f"Alert sent: {message}")
137+
except Exception as e:
138+
logging.error(f"Failed to send alert: {str(e)}")
139+
140+
def main():
141+
args = parse_args()
142+
143+
setup_logging(args.log_file)
144+
generate_rsa_key('test_rsa.key')
145+
host_key = paramiko.RSAKey(filename='test_rsa.key')
146+
147+
if not os.path.exists(args.downloads_dir):
148+
os.makedirs(args.downloads_dir)
149+
150+
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
151+
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
152+
server.bind((args.host, args.port))
153+
server.listen(100)
154+
155+
logging.info("Honeypot started and listening for connections...")
156+
157+
threading.Thread(target=analyze_traffic, daemon=True).start()
158+
159+
while True:
160+
client_socket, addr = server.accept()
161+
logging.info(f"Connection from {addr}")
162+
threading.Thread(target=handle_connection, args=(client_socket, host_key, args.commands_log, args.downloads_log, args.downloads_dir)).start()
163+
164+
if __name__ == "__main__":
165+
BANNER = """
166+
██╗ █████╗ ███████╗██╗ ██╗ ██████╗ ██╗ ██╗███╗ ██╗
167+
██║ ██╔══██╗╚══███╔╝╚██╗ ██╔╝██╔═══██╗██║ ██║████╗ ██║
168+
██║ ███████║ ███╔╝ ╚████╔╝ ██║ ██║██║ █╗ ██║██╔██╗ ██║
169+
██║ ██╔══██║ ███╔╝ ╚██╔╝ ██║ ██║██║███╗██║██║╚██╗██║
170+
███████╗██║ ██║███████╗ ██║ ╚██████╔╝╚███╔███╔╝██║ ╚████║
171+
╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚══╝╚══╝ ╚═╝ ╚═══╝
172+
[*] Iniciando: LazyOwn Honeypot [;,;]
173+
"""
174+
print(BANNER)
175+
main()

modules/test_rsa.key

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
-----BEGIN OPENSSH PRIVATE KEY-----
2+
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
3+
NhAAAAAwEAAQAAAQEA3XoLF30pW/zG7MN30kF9vdUKCbsZtuIrHRKeZGMmuM8RmykCJ95B
4+
EQOAL+oovEiGj9v8oz//Z712Zs4fT++A0tAA/DC1t8DaSRJ/NifpF5i8pCYOK9YVXM7v8I
5+
NXsbdbP4C9j9X/TnTe+Hfo6XZKVbsugoSvPsXEvkBr7ST9pymotsPIhkKJwdss9ZmDwARs
6+
7onxwb7Kv6TfD3Nd+qaYk5NL6c28OfK6zLfSGTkDCfja7JFAHcKDv3shCBW6NTAvsJpN43
7+
09905+20oIqW4QESGwQjjkuHVTyeGPDiz+bSjm7dTwkDUhJc3xbwy76r6/ZUzthBOKAltM
8+
FtfNkMcaGwAAA8g4er09OHq9PQAAAAdzc2gtcnNhAAABAQDdegsXfSlb/Mbsw3fSQX291Q
9+
oJuxm24isdEp5kYya4zxGbKQIn3kERA4Av6ii8SIaP2/yjP/9nvXZmzh9P74DS0AD8MLW3
10+
wNpJEn82J+kXmLykJg4r1hVczu/wg1ext1s/gL2P1f9OdN74d+jpdkpVuy6ChK8+xcS+QG
11+
vtJP2nKai2w8iGQonB2yz1mYPABGzuifHBvsq/pN8Pc136ppiTk0vpzbw58rrMt9IZOQMJ
12+
+NrskUAdwoO/eyEIFbo1MC+wmk3jfT33Tn7bSgipbhARIbBCOOS4dVPJ4Y8OLP5tKObt1P
13+
CQNSElzfFvDLvqvr9lTO2EE4oCW0wW182QxxobAAAAAwEAAQAAAQBVipw7G8f8M/MfIlYm
14+
us3WorCIVqAVb2Boj7bmnhcoHS43KA0hmem2qQv7Na07H6X9bWG0KfU7O8W96lHUvXQbuG
15+
QRA71D9jQ5MfA5Wgvg5cjCe8JQcxT4LiMlWY1m4iNXsSFGK0i7JE+0Vxf6CAqo9y19EsNe
16+
8uLM+rPUuctQowIGVWjFhP8vToe7iyDKesRVUfTUHLqM8yJ0oz0Iiua2ZRm0vyw8r+h0Xb
17+
Sgsm4Ea3bd1PLsKyHxTaO63McKnqmuSfAPlswQmpDdvdv3ZQg+zVGlvfyeurcGocHdvgFf
18+
Xtn202+c4HBSSUs0Kc/94bzsP7e5DNNDvacgcZe+WLSFAAAAgQCQTAqkY5qLTPJPCrfOpI
19+
2+4MBn7VDU0/xMXgGz/23i/PSgbpH/SzLZRsKuE5F8WbeYvxUNJWyOmSlut6JaBKrFZtJw
20+
IdOq1RvV85R4pvrum0+DRIL0xTVU3wbrOrf5XXvqZSzO0W0N81ZOfZaW5eh+9pjmli873i
21+
jsuSOwc93LZAAAAIEA8a3KHiN8D4Sp+4EJTY9z2oZ2FYUlIk2xXb1kM1T3cvocq62GpBlZ
22+
zxHM8fGbLVoabYlIJTRu24d5/xCo5KNuUmfi5wclTxzxW9X23op+cgOJ3JFSa/We3VX+v1
23+
6mr/pHaBtO7I/YR7n/htlaPsRFY30u5Zr1XPzvoowjRDKrJicAAACBAOqZytLOND+L/riR
24+
JAIWqIClbwmr2VoHFYxlsA/SucTDlVHSRLUlqveSBDxHxFw4J5Nv61bsmmAMhS9z9B1OV9
25+
iCzClUVRrOvz5vg+J1YHVP7Wnh0sgvlzrinyvyYG9aw0M0wK4ZO0FKVZG8H6Sm53KCvMOK
26+
RGWfBC50GWHcCfjtAAAAD2dyaXNATGFDaGluZ29uYQECAw==
27+
-----END OPENSSH PRIVATE KEY-----

modules/test_rsa.key.pub

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdegsXfSlb/Mbsw3fSQX291QoJuxm24isdEp5kYya4zxGbKQIn3kERA4Av6ii8SIaP2/yjP/9nvXZmzh9P74DS0AD8MLW3wNpJEn82J+kXmLykJg4r1hVczu/wg1ext1s/gL2P1f9OdN74d+jpdkpVuy6ChK8+xcS+QGvtJP2nKai2w8iGQonB2yz1mYPABGzuifHBvsq/pN8Pc136ppiTk0vpzbw58rrMt9IZOQMJ+NrskUAdwoO/eyEIFbo1MC+wmk3jfT33Tn7bSgipbhARIbBCOOS4dVPJ4Y8OLP5tKObt1PCQNSElzfFvDLvqvr9lTO2EE4oCW0wW182Qxxob gris@LaChingona

payload.json

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,5 +24,11 @@
2424
"rat_key": "82e672ae054aa4de6f042c888111686a",
2525
"startip":"192.168.1.1",
2626
"endip":"192.168.1.254",
27-
"device":"eth0"
27+
"device":"eth0",
28+
"email_from":"email@gmail.com",
29+
"email_to":"email@gmail.com",
30+
"email_username":"email@gmail.com",
31+
"email_password":"pa$$w0rd",
32+
"smtp_server":"smtp.server.com",
33+
"smtp_port":"587"
2834
}

0 commit comments

Comments
 (0)