habu.server.ftp fixes and docs

fportantier · Jul 16, 2018 · 2ce75b4 · 2ce75b4
1 parent 301f4b8
commit 2ce75b4
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -18,9 +18,11 @@ Some techniques implemented in the current version are:
 -   ARP Sniffing
 -   DHCP Discover
 -   DHCP Starvation
+-   Fake FTP Server
 -   LAND Attack
 -   SNMP Cracking
 -   Subdomains Identification
+-   SSL/TLS Certificate Cloner
 -   SYN Flooding
 -   TCP Flags Analysis
 -   TCP ISN Analysis
@@ -29,6 +31,7 @@ Some techniques implemented in the current version are:
 -   Virtual Hosts Identification
 -   Web Techonologies Identification
 
+
 ## Usage Videos
 
 The following Youtube Playlist has videos that shows the installation
@@ -65,6 +68,7 @@ Habu requires Python3 and the following packages:
 
 - beautifulsoup4
 - click
+- cryptography
 - lxml
 - prompt\_toolkit
 - pygments
@@ -138,6 +142,16 @@ $ dig +short 07286e90fd6e7e6be61d6a7919967c7cf3bbfb23a36edbc72b6d7c53.a.asydns.o
 181.31.41.231
 ```
 
+## habu.certclone: Clone a SSL/TLS server certificate
+
+This command tries to connect to a SSL/TLS server, gets the certificate and generates 
+a certificate with the same options and field values.
+
+**Note**: The generated certificate it's invalid, but can be used for social engineering attacks
+
+``` {.sourceCode .bash}
+$ habu.certclone www.google.com 443 /tmp/key.pem /tmp/cert.pem
+```
 
 ## habu.contest: Check your connection capabilities
 
@@ -389,6 +403,18 @@ IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
 IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
 ```
 
+## habu.server.ftp: Fake FTP Server
+
+This command implements a basic fake FTP server, whith the only purpose to 
+steal user credentials. The server supports SSL/TLS.
+
+``` {.sourceCode .bash}
+$ sudo habu.server.ftp -p 21 --ssl --ssl-cert /tmp/cert.pem --ssl-key /tmp/key.pem
+Listening on port 2121
+Accepted connection from ('192.168.0.27', 56832)
+Credentials collected from 192.168.0.27! fabian 123456
+```
+
 ## habu.shodan: Shodan API client
 
 This command is a simple shodan API client with prints the json result 

diff --git a/README.rst b/README.rst
@@ -16,9 +16,11 @@ Some techniques implemented in the current version are:
 - ARP Sniffing
 - DHCP Discover
 - DHCP Starvation
+- Fake FTP Server
 - LAND Attack
 - SNMP Cracking
 - Subdomains Identification
+- SSL/TLS Certificate Cloner
 - SYN Flooding
 - TCP Flags Analysis
 - TCP ISN Analysis

diff --git a/README.txt b/README.txt
@@ -2,9 +2,11 @@ Some techniques implemented in the current version are:
 
 - ARP Poisoning and Sniffing
 - DHCP Discover and Starvation
+- Fake FTP Server
 - LAND Attack
 - SNMP Cracking
 - Subdomains Identification
+- SSL/TLS Certificate Cloner
 - SYN Flooding
 - TCP Flags and ISN Analysis
 - TCP Port Scan

diff --git a/habu/cli/cmd_server_ftp.py b/habu/cli/cmd_server_ftp.py
@@ -96,15 +96,22 @@ def connection_lost(self, exc):
 @click.option('-a', 'address', default=None, help='Address to bind (default: all)')
 @click.option('-p', 'port', default=21, help='Which port to use (default: 21)')
 @click.option('--ssl', 'enable_ssl', is_flag=True, default=False, help='Enable SSL/TLS (default: False)')
+@click.option('--ssl-cert', 'ssl_cert', default=None, help='SSL/TLS Cert file')
+@click.option('--ssl-key', 'ssl_key', default=None, help='SSL/TLS Key file')
 @click.option('-v', 'verbose', is_flag=True, default=False, help='Verbose')
-def cmd_server_ftp(address, port, enable_ssl, verbose):
+def cmd_server_ftp(address, port, enable_ssl, ssl_cert, ssl_key, verbose):
 
     ssl_context = None
 
     if enable_ssl:
+
+        if not (ssl_cert and ssl_key):
+            print('Please, specify --ssl-cert and --ssl-key to enable SSL/TLS')
+            return False
+
         ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
         ssl_context.check_hostname = False
-        ssl_context.load_cert_chain('pymotw.crt', 'pymotw.key')
+        ssl_context.load_cert_chain(ssl_cert, ssl_key)
 
     loop = asyncio.get_event_loop()
     coro = loop.create_server(ServerFTP, host=address, port=port, ssl=ssl_context, reuse_address=True, reuse_port=True)

diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name='habu',
-    version='0.0.71',
+    version='0.0.72',
     description='Python Network Hacking Toolkit',
     long_description=readme,
     long_description_content_type='text/markdown',
@@ -15,6 +15,7 @@
     license='Copyright Fabian Martinez Portantier',
     install_requires=[
         'beautifulsoup4',
+        'cryptography',
         'click',
         'lxml',
         'prompt_toolkit',
@@ -37,6 +38,7 @@
         habu.arpsniff=habu.cli.cmd_arpsniff:cmd_arpsniff
         habu.asydns=habu.cli.cmd_asydns:cmd_asydns
         habu.b64=habu.cli.cmd_b64:cmd_b64
+        habu.certclone=habu.cli.cmd_certclone:cmd_certclone
         habu.contest=habu.cli.cmd_contest:cmd_contest
         habu.ctfr=habu.cli.cmd_ctfr:cmd_ctfr
         habu.cve_2018_9995=habu.cli.cmd_cve_2018_9995:cmd_cve_2018_9995
@@ -56,6 +58,7 @@
         habu.land=habu.cli.cmd_land:cmd_land
         habu.mhr=habu.cli.cmd_mhr:cmd_mhr
         habu.ping=habu.cli.cmd_ping:cmd_ping
+        habu.server.ftp=habu.cli.cmd_server_ftp:cmd_server_ftp
         habu.shodan=habu.cli.cmd_shodan:cmd_shodan
         habu.snmp_crack=habu.cli.cmd_snmp_crack:cmd_snmp_crack
         habu.tcpflags=habu.cli.cmd_tcpflags:cmd_tcpflags