first commit

README

@@ -0,0 +1,25 @@
+Beacon Simulators
+Tony.Lee-at-Foundstone.com
+-----------------------------------
+
+Simple tools and scripts to test if your network is 
+susceptible to outbound beaconing. 
+
+For more info see http://blog.opensecurityresearch.com
+
+
+beacon_onliner - Single line command meant to use
+	on the command line
+
+beacon.sh - Bash script to simulate a beacon to 
+	a defined web site
+
+beacon.cpp - C++ program to simulate a beacon to
+	a defined web site
+
+	Static Compilation:
+		g++ -static -o beacon beacon.cpp
+
+	Dynamic Compilation:
+		g++ -o beacon beacon.cpp
+

beacon.cpp

@@ -0,0 +1,46 @@
+// Simple Beacon Simulator
+// Input: URL and frequency to beacon (in seconds)
+// Output: Beaconing web requests to a URL at a user-defined interval
+// Requirements - curl or wget
+// For questions ask Tony.Lee-at-Foundstone.com
+
+#include <stdio.h>
+#include <unistd.h>
+#include <string>
+#include <iostream>
+#include <stdlib.h>
+
+using namespace std;
+
+
+int main(int argc, char *argv[])
+{
+        printf("This program will beacon out to a website on a user-defined schedule to simulate malware.  (Use ctrl+c to stop the beaconing)\n");
+        printf("Email Tony.Lee-at-Foundstone.com for questions.\n\n");
+
+        if ( argc != 3 )        // Detect command line arguments - 2 are needed for correct execution
+        {
+                printf( "Usage: %s <URL> <Frequency in seconds>\n", argv[0] );
+                printf( "Example: %s http://www.dot.tk/en/index.html?lang=en 60\n", argv[0] );
+                return 1;
+        }
+
+        unsigned int seconds = strtoul(argv[2],NULL,0); // sleep takes an unsigned int, must convert string input to unsigned long
+
+        std::string command;                    // initialize command
+        command = "wget -O /dev/null ";         // build the first part of the string
+        command += argv[1];                     // add the URL
+
+        const char * charcommand = command.c_str();     // convert string to char*
+
+        while(1)
+        {
+                printf("\nGetting the site %s\n", argv[1]);             // user notification output
+                system( charcommand );                                  // execute wget 
+                printf("\n\nSleeping for %u seconds\n\n", seconds);     // user notification output
+                sleep(seconds);                                         // sleep
+        }
+
+        return 0;
+}
+

beacon.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# Beacon simulator
+# Tony.Lee-at-Foundstone.com
+# Input: URL and frequency to beacon (in seconds)
+# Output: Beaconing web requests to a URL at a user-defined interval
+# Requirements - curl or wget
+
+##### Function Usage #####
+# Prints usage statement
+##########################
+Usage()
+{
+echo "This program will beacon out to a website on a user-defined schedule to simulate malware.  (Use ctrl+c to stop the beaconing)
+Email Tony.Lee-at-Foundstone.com for questions.
+
+Usage: $0 <URL> <Frequency in seconds>
+Example: $0 http://www.dot.tk/en/index.html?lang=en 60"
+}
+
+###### Core Program ######
+# Parameter Detection
+# Beaconing
+##########################
+
+# Detect the absence of command line parameters. If the user did not specify two, print usage statement
+[[ $# -ne 2 ]] && { Usage; exit 0; }
+
+while true
+do
+        echo -e "Getting the site $1\n";                # user notification output
+        wget -O /dev/null $1;                           # wget the URL (to avoid files from building up output to /dev/null)
+echo -e "\n\nSleeping for $2 seconds\n\n";      # user notification output
+        sleep $2;                                       # Sleep
+done
+

beacon_onliner

@@ -0,0 +1 @@
+while true; do wget -O /dev/null http://www.dot.tk/en/index.html?lang=en; sleep 10; done;