Merge branch 'master' of github.com:honeytrap/honeytrap into feature-…

…rdp-service

.gometalinter.json

@@ -19,5 +19,18 @@
 		"unparam",
 		"unused",
 		"varcheck"
-	]
-}
+	],
+
+	"Exclude": [
+		"blank import",
+		"should have comment",
+		"should be of the form",
+		"can be annoying to use"
+	],
+
+	"Sort": [ "linter" ],
+	"Fast": true,
+	"Vendor": true,
+	"Errors": true,
+	"Deadline": "10m"
+}

.travis.yml

@@ -3,7 +3,6 @@ language: go
 go:
   - master
   - tip
-  - 1.9.x
   - 1.10.x
 
 sudo: required

Gopkg.toml

@@ -129,3 +129,8 @@
 [[constraint]]
   branch = "master"
   name = "golang.org/x/crypto"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/google/netstack"
+  source = "github.com/honeytrap/netstack"

README.md

@@ -15,7 +15,7 @@
 * Create high interaction honeypots using the LXC or remote hosts directors, traffic will be man-in-the-middle proxied, while information will be extracted
 * Extend honeytrap with existing honeypots (like cowrie or glutton), while using the logging and listening framework of Honeytrap
 * Advanced logging system with filtering and logging to Elasticsearch, Kafka, Splunk, Raven, File or Console
-* Services are easy extensible and will extract as much information as possible
+* Services are easily extensible and will extract as much information as possible
 * Low- to high interaction Honeypots, where connections will be upgraded seamless to high interaction
 
 ## To start using Honeytrap

config.toml.sample

@@ -109,7 +109,7 @@ banner="test"
 [service.http_generic]
 type="http"
 
-# ####################### SERVICES BEGIN ##################################### #
+# ####################### SERVICES END ####################################### #
 
 
 # ####################### PROXIES BEGIN ###################################### #

config/config.go

@@ -37,7 +37,7 @@ import (
 	"os"
 
 	"github.com/BurntSushi/toml"
-	logging "github.com/op/go-logging"
+	"github.com/op/go-logging"
 )
 
 var log = logging.MustGetLogger("honeytrap:config")
@@ -50,6 +50,8 @@ var format = logging.MustStringFormatter(
 
 // Config defines the central type where all configuration is umarhsalled to.
 type Config struct {
+	toml.MetaData
+
 	Listener toml.Primitive `toml:"listener"`
 
 	Web toml.Primitive `toml:"web"`
@@ -72,10 +74,11 @@ var Default = Config{}
 
 // Load attempts to load the giving toml configuration file.
 func (c *Config) Load(r io.Reader) error {
-	_, err := toml.DecodeReader(r, c)
+	md, err := toml.DecodeReader(r, c)
 	if err != nil {
 		return err
 	}
+	c.MetaData = md
 
 	logBackends := []logging.Backend{}
 	for _, log := range c.Logging {

config/utils.go

@@ -35,17 +35,17 @@ import (
 	"time"
 )
 
-//ConvertToInt wraps the internal int coverter
-func ConvertToInt(target string, def int) int {
+//convertToUint64 wraps the internal int converter
+func convertToUint64(target string, def uint64) uint64 {
 	fo, err := strconv.Atoi(target)
 	if err != nil {
 		return def
 	}
-	return fo
+	return uint64(fo)
 }
 
-// MakeDuration should become internal functions , config should return time.Duration
-func MakeDuration(target string, def int) time.Duration {
+// MakeDuration should become internal functions, config should return time.Duration
+func MakeDuration(target string, def uint64) time.Duration {
 	if !elapso.MatchString(target) {
 		return time.Duration(def)
 	}
@@ -62,7 +62,7 @@ func MakeDuration(target string, def int) time.Duration {
 		return time.Duration(def)
 	}
 
-	dur := time.Duration(ConvertToInt(match[1], def))
+	dur := time.Duration(convertToUint64(match[1], def))
 
 	mtype := match[2]
 

event/conn.go

@@ -0,0 +1,57 @@
+/*
+* Honeytrap
+* Copyright (C) 2016-2017 DutchSec (https://dutchsec.com/)
+*
+* This program is free software; you can redistribute it and/or modify it under
+* the terms of the GNU Affero General Public License version 3 as published by the
+* Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+* FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+* details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* version 3 along with this program in the file "LICENSE".  If not, see
+* <http://www.gnu.org/licenses/agpl-3.0.txt>.
+*
+* See https://honeytrap.io/ for more details. All requests should be sent to
+* licensing@honeytrap.io
+*
+* The interactive user interfaces in modified source and object code versions
+* of this program must display Appropriate Legal Notices, as required under
+* Section 5 of the GNU Affero General Public License version 3.
+*
+* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
+* these Appropriate Legal Notices must retain the display of the "Powered by
+* Honeytrap" logo and retain the original copyright notice. If the display of the
+* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
+* must display the words "Powered by Honeytrap" and retain the original copyright notice.
+ */
+package event
+
+import (
+	"net"
+)
+
+type Conn struct {
+	net.Conn
+
+	options []Option
+}
+
+func (ec *Conn) Options() Option {
+	return NewWith(ec.options...)
+}
+
+func WithConn(conn net.Conn, options ...Option) *Conn {
+	if innerConn, ok := conn.(*Conn); ok {
+		innerConn.options = append(innerConn.options, options...)
+		return innerConn
+	}
+
+	return &Conn{
+		Conn:    conn,
+		options: options,
+	}
+}

event/event_linux_amd64.go

@@ -0,0 +1,31 @@
+/*
+* Honeytrap
+* Copyright (C) 2016-2017 DutchSec (https://dutchsec.com/)
+*
+* This program is free software; you can redistribute it and/or modify it under
+* the terms of the GNU Affero General Public License version 3 as published by the
+* Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+* FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+* details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* version 3 along with this program in the file "LICENSE".  If not, see
+* <http://www.gnu.org/licenses/agpl-3.0.txt>.
+*
+* See https://honeytrap.io/ for more details. All requests should be sent to
+* licensing@honeytrap.io
+*
+* The interactive user interfaces in modified source and object code versions
+* of this program must display Appropriate Legal Notices, as required under
+* Section 5 of the GNU Affero General Public License version 3.
+*
+* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
+* these Appropriate Legal Notices must retain the display of the "Powered by
+* Honeytrap" logo and retain the original copyright notice. If the display of the
+* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
+* must display the words "Powered by Honeytrap" and retain the original copyright notice.
+ */
+package event

event/event_other.go

@@ -0,0 +1,33 @@
+// +build linux,!amd64 !linux
+
+/*
+* Honeytrap
+* Copyright (C) 2016-2017 DutchSec (https://dutchsec.com/)
+*
+* This program is free software; you can redistribute it and/or modify it under
+* the terms of the GNU Affero General Public License version 3 as published by the
+* Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+* FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+* details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* version 3 along with this program in the file "LICENSE".  If not, see
+* <http://www.gnu.org/licenses/agpl-3.0.txt>.
+*
+* See https://honeytrap.io/ for more details. All requests should be sent to
+* licensing@honeytrap.io
+*
+* The interactive user interfaces in modified source and object code versions
+* of this program must display Appropriate Legal Notices, as required under
+* Section 5 of the GNU Affero General Public License version 3.
+*
+* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
+* these Appropriate Legal Notices must retain the display of the "Powered by
+* Honeytrap" logo and retain the original copyright notice. If the display of the
+* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
+* must display the words "Powered by Honeytrap" and retain the original copyright notice.
+ */
+package event

event/map.go

@@ -63,6 +63,10 @@ func New(opts ...Option) Event {
 	e.sm.Store("date", time.Now())
 
 	for _, opt := range opts {
+		if opt == nil {
+			continue
+		}
+
 		opt(e)
 	}
 

listener/agent/agent.go

@@ -39,6 +39,7 @@ import (
 	"runtime"
 
 	"github.com/fatih/color"
+	"github.com/honeytrap/honeytrap/event"
 	"github.com/honeytrap/honeytrap/listener"
 	"github.com/mimoo/disco/libdisco"
 
@@ -184,8 +185,9 @@ func (al *agentListener) serv(c *conn2) {
 
 			conns.Add(ac)
 
-			al.ch <- ac
-		case *ReadWrite:
+			conn := event.WithConn(ac, event.Custom("agent", token))
+			al.ch <- conn
+		case *ReadWriteTCP:
 			conn := conns.Get(v.Laddr, v.Raddr)
 			if conn == nil {
 				continue

listener/agent/conn2.go

@@ -33,7 +33,9 @@ package agent
 import (
 	"encoding"
 	"encoding/binary"
+	"fmt"
 	"net"
+	"reflect"
 )
 
 func Conn2(c net.Conn) *conn2 {
@@ -66,14 +68,16 @@ func (c *conn2) receive() (interface{}, error) {
 		o = &Handshake{}
 	case TypeHandshakeResponse:
 		o = &HandshakeResponse{}
-	case TypeReadWrite:
-		o = &ReadWrite{}
+	case TypeReadWriteTCP:
+		o = &ReadWriteTCP{}
 	case TypeReadWriteUDP:
 		o = &ReadWriteUDP{}
 	case TypePing:
 		o = &Ping{}
 	case TypeEOF:
 		o = &EOF{}
+	default:
+		return nil, fmt.Errorf("Unsupported message receive type %d", msgType)
 	}
 
 	buff = make([]byte, 2)
@@ -108,12 +112,14 @@ func (c conn2) send(o encoding.BinaryMarshaler) error {
 		c.Conn.Write([]byte{uint8(TypeHandshakeResponse)})
 	case Ping:
 		c.Conn.Write([]byte{uint8(TypePing)})
-	case ReadWrite:
-		c.Conn.Write([]byte{uint8(TypeReadWrite)})
+	case ReadWriteTCP:
+		c.Conn.Write([]byte{uint8(TypeReadWriteTCP)})
 	case ReadWriteUDP:
 		c.Conn.Write([]byte{uint8(TypeReadWriteUDP)})
 	case EOF:
 		c.Conn.Write([]byte{uint8(TypeEOF)})
+	default:
+		return fmt.Errorf("Unsupported message type send %s", reflect.TypeOf(o))
 	}
 
 	data, err := o.MarshalBinary()