├── .gitignore
├── .travis.yml
├── LICENSE
├── MANIFEST.in
├── README.rst
├── netsink
├── __init__.py
├── conf
│ ├── dispatcher.conf
│ ├── dns.conf
│ ├── ftp.conf
│ ├── http.conf
│ ├── irc.conf
│ ├── netsink.conf
│ ├── redirection.conf
│ ├── smtp.conf
│ └── ssl.conf
├── config.py
├── data
│ ├── cacert.pem
│ ├── ftproot
│ │ └── README.txt
│ ├── ipaddress.html
│ ├── ipaddress.txt
│ ├── netsink.html
│ └── privkey.pem
├── listener.py
├── modules
│ ├── __init__.py
│ ├── dns.py
│ ├── ftp.py
│ ├── http.py
│ ├── ircserver.py
│ ├── multi.py
│ ├── smtp.py
│ └── sslwrap.py
├── redirection.py
├── start.py
└── version.py
├── requirements.txt
├── setup.py
├── tests
├── smoke.py
├── test_config.py
├── test_dns.py
├── test_ftp.py
├── test_http.py
├── test_ircserver.py
├── test_multi.py
├── test_redirection.py
├── test_smtp.py
└── test_sslwrap.py
└── tox.ini
/.gitignore:
--------------------------------------------------------------------------------
1 | *.py[cod]
2 |
3 | # C extensions
4 | *.so
5 |
6 | # Packages
7 | *.egg
8 | *.egg-info
9 | dist
10 | build
11 | eggs
12 | parts
13 | bin
14 | var
15 | sdist
16 | develop-eggs
17 | .installed.cfg
18 | lib
19 | lib64
20 |
21 | # Installer logs
22 | pip-log.txt
23 |
24 | # Unit test / coverage reports
25 | .coverage
26 | .tox
27 | nosetests.xml
28 |
29 | # Translations
30 | *.mo
31 |
32 | # Mr Developer
33 | .mr.developer.cfg
34 | .project
35 | .pydevproject
36 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: python
2 | env:
3 | - TOXENV=py26
4 | - TOXENV=py27
5 | - TOXENV=pypy
6 | install:
7 | - pip install tox
8 | script: tox
9 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
--------------------------------------------------------------------------------
/MANIFEST.in:
--------------------------------------------------------------------------------
1 | include README.rst
2 | include LICENSE
3 | include requirements.txt
4 | recursive-include netsink/conf *
5 | recursive-include netsink/data *
6 |
--------------------------------------------------------------------------------
/README.rst:
--------------------------------------------------------------------------------
1 | netsink
2 | =======
3 |
4 | Network sinkhole for isolated malware analysis.
5 |
6 | |build_status| |pypi_version|
7 |
8 | Overview
9 | --------
10 |
11 | ``netsink`` is a network daemon that will bind to any number of configured IP ports
12 | and provide fake services in an attempt to convince running malware that it has an active
13 | Internet connection.
14 |
15 | Getting Started
16 | ---------------
17 | Install using ``pip``: ::
18 |
19 | pip install netsink
20 |
21 | Start the ``netsink`` listeners with the default configuration
22 | (you will need administrator/root access to bind to privilleged ports): ::
23 |
24 | sudo netsink
25 |
26 | You should see output similar to the following, showing the bound ports: ::
27 |
28 | 2013-03-03 21:01:02,710 [netsink] INFO: Listener 'http' awaiting TCP activity on port/s [80, 8000, 8080, 8090]
29 | 2013-03-03 21:01:02,717 [netsink] INFO: Listener 'https' awaiting SSL activity on port/s [443, 8443]
30 | 2013-03-03 21:01:02,726 [netsink] INFO: Listener 'dns' awaiting UDP activity on port/s [53]
31 | 2013-03-03 21:01:02,726 [netsink] INFO: Waiting...
32 |
33 | To test, open a browser on the same host and navigate to https://127.0.0.1/testing and
34 | you should see a netsink response page.
35 |
36 | Client Setup
37 | ------------
38 | To be useful a client machine must be forced to redirect their traffic to the services
39 | on the ``netsink`` host. This can be achieved in several ways.
40 |
41 | **Static DNS Configuration**
42 |
43 | ``netsink`` includes a DNS server that will advertise
44 | itself as the destination for any client DNS requests (or as otherwise configured).
45 | Change the client's network interface to use the ``netsink`` host's address as its
46 | DNS server. Also set the Default Gateway to the ``netsink`` host if using ``iptables``
47 | redirection, to capture direct IP address communication attempts.
48 |
49 | **DHCP Configuration**
50 |
51 | Not currently provided by the ``netsink`` package, however, if
52 | installing on a unix/linux platform, using the operating system's DHCP server package
53 | can be effective (for example ``isc-dhcp-server`` on ubuntu). Set the netsink host
54 | as the address to be returned for DNS and Default Gateway to the clients. Set the client's
55 | network interface to obtain an address automatically.
56 |
57 | To test, ensure that any changes have been applied to the client's network interface.
58 | On Windows, in a command window: ::
59 |
60 | ipconfig /all
61 |
62 | The netsink host's address should be listed as the DNS server on the applicable network
63 | interface. Now open a web browser on the client and navigate to www.google.com you
64 | should instead see the netsink response page and the DNS/HTTP requests logged on the server.
65 |
66 | Goals
67 | -----
68 |
69 | The primary project goals are:
70 |
71 | * Provide malware with communication end points to assist execution and elicit network traffic.
72 | * Straight-forward installation. Should work out-of-the-box, with minimal configuration, for most scenarios.
73 | * Easy configuration and extension. Adding custom services and response handling should be as simple as possible.
74 |
75 | Features
76 | --------
77 |
78 | * DNS redirection based on simple config file
79 | * HTTP/HTTPS serving of static files based on url regexes
80 | * Imitate known external IP address lookup sites (thanks to `ipgetter`_ for the compiled list)
81 | * IRC service to capture connect and channel joins, etc.
82 | * SMTP/ESMTP server including AUTH and STARTTLS support
83 | * FTP server support
84 | * Listening port ranges easily configurable and separate from the modules that handle the traffic.
85 | * Automatic connection redirection for platforms that support ``iptables``
86 | * Generic port listener that can dispatch to other modules via packet inspection
87 |
88 | Planned Additions:
89 |
90 | * Internal DHCP server to auto configure clients
91 | * Expand available fake services to include POP3, IMAP, TFTP, etc.
92 | * Pluggable fake C2 servers
93 | * Better documentation
94 |
95 | Issues
96 | ------
97 |
98 | Source code for ``netsink`` is hosted on `GitHub`_. Any bug reports or feature
99 | requests can be made using GitHub's `issues system`_.
100 |
101 | .. _GitHub: https://github.com/shendo/netsink
102 | .. _issues system: https://github.com/shendo/netsink/issues
103 | .. _ipgetter: https://github.com/phoemur/ipgetter
104 |
105 | .. |build_status| image:: https://secure.travis-ci.org/shendo/netsink.png?branch=master
106 | :target: https://travis-ci.org/shendo/netsink
107 | :alt: Current build status
108 |
109 | .. |pypi_version| image:: https://pypip.in/v/netsink/badge.png
110 | :target: https://pypi.python.org/pypi/netsink
111 | :alt: Latest PyPI version
112 |
113 |
--------------------------------------------------------------------------------
/netsink/__init__.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import os
18 | from pkg_resources import DistributionNotFound, ResourceManager, Requirement
19 |
20 | # path to data files if package not installed
21 | SOURCE_PATH = os.path.join(os.path.dirname(__file__), 'data')
22 |
23 | def get_data_file(filename):
24 | """Return full path to specified data file or None if not found.
25 | If a valid absolute path is provided it will be returned.
26 | """
27 | if os.path.exists(filename):
28 | return filename
29 | path = os.path.join(SOURCE_PATH, filename)
30 | if os.path.exists(path):
31 | return path
32 | try:
33 | return ResourceManager().resource_filename(Requirement.parse("netsink"), filename)
34 | except DistributionNotFound:
35 | return None
36 |
--------------------------------------------------------------------------------
/netsink/conf/dispatcher.conf:
--------------------------------------------------------------------------------
1 | [dispatcher]
2 | handlers=ssl,http,smtp,irc
--------------------------------------------------------------------------------
/netsink/conf/dns.conf:
--------------------------------------------------------------------------------
1 | [dns]
2 |
3 | responses = reverse,wpad,default
4 |
5 | [reverse]
6 | pattern = .*\.in-addr.arpa
7 | types = PTR
8 | answer = fake.netsink.org
9 |
10 | # ignore automatic proxy lookup from browsers
11 | [wpad]
12 | pattern = wpad.*
13 | types = A
14 | answer = NXDOMAIN
15 |
16 | [default]
17 | pattern = .*
18 | types = A,MX
19 | answer = localhost
--------------------------------------------------------------------------------
/netsink/conf/ftp.conf:
--------------------------------------------------------------------------------
1 | [ftp]
2 |
3 | # banner message
4 | serverstring = Netsink Fake FTPd 1.0
5 |
6 | # directory template (each connection gets own copy)
7 | dirseed = ftproot
8 |
9 | # range of ports to use for pasv connections
10 | # if using iptables make sure you add this
11 | # range to exclusion list in redirection.conf
12 | pasvrange = 15670-15680
13 |
14 |
--------------------------------------------------------------------------------
/netsink/conf/http.conf:
--------------------------------------------------------------------------------
1 | [http]
2 |
3 | responses = iplookup.txt,iplookup.html,test,default
4 | serverstring = Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
5 |
6 | [iplookup.txt]
7 | pattern = (ip\.dnsexit\.com|ifconfig\.me/ip|ipecho\.net/plain|checkip\.dyndns\.org/plain|bot\.whatismyipaddress\.com|myexternalip\.com/raw|www\.trackip\.net/ip|icanhazip\.com|wtfismyip\.com/text)
8 | status = 200
9 | file = ipaddress.txt
10 |
11 | [iplookup.html]
12 | pattern = (ipecho\.net|checkip\.dyndns\.org|ipogre\.com|whatismyipaddress\.com|ip\.my-proxy\.com|websiteipaddress\.com/WhatIsMyIp|getmyipaddress\.org|www\.my-ip-address\.net|myexternalip\.com|www\.canyouseeme\.org|www\.trackip\.net|www\.iplocation\.net|www\.howtofindmyipaddress\.com|www\.ipchicken\.com|whatsmyip\.net|www\.ip-adress\.com|checkmyip\.com|www\.tracemyip\.org|checkmyip\.net|www\.lawrencegoetz\.com/programs/ipinfo|www\.findmyip\.co|ip-lookup\.net|www\.dslreports\.com/whois|www\.mon-ip\.com/../my-ip|myip\.ru|ipgoat\.com|www\.myipnumber\.com/my-ip-address\.asp|www\.whatsmyipaddress\.net|formyip\.com|check\.torproject\.org|www\.displaymyip\.com|www\.bobborst\.com/tools/whatsmyip|www\.geoiptool\.com|www\.whatsmydns\.net/whats-my-ip-address\.html|www\.privateinternetaccess\.com/pages/whats-my-ip|checkip\.dyndns\.com|myexternalip\.com|www\.ip-adress\.eu|www\.infosniper\.net|wtfismyip\.com|ipinfo\.io|httpbin\.org/ip)
13 | status = 200
14 | file = ipaddress.html
15 |
16 | [test]
17 | pattern = .*/404$
18 | status = 404
19 | file = None
20 |
21 | [default]
22 | pattern = .*
23 | status = 200
24 | file = netsink.html
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/netsink/conf/irc.conf:
--------------------------------------------------------------------------------
1 | [irc]
2 |
3 | serverstring = Welcome to Netsink Fake IRC Server 1.0
--------------------------------------------------------------------------------
/netsink/conf/netsink.conf:
--------------------------------------------------------------------------------
1 | [netsink]
2 |
3 | listeners = dns,http,https,smtp,smtps,ftp,irc,ircs,generic
4 | certfile = cacert.pem
5 | keyfile = privkey.pem
6 | redirection = true
7 |
8 | [dns]
9 | ports = 53
10 | module = dns
11 | socktype = UDP
12 | config = dns.conf
13 |
14 | [http]
15 | ports = 80, 8000, 8080, 8081, 8090
16 | module = http
17 | socktype = TCP
18 | config = http.conf
19 |
20 | [https]
21 | ports = 443, 8443
22 | module = http
23 | socktype = SSL
24 | config = http.conf
25 |
26 | [smtp]
27 | ports = 25, 587
28 | module = smtp
29 | socktype = TCP
30 | config = smtp.conf
31 |
32 | [smtps]
33 | ports = 465
34 | module = smtp
35 | socktype = SSL
36 | config = smtp.conf
37 |
38 | [ftp]
39 | ports = 21
40 | module = ftp
41 | socktype = TCP
42 | config = ftp.conf
43 |
44 | [irc]
45 | ports = 6666-6669, 7000, 7001
46 | module = irc
47 | socktype = TCP
48 | config = irc.conf
49 |
50 | [ircs]
51 | ports = 6679, 6697
52 | module = irc
53 | socktype = SSL
54 | config = irc.conf
55 |
56 | [generic]
57 | ports = 4664
58 | module = dispatcher
59 | socktype = TCP
60 | config = dispatcher.conf
61 |
--------------------------------------------------------------------------------
/netsink/conf/redirection.conf:
--------------------------------------------------------------------------------
1 | [redirection]
2 | # generic listener port to receive all non-configured tcp port attempts
3 | port_forwarding = 4664
4 | # if using port forwarding, all configured listener ports will be passed through along with the following
5 | port_exclusions = 22,15670-15680
--------------------------------------------------------------------------------
/netsink/conf/smtp.conf:
--------------------------------------------------------------------------------
1 | [smtp]
2 |
3 | serverstring = Netsink Fake SMTP Server 1.0
--------------------------------------------------------------------------------
/netsink/conf/ssl.conf:
--------------------------------------------------------------------------------
1 | [ssl]
2 | certfile = cacert.pem
3 | keyfile = privkey.pem
--------------------------------------------------------------------------------
/netsink/config.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | from collections import namedtuple
18 | from ConfigParser import ConfigParser
19 | import os
20 | from pkg_resources import DistributionNotFound, Requirement, ResourceManager
21 |
22 | # path to conf files if package not installed
23 | SOURCE_PATH = os.path.join(os.path.dirname(__file__), 'conf')
24 | OVERRIDE_PATH = "/etc/netsink"
25 |
26 | def parseints(val):
27 | """Given a string list of comma separated integers, returns the ints in order.
28 | Also handles range syntax such as 10-15.
29 | No Attempt is made to dedupe or re-sort the elements.
30 | @param val: String value to parse
31 | @return: Yielded ints parsed from the string
32 | @raise ValueError: Invalid token in string.
33 | """
34 | for x in val.split(','):
35 | if '-' in x:
36 | y, z = x.split('-')
37 | for i in range(int(y.strip()), int(z.strip()) + 1):
38 | yield i
39 | elif x.strip() != '':
40 | yield int(x.strip())
41 |
42 | def installed_location(filename):
43 | """Returns the full path for the given installed file or None if not found.
44 | """
45 | try:
46 | return ResourceManager().resource_filename(Requirement.parse("netsink"), filename)
47 | except DistributionNotFound:
48 | return None
49 |
50 | class Config:
51 | """Main config file parser for netsink.
52 | """
53 | def __init__(self, cfg='netsink.conf'):
54 | installed_path = installed_location(cfg) or 'notfound'
55 | parser = ConfigParser()
56 | parser.read([os.path.join(OVERRIDE_PATH),
57 | installed_path,
58 | os.path.join(SOURCE_PATH, cfg)])
59 |
60 | self.certfile = parser.get('netsink', 'certfile')
61 | self.keyfile = parser.get('netsink', 'keyfile')
62 | self.redirection = parser.get('netsink', 'redirection').lower() in ["yes", "true"]
63 | self.listeners = {}
64 | for x in parser.get('netsink', 'listeners').split(","):
65 | listener = namedtuple('listener', 'name ports module socktype config servers')
66 | listener.name = x.strip()
67 | listener.ports = list(parseints(parser.get(listener.name, 'ports')))
68 | listener.module = parser.get(listener.name, 'module')
69 | listener.socktype = parser.get(listener.name, 'socktype')
70 | listener.config = parser.get(listener.name, 'config')
71 | self.listeners[listener.name] = listener
72 |
73 | class ModuleConfig:
74 | """Given a module config filename, will find/parse and make the
75 | ConfigParser instance availble as self.cfg
76 | """
77 | def __init__(self, cfg):
78 | installed_path = installed_location(cfg) or 'notfound'
79 | parser = ConfigParser()
80 | parser.read([os.path.join(OVERRIDE_PATH),
81 | installed_path,
82 | os.path.join(SOURCE_PATH, cfg)])
83 | self.cfg = parser
84 |
--------------------------------------------------------------------------------
/netsink/data/cacert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICuTCCAiKgAwIBAgIJAJRN3sErWJ6cMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNV
3 | BAYTAkFVMQwwCgYDVQQIEwNBQ1QxEDAOBgNVBAoTB25ldHNpbmsxGTAXBgNVBAMT
4 | EGZha2UubmV0c2luay5vcmcwHhcNMTMwMjE2MTEzMDA2WhcNMjMwMjE0MTEzMDA2
5 | WjBIMQswCQYDVQQGEwJBVTEMMAoGA1UECBMDQUNUMRAwDgYDVQQKEwduZXRzaW5r
6 | MRkwFwYDVQQDExBmYWtlLm5ldHNpbmsub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GN
7 | ADCBiQKBgQDAMy8lnUXCyDGDCXhtw2ZRZBtZr4Kp86MunxeLsuKmPNePaJwiQtIs
8 | Ty/UGCpqkU39l8ZE7D4fGvNckj4Y7xPBRm3BrHAtOnKuUJ6W/P3HILMkY+z/BSkm
9 | 4DgPzKvTjP1u7tKCXvM4msUbBRjmuVBtJlOV9TYQ2b8LcRQUHDDY7wIDAQABo4Gq
10 | MIGnMB0GA1UdDgQWBBSrRWIwzRFoPu1FLh6wH+XEcJDaWTB4BgNVHSMEcTBvgBSr
11 | RWIwzRFoPu1FLh6wH+XEcJDaWaFMpEowSDELMAkGA1UEBhMCQVUxDDAKBgNVBAgT
12 | A0FDVDEQMA4GA1UEChMHbmV0c2luazEZMBcGA1UEAxMQZmFrZS5uZXRzaW5rLm9y
13 | Z4IJAJRN3sErWJ6cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAEs1s
14 | +r9nEyJ6prXziOM4eIciJOgi+ElCkjwuO5iHFvUhulkyRj/XORqjGbIoR2gLY/8E
15 | 5oUPAVppC8WNrYpqqI3vGadxCJ2Ea/+V97giPinocbYLqoDXLi/2HcYk0HDTEvLQ
16 | /VeOnnAYaeEmH/PODLaWcPfQXtw3xcjk7Dg24u0=
17 | -----END CERTIFICATE-----
18 |
--------------------------------------------------------------------------------
/netsink/data/ftproot/README.txt:
--------------------------------------------------------------------------------
1 | Nothing to see here
2 |
--------------------------------------------------------------------------------
/netsink/data/ipaddress.html:
--------------------------------------------------------------------------------
1 |
2 |
3 | What Is My IP Address
4 |
5 |
6 | Your IP Address Is:
7 |
8 |
9 | 11.22.33.44
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/netsink/data/ipaddress.txt:
--------------------------------------------------------------------------------
1 | 11.22.33.44
--------------------------------------------------------------------------------
/netsink/data/netsink.html:
--------------------------------------------------------------------------------
1 |
2 | Netsink
3 | Netsink dummy return page.
4 |
--------------------------------------------------------------------------------
/netsink/data/privkey.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXgIBAAKBgQDAMy8lnUXCyDGDCXhtw2ZRZBtZr4Kp86MunxeLsuKmPNePaJwi
3 | QtIsTy/UGCpqkU39l8ZE7D4fGvNckj4Y7xPBRm3BrHAtOnKuUJ6W/P3HILMkY+z/
4 | BSkm4DgPzKvTjP1u7tKCXvM4msUbBRjmuVBtJlOV9TYQ2b8LcRQUHDDY7wIDAQAB
5 | AoGBAITT2sV4B3oxuGYC6YOSAuhE8tHshbTGeAQEVtVo71JLwf2OIjlbTLzqjPdb
6 | LBUyDmAvwApp6hS9H2redqPstg0rDqOodeV+rNxzBDVDzzYKWykWoVUqxwvbO9xR
7 | bUQJTYGgi1sb+qwU4iAc3lvRp3jJI8pbEkPuyNqh1eC/zR4BAkEA/m7ujHlj1sX0
8 | WzlPiVZ40Tw/m/uce8uUDWPJ5204GbcrkkQxSHInsuVC43IRFXVTMFxgaeymrmVN
9 | FFZLjVTCwQJBAMFiJxOcXOLhotSWIp8yC8OCROGRUjCUUTjursVKD8fpzIpbHBLs
10 | AWvUa9FxsylXr1tLlpZzuLTgML9y3Z64d68CQQDHiK/Dsp89m9jagcOCbTIqxRkN
11 | dvFtlGXzakK5H8pTQHcHKjuMGRpRDcK7JIWJUo1+67Mg3tqJAiDExjhSChsBAkBk
12 | Q3qVLV3veCNPa2QZ+/2jaVhDR3BApbWS+hV9Ts/ty6d0GJburJR0Dtez6OqGReMy
13 | R3eVG/ypMw+zQ1/qWiQbAkEAoJpCFTHcTzLzOubCcqlF1ckc1z6hcMROdLDC5959
14 | wepjsTgXDU5NSm7pKNFrCdC4e5noD94abXO/h9/0M1vysA==
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/netsink/listener.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import logging
18 | import SocketServer
19 | import ssl
20 |
21 | from netsink import get_data_file
22 | from netsink.config import Config, ModuleConfig
23 |
24 | log = logging.getLogger(__name__)
25 |
26 | class Listener(object):
27 | """A listener for a given port and protocol handler.
28 | Corresponding socket server instance can be retrieved as self.server
29 | """
30 | def __init__(self, name, port, handler, socktype, config):
31 | self.name = name
32 | self.port = port
33 | self.socktype = socktype
34 | self.server = None
35 |
36 | globalconf = Config()
37 | if socktype.upper() == 'UDP':
38 | self.server = SocketServer.ThreadingUDPServer(('', port), handler)
39 | elif socktype.upper() == 'TCP':
40 | self.server = SocketServer.ThreadingTCPServer(('', port), handler)
41 | elif socktype.upper() == 'SSL':
42 | if not get_data_file(globalconf.certfile) or not get_data_file(globalconf.keyfile):
43 | log.warn("Cannot find certfile: %s or keyfile: %s for ssl",
44 | globalconf.certfile, globalconf.keyfile)
45 | else:
46 | self.server = SocketServer.ThreadingTCPServer(('', port), handler)
47 | self.server.socket = ssl.wrap_socket(self.server.socket,
48 | keyfile=get_data_file(globalconf.keyfile),
49 | certfile=get_data_file(globalconf.certfile),
50 | server_side=True)
51 | else:
52 | log.warn("Unsupported or invalid socket type: %s for config '%s'",
53 | socktype, name)
54 |
55 | if self.server:
56 | self.server.cfg = ModuleConfig(config).cfg
57 |
58 | class IOWrapper(object):
59 | """Intercepts read/write calls to handler to perform logging or other actions.
60 | """
61 | def __init__(self, client, server, rfile, wfile, fastflush=False):
62 | self.client = client
63 | self.server = server
64 | self.rfile = rfile
65 | self.wfile = wfile
66 | self.rbuff = ""
67 | self.wbuff = ""
68 | # by default will delay logging to aggregate multiple calls
69 | self.fastflush = fastflush
70 |
71 | def read(self, size=-1):
72 | """Wrap read() calls.
73 | """
74 | self.logwrite()
75 | data = self.rfile.read(size)
76 | self.rbuff += data
77 | if self.fastflush:
78 | self.logread()
79 | return data
80 |
81 | def readline(self):
82 | """Wrap readline() calls.
83 | """
84 | self.logwrite()
85 | data = self.rfile.readline()
86 | self.rbuff += data
87 | if self.fastflush:
88 | self.logread()
89 | return data
90 |
91 | def write(self, data):
92 | """Wrap write() calls.
93 | """
94 | self.logread()
95 | self.wbuff += data
96 | if self.fastflush:
97 | self.logwrite()
98 | return self.wfile.write(data)
99 |
100 | def logread(self):
101 | """Flush the currently read bytes to the log.
102 | """
103 | if self.rbuff:
104 | log.info("Read from client %s to %s:\n%s",
105 | str(self.client), str(self.server), self._escape(self.rbuff))
106 | self.rbuff = ""
107 |
108 | def logwrite(self):
109 | """Flush the currently written bytes to the log"""
110 | if self.wbuff:
111 | log.info("Written to client %s from %s:\n%s",
112 | str(self.client), str(self.server), self._escape(self.wbuff))
113 | self.wbuff = ""
114 |
115 | @staticmethod
116 | def _escape(s):
117 | """Prepares a string for printing to the log.
118 | This involves escaping any non-printable chars but preserving newlines.
119 | """
120 | return repr(s).replace("\\r\\n", "\n").replace("\\n", "\n").replace("\\t", "\t")[1:-1]
121 |
122 | class UDPHandler(SocketServer.DatagramRequestHandler):
123 | """UDP base handler class
124 | """
125 | # default version for modules that subclass
126 | version = '0.1'
127 |
128 | def setup(self):
129 | """Called when a new datagram arrives.
130 | Wraps the I/O objects for logging.
131 | """
132 | SocketServer.DatagramRequestHandler.setup(self)
133 | # Datagram based so flush on each send/recv
134 | iowrap = IOWrapper(self.client_address,
135 | self.server.server_address,
136 | self.rfile,
137 | self.wfile,
138 | fastflush=True)
139 | self.rfile = iowrap
140 | self.wfile = iowrap
141 | self.config(self.server.cfg)
142 |
143 | def finish(self):
144 | """Called after the requests has been handled to finalise any resources.
145 | """
146 | iowrap = self.rfile
147 | iowrap.logread()
148 | iowrap.logwrite()
149 | self.rfile = iowrap.rfile
150 | self.wfile = iowrap.wfile
151 | SocketServer.DatagramRequestHandler.finish(self)
152 |
153 | class StreamHandler(SocketServer.StreamRequestHandler):
154 | """TCP/SSL base handler class
155 | """
156 | # default version for modules that subclass
157 | version = '0.1'
158 |
159 | def setup(self):
160 | """Called when a new connection is established.
161 | Wraps the I/O objects for logging.
162 | """
163 | SocketServer.StreamRequestHandler.setup(self)
164 | iowrap = IOWrapper(self.client_address,
165 | self.server.server_address,
166 | self.rfile,
167 | self.wfile)
168 | self.rfile = iowrap
169 | self.wfile = iowrap
170 | self.config(self.server.cfg)
171 |
172 | def starttls(self):
173 | """Upgrade the transport used by this handler
174 | to ssl/tls. As socket will already be connected
175 | this will trigger a handshake with the client endpoint.
176 | """
177 | globalconf = Config()
178 | self.connection = ssl.wrap_socket(self.connection,
179 | keyfile=get_data_file(globalconf.keyfile),
180 | certfile=get_data_file(globalconf.certfile),
181 | server_side=True)
182 | # flush and recreate the rfile/wfile handles
183 | iowrap = self.rfile
184 | iowrap.logread()
185 | iowrap.logwrite()
186 | self.rfile = self.connection.makefile('rb', self.rbufsize)
187 | self.wfile = self.connection.makefile('wb', self.wbufsize)
188 | iowrap = IOWrapper(self.client_address,
189 | self.server.server_address,
190 | self.rfile,
191 | self.wfile)
192 | self.rfile = iowrap
193 | self.wfile = iowrap
194 |
195 | def finish(self):
196 | """Called after the connection has closed to finalise any resources.
197 | """
198 | iowrap = self.rfile
199 | iowrap.logread()
200 | iowrap.logwrite()
201 | self.rfile = iowrap.rfile
202 | self.wfile = iowrap.wfile
203 | SocketServer.StreamRequestHandler.finish(self)
204 |
205 | @staticmethod
206 | def match(pkt):
207 | return False
208 |
--------------------------------------------------------------------------------
/netsink/modules/__init__.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import pkg_resources
18 |
19 | # Mapping of known module names -> Handler class
20 | registry = {}
21 |
22 | # insert core modules in case running form source / uninstalled
23 | from netsink.modules.http import HTTPHandler
24 | from netsink.modules.sslwrap import SSLHandler
25 | from netsink.modules.smtp import SMTPHandler
26 | registry['http'] = HTTPHandler
27 | registry['ssl'] = SSLHandler
28 | registry['smtp'] = SMTPHandler
29 | # ignore if third-party dependencies not met
30 | try:
31 | from netsink.modules.dns import DNSHandler
32 | registry['dns'] = DNSHandler
33 | except ImportError:
34 | pass
35 | try:
36 | from netsink.modules.ircserver import IRCHandler
37 | registry['irc'] = IRCHandler
38 | except ImportError:
39 | pass
40 | try:
41 | from netsink.modules.ftp import FTPHandler
42 | registry['ftp'] = FTPHandler
43 | except ImportError:
44 | pass
45 |
46 | # load any installed modules from entrypoints
47 | for modules in pkg_resources.iter_entry_points(group='netsink.modules'):
48 | registry[modules.name] = modules.load()
49 |
--------------------------------------------------------------------------------
/netsink/modules/dns.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | from collections import namedtuple
18 | import logging
19 | import re
20 | import socket
21 |
22 | from dnslib import DNSRecord, QTYPE
23 |
24 | from netsink.listener import UDPHandler
25 | from netsink.version import __version__
26 |
27 | log = logging.getLogger(__name__)
28 |
29 | class DNSHandler(UDPHandler):
30 | """Basic DNS server. Answers returned as specified in conf file.
31 | """
32 | version = __version__
33 |
34 | def config(self, config):
35 | self.responses = []
36 | for x in config.get('dns', 'responses').split(","):
37 | resp = namedtuple('response', 'pattern types response')
38 | resp.name = x.strip()
39 | resp.pattern = config.get(resp.name, 'pattern')
40 | resp.types = [ t.strip() for t in config.get(resp.name, 'types').split(",") ]
41 | resp.answer = config.get(resp.name, 'answer')
42 | if resp.answer == 'localhost':
43 | resp.answer = socket.gethostbyname(socket.gethostname())
44 | self.responses.append(resp)
45 |
46 | def handle(self):
47 | """Parse request from datagram and return appropriate response.
48 | """
49 | # read datagram
50 | d = DNSRecord.parse(self.rfile.read())
51 | q = d.get_q()
52 | for x in self.responses:
53 | m = re.match(x.pattern, str(q.qname))
54 | if m and QTYPE[q.qtype] in x.types:
55 | if x.answer == 'NXDOMAIN':
56 | break
57 | log.info("Received DNS Query %s Type: %s. Responding with %s",
58 | q.qname, QTYPE[q.qtype], x.answer)
59 | a = d.reply(data=x.answer)
60 | self.wfile.write(a.pack())
61 | return
62 | # nothing matched, send an NXDOMAIN
63 | log.info("Received DNS Query: %s Type: %s. Responding with NXDOMAIN",
64 | q.qname, QTYPE[q.qtype])
65 | a = d.reply()
66 | a.rr = []
67 | a.header.set_rcode(3)
68 | self.wfile.write(a.pack())
69 |
--------------------------------------------------------------------------------
/netsink/modules/ftp.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import logging
18 | import os
19 | import shutil
20 | import socket
21 | import tempfile
22 |
23 | from pyftpdlib import log
24 | logger = logging.getLogger(__name__)
25 | log.logger = logger
26 |
27 | from pyftpdlib.authorizers import DummyAuthorizer
28 | from pyftpdlib.handlers import FTPHandler as PyFTPHandler
29 | from pyftpdlib.ioloop import IOLoop
30 |
31 | from netsink import get_data_file
32 | from netsink.config import parseints
33 | from netsink.listener import StreamHandler
34 | from netsink.version import __version__
35 |
36 | class PermissiveAuthorizer(DummyAuthorizer):
37 | """Overriden Authorizer to accept any user/password.
38 | It is expected to be instantiated on a per handler basis
39 | not as a class attribute as with pyftpd.
40 | """
41 | def __init__(self, homedir):
42 | """Specify the home drive for the user"""
43 | self.homedir = homedir
44 |
45 | def validate_authentication(self, username, password, handler):
46 | """All are welcome"""
47 | handler.log("Username: '{0}' Password: '{1}'".format(username, password))
48 | return True
49 |
50 | def get_home_dir(self, username):
51 | """The temp home dir for the current user"""
52 | return self.homedir
53 |
54 | def has_user(self, username):
55 | """Any user is known"""
56 | return True
57 |
58 | def has_perm(self, username, perm, path=None):
59 | """Any user has full perms under the current homedir"""
60 | if not path:
61 | return True
62 |
63 | path = os.path.normcase(path)
64 | if self._issubpath(path, self.homedir):
65 | return True
66 | return False
67 |
68 | def get_perms(self, username):
69 | """Full perms list"""
70 | return "elradfmwM"
71 |
72 | def get_msg_login(self, username):
73 | """Default login message."""
74 | return "Login successful."
75 |
76 | def get_msg_quit(self, username):
77 | """Default quitting message."""
78 | return "Goodbye."
79 |
80 |
81 | class FTPHandler(StreamHandler):
82 | """FTP Handler that proxies to pyftpdlib.
83 | """
84 | version = __version__
85 |
86 | def config(self, config):
87 | self.dirseed = config.get('ftp', 'dirseed')
88 | PyFTPHandler.banner = config.get('ftp', 'serverstring')
89 | PyFTPHandler.passive_ports = list(parseints(config.get('ftp', 'pasvrange')))
90 |
91 | def handle(self):
92 | """Hands control off to pyftpd to process the client connection.
93 | """
94 | # server attributes/methods expected by pyftp handler
95 | self.server.backlog = 50
96 | self.server.ip_map = []
97 | self.server._accept_new_cons = lambda: True
98 | self.server._af = socket.AF_INET
99 | tmpdir = None
100 | try:
101 | # set up a temp dir as the ftp root for the user
102 | tmpdir = tempfile.mkdtemp(prefix='tmpftp')
103 | ftproot = os.path.join(tmpdir, self.dirseed).decode('utf-8')
104 | shutil.copytree(get_data_file(self.dirseed), ftproot)
105 | # hand off control to their handler with its own async ioloop
106 | handler = PyFTPHandler(self.request, self.server, ioloop=IOLoop())
107 | handler.authorizer = PermissiveAuthorizer(ftproot)
108 | handler.handle()
109 | handler.ioloop.loop(1)
110 | finally:
111 | if handler.ioloop:
112 | handler.ioloop.close()
113 | if tmpdir:
114 | shutil.rmtree(tmpdir)
115 |
--------------------------------------------------------------------------------
/netsink/modules/http.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | from datetime import datetime
18 | import logging
19 | import mimetypes
20 | import os
21 | from collections import namedtuple
22 | import re
23 |
24 | from netsink import get_data_file
25 | from netsink.listener import StreamHandler
26 | from netsink.version import __version__
27 |
28 | class HTTPHandler(StreamHandler):
29 | """Basic HTTP support. Serves up static content as specified in conf file.
30 | """
31 | version = __version__
32 |
33 | @staticmethod
34 | def match(data):
35 | return re.match(r'(GET|POST|PUT|DELETE|HEAD|OPTIONS|CONNECT|TRACE) \S+ HTTP/1\.[01]\r\n', data)
36 |
37 | def config(self, config):
38 | self.responses = []
39 | for x in config.get('http', 'responses').split(","):
40 | resp = namedtuple('response', 'pattern status file')
41 | resp.name = x.strip()
42 | resp.pattern = config.get(resp.name, 'pattern')
43 | resp.status = config.get(resp.name, 'status')
44 | resp.file = config.get(resp.name, 'file')
45 | self.responses.append(resp)
46 | self.serverstring = config.get('http', 'serverstring')
47 |
48 | def handle(self):
49 | """Read request from stream and return appropriate response.
50 | """
51 | # keep reading to end of http header
52 | data = ""
53 | while True:
54 | header = self.rfile.readline()
55 | if not header:
56 | return
57 | data += header
58 | if data.endswith('\r\n\r\n'):
59 | break
60 |
61 | # read (and ignore) any body
62 | m = re.search("Content-Length: (?P\d+)\r\n", data)
63 | if m:
64 | self.rfile.read(int(m.group('length')))
65 | # handle request
66 | host = ""
67 | m = re.search(r"Host: (?P[0-9a-zA-Z\-\.\:]+)\r\n", data)
68 | if m:
69 | host = m.group('host').lower() # normalise
70 | m = re.match(r"^(?P\w+) (?P\S+) (?PHTTP/\d\.\d)\r\n", data)
71 | if m:
72 | self.handlepath(host, m.group('method'), m.group('path'))
73 |
74 | def handlepath(self, host, method, path):
75 | """Search config patterns to find an appropriate file/response to return.
76 | """
77 | for x in self.responses:
78 | m = re.match(x.pattern, host + path)
79 | if m:
80 | data = ""
81 | if x.file and x.file != "None":
82 | if not os.path.exists(get_data_file(x.file)):
83 | logging.warn("Cannot find referenced file: %s to return for http request", x.file)
84 | else:
85 | with open(get_data_file(x.file), 'rb') as tmp:
86 | data = tmp.read()
87 | self.wfile.write("HTTP/1.0 %s OK\r\n" % x.status)
88 | self.wfile.write("Date: %s\r\n" % datetime.utcnow().strftime("%a, %d %b %Y %H:%M:%S GMT"))
89 | self.wfile.write("Server: %s\r\n" % self.serverstring)
90 | self.wfile.write("Connection: close\r\n")
91 | if data:
92 | self.wfile.write("Content-Length: %s\r\n" % len(data))
93 | self.wfile.write("Content-Type: %s\r\n\r\n" % mimetypes.guess_type(x.file)[0])
94 | self.wfile.write(data)
95 | else:
96 | self.wfile.write("\r\n")
97 | return
98 |
99 |
--------------------------------------------------------------------------------
/netsink/modules/ircserver.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import logging
18 | import socket
19 |
20 | import irc.server as irclib
21 |
22 | from netsink.version import __version__
23 |
24 | irclib.log = logging.getLogger(__name__) # use our own log namespace
25 |
26 | class IRCHandler(irclib.IRCClient):
27 | """Basic IRC Server support using Jason Coombs' irc python library.
28 | Should at least capture initial client connection and any channel joining,
29 | nick setting, etc.
30 | """
31 | version = __version__
32 |
33 | @staticmethod
34 | def match(self):
35 | return False
36 |
37 | def setup(self):
38 | """Setup the newly created client connection ready for handler.
39 | """
40 | irclib.SRV_WELCOME = self.server.cfg.get('irc', 'serverstring')
41 | irclib.handle_mode = self.handle_mode # ignore mode commands
42 | # first server connection, initialise state.. not thread-safe
43 | if not hasattr(self.server, "servername"):
44 | self.server.servername = socket.gethostname()
45 | self.server.channels = {}
46 | self.server.clients = {}
47 |
48 |
49 | def handle_mode(self, params):
50 | """No-op implementation of MODE handling.
51 | Really just here to avoid sending lots of 'Unknown command'
52 | responses back to client as most clients will set nick and channel
53 | modes automatically.
54 | """
55 | pass
56 |
--------------------------------------------------------------------------------
/netsink/modules/multi.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import inspect
18 | import logging
19 | import select
20 | import socket
21 | import time
22 |
23 | from netsink.config import ModuleConfig
24 | from netsink.listener import StreamHandler
25 | from netsink.version import __version__
26 |
27 | log = logging.getLogger(__name__)
28 |
29 | class Dispatcher(StreamHandler):
30 | version = __version__
31 | handlers = []
32 |
33 | def config(self, config):
34 | from netsink.modules import registry
35 | self.min_inspect = 20 # minimum bytes needed to match with
36 | self.read_timeout = 10 # in seconds
37 |
38 | # set the config statically once, so we can modify reference
39 | # on self.server for other handlers
40 | if not Dispatcher.handlers:
41 | for x in config.get('dispatcher', 'handlers').split(","):
42 | try:
43 | Dispatcher.handlers.append(registry[x.strip()])
44 | except (LookupError, ImportError):
45 | log.warn("Dispatcher unable to import handler module: %s", x)
46 | # copy list for this instance
47 | self.handlers = list(Dispatcher.handlers)
48 |
49 | def handle(self):
50 | data = ""
51 | num_timeouts = 0
52 | last_size = 0
53 | while True:
54 | try:
55 | # set a timeout in case client is waiting for server
56 | # to send first message...
57 | self.connection.settimeout(self.read_timeout)
58 | data = self.connection.recv(2048, socket.MSG_PEEK)
59 | # conn closed?
60 | if not len(data):
61 | break
62 | if last_size < len(data) < self.min_inspect:
63 | last_size = len(data)
64 | # wait for further activity
65 | select.select([self.connection], [], [], 0.1)
66 | continue
67 | log.debug("Peeking at data: %s", repr(data))
68 | # switch back to blocking so handlers can use rfile/wfile
69 | self.connection.settimeout(None)
70 | num_timeouts = 0
71 | # now find right handler to consume it
72 | self.dispatch(data)
73 |
74 | except socket.timeout:
75 | # Unable to read min data size within timeout
76 | # fallback to generic response/handler
77 | num_timeouts += 1
78 | # if we already tried without eliciting anything.. give up
79 | if num_timeouts >= 2:
80 | break
81 | # do something more sensible here in future...
82 | # maybe enumerate through known protocols/C2 that
83 | # server side initiates conversation
84 | self.connection.sendall("220 Hello from netsink?\r\n")
85 | time.sleep(0.1)
86 | log.debug("Dispatcher closing socket to client %s", self.client_address)
87 |
88 | def dispatch(self, data):
89 | from netsink.modules import registry
90 | for x in self.handlers:
91 | if x.match(data):
92 | log.info("Packet data matches '%s' - dispatching", str(x))
93 | if inspect.isclass(x):
94 | # instantiate and copy attributes
95 | for name, cls in registry.items():
96 | if x == cls:
97 | self.server.cfg = ModuleConfig("%s.conf" % name).cfg
98 | handler = x(self.request, self.client_address, self.server)
99 | # copy back as handler may have wrapped/modified
100 | # the connection.. eg. upgrading to ssl/tls
101 | self.connection = handler.connection
102 | self.request = handler.connection
103 | # keep reference for stateful use if needed later
104 | # in same conversation
105 | self.handlers.insert(0, handler)
106 | else:
107 | # existing instance, just copy over latest attributes
108 | # in case they have changed since last used
109 | x.request = self.request
110 | x.connection = self.connection
111 | x.client_address = self.client_address
112 | x.rfile = self.rfile
113 | x.wfile = self.wfile
114 | x.handle()
115 | return
116 | # default for no match.. just try to consume?
117 | self.connection.recv(2048)
118 | log.info("Could not find handler to match traffic, consuming. %s",
119 | repr(data))
120 |
--------------------------------------------------------------------------------
/netsink/modules/smtp.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import base64
18 | import logging
19 | from smtpd import SMTPChannel
20 | import socket
21 |
22 | from netsink.listener import StreamHandler
23 | from netsink.version import __version__
24 |
25 | # ascii protocol so most comms will be logged fine already
26 | # just add decoding of auth logins, etc. for convenience
27 | log = logging.getLogger(__name__)
28 |
29 | class SMTPHandler(StreamHandler, SMTPChannel):
30 | """Fake SMTP server. Simply accepts any incoming mail
31 | messages and drops them.
32 |
33 | Reuses python's smtpd library's SMTPChannel but overrides
34 | the socket interaction to conform to the StreamHandler API.
35 | """
36 | version = __version__
37 |
38 | def channel_init(self):
39 | """Initialises the SMTPChannel structures.
40 | """
41 | self._SMTPChannel__server = NullServer()
42 | self._SMTPChannel__addr = None
43 | self._SMTPChannel__line = []
44 | self._SMTPChannel__state = self.COMMAND
45 | self._SMTPChannel__greeting = 0
46 | self._SMTPChannel__mailfrom = None
47 | self._SMTPChannel__rcpttos = []
48 | self._SMTPChannel__data = ''
49 | self._SMTPChannel__peer = None
50 | self._SMTPChannel__fqdn = socket.getfqdn()
51 | self.close = False
52 | self.set_terminator('\r\n')
53 | # to work around the getattr calls in asyncore.dispatcher
54 | self.socket = {}
55 |
56 | def config(self, config):
57 | self.serverstring = config.get('smtp', 'serverstring')
58 |
59 | def handle(self):
60 | """Feed the SMTPChannel the data from the connection.
61 | """
62 | self.channel_init()
63 | # send the initial connection status/response
64 | self.push('220 %s %s' % (self._SMTPChannel__fqdn, self.serverstring))
65 | # feed to the SMTP library to handle rest of protocol
66 | line = ""
67 | while not self.close:
68 | data = self.rfile.readline()
69 | if not data:
70 | return
71 | line += data
72 | if line.endswith(self.get_terminator()):
73 | self.collect_incoming_data(line[:-len(self.get_terminator())])
74 | self.found_terminator()
75 | line = ""
76 |
77 | def smtp_EHLO(self, arg):
78 | if not arg:
79 | self.push('501 Syntax: EHLO hostname')
80 | return
81 | if self._SMTPChannel__greeting:
82 | self.push('503 Duplicate HELO/EHLO')
83 | else:
84 | self._SMTPChannel__greeting = arg
85 | self.push('250-{0} Hello {1}'.format(self._SMTPChannel__fqdn, arg))
86 | self.push('250-8BITMIME')
87 | self.push('250-AUTH LOGIN PLAIN')
88 | self.push('250 STARTTLS')
89 |
90 | def smtp_AUTH(self, arg):
91 | data = ""
92 | if arg == 'LOGIN':
93 | # prompt for username
94 | self.push('334 VXNlcm5hbWU6')
95 | data = self.rfile.readline()
96 | if not data:
97 | return
98 | if arg.startswith('LOGIN'):
99 | # Username was included in LOGIN line
100 | if ' ' in arg:
101 | data = arg.split(' ')[1]
102 | log.info("LOGIN AUTH Username: {0}" \
103 | .format(base64.decodestring(data.strip())))
104 |
105 | # prompt for password
106 | self.push('334 UGFzc3dvcmQ6')
107 | data = self.rfile.readline()
108 | if not data:
109 | return
110 | log.info("LOGIN AUTH Password: {0}" \
111 | .format(base64.decodestring(data.strip())))
112 | self.push('235 Authentication succeeded')
113 | elif arg.startswith('PLAIN') and ' ' in arg:
114 | data = arg.split(' ')[1]
115 | # plain is null separated user:pass base64 encoded
116 | log.info("PLAIN AUTH Uername/Password: {0}" \
117 | .format(base64.decodestring(data.strip()).replace('\0', ' ')))
118 |
119 | # we'll accept anyone
120 | self.push('235 Authentication succeeded')
121 | else:
122 | self.push('504 Unrecognized authentication type.')
123 |
124 | def smtp_STARTTLS(self, arg):
125 | if arg:
126 | self.push('501 Syntax: STARTTLS')
127 | else:
128 | self.push('220 Ready to start TLS')
129 | self.starttls()
130 | # discard any previous state
131 | self.channel_init()
132 |
133 | def push(self, data):
134 | """Override the SMTPChannel's method to use the StreamHandler's
135 | supplied file handle for writing.
136 | """
137 | self.wfile.write(data + '\r\n')
138 |
139 | def close_when_done(self):
140 | """Overridden to break out of handle() call.
141 | """
142 | self.close = True
143 |
144 |
145 | class NullServer:
146 | """A null implementation of the SMTPServer for method
147 | callbacks as used by SMTPChannel.
148 | """
149 | def process_message(self, peer, mailfrom, rcpttos, data):
150 | # will already be logged by framework so just noop
151 | pass
152 |
153 |
--------------------------------------------------------------------------------
/netsink/modules/sslwrap.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import re
18 | import socket
19 | import ssl
20 |
21 | from netsink import get_data_file
22 | from netsink.listener import StreamHandler
23 | from netsink.version import __version__
24 |
25 | class SSLHandler(StreamHandler):
26 | """Stream Handler that 'upgrades' a TCP connection to TLS/SSL transport.
27 | """
28 | version = __version__
29 |
30 | @staticmethod
31 | def match(data):
32 | return re.match(b'\x16\x03[\x00-\x03]..\x01', data)
33 |
34 | def config(self, config):
35 | self.certfile = config.get('ssl', 'certfile')
36 | self.keyfile = config.get('ssl', 'keyfile')
37 |
38 | def handle(self):
39 | """Attempts SSL/TLS handshake on current connection
40 | and replaces the it with a wrapped socket to handle
41 | if successful.
42 | """
43 | self.connection = PeekableSSLSocket(self.connection,
44 | keyfile=get_data_file(self.keyfile),
45 | certfile=get_data_file(self.certfile),
46 | server_side=True)
47 |
48 | class PeekableSSLSocket(ssl.SSLSocket):
49 | """Extension to SSLSocket that adds support for
50 | socket.MSG_PEEK flag in ssl wrapped recv() calls.
51 | Most definitely not thread-safe.
52 | """
53 |
54 | def __init__(self, sock, keyfile=None, certfile=None,
55 | server_side=False, cert_reqs=ssl.CERT_NONE,
56 | ssl_version=ssl.PROTOCOL_SSLv23, ca_certs=None,
57 | do_handshake_on_connect=True,
58 | suppress_ragged_eofs=True, ciphers=None):
59 |
60 | ssl.SSLSocket.__init__(self, sock, keyfile, certfile,
61 | server_side, cert_reqs, ssl_version,
62 | ca_certs, do_handshake_on_connect,
63 | suppress_ragged_eofs)
64 | self.peekbuff = ''
65 |
66 | def read(self, size=1024, peek=False):
67 | """Read up to SIZE bytes and return them.
68 | Return zero-length string on EOF."""
69 | try:
70 | if peek:
71 | self.peekbuff += self._sslobj.read(size)
72 | return self.peekbuff
73 | if self.peekbuff:
74 | tmp = self.peekbuff
75 | self.peekbuff = ''
76 | return tmp
77 | return self._sslobj.read(size)
78 | except ssl.SSLError, x:
79 | if x.args[0] == ssl.SSL_ERROR_EOF and self.suppress_ragged_eofs:
80 | return ''
81 | else:
82 | raise
83 |
84 | def recv(self, buflen=1024, flags=0):
85 | if self._sslobj:
86 | if flags != 0 and flags != socket.MSG_PEEK:
87 | raise ValueError(
88 | "Only MSG_PEEK flag allowed in calls to recv() on %s" %
89 | self.__class__)
90 | return self.read(buflen, flags == socket.MSG_PEEK)
91 | else:
92 | return self._sock.recv(buflen, flags)
--------------------------------------------------------------------------------
/netsink/redirection.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import atexit
18 | import logging
19 | import socket
20 | import subprocess
21 |
22 | log = logging.getLogger(__name__)
23 |
24 | class Redirector(object):
25 | """Uses iptables for setting up DNAT connection/port forwarding rules.
26 |
27 | Command-line is used over 'python-iptables' package due to version issues
28 | encountered with different linux flavours.
29 |
30 | Any created rules will be automatically deregistered on clean interpreter exit.
31 | """
32 | def __init__(self):
33 | self.localaddr = socket.gethostbyname(socket.gethostname())
34 | self.rules = []
35 | atexit.register(self.remove_all_forwarding)
36 |
37 | @staticmethod
38 | def available():
39 | """Returns true if connection redirection is supported on the current platform.
40 | false otherwise.
41 | """
42 | try:
43 | subprocess.check_call("iptables -L".split())
44 | return True
45 | except (subprocess.CalledProcessError, OSError):
46 | return False
47 |
48 | @staticmethod
49 | def existing_rules():
50 | """Returns true if there are existing iptables rules which may cause
51 | conflict with the connection redirection/forwarding, false otherwise.
52 | """
53 | try:
54 | stdout, _ = subprocess.Popen("iptables -L".split(),
55 | stdout=subprocess.PIPE, stderr=subprocess.PIPE).communicate()
56 | for x in stdout.splitlines():
57 | if x and not x.startswith('Chain') and not x.startswith('target'):
58 | return True
59 | except (subprocess.CalledProcessError, OSError):
60 | pass # fall through
61 | return False
62 |
63 | def add_forwarding(self, protocol=None, inports=[], outport=None):
64 | """Attempt to add a forwarding rule for the specified connection details.
65 | """
66 | cmd = "iptables -t nat -A PREROUTING %s" % self._create_nat_rule(protocol, inports, outport)
67 | log.debug(cmd)
68 | subprocess.check_call(cmd.split())
69 | self.rules.append((protocol, inports, outport))
70 |
71 | def remove_forwarding(self, protocol=None, inports=[], outport=None):
72 | """Attempt to remove any forwarding rule for the specified connection details.
73 | """
74 | cmd = "iptables -t nat -D PREROUTING %s" % self._create_nat_rule(protocol, inports, outport)
75 | log.debug(cmd)
76 | subprocess.check_call(cmd.split())
77 | self.rules.remove((protocol, inports, outport))
78 |
79 | def remove_all_forwarding(self):
80 | """Attempt to remove all added forwarding rules performed via this Redirector.
81 | """
82 | log.info("Cleaning up all forwarding rules...")
83 | for protocol, inports, outport in list(self.rules):
84 | self.remove_forwarding(protocol, inports, outport)
85 |
86 | def _create_nat_rule(self, protocol, inports, outport):
87 | """Builds the corresponding rule string for use with iptables.
88 | """
89 | inports = [ str(x) for x in inports ] # convert to strings
90 | rule = "-j DNAT "
91 | if protocol:
92 | rule += "-p %s " % protocol
93 |
94 | if inports and outport:
95 | rule += "-m multiport --destination-ports %s --to-destination %s:%s" % \
96 | (",".join(inports), self.localaddr, outport)
97 | elif inports:
98 | rule += "-m multiport --destination-ports %s --to-destination %s" % \
99 | (",".join(inports), self.localaddr)
100 | elif outport:
101 | rule += "--to-destination %s:%s" % \
102 | (self.localaddr, outport)
103 | else:
104 | rule += "--to-destination %s" % self.localaddr
105 | return rule
106 |
107 |
108 |
--------------------------------------------------------------------------------
/netsink/start.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | # Netsink - Network Sinkhole for Isolated Malware Analysis
4 | # Copyright (C) 2013-2014 Steve Henderson
5 | #
6 | # This program is free software: you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as published by
8 | # the Free Software Foundation, either version 3 of the License, or
9 | # (at your option) any later version.
10 | #
11 | # This program is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU General Public License
17 | # along with this program. If not, see .
18 |
19 | import logging
20 | import socket
21 | import sys
22 | import threading
23 | import time
24 |
25 | from netsink.config import Config, ModuleConfig, parseints
26 | from netsink.listener import Listener
27 | from netsink.modules import registry
28 | from netsink.redirection import Redirector
29 |
30 | log = logging.getLogger("netsink")
31 |
32 | def initlogging():
33 | """Initialise the logging format and handler.
34 | """
35 | formatter = logging.Formatter("%(asctime)s [%(name)s] %(levelname)s: %(message)s")
36 | handler = logging.StreamHandler()
37 | handler.setFormatter(formatter)
38 | log.addHandler(handler)
39 |
40 | def startlisteners(config):
41 | """Start all the listeners defined in the supplied config and block indefintely.
42 | """
43 | for x in config.listeners.values():
44 | if not registry.get(x.module):
45 | log.warn("Netsink module '%s' not found for config item '%s'... skipping",
46 | x.module, x.name)
47 | continue
48 | x.servers = []
49 | for p in x.ports:
50 | try:
51 | server = Listener(x.name, p, registry[x.module], x.socktype, x.config).server
52 | x.servers.append(server)
53 | server_thread = threading.Thread(target=server.serve_forever)
54 | server_thread.setDaemon(True)
55 | server_thread.start()
56 | except socket.error:
57 | log.warning("Unable to establish listener on port %s... skipping.", p)
58 | x.ports.remove(p)
59 | if x.ports:
60 | log.info("Listener '%s' awaiting %s activity on port/s %s",
61 | x.name, x.socktype, str(x.ports))
62 | return config.listeners.values()
63 |
64 | def redirection(config, listeners):
65 | """Setup port forwarding and redirection for the given listeners/config.
66 | """
67 | if not Redirector.available():
68 | log.warn("Connection redirection enabled but not available. "
69 | "Ensure 'iptables' is installed and current user has sufficient privileges.")
70 | return
71 |
72 | if Redirector.existing_rules():
73 | log.warn("Existing rules found in iptables. Not enabling connection redirection in case of conflict.")
74 | return
75 |
76 | redir = Redirector()
77 | # pass through all listener ports
78 | for listener in [ x for x in listeners if x.socktype in ['SSL', 'TCP'] ]:
79 | redir.add_forwarding("tcp", listener.ports)
80 | # pass through any explicitly excluded ports
81 | exclusions = list(parseints(config.cfg.get("redirection", "port_exclusions")))
82 | if exclusions:
83 | redir.add_forwarding("tcp", exclusions)
84 | # forward all other ports to generic listener
85 | generic = config.cfg.get("redirection", "port_forwarding")
86 | if generic:
87 | redir.add_forwarding("tcp", outport=generic)
88 | # forward all protocols to local address
89 | redir.add_forwarding()
90 |
91 | def wait():
92 | """Block indefinitely until Ctrl-C.
93 | """
94 | log.info("Waiting...")
95 | while True:
96 | try:
97 | time.sleep(1)
98 | except KeyboardInterrupt:
99 | sys.exit()
100 |
101 | def main():
102 | """Script entry point.
103 | """
104 | initlogging()
105 | log.setLevel(logging.DEBUG)
106 | l = startlisteners(Config())
107 | if Config().redirection:
108 | redirection(ModuleConfig("redirection.conf"), l)
109 | wait()
110 |
111 | if __name__ == '__main__':
112 | main()
113 |
114 |
--------------------------------------------------------------------------------
/netsink/version.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | __version__ = "0.5"
18 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | dnslib>=0.8, <0.9
2 | irc>=8.0, <10.0
3 | pyftpdlib>=1.4
--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | # Netsink - Network Sinkhole for Isolated Malware Analysis
4 | # Copyright (C) 2013-2014 Steve Henderson
5 | #
6 | # This program is free software: you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as published by
8 | # the Free Software Foundation, either version 3 of the License, or
9 | # (at your option) any later version.
10 | #
11 | # This program is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU General Public License
17 | # along with this program. If not, see .
18 |
19 | from setuptools import setup
20 |
21 | def load_version():
22 | "Returns the current project version"
23 | from netsink import version
24 | return version.__version__
25 |
26 | setup(
27 | name="netsink",
28 | version=load_version(),
29 | packages=['netsink', 'netsink.modules'],
30 | zip_safe=False,
31 | author="Steve Henderson",
32 | author_email="steve.henderson@hendotech.com.au",
33 | url="https://github.com/shendo/netsink",
34 | description="Network Sinkhole for Isolated Malware Analysis",
35 | long_description=open('README.rst').read(),
36 | entry_points={"console_scripts": ['netsink = netsink.start:main'],
37 | "netsink.modules": ['dns = netsink.modules.dns:DNSHandler',
38 | 'http = netsink.modules.http:HTTPHandler',
39 | 'irc = netsink.modules.ircserver:IRCHandler',
40 | 'dispatcher = netsink.modules.multi:Dispatcher',
41 | 'smtp = netsink.modules.smtp:SMTPHandler',
42 | 'ssl = netsink.modules.sslwrap:SSLHandler',
43 | 'ftp = netsink.modules.ftp:FTPHandler']
44 | },
45 | include_package_data=True,
46 | license="GPL",
47 | install_requires = open('requirements.txt').readlines(),
48 | tests_require = ['pytest>=2.5'],
49 | classifiers = [
50 | 'Development Status :: 4 - Beta',
51 | 'Intended Audience :: Developers',
52 | 'Intended Audience :: System Administrators',
53 | 'License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)',
54 | 'Operating System :: OS Independent',
55 | 'Programming Language :: Python',
56 | 'Programming Language :: Python :: 2',
57 | 'Programming Language :: Python :: 2.6',
58 | 'Programming Language :: Python :: 2.7',
59 | 'Topic :: Internet',
60 | 'Topic :: Security'
61 | ],
62 | )
63 |
--------------------------------------------------------------------------------
/tests/smoke.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | # Netsink - Network Sinkhole for Isolated Malware Analysis
4 | # Copyright (C) 2013-2014 Steve Henderson
5 | #
6 | # This program is free software: you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as published by
8 | # the Free Software Foundation, either version 3 of the License, or
9 | # (at your option) any later version.
10 | #
11 | # This program is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU General Public License
17 | # along with this program. If not, see .
18 |
19 | import email.utils
20 | from email.mime.text import MIMEText
21 | import smtplib
22 | import socket
23 | import urllib2
24 |
25 | from dnslib import DNSRecord, DNSQuestion
26 | import irc.client
27 |
28 | from netsink.config import Config
29 | import netsink.start as netsink
30 |
31 | LOCALADDR = socket.gethostbyname(socket.gethostname())
32 |
33 | def runtest(testfunc, desc, repeats):
34 | """Execute the defined no args testfunc, 'repeats' number of times."""
35 | print "+ %i %s (sequential)" % (repeats, desc),
36 | for x in range(repeats):
37 | testfunc()
38 | if not x % max(1, int(repeats / 10)):
39 | print ".",
40 | print "[OK]"
41 |
42 | def dnstest():
43 | resp = DNSRecord(q=DNSQuestion("google.com")).send("127.0.0.1")
44 | assert str(resp.get_a().rdata) == LOCALADDR
45 |
46 | def httptest():
47 | resp = urllib2.urlopen("http://127.0.0.1/anything").read()
48 | assert "Netsink" in resp
49 |
50 | def httpstest():
51 | resp = urllib2.urlopen("https://127.0.0.1/anything/else").read()
52 | assert "Netsink" in resp
53 |
54 | def smtptest():
55 | msg = MIMEText('Message Body')
56 | msg['To'] = email.utils.formataddr(('Recipient', 'netsink@example.com'))
57 | msg['From'] = email.utils.formataddr(('Author', 'test@example.com'))
58 | msg['Subject'] = 'Netsink Test Message'
59 | server = smtplib.SMTP('127.0.0.1', 25)
60 | #server.set_debuglevel(True)
61 | try:
62 | server.sendmail('test@example.com',
63 | ['netsink@example.com'],
64 | msg.as_string())
65 | finally:
66 | server.quit()
67 |
68 | def irctest():
69 | client = irc.client.IRC()
70 | server = client.server().connect("127.0.0.1", 6667, "netsink")
71 | server.join("#testchan", key="12345")
72 | server.privmsg("#testchan", "ready for tasking")
73 | # drain response messages
74 | for _ in range(6):
75 | client.process_once(0.015)
76 | server.close()
77 |
78 |
79 | if __name__ == '__main__':
80 | print "Netsink smoke test"
81 | print "------------------"
82 | netsink.startlisteners(Config())
83 |
84 | runtest(dnstest, "dns lookups", 10000)
85 | runtest(httptest, "http requests", 10000)
86 | runtest(httpstest, "https requests", 10000)
87 | runtest(smtptest, "smtp mail sends", 10000)
88 | runtest(irctest, "irc sessions", 1000)
89 |
90 |
--------------------------------------------------------------------------------
/tests/test_config.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | from netsink.config import parseints
18 |
19 | def test_intlist():
20 | assert [] == list(parseints(''))
21 | assert [1] == list(parseints('1'))
22 | assert [1] == list(parseints(' 1 '))
23 | assert [1, 2, 3] == list(parseints('1,2,3'))
24 | assert [5, 6, 7, 8] == list(parseints('5-8'))
25 | assert [2, 3, 4, 5, 7, 8, 9, 10] == list(parseints(' 2, 3,4,5- 5 ,7-9,10'))
26 | assert [0] == list(parseints('0'))
27 | assert [1100, 1101, 1102, 1103] == list(parseints('1100-1103'))
28 |
--------------------------------------------------------------------------------
/tests/test_dns.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import socket
18 | import SocketServer
19 | import thread
20 |
21 | from dnslib import DNSRecord, DNSQuestion
22 |
23 | from netsink.config import ModuleConfig
24 | from netsink.modules import dns
25 |
26 | def test_dns():
27 | server = SocketServer.UDPServer(('', 0), dns.DNSHandler)
28 | server.cfg = ModuleConfig('dns.conf').cfg
29 | thread.start_new_thread(server.serve_forever, ())
30 | resp = DNSRecord(q=DNSQuestion("google.com")).send(
31 | "127.0.0.1", port=server.socket.getsockname()[1])
32 | assert str(resp.get_a().rdata) == socket.gethostbyname(socket.gethostname())
33 |
--------------------------------------------------------------------------------
/tests/test_ftp.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import SocketServer
18 | import ftplib
19 | import thread
20 | from netsink import get_data_file
21 | from netsink.config import ModuleConfig
22 | from netsink.modules import ftp
23 |
24 | def test_ftp_anonymous():
25 | server = SocketServer.TCPServer(('', 0), ftp.FTPHandler)
26 | server.cfg = ModuleConfig('ftp.conf').cfg
27 | thread.start_new_thread(server.serve_forever, ())
28 | client = ftplib.FTP()
29 | client.connect('127.0.0.1', server.socket.getsockname()[1])
30 | client.login()
31 | assert 'README.txt' in client.nlst()
32 | client.quit()
33 |
34 | def test_ftp_login():
35 | server = SocketServer.TCPServer(('', 0), ftp.FTPHandler)
36 | server.cfg = ModuleConfig('ftp.conf').cfg
37 | thread.start_new_thread(server.serve_forever, ())
38 | client = ftplib.FTP()
39 | client.connect('127.0.0.1', server.socket.getsockname()[1])
40 | client.login('user1', 'mysecret')
41 | assert 'README.txt' in client.nlst()
42 | client.quit()
43 |
44 | def test_ftp_download():
45 | server = SocketServer.TCPServer(('', 0), ftp.FTPHandler)
46 | server.cfg = ModuleConfig('ftp.conf').cfg
47 | thread.start_new_thread(server.serve_forever, ())
48 | client = ftplib.FTP()
49 | client.connect('127.0.0.1', server.socket.getsockname()[1])
50 | client.login()
51 | def check_content(content):
52 | assert 'Nothing to see here' in content
53 | client.retrbinary('RETR README.txt', check_content)
54 | client.quit()
55 |
56 | def test_ftp_upload():
57 | server = SocketServer.TCPServer(('', 0), ftp.FTPHandler)
58 | server.cfg = ModuleConfig('ftp.conf').cfg
59 | thread.start_new_thread(server.serve_forever, ())
60 | client = ftplib.FTP()
61 | client.connect('127.0.0.1', server.socket.getsockname()[1])
62 | client.login()
63 | with open(get_data_file("ftproot/README.txt")) as tmp:
64 | client.storbinary('STOR testing.txt', tmp)
65 | client.quit()
66 |
67 |
--------------------------------------------------------------------------------
/tests/test_http.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import SocketServer
18 | import thread
19 | import urllib2
20 |
21 | from netsink.config import ModuleConfig
22 | from netsink.modules import http
23 |
24 | def test_http():
25 | server = SocketServer.TCPServer(('', 0), http.HTTPHandler)
26 | server.cfg = ModuleConfig('http.conf').cfg
27 | thread.start_new_thread(server.serve_forever, ())
28 | resp = urllib2.urlopen("http://127.0.0.1:{0}/anything/blah.html".format(
29 | server.socket.getsockname()[1])).read()
30 | assert "Netsink" in resp
31 |
32 | def test_iplookup():
33 | server = SocketServer.TCPServer(('', 0), http.HTTPHandler)
34 | server.cfg = ModuleConfig('http.conf').cfg
35 | thread.start_new_thread(server.serve_forever, ())
36 | headers = { "User-Agent": 'Google-Bot', "Host": 'ipgoat.com' }
37 | req = urllib2.Request("http://127.0.0.1:{0}".format(
38 | server.socket.getsockname()[1]), headers=headers)
39 | resp = urllib2.urlopen(req).read()
40 | assert "11.22.33.44" in resp
41 |
42 | def test_iplookup_raw():
43 | server = SocketServer.TCPServer(('', 0), http.HTTPHandler)
44 | server.cfg = ModuleConfig('http.conf').cfg
45 | thread.start_new_thread(server.serve_forever, ())
46 | headers = { "Host": 'checkip.dyndns.org' }
47 | req = urllib2.Request("http://127.0.0.1:{0}/plain".format(
48 | server.socket.getsockname()[1]), headers=headers)
49 | resp = urllib2.urlopen(req).read()
50 | assert resp.startswith("11.22.33.44")
51 |
--------------------------------------------------------------------------------
/tests/test_ircserver.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import SocketServer
18 | import thread
19 |
20 | import irc.client
21 |
22 | from netsink.config import ModuleConfig
23 | from netsink.modules import ircserver
24 |
25 | def test_irc():
26 | server = SocketServer.TCPServer(('', 0), ircserver.IRCHandler)
27 | server.cfg = ModuleConfig('irc.conf').cfg
28 | thread.start_new_thread(server.serve_forever, ())
29 | client = irc.client.IRC()
30 | conn = client.server().connect('127.0.0.1', server.socket.getsockname()[1], 'nickname')
31 | conn.join("#testchan", key="12345")
32 | conn.privmsg("#testchan", "ready for tasking")
33 | # drain response messages
34 | for _ in range(6):
35 | client.process_once(0.015)
36 | conn.close()
37 |
--------------------------------------------------------------------------------
/tests/test_multi.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import socket
18 | import SocketServer
19 | import thread
20 | import urllib2
21 |
22 | from netsink.config import ModuleConfig
23 | from netsink.modules import multi
24 |
25 | def test_dispatched_http():
26 | server = SocketServer.TCPServer(('', 0), multi.Dispatcher)
27 | server.cfg = ModuleConfig('dispatcher.conf').cfg
28 | thread.start_new_thread(server.serve_forever, ())
29 | resp = urllib2.urlopen("http://127.0.0.1:{0}/anything/blah.html".format(
30 | server.socket.getsockname()[1])).read()
31 | assert "Netsink" in resp
32 |
33 | def test_dispatched_https():
34 | server = SocketServer.TCPServer(('', 0), multi.Dispatcher)
35 | server.cfg = ModuleConfig('dispatcher.conf').cfg
36 | thread.start_new_thread(server.serve_forever, ())
37 | resp = urllib2.urlopen("https://127.0.0.1:{0}/anything/blah.html".format(
38 | server.socket.getsockname()[1])).read()
39 | assert "Netsink" in resp
40 |
41 | def test_no_match():
42 | server = SocketServer.TCPServer(('', 0), multi.Dispatcher)
43 | server.cfg = ModuleConfig('dispatcher.conf').cfg
44 | thread.start_new_thread(server.serve_forever, ())
45 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
46 | s.connect(('127.0.0.1', server.socket.getsockname()[1]))
47 | # server should just consume unknown client traffic
48 | s.send('asdhakdfhkajfafdhjagsdfjjhsadfhjagsd1234234123412342134asddf' * 10)
49 | s.close()
50 |
51 | def test_server_initiated():
52 | server = SocketServer.TCPServer(('', 0), multi.Dispatcher)
53 | server.cfg = ModuleConfig('dispatcher.conf').cfg
54 | thread.start_new_thread(server.serve_forever, ())
55 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
56 | s.connect(('127.0.0.1', server.socket.getsockname()[1]))
57 | # client is expecting server to initiate comms
58 | # check that server eventually gives up and sends
59 | # something back in an attempt to elicit something from client
60 | resp = s.recv(2048)
61 | assert 'netsink' in resp
62 | s.close()
63 |
64 | def test_small_data():
65 | server = SocketServer.TCPServer(('', 0), multi.Dispatcher)
66 | server.cfg = ModuleConfig('dispatcher.conf').cfg
67 | thread.start_new_thread(server.serve_forever, ())
68 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
69 | s.connect(('127.0.0.1', server.socket.getsockname()[1]))
70 | # multiple sends but still less than needed for pattern matching
71 | s.send('asdfk')
72 | s.send('sasd')
73 | s.send('00')
74 | # check that server eventually gives up on the small data and sends
75 | # something back in an attempt to elicit more comms
76 | resp = s.recv(2048)
77 | assert 'netsink' in resp
78 | s.close()
79 |
--------------------------------------------------------------------------------
/tests/test_redirection.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | from netsink.redirection import Redirector
18 |
19 | def test_rules():
20 | redir = Redirector()
21 | redir.localaddr = "1.2.3.4"
22 |
23 | assert "-j DNAT -p tcp -m multiport --destination-ports 123 --to-destination 1.2.3.4:555" == \
24 | redir._create_nat_rule("tcp", [123], 555)
25 | assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4:555" == \
26 | redir._create_nat_rule("tcp", [123, 456], 555)
27 | assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4" == \
28 | redir._create_nat_rule("tcp", [123, 456], None)
29 | assert "-j DNAT -p tcp --to-destination 1.2.3.4:555" == redir._create_nat_rule("tcp", [], outport=555)
30 | assert "-j DNAT --to-destination 1.2.3.4" == redir._create_nat_rule(None, [], None)
31 |
--------------------------------------------------------------------------------
/tests/test_smtp.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import email.utils
18 | from email.mime.text import MIMEText
19 | import SocketServer
20 | import smtplib
21 | import thread
22 |
23 | from netsink.config import ModuleConfig
24 | from netsink.modules import smtp
25 |
26 | def test_smtp():
27 | server = SocketServer.TCPServer(('', 0), smtp.SMTPHandler)
28 | server.cfg = ModuleConfig('smtp.conf').cfg
29 | thread.start_new_thread(server.serve_forever, ())
30 | client = smtplib.SMTP('127.0.0.1', server.socket.getsockname()[1])
31 | msg = MIMEText('Message Body')
32 | msg['To'] = email.utils.formataddr(('Recipient', 'netsink@example.com'))
33 | msg['From'] = email.utils.formataddr(('Author', 'test@example.com'))
34 | msg['Subject'] = 'Netsink Test Message'
35 | # returns dictionary of failed recipients
36 | assert not client.sendmail('test@example.com',
37 | ['netsink@example.com'],
38 | msg.as_string())
39 | client.quit()
40 |
41 | def test_smtp_auth_plain():
42 | server = SocketServer.TCPServer(('', 0), smtp.SMTPHandler)
43 | server.cfg = ModuleConfig('smtp.conf').cfg
44 | thread.start_new_thread(server.serve_forever, ())
45 | client = smtplib.SMTP('127.0.0.1', server.socket.getsockname()[1])
46 | client.set_debuglevel(True)
47 | client.login('testuser', 'secret')
48 | msg = MIMEText('Message Body')
49 | msg['To'] = email.utils.formataddr(('Recipient', 'netsink@example.com'))
50 | msg['From'] = email.utils.formataddr(('Author', 'test@example.com'))
51 | msg['Subject'] = 'Netsink Test Message'
52 | # returns dictionary of failed recipients
53 | assert not client.sendmail('test@example.com',
54 | ['netsink@example.com'],
55 | msg.as_string())
56 | client.quit()
57 |
58 | def test_smtp_auth_login():
59 | server = SocketServer.TCPServer(('', 0), smtp.SMTPHandler)
60 | server.cfg = ModuleConfig('smtp.conf').cfg
61 | thread.start_new_thread(server.serve_forever, ())
62 | client = smtplib.SMTP('127.0.0.1', server.socket.getsockname()[1])
63 | client.set_debuglevel(True)
64 | client.ehlo()
65 | # force to use login
66 | client.esmtp_features['auth'] = 'LOGIN'
67 | client.login('testuser', 'secret')
68 | msg = MIMEText('Message Body')
69 | msg['To'] = email.utils.formataddr(('Recipient', 'netsink@example.com'))
70 | msg['From'] = email.utils.formataddr(('Author', 'test@example.com'))
71 | msg['Subject'] = 'Netsink Test Message'
72 | # returns dictionary of failed recipients
73 | assert not client.sendmail('test@example.com',
74 | ['netsink@example.com'],
75 | msg.as_string())
76 | client.quit()
77 |
78 |
79 | def test_smtp_starttls():
80 | server = SocketServer.TCPServer(('', 0), smtp.SMTPHandler)
81 | server.cfg = ModuleConfig('smtp.conf').cfg
82 | thread.start_new_thread(server.serve_forever, ())
83 | client = smtplib.SMTP('127.0.0.1', server.socket.getsockname()[1])
84 | client.set_debuglevel(True)
85 | client.ehlo()
86 | client.starttls()
87 | msg = MIMEText('Message Body')
88 | msg['To'] = email.utils.formataddr(('Recipient', 'netsink@example.com'))
89 | msg['From'] = email.utils.formataddr(('Author', 'test@example.com'))
90 | msg['Subject'] = 'Netsink Test Message'
91 | # returns dictionary of failed recipients
92 | assert not client.sendmail('test@example.com',
93 | ['netsink@example.com'],
94 | msg.as_string())
95 | client.quit()
96 |
--------------------------------------------------------------------------------
/tests/test_sslwrap.py:
--------------------------------------------------------------------------------
1 | # Netsink - Network Sinkhole for Isolated Malware Analysis
2 | # Copyright (C) 2013-2014 Steve Henderson
3 | #
4 | # This program is free software: you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation, either version 3 of the License, or
7 | # (at your option) any later version.
8 | #
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program. If not, see .
16 |
17 | import socket
18 | import SocketServer
19 | import ssl
20 | import thread
21 |
22 | from netsink.config import ModuleConfig
23 | from netsink.modules import sslwrap
24 |
25 | def test_sslhandler():
26 | server = SocketServer.TCPServer(('', 0), sslwrap.SSLHandler)
27 | server.cfg = ModuleConfig('ssl.conf').cfg
28 | thread.start_new_thread(server.serve_forever, ())
29 | client = ssl.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM))
30 | client.connect(('127.0.0.1', server.socket.getsockname()[1]))
31 | assert client.ssl_version >= 2
32 |
33 |
34 |
--------------------------------------------------------------------------------
/tox.ini:
--------------------------------------------------------------------------------
1 | [tox]
2 | envlist = py26, py27, pypy
3 |
4 | [testenv]
5 | deps = pytest
6 | commands = py.test -v
7 |
--------------------------------------------------------------------------------