Canarytokens helps track activity and actions on your network.
Clone or download
Permalink
Failed to load latest commit information.
templates Remove global escape due to unexpected outcome Oct 17, 2018
.gitignore Add fix for self-xss Oct 17, 2018
LICENSE Switch LICENSE from BSD to GPLv3. Aug 8, 2017
README.md Add fix for self-xss Oct 17, 2018
authenticode.py Add tokens to EXEs and DLLs. May 12, 2016
caa_monkeypatch.py Add comments about the monkeypatch and make it more descriptive May 16, 2018
canarydrop.py Add Fast + Slow Redirect tokens Dec 18, 2017
channel.py Fix extra spaces in email links Aug 14, 2018
channel_dns.py Fix Canarytoken DNS alerts from mixed-case queries May 16, 2018
channel_http.py Remove unneeded print statements Feb 8, 2018
channel_input_bitcoin.py first commit Jul 30, 2015
channel_input_imgur.py Imgur checks moved into async web client. Feb 21, 2017
channel_input_linkedin.py first commit Jul 30, 2015
channel_input_smtp.py Cast origin email to a string to be JSON serialisable Oct 1, 2016
channel_output_email.py EMail via SMTP Output Channel (#23) Oct 9, 2018
channel_output_twilio.py Fix for public domain Apr 12, 2016
channel_output_webhook.py Added some minor UI changes Jul 26, 2017
constants.py Added Webhook functionality for alerts and fixed UI checks Aug 30, 2016
exception.py first commit Jul 30, 2015
frontend.tac first commit Jul 30, 2015
httpd_site.py Remove global escape due to unexpected outcome Oct 17, 2018
linkedin.py first commit Jul 30, 2015
log.py Add ability to specify custom log observer Feb 5, 2018
msword.py Corrected old URL name. Jul 31, 2015
pdfgen.py first commit Jul 30, 2015
pic.jpg first commit Jul 30, 2015
queries.py Add fix for self-xss Oct 17, 2018
redismanager.py Fix for tor exit node check causing timeouts Jan 24, 2017
requirements.txt Add support for email alerts through sendgrid email service (#10) Apr 6, 2017
root-ca.conf Add tokens to EXEs and DLLs. May 12, 2016
settings.py Add fix for self-xss Oct 17, 2018
setup_db.py GeoIP maps and information on triggered tokens. Aug 31, 2016
sign_file.py Add tokens to EXEs and DLLs. May 12, 2016
smtpd.tac Add functionality to download Canarytoken incident history as JSON an… Aug 10, 2018
switchboard.py final fix for type field and alerts. Mar 4, 2017
switchboard.tac Add comments about the monkeypatch and make it more descriptive May 16, 2018
t-sql.txt first commit Jul 30, 2015
tokens.py first commit Jul 30, 2015
users.py Added history and browser scanner Aug 31, 2016
ziplib.py first commit Jul 30, 2015

README.md

Canarytokens

by Thinkst Applied Research

Overview

Canarytokens helps track activity and actions on your network.

Installation

We recommend the Docker image installation process.

Configuration

The Canarytokens server can use many different settings configurations. You can find them in settings.py. There are two main settings files: frontend.env and switchboard.env.

The frontend.env contains the frontend process settings such as:

  • CANARY_DOMAINS=mytesttokensdomain.com
  • CANARY_NXDOMAINS=pdf.demo.canarytokens.net
  • CANARY_AWSID_URL=
  • CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads
  • CANARY_GOOGLE_API_KEY=
  • LOG_FILE=frontend.log

The switchboard.env contains the switchboard process settings such as:

  • CANARY_MAILGUN_DOMAIN_NAME=
  • CANARY_MAILGUN_API_KEY=
  • CANARY_MANDRILL_API_KEY=
  • CANARY_SENDGRID_API_KEY=
  • CANARY_PUBLIC_IP=
  • CANARY_PUBLIC_DOMAIN=
  • CANARY_ALERT_EMAIL_FROM_ADDRESS=noreply@yourdomain.com
  • CANARY_ALERT_EMAIL_FROM_DISPLAY="Canarytoken Mailer"
  • CANARY_ALERT_EMAIL_SUBJECT="Alert"
  • CANARY_SMTP_USERNAME=
  • CANARY_SMTP_PASSWORD=
  • CANARY_SMTP_SERVER=smtp.gmail.com
  • CANARY_SMTP_PORT=587
  • CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads
  • LOG_FILE=switchboard.log

Please note that when choosing which email provider you would like to use, you MUST only provide information related to that provider. E.g. if you have CANARY_MAILGUN_API_KEY then you must remove the others such as CANARY_SENDGRID_API_KEY and CANARY_MANDRILL_API_KEY.

Lastly, we have added the ability to specify your own AWSID lambda so that you may host your own. The setting is placed in frontend.env under CANARY_AWSID_URL. If this value is not specified, it will use our default hosted lambda.