Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Words

  • Loading branch information...
commit 0d95026660f4c536fb7dda51a6b92a86755bb97b 1 parent a85d0a2
Josep M. Bach authored January 06, 2011

Showing 1 changed file with 16 additions and 16 deletions. Show diff stats Hide diff stats

  1. 32  Readme.md
32  Readme.md
Source Rendered
@@ -6,7 +6,7 @@
6 6
          .--'-`-.     _((_ `^--' /_<  \
7 7
        .+|______|__.-||__)`-'(((/  (((/
8 8
 
9  
-Catch hackers on the fly with micetrap!
  9
+Catch hackers on the fly with *micetrap*!
10 10
 
11 11
 Micetrap opens a server on either a given or random port, emulating fake
12 12
 vulnerable services. Port scanners such as Nmap, when fingerprinting ports
@@ -15,7 +15,7 @@ responses from common services such as FTP, HTTP or MySQL servers,
15 15
 therefore misleading potential attackers with false information.
16 16
 
17 17
 Depending on the operating system you are using, micetrap will try its best
18  
-to +look feasible+ by choosing the appropriate fake services and versions
  18
+to _look feasible_ by choosing the appropriate fake services and versions
19 19
 to emulate. Whenever possible, micetrap will provide a bit outdated versions
20 20
 which are more likely to be vulnerable, and thus making the attacker focus
21 21
 on those ports. While the attacker tries to exploit these ports, she is
@@ -29,11 +29,11 @@ which may give you advantage at tricking a smart attacker.
29 29
 
30 30
 ##Install
31 31
 
32  
-   gem install micetrap
  32
+    gem install micetrap
33 33
 
34 34
 ...or, if you want to be able to use it with sudo:
35 35
 
36  
-   sudo gem install micetrap
  36
+    sudo gem install micetrap
37 37
 
38 38
 Micetrap currently runs on Ruby versions 1.8.7 and 1.9.2.
39 39
 
@@ -41,13 +41,13 @@ Micetrap currently runs on Ruby versions 1.8.7 and 1.9.2.
41 41
 
42 42
 Just fire up the server with some fake service, such an ftp server:
43 43
 
44  
-   micetrap ftp --port 8765
  44
+    micetrap ftp --port 8765
45 45
 
46 46
 If everything is ok, you will see something like this:
47 47
 
48  
-   (some timestamp) ::: Ftp trap listening on ::ffff:0.0.0.0:8765 :::
  48
+    (some timestamp) ::: Ftp trap listening on ::ffff:0.0.0.0:8765 :::
49 49
 
50  
-TL;DR: Most port scanners such as _nmap_ have some kind of fingerprinting
  50
+TL;DR: Most port scanners such as *nmap* have some kind of fingerprinting
51 51
 capabilities. This means that, in order to discover which services and
52 52
 versions run behind a specific port, they send special packets or _probes_
53 53
 which make different services and versions react differently. By capturing
@@ -59,24 +59,24 @@ respond with a welcome banner telling interesting stuff about them. Micetrap
59 59
 only responds to those early blank probes. Let's try to port-scan this fake
60 60
 ftp service with nmap fingerprinting:
61 61
 
62  
-   nmap 127.0.0.1 -p 8765 -A
  62
+    nmap 127.0.0.1 -p 8765 -A
63 63
 
64 64
 We are scanning localhost, port 8765, and -A means service version detection
65 65
 and OS guessing. After a while, in our micetrap server terminal we see:
66 66
 
67  
-   (timestamp) Recorded a probe coming from ::ffff:127.0.0.1:51082 containing
68  
-   the following: (empty line)
  67
+    (timestamp) Recorded a probe coming from ::ffff:127.0.0.1:51082 containing
  68
+    the following: (empty line)
69 69
 
70  
-   (timestamp) ::: Responded misleadingly: let's drive those hackers nuts! :::
  70
+    (timestamp) ::: Responded misleadingly: let's drive those hackers nuts! :::
71 71
 
72 72
 These gets logged inside a .log file within the current directory.
73 73
 And in the nmap terminal:
74 74
 
75  
-   Starting Nmap 5.35DC1 ( http://nmap.org ) at (timestamp)
76  
-   Nmap scan report for localhost (127.0.0.1)
77  
-   Host is up (0.00017s latency).
78  
-   PORT     STATE SERVICE VERSION
79  
-   8765/tcp open  ftp     Mac OS X Server ftpd
  75
+    Starting Nmap 5.35DC1 ( http://nmap.org ) at (timestamp)
  76
+    Nmap scan report for localhost (127.0.0.1)
  77
+    Host is up (0.00017s latency).
  78
+    PORT     STATE SERVICE VERSION
  79
+    8765/tcp open  ftp     Mac OS X Server ftpd
80 80
 
81 81
 The faked service/version is random (you can start an ftp server which looks
82 82
 like lukemftpd, Mac OS X server ftpd or PureFTPd for example), but it is

0 notes on commit 0d95026

Please sign in to comment.
Something went wrong with that request. Please try again.