Merge remote-tracking branch 'upstream/main' into hl7

qeeqbox · Apr 9, 2024 · 33e9928 · 33e9928
2 parents eddd218 + 473a143
commit 33e9928
Show file tree

Hide file tree

Showing 10 changed files with 202 additions and 159 deletions.
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -2,8 +2,6 @@ name: pre-commit
 
 on:
   pull_request:
-  push:
-    branches: [main]
 
 jobs:
   lint:

diff --git a/README.md b/README.md
@@ -408,9 +408,6 @@ qsshserver.kill_server()
     - Lib: Sockets
     - Logs: ip, port
 
-## Open Shell
-[![Open in Cloud Shell](https://img.shields.io/static/v1?label=%3E_&message=Open%20in%20Cloud%20Shell&color=3267d6&style=flat-square)](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https://github.com/qeeqbox/honeypots&tutorial=README.md) [![Open in repl.it Shell](https://img.shields.io/static/v1?label=%3E_&message=Open%20in%20repl.it%20Shell&color=606c74&style=flat-square)](https://repl.it/github/qeeqbox/honeypots)
-
 ## acknowledgment
 - By using this framework, you are accepting the license terms of all these packages: `pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server`
 - Let me know if I missed a reference or resource!

diff --git a/README.rst b/README.rst
@@ -369,10 +369,6 @@ acknowledgement
 - By using this framework, you are accepting the license terms of all these packages: `pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server`
 - Let me know if I missed a reference or resource!
 
-Some Articles
-=============
-- `securityonline <https://securityonline.info/honeypots-16-honeypots-in-a-single-pypi-package/>`_
-
 Notes
 =====
 - Almost all servers and emulators are stripped-down - You can adjust that as needed

diff --git a/honeypots/__init__.py b/honeypots/__init__.py
@@ -28,7 +28,7 @@
 from .pjl_server import QPJLServer
 from .pop3_server import QPOP3Server
 from .postgres_server import QPostgresServer
-from .qbsniffer import QBSniffer
+from .sniffer import QSniffer
 from .rdp_server import QRDPServer
 from .redis_server import QRedisServer
 from .sip_server import QSIPServer
@@ -42,7 +42,7 @@
 
 __all__ = [
     "HL7Server",
-    "QBSniffer",
+    "QSniffer",
     "QDHCPServer",
     "QDNSServer",
     "QElasticServer",

diff --git a/honeypots/__main__.py b/honeypots/__main__.py
@@ -10,7 +10,6 @@
 from os import geteuid
 from signal import alarm, SIGALRM, SIGINT, signal, SIGTERM, SIGTSTP
 from subprocess import Popen
-from sys import stdout
 from time import sleep
 from typing import Any, Type, TYPE_CHECKING
 from uuid import uuid4
@@ -20,7 +19,7 @@
 
 from honeypots import (
     HL7Server,
-    QBSniffer,
+    QSniffer,
     QDHCPServer,
     QDNSServer,
     QElasticServer,
@@ -176,9 +175,11 @@ def main(self):
                 print(service)
         elif self.options.kill:
             clean_all()
-        elif self.options.chameleon and self.config_data is not None:
+        elif self.options.chameleon and self.config_data:
             self._start_chameleon_mode()
         elif self.options.setup:
+            if self.options.sniffer:
+                self._set_up_sniffer()
             self._set_up_honeypots()
 
     def _set_up_honeypots(self):  # noqa: C901
@@ -277,19 +278,6 @@ def _start_chameleon_mode(self):  # noqa: C901,PLR0912
             logger.error("logging must be configured with db_sqlite or db_postgres")
             sys.exit(1)
 
-        sniffer_filter = self.config_data.get("sniffer_filter")
-        sniffer_interface = self.config_data.get("sniffer_interface")
-        if not (sniffer_filter and sniffer_interface):
-            return
-
-        if not self.options.test and self.options.sniffer:
-            _check_interfaces(sniffer_interface)
-            if self.options.iptables:
-                _fix_ip_tables()
-            logger.info("[x] Wait for 10 seconds...")
-            stdout.flush()
-            sleep(2)
-
         if self.options.config != "":
             logger.warning(
                 "[x] Config.json file overrides --ip, --port, --username and --password"
@@ -319,7 +307,7 @@ def _start_chameleon_mode(self):  # noqa: C901,PLR0912
             sys.exit(1)
 
         if self.options.sniffer:
-            self._start_sniffer(sniffer_filter, sniffer_interface)
+            self._set_up_sniffer()
 
         if not self.options.test:
             logger.info("[x] Everything looks good!")
@@ -336,15 +324,30 @@ def _setup_logging(self) -> logging.Logger:
             drop = True
         return setup_logger("main", uuid, self.config_data, drop)
 
+    def _set_up_sniffer(self):
+        sniffer_filter = self.config_data.get("sniffer_filter")
+        sniffer_interface = self.config_data.get("sniffer_interface")
+        if not sniffer_interface:
+            logger.error('If sniffer is enabled, "sniffer_interface" must be set in the config')
+            sys.exit(1)
+        if not self.options.test and self.options.sniffer:
+            _check_interfaces(sniffer_interface)
+            if self.options.iptables:
+                _fix_ip_tables()
+                logger.info("[x] Wait for iptables update...")
+                sleep(2)
+        self._start_sniffer(sniffer_filter, sniffer_interface)
+
     def _start_sniffer(self, sniffer_filter, sniffer_interface):
         logger.info("[x] Starting sniffer")
-        sniffer = QBSniffer(
+        sniffer = QSniffer(
             filter_=sniffer_filter,
             interface=sniffer_interface,
             config=self.options.config,
         )
         sniffer.run_sniffer(process=True)
-        self.honeypots.append((sniffer, "sniffer", True))
+        sleep(0.1)
+        self.honeypots.append((sniffer, "sniffer", sniffer.server_is_alive()))
 
     def _stats_loop(self, logs):
         while True:

diff --git a/honeypots/base_server.py b/honeypots/base_server.py
@@ -28,13 +28,13 @@ class BaseServer(ABC):
     def __init__(self, **kwargs):
         self.auto_disabled = False
         self.process = None
-        self.uuid = f"honeypotslogger_{__class__.__name__}_{str(uuid4())[:8]}"
+        self.uuid = f"honeypotslogger_{self.__class__.__name__}_{str(uuid4())[:8]}"
         self.config: dict = kwargs.get("config", {})
         if self.config:
-            self.logs = setup_logger(__class__.__name__, self.uuid, self.config)
+            self.logs = setup_logger(self.__class__.__name__, self.uuid, self.config)
             set_local_vars(self, self.config)
         else:
-            self.logs = setup_logger(__class__.__name__, self.uuid, None)
+            self.logs = setup_logger(self.__class__.__name__, self.uuid, None)
         self.ip = kwargs.get("ip", None) or (hasattr(self, "ip") and self.ip) or "0.0.0.0"
         self.port = (
             (kwargs.get("port", None) and int(kwargs.get("port", None)))
@@ -91,6 +91,9 @@ def kill_server(self):
     def test_server(self, **_):
         self.logger.warning(f"Test method of {self.NAME} is not implemented")
 
+    def server_is_alive(self) -> bool:
+        return self._server_process and self._server_process.is_alive()
+
     @abstractmethod
     def server_main(self):
         # main server loop goes here

diff --git a/honeypots/ntp_server.py b/honeypots/ntp_server.py
@@ -72,7 +72,7 @@ def datagramReceived(self, data, addr):  # noqa: N802
                     self.transport.write(response, addr)
                     status = "success"
                 except (struct.error, TypeError, IndexError):
-                    status = "error"
+                    status = "failed"
 
                 _q_s.log(
                     {
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,8 +2,6 @@ name: pre-commit @@
     on:
       pull_request:
-      push:
-        branches: [main]
     jobs:
       lint:
@@ Expand Down @@