Skip to content
Newer
Older
100755 62 lines (46 sloc) 2.56 KB
8cacb9c @txus Gracefully exit, and show some nice banner
authored Jan 6, 2011
1 #!/usr/bin/env ruby
b1de0ee @txus first commit
authored Jan 4, 2011
2 $LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
3
0660075 @txus Services
authored Jan 6, 2011
4 require 'trollop' unless defined?(Trollop)
b1de0ee @txus first commit
authored Jan 4, 2011
5 require 'micetrap'
6 require 'micetrap/version'
7
8 SERVICES = Micetrap.services
9
10 opts = Trollop::options do
11 version "micetrap #{Micetrap::VERSION} (c) 2011 Josep M. Bach"
12 banner <<-EOS
13 Micetrap opens a server on either a given or random port, emulating fake
14 vulnerable services. Port scanners such as Nmap, when fingerprinting ports
15 to discover service names and versions, will get apparently legitimate
16 responses from common services such as FTP, HTTP or MySQL servers,
17 therefore misleading potential attackers with false information.
18
19 Depending on the operating system you are using, micetrap will try its best
20 to +look feasible+ by choosing the appropriate fake services and versions
21 to emulate. Whenever possible, micetrap will provide a bit outdated versions
22 which are more likely to be vulnerable, and thus making the attacker focus
23 on those ports. While the attacker tries to exploit these ports, she is
24 essentially sending certain packets -- which get properly captured and
25 logged my micetrap. This information might be useful to discover what kind
26 of attacks are being tried against your machine, therefore giving you time
27 and the opportunity to defend appropriately.
28
29 Fire up a simple ftp micetrap like this:
30
31 sudo micetrap ftp
32
33 Running it with sudo will allow you to use default, unsuspicious ports,
34 which may give you advantage at tricking a smart attacker.
35
8cacb9c @txus Gracefully exit, and show some nice banner
authored Jan 6, 2011
36 If you don't want to use system ports, you can run micetrap without having
37 root privileges like this:
38
39 micetrap ftp --port 9999 (or whatever non-system port you like)
40
0660075 @txus Services
authored Jan 6, 2011
41 The available services are are:
42 #{SERVICES.join(', ')}
b1de0ee @txus first commit
authored Jan 4, 2011
43
44 Usage:
45 [sudo] micetrap <service> [options]
46
47 where [options] are:
48 EOS
0660075 @txus Services
authored Jan 6, 2011
49 opt :port, "A specific port to use", :default => nil, :type => :integer
b1de0ee @txus first commit
authored Jan 4, 2011
50 stop_on SERVICES
51 end
52
0660075 @txus Services
authored Jan 6, 2011
53 service = ARGV.shift.to_sym
b1de0ee @txus first commit
authored Jan 4, 2011
54 Trollop::die "You need to specify a service, which must be one of the following: #{SERVICES.join(', ')}\n\nMaybe you just feel a bit lost.." unless SERVICES.include?(service)
55
8cacb9c @txus Gracefully exit, and show some nice banner
authored Jan 6, 2011
56 # Show a nice banner
57 ANSI = {:RESET=>"\e[0m", :BOLD=>"\e[1m", :UNDERLINE=>"\e[4m", :LGRAY=>"\e[0;37m", :GRAY=>"\e[1;30m", :RED=>"\e[31m", :GREEN=>"\e[32m", :YELLOW=>"\e[33m", :BLUE=>"\e[34m", :MAGENTA=>"\e[35m", :CYAN=>"\e[36m", :WHITE=>"\e[37m"}
58
59 puts "Starting #{ANSI[:BOLD]}Micetrap#{ANSI[:RESET]}..."
60 puts "Loading fake #{ANSI[:RED]}#{service}#{ANSI[:RESET]} server... (press Ctrl-C to exit)\n"
0660075 @txus Services
authored Jan 6, 2011
61 Micetrap::Server.new(opts.update(:service => service)).fire!
Something went wrong with that request. Please try again.