phype / telnet-iot-honeypot Goto Github PK
View Code? Open in Web Editor NEWPython telnet honeypot for catching botnet binaries
Python telnet honeypot for catching botnet binaries
Hey man, saw you released a new version and tough to give it a try, but im currenlty having some issues.
First one is, its trying to upload the samples and vt recognizes the api calls, but 0 files were correctly submitted to it, there are no errors at all so i can tell you much more about it sadly.
Next thing which maybe has to do with the first issue is, when i browse to Samples on the Webpage it just shows me this:
Error
View not found.
Go to index
Errors showing up:
backend.py:
https://pastebin.com/f2rKkgF6
honeypot.py:
2017-10-06 10:11:47 session.py:38 New Session
2017-10-06 10:11:47 telnet.py:97 Setting timeout to 15.0 seconds
2017-10-06 10:11:50 session.py:53 Session login: user=root password=hi
2017-10-06 10:11:54 session.py:126 DOWNLOAD URL http://google.de
2017-10-06 10:12:00 telnet.py:132 Connection closed
2017-10-06 10:12:00 session.py:58 Session End
URLS GATHARED: ['http://google.de']
2017-10-06 10:12:00 client.py:26 Backend upload failed, retrying ()
And if i try to wget another domain:
backend.py:
https://pastebin.com/TXpXEWf6
honeypot.py:
2017-10-06 10:16:24 session.py:38 New Session
2017-10-06 10:16:24 telnet.py:97 Setting timeout to 15.0 seconds
2017-10-06 10:16:26 session.py:53 Session login: user=wioejfiowef password=wjiefjwoiefj
2017-10-06 10:16:29 session.py:126 DOWNLOAD URL http://swag.com
2017-10-06 10:16:30 telnet.py:132 Connection closed
2017-10-06 10:16:30 session.py:58 Session End
URLS GATHARED: ['http://swag.com']
2017-10-06 10:16:31 client.py:26 Backend upload failed, retrying ()
Traceback (most recent call last):
File "/var/www/html/memez/telnet-iot-honeypot/honeypot/telnet.py", line 74, in handle
sess.loop()
File "/var/www/html/memez/telnet-iot-honeypot/honeypot/telnet.py", line 134, in loop
self.session.end()
File "/var/www/html/memez/telnet-iot-honeypot/honeypot/session.py", line 65, in end
self.samples.put_session(self)
File "/var/www/html/memez/telnet-iot-honeypot/honeypot/sampledb_client.py", line 38, in put_session
upload_req = self.back.put_session(session_obj)
File "/var/www/html/memez/telnet-iot-honeypot/honeypot/client.py", line 27, in put_session
return self.put_session(session, False)
File "/var/www/html/memez/telnet-iot-honeypot/honeypot/client.py", line 30, in put_session
raise IOError(msg)
IOError
Hopefully you can help me out again with this :)
Hello,
Could you add hpfeeds support for this honeypot?
~/telnet-iot-honeypot/vagrant# vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'ubuntu/xenial64' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 5000 (guest) => 5000 (host) (adapter 1)
default: 2223 (guest) => 2223 (host) (adapter 1)
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
The guest machine entered an invalid state while waiting for it
to boot. Valid states are 'starting, running'. The machine is in the
'gurumeditation' state. Please verify everything is configured
properly and try again.
If the provider you're using has a GUI that comes with it,
it is often helpful to open that and watch the machine, since the
GUI often has more helpful error messages than Vagrant can retrieve.
For example, if you're using VirtualBox, run `vagrant up` while the
VirtualBox GUI is open.
The primary issue for this error is that the provider you're using
is not properly configured. This is very rarely a Vagrant issue.
ERROR: Could not find a version that satisfies the requirement bidict>=0.21.0 (from python-socketio>=5.0.2->flask-socketio->-r requirements.txt (line 5)) (from versions: 0.1.5, 0.2.1, 0.3.0, 0.3.1, 0.9.0rc0, 0.9.0.post1, 0.10.0, 0.10.0.post1, 0.11.0, 0.12.0.post1, 0.13.0, 0.13.1, 0.14.0, 0.14.1, 0.14.2, 0.15.0.dev0, 0.15.0.dev1, 0.15.0rc1, 0.15.0, 0.16.0, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5, 0.18.0, 0.18.1, 0.18.2, 0.18.3, 0.18.4)
ERROR: No matching distribution found for bidict>=0.21.0 (from python-socketio>=5.0.2->flask-socketio->-r requirements.txt (line 5))
WARNING: You are using pip version 20.0.2; however, version 20.3.4 is available.
You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command.
The command '/bin/sh -c pip install --no-cache-dir -r requirements.txt' returned a non-zero code: 1
ERROR: Service 'backend' failed to build : Build failed
At the end of the deployment ...
Hello.
Has anyone have experience with demonizing Python scripts "backend.py" and "honeypot.py"? Longterm runnning telnet-iot-honeypot in "screen" is not right way, and after some time scripts result in errors.
Thanks for replyes.
How can I connect the honneypot to the internet in order to catch botnet ?
Hi, although I see the db filling with data and samples are downloaded, I see no data in my webinterface appearing.
Also the generated admin account with random pwd from the config.yaml don't work when i want to login on the admin page of the web-interface.
Any suggestions on how to get these fixed please?
Starting to notice the following over and over which requires me to shutdown and restart backend.py. Sometimes backend.py stays up for a few minutes before the error is seen and sometimes backend.py stays up for days before the error appears. When the error does appear the connection to the database is cut off and the web interface becomes unresponsive.
Any idea?
- - [08/Aug/2019 00:13:49] "PUT /conns HTTP/1.1" 500 -
Error on request:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/werkzeug/serving.py", line 270, in run_wsgi
execute(self.server.app)
File "/usr/local/lib/python2.7/dist-packages/werkzeug/serving.py", line 261, in execute
write(data)
File "/usr/local/lib/python2.7/dist-packages/werkzeug/serving.py", line 227, in write
self.send_header(key, value)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 412, in send_header
self.wfile.write("%s: %s\r\n" % (keyword, value))
IOError: [Errno 32] Broken pipe
Cloned the project on my debian server and executed the main.py:
python main.py
Traceback (most recent call last):
File "main.py", line 13, in
from sampledb_client import Sampledb
File "/var/www/html/telnet-iot-honeypot/sampledb_client.py", line 1, in
import client
File "/var/www/html/telnet-iot-honeypot/client.py", line 5, in
from config import config
ImportError: No module named config
Failed to load resource: the server responded with a status of 404 (Not Found)
This is for all pages like /login/, /connection/ etc.
Hi,
Is it possible get log files?
Thanks,
Best regards
When I try to run backend.py
I get:
Traceback (most recent call last):
File "backend.py", line 1, in <module>
from backend.backend import app
File "/home/telnet-honeypot/telnet-iot-honeypot/backend/backend.py", line 3, in <module>
from db import get_db
File "/home/telnet-honeypot/telnet-iot-honeypot/backend/db.py", line 11, in <module>
from util.config import config
File "/home/telnet-honeypot/telnet-iot-honeypot/util/config.py", line 9, in <module>
config = json.loads(data)
File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Expecting property name: line 4 column 2 (char 27)
My config:
{
"use_local_db": true,
//"user": "testuser",
//"backend": "http://localhost:5000",
//"sql": "mysql+mysqldb://telhoney:xTAqFLqJ2AxAGDgV@localhost/telhoney",
"max_db_conn": 1,
"sql": "sqlite:///IoT.sqlite",
"sample_dir": "samples",
"save_samples": true,
"vt_key": "[..]"
}
I fixed:
2018-01-22 20:21:32 session.py:22 New Session
Traceback (most recent call last):
File "/root/telnet-iot-honeypot/honeypot/telnet.py", line 75, in handle
sess.loop()
File "/root/telnet-iot-honeypot/honeypot/telnet.py", line 96, in loop
self.session = Session(self.send_string, self.remote[0])
File "/root/telnet-iot-honeypot/honeypot/session.py", line 26, in __init__
self.record = SessionRecord()
File "/root/telnet-iot-honeypot/honeypot/sampledb_client.py", line 51, in __init__
self.back = get_backend()
File "/root/telnet-iot-honeypot/honeypot/sampledb_client.py", line 14, in get_backend
if _BACKEND:
UnboundLocalError: local variable '_BACKEND' referenced before assignment
with:
~/telnet-iot-honeypot/honeypot/sampledb_client.py
def get_backend():
try:
_BACKEND
except:
_BACKEND = None
but still have problems:
adam@megazord:~$ telnet 46.X.X.X 2223
Trying 46.X.X.X...
Connected to 46.X.X.X.
Escape character is '^]'.
Login: test
Password: test
Welcome to EmbyLinux 3.13.0-24-generic
# w
sh: syntax error near unexpected token ` '
# sh
sh: syntax error near unexpected token ` '
# Connection closed by foreign host.
adam@megazord:~$ nc 46.X.X.X 2223
���Login: sert
Password: sdf
Welcome to EmbyLinux 3.13.0-24-generic
# w
sh: syntax error near unexpected token ` '
# who
sh: syntax error near unexpected token ` '
#
# python honeypot.py
2018-01-22 20:46:44 telnet.py:57 Socket open on port 2223
2018-01-22 20:47:07 telnet.py:72 Client connected at ('176.X.X.X', 18262)
2018-01-22 20:47:07 session.py:22 New Session
2018-01-22 20:47:07 telnet.py:98 Setting timeout to 15.0 seconds
2018-01-22 20:47:09 session.py:35 Session login: user=test password=test
2018-01-22 20:47:11 session.py:84 Could not parse "w"
2018-01-22 20:47:12 session.py:84 Could not parse "sh"
2018-01-22 20:47:27 telnet.py:130 Connection timed out
2018-01-22 20:47:27 session.py:63 Session End
2018-01-22 21:05:06 telnet.py:72 Client connected at ('176.X.X.X', 49579)
2018-01-22 21:05:06 session.py:22 New Session
2018-01-22 21:05:06 telnet.py:98 Setting timeout to 15.0 seconds
2018-01-22 21:05:09 session.py:35 Session login: user=sert password=sdf
2018-01-22 21:05:10 session.py:84 Could not parse "w"
2018-01-22 21:05:11 session.py:84 Could not parse "who"
2018-01-22 21:05:26 telnet.py:130 Connection timed out
2018-01-22 21:05:26 session.py:63 Session End
I use mysql and have data in:
mysql> select * from conns;
OS:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
BTW, what password is on backend? from config and database:
mysql> select * from users;
both don't work, there is also backend_salt
in config, not only backend_user
and backend_pass
...
@Phype Are you planning Py3 support?
Is anybody aware about the required dependencies?
I tried but everytime I have an installation issue, which requires an installation through pip install. I tried to run it through a Ubuntu 14.
Thank you!
in the config.yaml it gives me the login but it doesnt work in admin area how do i fix
I have in config:
backend_user: "admin"
backend_pass: "pzBcmEC1gQ"
backend_salt: "GgZgZXf0PU"
(passwords are not same as there)
and this credentials don't work in Administration Area
, I got Bad credentials
, also from
config.yaml
:
# This file was autogenerated
backend_user: "admin"
backend_pass: "..."
backend_salt: "..."
backend_user
and backend_pass
are not working... anyway there are not any informations on website so I guess it just don't use same config file because data is in database...
Ubuntu 16.04.2 LTS
Cloned and manually installed the current version using the steps on the website:
apt-get install -y python-pip libmysqlclient-dev python-mysqldb git sqlite3
git clone https://github.com/Phype/telnet-iot-honeypot.git
cd telnet-iot-honeypot
pip install -r requirements.txt
sudo apt-get install python-setuptools python-werkzeug
python-flask python-flask-httpauth python-sqlalchemy
python-requests python-decorator python-dnspython
python-ipaddress python-simpleeval python-yaml
bash create_config.sh
python backend.py
python honeypot.py
The backend and honey front-end start successfully.
I can successfully access the front-end at http://localhost:5000.
I attempted to telnet using "telnet 127.0.0.1 2323" and the session was successful.
I ended the telnet session but no data is pushed to the database.
Data is pushed to the logfile I configured in config.dist.yaml.
The following error on the honeypot.py terminal after closing the telnet session:
~/telnet-iot-honeypot$ python honeypot.py
/home/atr/.local/lib/python2.7/site-packages/requests/init.py:83: RequestsDependencyWarning: Old version of cryptography ([1, 2, 3]) may cause slowdown.
warnings.warn(warning, RequestsDependencyWarning)
2019-03-08 08:01:53 telnet.py:86 Socket open on :2323
2019-03-08 08:02:00 telnet.py:99 Client connected at ('127.0.0.1', 58430)
2019-03-08 08:02:00 session.py:24 New Session
2019-03-08 08:02:00 telnet.py:127 Setting timeout to 60 seconds
2019-03-08 08:02:09 session.py:37 Session login: user=aaa password=aaa
2019-03-08 08:02:26 telnet.py:161 Connection closed
2019-03-08 08:02:26 session.py:68 Session End
2019-03-08 08:02:26 client.py:44 Backend upload failed, retrying ()
Unhandled exception in thread started by <bound method TelnetSess.loop of <honeypot.telnet.TelnetSess instance at 0x7fb164e4b0e0>>
Traceback (most recent call last):
File "/home/atr/telnet-iot-honeypot/honeypot/telnet.py", line 163, in loop
self.session.end()
File "/home/atr/telnet-iot-honeypot/honeypot/session.py", line 76, in end
self.record.commit()
File "/home/atr/telnet-iot-honeypot/honeypot/sampledb_client.py", line 134, in commit
upload_req = self.back.put_session(self.json())
File "/home/atr/telnet-iot-honeypot/honeypot/client.py", line 45, in put_session
return self.put_session(session, False)
File "/home/atr/telnet-iot-honeypot/honeypot/client.py", line 48, in put_session
raise
And this is the error on the screen running backend.py:
~/telnet-iot-honeypot$ python backend.py
/home/atr/.local/lib/python2.7/site-packages/requests/init.py:83: RequestsDependencyWarning: Old version of cryptography ([1, 2, 3]) may cause slowdown.
warnings.warn(warning, RequestsDependencyWarning)
Creating/Connecting to DB
DB Setup done
File "/home/atr/telnet-iot-honeypot/backend/db.py", line 31, in db_wrapper
return func(*args, **kwargs)
File "/home/atr/telnet-iot-honeypot/backend/clientcontroller.py", line 230, in put_session
range = self.get_ip_range(conn.ip)
File "/home/atr/telnet-iot-honeypot/backend/clientcontroller.py", line 168, in get_ip_range
return self.get_ip_range_online(ip)
File "/home/atr/telnet-iot-honeypot/backend/clientcontroller.py", line 156, in get_ip_range_online
range.country = addinfo["country"]
TypeError: 'NoneType' object has no attribute 'getitem'
127.0.0.1 - - [08/Mar/2019 08:03:02] "PUT /conns HTTP/1.1" 500 24562 0.103092
(12730) accepted ('127.0.0.1', 42706)
Traceback (most recent call last):
File "/home/atr/.local/lib/python2.7/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/home/atr/.local/lib/python2.7/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/home/atr/.local/lib/python2.7/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/home/atr/.local/lib/python2.7/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/atr/.local/lib/python2.7/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/atr/.local/lib/python2.7/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/home/atr/.local/lib/python2.7/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functionsrule.endpoint
File "/home/atr/.local/lib/python2.7/site-packages/flask_httpauth.py", line 104, in decorated
return f(*args, **kwargs)
File "/home/atr/telnet-iot-honeypot/backend/backend.py", line 108, in put_conn
session = ctrl.put_session(session)
File "</home/atr/.local/lib/python2.7/site-packages/decorator.pyc:decorator-gen-6>", line 2, in put_session
File "/home/atr/telnet-iot-honeypot/backend/db.py", line 31, in db_wrapper
return func(*args, **kwargs)
File "/home/atr/telnet-iot-honeypot/backend/clientcontroller.py", line 230, in put_session
range = self.get_ip_range(conn.ip)
File "/home/atr/telnet-iot-honeypot/backend/clientcontroller.py", line 168, in get_ip_range
return self.get_ip_range_online(ip)
File "/home/atr/telnet-iot-honeypot/backend/clientcontroller.py", line 156, in get_ip_range_online
range.country = addinfo["country"]
TypeError: 'NoneType' object has no attribute 'getitem'
127.0.0.1 - - [08/Mar/2019 08:03:02] "PUT /conns HTTP/1.1" 500 24562 0.032411
Any idea?
When I run bacend.py, the error occurs
Traceback (most recent call last):
File "backend.py", line 3, in
from json import JSONDecodeError
ImportError: cannot import name JSONDecodeError
Hi, after running "python backend.py" and then "python honeypot.py", if i try "telnet 127.0.0.1 2223" the connection close and on terminal where i run honeypot,py i get this error:
Traceback (most recent call last):
File "/telnet-iot-honeypot-master/honeypot/telnet.py", line 75, in handle
sess.loop()
File "/telnet-iot-honeypot-master/honeypot/telnet.py", line 96, in loop
self.session = Session(self.send_string, self.remote[0])
File "/telnet-iot-honeypot-master/honeypot/session.py", line 26, in __init__
self.record = SessionRecord()
File "/telnet-iot-honeypot-master/honeypot/sampledb_client.py", line 51, in __init__
self.back = get_backend()
File "/telnet-iot-honeypot-master/honeypot/sampledb_client.py", line 14, in get_backend
if _BACKEND:
UnboundLocalError: local variable '_BACKEND' referenced before assignment
Am I doing something bad?
Thanks
Is it possible to have the honeypot listen on multiple ports? I want the honeypot to listen on ports 23 and 2323. I have tried various configurations in config.dist.yaml at the following location but none work.
telnet_addr: ""
telnet_port: 2323
I installed apache using the commands in the Install steps:
sudo apt-get install apache2
cd telnet-iot-honeypot
cp -R html /var/www
sudo chown www-data:www-data /var/www -R
I restarted apache using "sudo service apache2 restart".
I'm still seeing data being populated in the web interface but still under port 5000 (http://127.0.0.1:5000) and not under port 80 (http://localhost).
Is there another configuration change needed so data is populated under the web interface served by apache?
After the server is started, this is displayed in the console:
Creating/Connecting to DB
DB Setup done
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
* Restarting with stat
Creating/Connecting to DB
DB Setup done
* Debugger is active!
All the pages are not found 404, i opened in my browser these urls:
http://server_ip:5000/html/index.html
http://server_ip:5000/index.html
http://server_ip:5000/sample.html
http://server_ip:5000
I see a lot of new connections coming though CLI, but no information is recorded in the webpage. I think that my db is facing any problem to populate this information.
This is my config.json:
root@vps:/opt/telnet-iot-honeypot# cat config.json
{
"use_local_db": true,
"user": "testuser",
"backend": "http://MY_PUBLIC_IP:5000",
"sql": "mysql+mysqldb://telhoney:xTAqFLqJ2AxAGDgV@localhost/telhoney",
"max_db_conn": 1,
"sql": "sqlite:///IoT.sqlite",
"sample_dir": "samples",
"save_samples": true,
"vt_key": "MY_API",
"submit_to_vt": false,
"cuckoo_enabled": false,
"cuckoo_url_base": "http://127.0.0.1:8090",
"cuckoo_user": "user",
"cuckoo_passwd": "passwd",
"cuckoo_force": 0
}
How can I make it work according expected and see information on the main dashboard?
I am using default config.yaml.
I run honeypot.py and backend.py.
When I connect to the IP address using netcat I get login after login no commands get any reply.
I am receving a lot of connections from multiple outside IP but no url or file download happening.
How to debug this ? Is there any setting to enable Shell commands ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.