GithubHelp home page GithubHelp logo

ipola / chameleon Goto Github PK

View Code? Open in Web Editor NEW

This project forked from qeeqbox/chameleon

0.0 1.0 0.0 1.21 MB

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)

License: GNU Affero General Public License v3.0

Dockerfile 0.81% Python 96.96% Shell 2.23%

chameleon's Introduction

Generic badge Generic badge Generic badge Generic badge

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET and Postgres and MySQL)

Grafana Interface

NMAP Scan

Credentials Monitoring

General Features

  • Modular approach (honeypots run as scripts or imported as objects)
  • Most honeypots serve as servers (Only a few that emulate the application layer protocols)
  • Settings servers with username, password and banner (Default username and password are test)
  • ICMP, DNS TCP and UDP payloads are parsed and check against common patterns
  • Visualized Grafana interfaces for monitoring the results (Filter by IP - default is all)
  • Unstructured and structured logs are parsed and inserted into Postgres
  • All honeypots contain clients for testing the servers
  • All ports are opened and monitored by default
  • Easy automation and can be deployed on AWS ec2
  • & More features to Explore

Install and run

On ubuntu 18 or 19 System (Auto-configure)

git clone https://github.com/qeeqbox/chameleon.git
cd chameleon
chmod +x ./run.sh
./run.sh auto_configure

The Grafana interface http://localhost:3000 will open automatically after finishing the initialization process (username is changeme457f6460cb287 and passowrd is changemed23b8cc6a20e0). If you don't see Chameleon dashboard, click on the search icon in the left bar and add it.

Wait for a few seconds until honeypot shows the IP address

...
honeypot_1  | Your IP: 172.19.0.3
honeypot_1  | Your MAC: 09:45:aa:23:10:03
...

You can interact with the honeypot from your local system

ping 172.19.0.3
or run any network tool against it
nmap 172.19.0.3

On ubuntu 18 or 19 System (Auto-configure test)

git clone https://github.com/qeeqbox/chameleon.git
cd chameleon
chmod +x ./run.sh
./run.sh auto_configure_test

The Grafana interface http://localhost:3000 will open automatically after finishing the initialization process (username is admin and passowrd is admin). If you don't see Chameleon dashboard, click on the search icon in the left bar and add it

Or, import your desired non-blocking server as object (SSH Server)

copy ssh_server.py to your folder
# ip= String E.g. 0.0.0.0
# port= Int E.g. 9999
# username= String E.g. Test
# password= String E.g. Test
# mocking= Boolean or String E.g OpenSSH 7.0
# logs= String E.g db, terminal or all
# --------------------------------------------------------------------
# always remember to add process=true to run_server() for non-blocking

from ssh_server import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
qsshserver.test_server(port=9999)
qsshserver.kill_server()
ssh [email protected]
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]

Or, docker stanalone simple

git clone https://github.com/qeeqbox/chameleon.git
cd chameleon
# choose which honeypot http, https, ssh etc and use -p in docker for the ports
docker build -t honeypot ./honeypot/. && docker run -p 9999:9999 -p 9998:9998 -it honeypot --mode normal --servers "ssh:9999 http:9998"

If you don't see Chameleon dashboard, click on the search icon in the left bar and add it

Raspberry Pi 3B+ (setup zram first to avoid lockups)

Requirements (Servers only)

apt-get update -y && apt-get install -y iptables-persistent tcpdump nmap iputils-ping python python-pip python-psycopg2 lsof psmisc dnsutils
pip install scapy==2.4.4 netifaces==0.10.9 pyftpdlib==1.5.6 sqlalchemy==1.3.23 pyyaml==5.4.1 paramiko==2.7.1 impacket==0.9.22 twisted==20.3.0 psutil==5.8.0 requests==2.25.1 redis==3.5.3 mysql-connector-python==8.0.23 pygments==2.5.2
pip install -U requests[socks]
pip install -Iv rsa==4.0
pip install rdpy==1.3.2

Current Servers/Emulators

  • DNS (Server using Twisted)
  • HTTP Proxy (Server using Twisted)
  • HTTP (Server using Twisted)
  • HTTPS (Server using Twisted)
  • SSH (Server using socket)
  • POP3 (Server using Twisted)
  • IMAP (Server using Twisted)
  • STMP (Server using smtpd)
  • RDP (Server using Twisted)
  • SMB (Server using impacket)
  • SOCK5 (Server using socketserver)
  • TELNET (Server using Twisted)
  • VNC (Emulator using Twisted)
  • Postgres (Emulator using Twisted)
  • Redis (Emulator using Twisted)
  • Mysql (Emulator using Twisted)
  • Elasticsearch (Coming..)
  • Oracle (Coming..)
  • ldap (maybe)

Changes

  • 2020.V.01.05 added mysql
  • 2020.V.01.04 added redis
  • 2020.V.01.03 switched ftp servers to twisted
  • 2020.V.01.02 switched http and https servers to twisted
  • 2020.V.01.02 Fixed changing ip in grafana interface

Roadmap

  • Refactoring logging
  • Fixing logger
  • Code Cleanup
  • Switching some servers to twisted
  • Adding graceful connection close (error response)
  • Implementing the rest of servers
  • Adding some detection logic to the sinffer
  • Adding a control panel

Resources

Twisted, documentation, Impacket, documentation, Grafana, documentation, Expert, Twisted, robertheaton

Other Licenses

By using this framework, you are accepting the license terms of all these packages: grafana, tcpdump, nmap, psycopg, dnsutils, scapy, netifaces, pyftpdlib, sqlalchemy, pyyaml, paramiko, impacket, rdpy, psutil, requests, FreeRDP, SMBClient, tigervnc

Articles

kitploit redteaming.net my-infosec-awesome

Disclaimer\Notes

  • Do not deploy without proper configuration
  • Setup some security group rules and remove default credentials
  • Almost all servers and emulators are stripped-down - You can adjust that as needed
  • Please let me know if i missed a resource or dependency

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.