--
Printable View
--
They look nice. I think I might have to have a crack myself...
How much traffic have you had in them? Or have you not put them online yet?
Hey Hey,
If you look through the forums, at some point in the past I posted a small SMTP Honeypot that I wrote in python... rather lacking in features... I wrote it while experimenting with Python...
Also I'm curious as to why you import pickle as you don't seem to use it at all.
Peace,
HT
saw this thread...took you code and convereted into a multi threaded code, also organized it a bit , made it more pythonic,more flexible etc etc. Did it quickly so it is still bit buggy, ex: [\r]\n.[\r]\n doesnt works properly... need to fix it...
Code:
#!/usr/bin/env python
import sys
# I love short variables
import threading as t
import socket as s
LOGFILE="/home/me/tmp/SMTPHoneyd.log"
MaxThreadCount=20
ThreadCount=0
ThreadCountLock=t.Lock()
LogFileLock=t.Lock()
ListenPort = 25
DEBUG=1
def debug(data):
if DEBUG:
print "[SMTPHoneyd]", " ",data
else:
pass
class SMTPHoneyPot( t.Thread ):
def __init__ ( self, channel, details,lfd ):
global ThreadCount, ThreadCountLock, MaxThreadCount
self.conn = channel
self.rWhoPort=details[1]
self.rWhoIP=details[0]
self.logBuffer=""
self.lfd=lfd
self.id=0
#This dict is in the following form
#COMMAND_RCVED :[MSG_2_SND,FUNCTION_2_IVOKE]
#You do more than just logging here
# To create a true honeypot it will be a good idea to im plement the state machine of the SMTP Server you are emulating.
# or probably even making it template based so that with just a few changes in configuration file, you can make
# it emulate a diff server
self.CommandResponseDict={
"HELO" :["250 computer\r\n",self.log],
"EHLO" :["250 computer\r\n",self.log],
"MAIL" :["250 Sender OK\r\n",self.log],
"RCPT" :["250 Recipient OK.\r\n",self.log],
"RSET" :["250 Ok resetting state\r\n",self.log],
"DATA" :["354 Ok Send data ending with <CRLF>.<CRLF>\r\n",self.log],
"\r\n.\r\n" :["250 Message received\r\n",self.log],
"\n.\n" :["250 Message received\r\n",self.log],
"QUIT" :["221 computer ESMTP server closing connection\r\n",self.log],
"HELP" :["""
214-Commands:\r\n
214- HELO EHLO MAIL RCPT DATA\r
214- RSET NOOP QUIT HELP VRFY\r
214- EXPN\r\n
""",self.log],
"VRFY" :["250\r\n",self.log],
"NOOP" :["250\r\n",self.log],
"EXPN" :["250\r\n",self.log]
}
if ThreadCount < MaxThreadCount:
ThreadCountLock.acquire()
ThreadCount += 1
debug("ThreadCount Now : %d" % ThreadCount)
self.id=ThreadCount
ThreadCountLock.release()
t.Thread.__init__ ( self )
def log(self,data):
newdata="SMTPHoneyPot [Thread ID %d,SrcIP %s,SrcPort %s]: Command : %s" % (self.id,self.rWhoIP,self.rWhoPort,data)
debug(newdata)
self.logBuffer += data
def dumpLog(self):
global LogFileLock
LogFileLock.acquire()
debug("dumping data")
self.lfd.write(data)
self.lfd.flush()
def run ( self ):
#send banner
try:
self.conn.send("220 computer ESMTP Server (Microsoft Exchange Internet Mail Service 4.0.994.63) ready\r\n")
self.log("Connected")
except (s.error,s.timeout):
self.conn.close()
return
#Handle Commands
while True:
try:
attkrdata=self.conn.recv(10000)
if not attkrdata:
debug("Remote machine has closed the socket")
break
except (s.error,s.timeout):
self.conn.close()
return
try:
debug("DATA: %s"%attkrdata)
try:
cmd=attkrdata.split()[0]
except IndexError:
cmd=attkrdata
debug("COMMAND: %s"%cmd)
res_action=self.CommandResponseDict[cmd]
res_action[1](attkrdata) # call the action method
debug("Sending : %s"%res_action[0])
try:
self.conn.send(res_action[0])
except s.error:
self.conn.close()
break
except KeyError:
self.log(attkrdata)
if __name__=="__main__":
try:
lfd=open(LOGFILE,"rw")
except (IOError,OSError):
print "Unable to Open the log file..Quiting"
sys.exit(-1)
debug("Opened logfile")
server = s.socket ( s.AF_INET, s.SOCK_STREAM )
try:
server.bind ( ( '', ListenPort ) )
except s.error:
print "Unable to bind to port %d" % ListenPort
sys.exit(-1)
debug("bound to socket")
server.listen ( 5 )
debug("server listening")
# Have the server serve "forever":
while True:
channel, details = server.accept()
debug("Got connection %s"%str(details))
SMTPHoneyPot( channel, details,lfd ).start()