/
slipm-honeypot
executable file
·131 lines (112 loc) · 3.53 KB
/
slipm-honeypot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash
# slipm-honeypot
BLUE='\e[1;34m'
YELLOW='\e[1;33m'
RED='\e[1;31m'
END='\e[0m'
INFO="[${BLUE}+${END}]"
LOG="[x]"
ERR="[${RED}!${END}]"
depends=( bash chmod nc tshark sudo notify-send )
echo >&2
echo -e "Welcome to Slipm ${YELLOW}honey${END}pot, version 0.1! :)" >&2
echo >&2
[[ -d /tmp/slipm/ ]] || mkdir -p /tmp/slipm
trapme() {
echo -e "$LOG Buh bye!"
rm -f /tmp/slipm-pluginshandler
kill -9 $(cat /tmp/slipm.lck 2>/dev/null) 2>/dev/null
rm -f /tmp/slipm.lck
killall -CONT slipm-pluginshandler &&
(killall -9 slipm-pluginshandler || sudo killall -9 slipm-pluginshandler)
pidof nc && (killall -9 nc || sudo killall -9 nc)
killall -9 $(basename $0)
exit
}
[[ $1 == "--stop" ]] && echo "[x] Stopping the honeypot." && trapme
[[ -f /tmp/slipm.lck ]] && echo "Slipm honeypot is already running!" && exit 1
echo -e "$LOG Slipm honeypot started $(date)"
fail() {
echo -e "$ERR $1" >&2
echo -e "$LOG Slipm honeypot terminated with error 1, $(date)"
trapme
exit 1
}
makeph() {
local f=/tmp/slipm-pluginshandler
echo '#!/bin/bash' > $f
echo "sudo -u $USER $notify \"Possible attack detected!\nPlugin: \$1\nLive logs: $logdir\"" >> $f
echo "tshark -i $interface -w \"$logdir/\$(date +%s)_\$1.pcap\" &" >> $f
echo "source \"\$2/\$1.sh\"" >> $f
echo "start 2>\"$logdir/\$(date +%s)_\$1.log\"" >> $f
chmod +x /tmp/slipm-pluginshandler
}
usertrap() {
echo "$LOG Interrupted by user. Exiting..."
echo "$LOG Slipm honeypot terminated by user, $(date)"
echo "$LOG Buh bye!"
rm -f /tmp/slipm-pluginshandler
rm -f /tmp/slipm.lck
exit 0
}
watchloop() {
while true; do
$4 nc -vv $2 -l $3 -e "/tmp/slipm-pluginshandler '$1' \
'$pluginsdir'" 2>"$logdir/$(date +%s)_nc.log"
done
}
trap usertrap INT HUP
trap trapme USR1
echo $BASHPID > /tmp/slipm.lck
echo -e "$INFO Reading configuration..." >&2
if [[ -r slipm.conf ]]; then
source slipm.conf || fail "Invalid configuration file. :("
elif [[ -r ~/.slipm.conf ]]; then
source ~/.slipm.conf || fail "Invalid configuration file. :("
elif [[ -r /etc/slipm/slipm.conf ]]; then
source /etc/slipm/slipm.conf || fail "Invalid configration file. :("
else
fail "No configuration file found. :("
fi
for bin in ${depends[@]}; do
if [[ -x "$(which $bin 2>/dev/null)" ]]; then
continue
else
fail "The required program '$bin' is not in your \$PATH."
fi
done
if [[ -d $pluginsdir ]]; then
ls "$pluginsdir/"*.sh >/dev/null 2>/dev/null || fail "No plugins in \$pluginsdir!"
else
fail "\$pluginsdir does not exist, or is not a directory!"
fi
makeph
counter=0
for plugin in ${plugins[@]}; do
echo -e "$LOG Initializing plugin: $plugin"
if [[ -x $pluginsdir/$plugin.sh ]]; then
source "$pluginsdir/$plugin.sh" || fail "Invalid plugin: $plugin"
if [[ $tcp == "1" ]]; then
ncproto="-t"
else
ncproto="-u"
fi
if [[ $port -le 1024 ]]; then
echo -e "$INFO Initializing sudo. You maybe asked for your password."
sudo -v
run=sudo
ncport="-p $port $ncopts"
elif [[ $port -le 65535 && $port -ge 1025 ]]; then
ncport="-p $port $ncopts"
run=
else
fail "Invalid port ($port) in plugin: $plugin"
fi
watchloop "$plugin" "$ncproto" "$ncport" "$run" &
echo " '--> Done."
let counter=$counter+1
else
fail "Initializing plugin failed!"
fi
done
echo -e "$LOG $counter plugins initialized."