3 Honeypots in Python
Results 1 to 4 of 4

Thread: 3 Honeypots in Python

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    4

    -

    --
    Last edited by bsoric; January 25th, 2016 at 01:09 PM.

  2. #2
    Member
    Join Date
    Nov 2004
    Posts
    71
    They look nice. I think I might have to have a crack myself...
    How much traffic have you had in them? Or have you not put them online yet?
    If everything looks perfect, then there is something you don\'t know

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    If you look through the forums, at some point in the past I posted a small SMTP Honeypot that I wrote in python... rather lacking in features... I wrote it while experimenting with Python...

    Also I'm curious as to why you import pickle as you don't seem to use it at all.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    472
    saw this thread...took you code and convereted into a multi threaded code, also organized it a bit , made it more pythonic,more flexible etc etc. Did it quickly so it is still bit buggy, ex: [\r]\n.[\r]\n doesnt works properly... need to fix it...
    Code:
    #!/usr/bin/env python
    
    import  sys
    # I love short variables
    import  threading as t
    import socket as s
    
    LOGFILE="/home/me/tmp/SMTPHoneyd.log"
    MaxThreadCount=20
    ThreadCount=0
    ThreadCountLock=t.Lock()
    LogFileLock=t.Lock()
    ListenPort = 25
    DEBUG=1
    
    def debug(data):
    	if DEBUG:
    		print "[SMTPHoneyd]", " ",data
    	else:
    		pass	
    
    class SMTPHoneyPot( t.Thread ):
    	def __init__ ( self, channel, details,lfd ):
    		global ThreadCount, ThreadCountLock, MaxThreadCount
    		self.conn = channel
    		self.rWhoPort=details[1]
    		self.rWhoIP=details[0]
    		self.logBuffer=""
    		self.lfd=lfd
    		self.id=0
    		#This dict is in the following form
    		#COMMAND_RCVED :[MSG_2_SND,FUNCTION_2_IVOKE]
    		#You do more than just logging here
    		# To create a true honeypot it will be a good idea to im plement the state machine of the SMTP Server you are emulating.
    		# or probably even making it template based so that with just a few changes in configuration file, you can make
    		# it emulate a diff server
    		self.CommandResponseDict={
    		"HELO" :["250 computer\r\n",self.log],
    		"EHLO" :["250 computer\r\n",self.log],
    		"MAIL" :["250 Sender OK\r\n",self.log],
    		"RCPT" :["250 Recipient OK.\r\n",self.log],
    		"RSET" :["250 Ok resetting state\r\n",self.log],
    		"DATA" :["354 Ok Send data ending with <CRLF>.<CRLF>\r\n",self.log],
    		"\r\n.\r\n" :["250 Message received\r\n",self.log],
    		"\n.\n" :["250 Message received\r\n",self.log],
    		"QUIT" :["221 computer ESMTP server closing connection\r\n",self.log],
    		"HELP" :["""
    214-Commands:\r\n
    214-    HELO    EHLO    MAIL    RCPT    DATA\r
    214-    RSET    NOOP    QUIT    HELP    VRFY\r
    214-    EXPN\r\n
    			""",self.log],
    		"VRFY" :["250\r\n",self.log],
    		"NOOP" :["250\r\n",self.log],
    		"EXPN" :["250\r\n",self.log]
    		}
    		if ThreadCount < MaxThreadCount:
    			ThreadCountLock.acquire()
    			ThreadCount += 1
    			debug("ThreadCount Now : %d" % ThreadCount)
    			self.id=ThreadCount
    			ThreadCountLock.release()
    			
    		t.Thread.__init__ ( self )
    	
    	def log(self,data):
    		newdata="SMTPHoneyPot [Thread ID %d,SrcIP %s,SrcPort %s]: Command : %s" % (self.id,self.rWhoIP,self.rWhoPort,data)
    		debug(newdata)
    		self.logBuffer += data
    	
    	def dumpLog(self):
    		global LogFileLock
    		LogFileLock.acquire()
    		debug("dumping data")
    		self.lfd.write(data)
    		self.lfd.flush()
    		
    	def run ( self ):
    		#send banner
    		try:
    			self.conn.send("220 computer ESMTP Server (Microsoft Exchange Internet Mail Service 4.0.994.63) ready\r\n")
    			self.log("Connected")
    		except (s.error,s.timeout):
    			self.conn.close()
    			return
    		#Handle Commands
    		while True:
    			try:
    				attkrdata=self.conn.recv(10000)
    				if not attkrdata:
    					debug("Remote machine has closed the socket")
    					break
    			except (s.error,s.timeout):
    				self.conn.close()
    				return
    			try:
    				debug("DATA: %s"%attkrdata)
    				try:
    					cmd=attkrdata.split()[0]
    				except IndexError:
    					cmd=attkrdata
    				debug("COMMAND: %s"%cmd)
    				res_action=self.CommandResponseDict[cmd]
    				res_action[1](attkrdata) # call the action method
    				debug("Sending : %s"%res_action[0])
    				try:
    					self.conn.send(res_action[0])
    				except s.error:
    					self.conn.close()
    					break
    			except KeyError:
    				self.log(attkrdata)
    if __name__=="__main__":	
    	try:
    		lfd=open(LOGFILE,"rw")
    	except (IOError,OSError):
    		print "Unable to Open the log file..Quiting"
    		sys.exit(-1)
    	debug("Opened logfile")	
    	server = s.socket ( s.AF_INET, s.SOCK_STREAM )
    	try:
    		server.bind ( ( '', ListenPort ) )
    	except s.error:
    		print "Unable to bind to port %d" % ListenPort
    		sys.exit(-1)
    	debug("bound to socket")
    	server.listen ( 5 )
    	debug("server listening")
    	
    	# Have the server serve "forever":
    	while True:
    		channel, details = server.accept()
    		debug("Got connection %s"%str(details))
    		SMTPHoneyPot( channel, details,lfd ).start()
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •