├── .gitignore
├── LICENSE
├── Makefile
├── README.md
├── banners.list
├── cmd
    ├── honeyshell
    │   └── main.go
    └── vfsutil
    │   └── main.go
├── core
    ├── db.go
    ├── encryption.go
    ├── hashing.go
    ├── logman.go
    ├── ssh_server.go
    └── utils.go
├── go.mod
├── go.sum
└── plugin
    ├── cmd_args.go
    ├── config.go
    ├── manager.go
    ├── module.go
    ├── native
        ├── db.go
        ├── filepath.go
        ├── fmt.go
        ├── io.go
        ├── json.go
        ├── net.go
        ├── os.go
        ├── strings.go
        ├── tabwriter.go
        └── time.go
    ├── plugin.go
    ├── session.go
    ├── user.go
    ├── utils.go
    ├── vfs.go
    └── vfs_test.go


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Binaries for programs and plugins
 2 | *.exe
 3 | *.exe~
 4 | *.dll
 5 | *.so
 6 | *.dylib
 7 | 
 8 | # Test binary, build with `go test -c`
 9 | *.test
10 | 
11 | # Output of the go coverage tool, specifically when used with LiteIDE
12 | *.out
13 | *.log
14 | honeyshell
15 | /vfsutil
16 | honeyshell-c
17 | honeyshell.log
18 | honeyshell.db
19 | bin
20 | src
21 | libssh-*
22 | id_rsa*
23 | 
24 | # Custom
25 | .vscode/
26 | plugins/
27 | vfs.json
28 | out.json
29 | /cmd/tests
30 | /tests
31 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 3, 29 June 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU General Public License is a free, copyleft license for
 11 | software and other kinds of works.
 12 | 
 13 |   The licenses for most software and other practical works are designed
 14 | to take away your freedom to share and change the works.  By contrast,
 15 | the GNU General Public License is intended to guarantee your freedom to
 16 | share and change all versions of a program--to make sure it remains free
 17 | software for all its users.  We, the Free Software Foundation, use the
 18 | GNU General Public License for most of our software; it applies also to
 19 | any other work released this way by its authors.  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | them if you wish), that you receive source code or can get it if you
 26 | want it, that you can change the software or use pieces of it in new
 27 | free programs, and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to prevent others from denying you
 30 | these rights or asking you to surrender the rights.  Therefore, you have
 31 | certain responsibilities if you distribute copies of the software, or if
 32 | you modify it: responsibilities to respect the freedom of others.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must pass on to the recipients the same
 36 | freedoms that you received.  You must make sure that they, too, receive
 37 | or can get the source code.  And you must show them these terms so they
 38 | know their rights.
 39 | 
 40 |   Developers that use the GNU GPL protect your rights with two steps:
 41 | (1) assert copyright on the software, and (2) offer you this License
 42 | giving you legal permission to copy, distribute and/or modify it.
 43 | 
 44 |   For the developers' and authors' protection, the GPL clearly explains
 45 | that there is no warranty for this free software.  For both users' and
 46 | authors' sake, the GPL requires that modified versions be marked as
 47 | changed, so that their problems will not be attributed erroneously to
 48 | authors of previous versions.
 49 | 
 50 |   Some devices are designed to deny users access to install or run
 51 | modified versions of the software inside them, although the manufacturer
 52 | can do so.  This is fundamentally incompatible with the aim of
 53 | protecting users' freedom to change the software.  The systematic
 54 | pattern of such abuse occurs in the area of products for individuals to
 55 | use, which is precisely where it is most unacceptable.  Therefore, we
 56 | have designed this version of the GPL to prohibit the practice for those
 57 | products.  If such problems arise substantially in other domains, we
 58 | stand ready to extend this provision to those domains in future versions
 59 | of the GPL, as needed to protect the freedom of users.
 60 | 
 61 |   Finally, every program is threatened constantly by software patents.
 62 | States should not allow patents to restrict development and use of
 63 | software on general-purpose computers, but in those that do, we wish to
 64 | avoid the special danger that patents applied to a free program could
 65 | make it effectively proprietary.  To prevent this, the GPL assures that
 66 | patents cannot be used to render the program non-free.
 67 | 
 68 |   The precise terms and conditions for copying, distribution and
 69 | modification follow.
 70 | 
 71 |                        TERMS AND CONDITIONS
 72 | 
 73 |   0. Definitions.
 74 | 
 75 |   "This License" refers to version 3 of the GNU General Public License.
 76 | 
 77 |   "Copyright" also means copyright-like laws that apply to other kinds of
 78 | works, such as semiconductor masks.
 79 | 
 80 |   "The Program" refers to any copyrightable work licensed under this
 81 | License.  Each licensee is addressed as "you".  "Licensees" and
 82 | "recipients" may be individuals or organizations.
 83 | 
 84 |   To "modify" a work means to copy from or adapt all or part of the work
 85 | in a fashion requiring copyright permission, other than the making of an
 86 | exact copy.  The resulting work is called a "modified version" of the
 87 | earlier work or a work "based on" the earlier work.
 88 | 
 89 |   A "covered work" means either the unmodified Program or a work based
 90 | on the Program.
 91 | 
 92 |   To "propagate" a work means to do anything with it that, without
 93 | permission, would make you directly or secondarily liable for
 94 | infringement under applicable copyright law, except executing it on a
 95 | computer or modifying a private copy.  Propagation includes copying,
 96 | distribution (with or without modification), making available to the
 97 | public, and in some countries other activities as well.
 98 | 
 99 |   To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies.  Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 | 
103 |   An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License.  If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 | 
112 |   1. Source Code.
113 | 
114 |   The "source code" for a work means the preferred form of the work
115 | for making modifications to it.  "Object code" means any non-source
116 | form of a work.
117 | 
118 |   A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 | 
123 |   The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form.  A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 | 
134 |   The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities.  However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work.  For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 | 
147 |   The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 | 
151 |   The Corresponding Source for a work in source code form is that
152 | same work.
153 | 
154 |   2. Basic Permissions.
155 | 
156 |   All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met.  This License explicitly affirms your unlimited
159 | permission to run the unmodified Program.  The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work.  This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 | 
164 |   You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force.  You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright.  Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 | 
175 |   Conveying under any other circumstances is permitted solely under
176 | the conditions stated below.  Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 | 
179 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 | 
181 |   No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 | 
187 |   When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 | 
195 |   4. Conveying Verbatim Copies.
196 | 
197 |   You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 | 
205 |   You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 | 
208 |   5. Conveying Modified Source Versions.
209 | 
210 |   You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 | 
214 |     a) The work must carry prominent notices stating that you modified
215 |     it, and giving a relevant date.
216 | 
217 |     b) The work must carry prominent notices stating that it is
218 |     released under this License and any conditions added under section
219 |     7.  This requirement modifies the requirement in section 4 to
220 |     "keep intact all notices".
221 | 
222 |     c) You must license the entire work, as a whole, under this
223 |     License to anyone who comes into possession of a copy.  This
224 |     License will therefore apply, along with any applicable section 7
225 |     additional terms, to the whole of the work, and all its parts,
226 |     regardless of how they are packaged.  This License gives no
227 |     permission to license the work in any other way, but it does not
228 |     invalidate such permission if you have separately received it.
229 | 
230 |     d) If the work has interactive user interfaces, each must display
231 |     Appropriate Legal Notices; however, if the Program has interactive
232 |     interfaces that do not display Appropriate Legal Notices, your
233 |     work need not make them do so.
234 | 
235 |   A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit.  Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 | 
245 |   6. Conveying Non-Source Forms.
246 | 
247 |   You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 | 
252 |     a) Convey the object code in, or embodied in, a physical product
253 |     (including a physical distribution medium), accompanied by the
254 |     Corresponding Source fixed on a durable physical medium
255 |     customarily used for software interchange.
256 | 
257 |     b) Convey the object code in, or embodied in, a physical product
258 |     (including a physical distribution medium), accompanied by a
259 |     written offer, valid for at least three years and valid for as
260 |     long as you offer spare parts or customer support for that product
261 |     model, to give anyone who possesses the object code either (1) a
262 |     copy of the Corresponding Source for all the software in the
263 |     product that is covered by this License, on a durable physical
264 |     medium customarily used for software interchange, for a price no
265 |     more than your reasonable cost of physically performing this
266 |     conveying of source, or (2) access to copy the
267 |     Corresponding Source from a network server at no charge.
268 | 
269 |     c) Convey individual copies of the object code with a copy of the
270 |     written offer to provide the Corresponding Source.  This
271 |     alternative is allowed only occasionally and noncommercially, and
272 |     only if you received the object code with such an offer, in accord
273 |     with subsection 6b.
274 | 
275 |     d) Convey the object code by offering access from a designated
276 |     place (gratis or for a charge), and offer equivalent access to the
277 |     Corresponding Source in the same way through the same place at no
278 |     further charge.  You need not require recipients to copy the
279 |     Corresponding Source along with the object code.  If the place to
280 |     copy the object code is a network server, the Corresponding Source
281 |     may be on a different server (operated by you or a third party)
282 |     that supports equivalent copying facilities, provided you maintain
283 |     clear directions next to the object code saying where to find the
284 |     Corresponding Source.  Regardless of what server hosts the
285 |     Corresponding Source, you remain obligated to ensure that it is
286 |     available for as long as needed to satisfy these requirements.
287 | 
288 |     e) Convey the object code using peer-to-peer transmission, provided
289 |     you inform other peers where the object code and Corresponding
290 |     Source of the work are being offered to the general public at no
291 |     charge under subsection 6d.
292 | 
293 |   A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 | 
297 |   A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling.  In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage.  For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product.  A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 | 
310 |   "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source.  The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 | 
318 |   If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information.  But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 | 
329 |   The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed.  Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 | 
337 |   Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 | 
343 |   7. Additional Terms.
344 | 
345 |   "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law.  If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 | 
354 |   When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it.  (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.)  You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 | 
361 |   Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 | 
365 |     a) Disclaiming warranty or limiting liability differently from the
366 |     terms of sections 15 and 16 of this License; or
367 | 
368 |     b) Requiring preservation of specified reasonable legal notices or
369 |     author attributions in that material or in the Appropriate Legal
370 |     Notices displayed by works containing it; or
371 | 
372 |     c) Prohibiting misrepresentation of the origin of that material, or
373 |     requiring that modified versions of such material be marked in
374 |     reasonable ways as different from the original version; or
375 | 
376 |     d) Limiting the use for publicity purposes of names of licensors or
377 |     authors of the material; or
378 | 
379 |     e) Declining to grant rights under trademark law for use of some
380 |     trade names, trademarks, or service marks; or
381 | 
382 |     f) Requiring indemnification of licensors and authors of that
383 |     material by anyone who conveys the material (or modified versions of
384 |     it) with contractual assumptions of liability to the recipient, for
385 |     any liability that these contractual assumptions directly impose on
386 |     those licensors and authors.
387 | 
388 |   All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10.  If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term.  If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 | 
398 |   If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 | 
403 |   Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 | 
407 |   8. Termination.
408 | 
409 |   You may not propagate or modify a covered work except as expressly
410 | provided under this License.  Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 | 
415 |   However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 | 
422 |   Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 | 
429 |   Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License.  If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 | 
435 |   9. Acceptance Not Required for Having Copies.
436 | 
437 |   You are not required to accept this License in order to receive or
438 | run a copy of the Program.  Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance.  However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work.  These actions infringe copyright if you do
443 | not accept this License.  Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 | 
446 |   10. Automatic Licensing of Downstream Recipients.
447 | 
448 |   Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License.  You are not responsible
451 | for enforcing compliance by third parties with this License.
452 | 
453 |   An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations.  If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 | 
463 |   You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License.  For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 | 
471 |   11. Patents.
472 | 
473 |   A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based.  The
475 | work thus licensed is called the contributor's "contributor version".
476 | 
477 |   A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version.  For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 | 
487 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 | 
492 |   In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement).  To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 | 
499 |   If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients.  "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 | 
513 |   If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 | 
521 |   A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License.  You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 | 
536 |   Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 | 
540 |   12. No Surrender of Others' Freedom.
541 | 
542 |   If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License.  If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all.  For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 | 
552 |   13. Use with the GNU Affero General Public License.
553 | 
554 |   Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work.  The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 | 
563 |   14. Revised Versions of this License.
564 | 
565 |   The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time.  Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 | 
570 |   Each version is given a distinguishing version number.  If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation.  If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 | 
579 |   If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 | 
584 |   Later license versions may give you additional or different
585 | permissions.  However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 | 
589 |   15. Disclaimer of Warranty.
590 | 
591 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 | 
600 |   16. Limitation of Liability.
601 | 
602 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 | 
612 |   17. Interpretation of Sections 15 and 16.
613 | 
614 |   If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 | 
621 |                      END OF TERMS AND CONDITIONS
622 | 
623 |             How to Apply These Terms to Your New Programs
624 | 
625 |   If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 | 
629 |   To do so, attach the following notices to the program.  It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 | 
634 |     <one line to give the program's name and a brief idea of what it does.>
635 |     Copyright (C) <year>  <name of author>
636 | 
637 |     This program is free software: you can redistribute it and/or modify
638 |     it under the terms of the GNU General Public License as published by
639 |     the Free Software Foundation, either version 3 of the License, or
640 |     (at your option) any later version.
641 | 
642 |     This program is distributed in the hope that it will be useful,
643 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
644 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
645 |     GNU General Public License for more details.
646 | 
647 |     You should have received a copy of the GNU General Public License
648 |     along with this program.  If not, see <http://www.gnu.org/licenses/>.
649 | 
650 | Also add information on how to contact you by electronic and paper mail.
651 | 
652 |   If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 | 
655 |     <program>  Copyright (C) <year>  <name of author>
656 |     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 |     This is free software, and you are welcome to redistribute it
658 |     under certain conditions; type `show c' for details.
659 | 
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License.  Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 | 
664 |   You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | <http://www.gnu.org/licenses/>.
668 | 
669 |   The GNU General Public License does not permit incorporating your program
670 | into proprietary programs.  If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library.  If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License.  But first, please read
674 | <http://www.gnu.org/philosophy/why-not-lgpl.html>.
675 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: all honeyshell vfsutil tests
 2 | 
 3 | all: honeyshell vfsutil
 4 | 
 5 | honeyshell:
 6 | 	$(shell cd cmd/honeyshell; go build .)
 7 | 	mv cmd/honeyshell/honeyshell .
 8 | 
 9 | vfsutil:
10 | 	$(shell cd cmd/vfsutil; go build .)
11 | 	mv cmd/vfsutil/vfsutil .
12 | 
13 | # This is meant for experiments which are not committed to the repo
14 | tests:
15 | 	$(shell cd cmd/tests; go build .)
16 | 	mv cmd/tests/tests .
17 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Honeyshell
 2 | 
 3 | An extensible SSH honeypot written entirely in Go, using `crypto/ssh` as its base.
 4 | 
 5 | Currently, it allows connections on the server and collects failed login attempts, meaning all usernames and passwords. Also, you can decrease the permissions on the process by flipping to a different user (ie 'nobody').
 6 | 
 7 | A version running [libssh](https://www.libssh.org/) can be found in the [legacy](https://github.com/wisepythagoras/honeyshell/tree/legacy) branch. It has been tested up to version `0.10` of the library. Two functions that it's using have been deprecated and I was trying to get rid of them with the work on the [c-branch](https://github.com/wisepythagoras/honeyshell/tree/c-branch) branch. The code on `c-branch` hasn't been fully tested and is buggy, because the libssh team decided to swittch to a callback model and I had to improvise on how to get it to work with Go.
 8 | 
 9 | ## Building
10 | 
11 | To compile the program, simply run `make` in your terminal.
12 | 
13 | ## Running
14 | 
15 | The default port is 22 and no user is mandatory, but the `-key` is, so make sure you set one.
16 | 
17 | ```
18 | Usage of ./honeyshell:
19 |   -banner string
20 |         The banner for the SSH server (default "SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3")
21 |   -key string
22 |         The RSA key to use
23 |   -plugins string
24 |         The path to the folder containing the plugins
25 |   -port int
26 |         The port the deamon should run on (default 22)
27 |   -user string
28 |         Set the permissions to a certain user (ie 'nobody')
29 |   -verbose
30 |         Print out debug messages
31 |   -vfs string
32 |         The path to the VFS (virtual file system) JSON file
33 | ```
34 | 
35 | Example usage:
36 | 
37 | ``` sh
38 | sudo ./honeyshell -user nobody -port 2222 -key ~/.ssh/key_for_honeypot_rsa
39 | ```
40 | 
41 | The output should look something like this:
42 | 
43 | ```
44 | 2022/12/27 11:30:09 Starting on port 2222
45 | 2022/12/27 11:30:09 Changing permissions to user 'nobody'
46 | 2022/12/27 11:30:12 127.0.0.1:54476 test key:442f78a53b6188a6b18a225c86aeb9c77592add0d714d26f8d84c9e4f9f59a77 (ssh-rsa)
47 | 2022/12/27 11:30:12 127.0.0.1:54476 test key:dfde57ac7251135922968b933fd28944e384a504515ba7ce27cd925224af4657 (ssh-rsa)
48 | 2022/12/27 11:30:12 127.0.0.1:54476 test key:c09d0feddad874b7a2cd82bdc4b846632fa47a7113a17cf8c846876a5f4eaf4a (ssh-rsa)
49 | 2022/12/27 11:30:12 127.0.0.1:54476 test key:589adac413c8d42c9166dd0e56d2da5cdeaf4abd731f001b3fa40b3c6232383b (ssh-rsa)
50 | 2022/12/27 11:30:12 Error during handshake ssh: disconnect, reason 2: too many authentication failures
51 | 2022/12/27 11:30:19 127.0.0.1:54478 test pass:test
52 | 2022/12/27 11:30:20 127.0.0.1:54478 test pass:admin
53 | 2022/12/27 11:30:26 127.0.0.1:54478 test pass:password123
54 | ```
55 | 
56 | ## Plugins
57 | 
58 | Honeyshell has a Lua-based plugin engine (documentation is still being worked on) which enables you to do whatever you want with the information that's received. For example, You can:
59 | 
60 | 1. Send all username and password pairs to a webhook.
61 | 2. Aggregate the IPs that attempt to connect by country and time.
62 | 3. Build an entire Bash emulation shell.
63 | 
64 | If your end goal is to emulate a system, you should make a snapshot of an existing filesystem and save it into a JSON file with the `vfsutil` command line tool.
65 | 
66 | Plans are being drafted on using WebAssembly in the future, but I won't get started soon as there are things that are misisng that will be needed.
67 | 
68 | A plugin that defines a prompt and a command can be found in [this repository](https://github.com/wisepythagoras/system-example-plugin).
69 | 
70 | ## License
71 | 
72 | Although the license for the source code is GNU GPL v3, I prohibit the use of the code herein for the training of any kind of AI model.
73 | 


--------------------------------------------------------------------------------
/banners.list:
--------------------------------------------------------------------------------
 1 | Comware-5.20.105
 2 | CPX SSH Server
 3 | OpenSSH_3.5p1
 4 | Cisco-1.25
 5 | CPX SSH Server
 6 | DraySSH_2.0
 7 | dropbear
 8 | dropbear_0.46
 9 | dropbear_0.51
10 | dropbear_0.52
11 | dropbear_2011.54
12 | dropbear_2012.55
13 | dropbear_2016.74
14 | HUAWEI-1.5
15 | NOS-SSH_2.0
16 | OpenSSH_4.3
17 | OpenSSH_5.1p1 Debian-5
18 | OpenSSH_5.3
19 | OpenSSH_5.3p1 Debian-3ubuntu7.1
20 | OpenSSH_5.4p1
21 | OpenSSH_5.5p1 Debian-6+squeeze1
22 | OpenSSH_5.5p1 Debian-6+squeeze5
23 | OpenSSH_5.8
24 | OpenSSH_5.8p1 Debian-1ubuntu3
25 | OpenSSH_5.8p1 Debian-7ubuntu1
26 | OpenSSH_5.9
27 | OpenSSH_5.9p1 Debian-5ubuntu1
28 | OpenSSH_5.9p1 Debian-5ubuntu1.1
29 | OpenSSH_5.9p1 Debian-5ubuntu1.10
30 | OpenSSH_5.9p1 Debian-5ubuntu1.2
31 | OpenSSH_5.9p1 Debian-5ubuntu1.3
32 | OpenSSH_5.9p1 Debian-5ubuntu1.4
33 | OpenSSH_5.9p1 Debian-5ubuntu1.8
34 | OpenSSH_6.0
35 | OpenSSH_6.0p1 Debian-1
36 | OpenSSH_6.0p1 Debian-3ubuntu1
37 | OpenSSH_6.0p1 Debian-4
38 | OpenSSH_6.0p1 Debian-4+deb7u1
39 | OpenSSH_6.0p1 Debian-4+deb7u2
40 | OpenSSH_6.0p1 Debian-4+deb7u3
41 | OpenSSH_6.0p1 Debian-4+deb7u4
42 | OpenSSH_6.0p1 Debian-4+deb7u6
43 | OpenSSH_6.0p1 Debian-4+deb7u7
44 | OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
45 | OpenSSH_6.2p2 Ubuntu-6ubuntu0.4
46 | OpenSSH_6.4
47 | OpenSSH_6.6.1
48 | OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
49 | OpenSSH_6.6.1p1 Debian-4~bpo70+1
50 | OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
51 | OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10
52 | OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
53 | OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
54 | OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
55 | OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
56 | OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
57 | OpenSSH_6.6.1p1 Ubuntu-8
58 | OpenSSH_6.6p1 Ubuntu-2ubuntu1
59 | OpenSSH_6.7p1 Debian-3
60 | OpenSSH_6.7p1 Debian-5
61 | OpenSSH_6.7p1 Debian-5+deb8u1
62 | OpenSSH_6.7p1 Debian-5+deb8u2
63 | OpenSSH_6.7p1 Debian-5+deb8u3
64 | OpenSSH_6.7p1 Debian-5+deb8u4
65 | OpenSSH_6.7p1 Raspbian-5+deb8u3
66 | OpenSSH_6.9
67 | OpenSSH_6.9p1 Ubuntu-2ubuntu0.2
68 | OpenSSH_7.1p2 Debian-2
69 | OpenSSH_7.2
70 | OpenSSH_7.2 FreeBSD-20160310
71 | OpenSSH_7.2 FreeBSD-20161230
72 | OpenSSH_7.2p2 Ubuntu-4ubuntu1
73 | OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
74 | OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
75 | OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
76 | OpenSSH_7.3
77 | OpenSSH_7.3p1 Debian-5
78 | OpenSSH_7.3p1 Ubuntu-1ubuntu0.1
79 | OpenSSH_7.4
80 | OpenSSH_7.4p1 Debian-10+deb9u1
81 | OpenSSH_7.4p1 Debian-10+deb9u2
82 | OpenSSH_7.4p1 Debian-10+deb9u3
83 | OpenSSH_7.4p1 Debian-6
84 | OpenSSH_7.5p1 Debian-5
85 | OpenSSH_7.6
86 | OpenSSH_7.6p1 Debian-3
87 | OpenSSH_7.6p1 Ubuntu-4
88 | OpenSSH_7.7
89 | OpenSSH_7.7p1 Debian-2
90 | OpenSSH_for_Windows_7.6
91 | ROSSSH
92 | TECHNICOLOR_SW_1.0
93 | WeOnlyDo 2.1.3
94 | WingFTPServer
95 | XXXX
96 | Zyxel SSH server


--------------------------------------------------------------------------------
/cmd/honeyshell/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"flag"
  5 | 	"fmt"
  6 | 	"log"
  7 | 
  8 | 	"github.com/wisepythagoras/honeyshell/core"
  9 | 	"github.com/wisepythagoras/honeyshell/plugin"
 10 | )
 11 | 
 12 | var logman *core.Logman
 13 | 
 14 | func main() {
 15 | 	// Define the command line flags and their default values.
 16 | 	username := flag.String("user", "", "Set the permissions to a certain user (ie 'nobody')")
 17 | 	port := flag.Int("port", 22, "The port the deamon should run on")
 18 | 	banner := flag.String("banner", "SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3", "The banner for the SSH server")
 19 | 	key := flag.String("key", "", "The RSA key to use")
 20 | 	pluginsFolder := flag.String("plugins", "", "The path to the folder containing the plugins")
 21 | 	vfsPath := flag.String("vfs", "", "The path to the VFS (virtual file system) JSON file")
 22 | 	verbose := flag.Bool("verbose", false, "Print out debug messages")
 23 | 
 24 | 	// Parse the command line arguments (flags).
 25 | 	flag.Parse()
 26 | 
 27 | 	// Require an RSA key.
 28 | 	if *key == "" {
 29 | 		log.Fatalln("An RSA key is required. Use the '-key' flag")
 30 | 	}
 31 | 
 32 | 	// Validate the port.
 33 | 	if *port < 1 || *port > 65535 {
 34 | 		log.Fatalf("Invalid port number %d\n", *port)
 35 | 	}
 36 | 
 37 | 	var pluginManager *plugin.PluginManager
 38 | 	var vfs *plugin.VFS
 39 | 
 40 | 	// Start the logman.
 41 | 	logman = core.GetLogmanInstance()
 42 | 	logman.Println("Starting Honeyshell")
 43 | 
 44 | 	// Connect to the database.
 45 | 	db, err := core.ConnectDB(*verbose)
 46 | 
 47 | 	if err != nil {
 48 | 		log.Fatalln(err)
 49 | 	}
 50 | 
 51 | 	if len(*vfsPath) > 0 {
 52 | 		vfs, err = plugin.ReadVFSJSONFile(*vfsPath)
 53 | 
 54 | 		if err != nil {
 55 | 			log.Fatalln("Error:", err)
 56 | 		}
 57 | 	}
 58 | 
 59 | 	if len(*pluginsFolder) > 0 {
 60 | 		pluginManager = &plugin.PluginManager{
 61 | 			DB:        db,
 62 | 			PluginVFS: vfs,
 63 | 		}
 64 | 
 65 | 		if err := pluginManager.LoadPlugins(*pluginsFolder); err != nil {
 66 | 			log.Fatalln("Error:", err)
 67 | 		}
 68 | 	}
 69 | 
 70 | 	// Create a new SSH server object.
 71 | 	sshServer := &core.SSHServer{
 72 | 		Port:          *port,
 73 | 		Address:       "0.0.0.0",
 74 | 		Key:           *key,
 75 | 		Banner:        *banner,
 76 | 		PluginManager: pluginManager,
 77 | 		Logger:        logman,
 78 | 	}
 79 | 
 80 | 	// Initialize the SSH server.
 81 | 	if !sshServer.Init() {
 82 | 		log.Fatalln("Unable to start server")
 83 | 	}
 84 | 
 85 | 	// Set the database onto the sshServer instance.
 86 | 	sshServer.SetDB(db)
 87 | 
 88 | 	// Now, if there was a username passed from the command line arguments, try to switch
 89 | 	// all of the permissions to that user.
 90 | 	if *username != "" {
 91 | 		log.Printf("Changing permissions to user '%s'\n", *username)
 92 | 
 93 | 		gid, uid, err := core.ChangePermissions(*username)
 94 | 
 95 | 		// If this fails it means that either the program wasn't run with 'sudo.' or the user
 96 | 		// doesn't have sufficient permissions.
 97 | 		if err != nil {
 98 | 			errStr := fmt.Sprintf("Error: %s", err)
 99 | 			log.Println(errStr)
100 | 			logman.Println(errStr)
101 | 			return
102 | 		} else {
103 | 			log.Println("User set to", *username)
104 | 			logman.Println("User set to", *username)
105 | 			log.Println(*username, "has gid:", gid, "and uid:", uid)
106 | 			logman.Println(*username, "has gid:", gid, "and uid:", uid)
107 | 		}
108 | 	}
109 | 
110 | 	// Run the loop that listens for new connections.
111 | 	sshServer.ListenLoop()
112 | 
113 | 	// Close the SSH server.
114 | 	sshServer.Stop()
115 | 
116 | 	logman.Println("Terminating process")
117 | }
118 | 


--------------------------------------------------------------------------------
/cmd/vfsutil/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"encoding/json"
  5 | 	"flag"
  6 | 	"fmt"
  7 | 	"io/fs"
  8 | 	"os"
  9 | 	"os/user"
 10 | 	"path/filepath"
 11 | 	"strconv"
 12 | 	"strings"
 13 | 	"syscall"
 14 | 
 15 | 	"github.com/wisepythagoras/honeyshell/plugin"
 16 | )
 17 | 
 18 | func readDir(path, basePath string) (map[string]plugin.VFSFile, error) {
 19 | 	files, err := os.ReadDir(path)
 20 | 
 21 | 	if err != nil {
 22 | 		return nil, err
 23 | 	}
 24 | 
 25 | 	vfsMap := make(map[string]plugin.VFSFile)
 26 | 
 27 | 	for _, f := range files {
 28 | 		info, err := f.Info()
 29 | 
 30 | 		if err != nil {
 31 | 			return nil, err
 32 | 		}
 33 | 
 34 | 		stat := info.Sys().(*syscall.Stat_t)
 35 | 
 36 | 		uid := stat.Uid
 37 | 		gid := stat.Gid
 38 | 		u := strconv.FormatUint(uint64(uid), 10)
 39 | 		g := strconv.FormatUint(uint64(gid), 10)
 40 | 
 41 | 		usr, err := user.LookupId(u)
 42 | 
 43 | 		if err != nil {
 44 | 			return nil, err
 45 | 		}
 46 | 
 47 | 		group, err := user.LookupGroupId(g)
 48 | 
 49 | 		if err != nil {
 50 | 			return nil, err
 51 | 		}
 52 | 
 53 | 		fmt.Println(filepath.Join(path, f.Name()), usr.Username, group.Name, f.IsDir())
 54 | 
 55 | 		vfsFile := plugin.VFSFile{
 56 | 			Name:    f.Name(),
 57 | 			Owner:   usr.Username,
 58 | 			ModTime: info.ModTime(),
 59 | 			Group:   group.Name,
 60 | 			NLink:   int(stat.Nlink),
 61 | 		}
 62 | 
 63 | 		newFilePath := filepath.Join(path, f.Name())
 64 | 		shouldInclude := !strings.HasSuffix(newFilePath, "/bin") &&
 65 | 			!strings.HasSuffix(newFilePath, "/lib") &&
 66 | 			!strings.HasSuffix(newFilePath, "/lib64") &&
 67 | 			!strings.HasSuffix(newFilePath, "/dev") &&
 68 | 			!strings.HasSuffix(newFilePath, "/sys")
 69 | 
 70 | 		if !f.IsDir() && (info.Mode()&os.ModeSymlink == 0) {
 71 | 			buff, err := os.ReadFile(filepath.Join(path, f.Name()))
 72 | 
 73 | 			if err != nil {
 74 | 				return nil, err
 75 | 			}
 76 | 
 77 | 			vfsFile.Type = plugin.T_FILE
 78 | 			vfsFile.Contents = string(buff)
 79 | 			vfsFile.Mode = fs.FileMode(stat.Mode)
 80 | 		} else if info.Mode()&os.ModeSymlink != 0 {
 81 | 			flPath, err := os.Readlink(newFilePath)
 82 | 			flPath = strings.Replace(flPath, basePath, "", 1)
 83 | 			fmt.Println(newFilePath, "->", flPath, err)
 84 | 
 85 | 			vfsFile.Type = plugin.T_SYMLINK
 86 | 			vfsFile.Mode = fs.FileMode(stat.Mode) | os.ModeSymlink
 87 | 			vfsFile.LinkTo = flPath
 88 | 		} else {
 89 | 			vfsFiles := make(map[string]plugin.VFSFile)
 90 | 
 91 | 			if shouldInclude {
 92 | 				vfsFiles, err = traverseDir(f, newFilePath, basePath)
 93 | 
 94 | 				if err != nil {
 95 | 					return nil, err
 96 | 				}
 97 | 			}
 98 | 
 99 | 			vfsFile.Files = vfsFiles
100 | 			vfsFile.Type = plugin.T_DIR
101 | 			vfsFile.Mode = fs.FileMode(stat.Mode) | os.ModeDir
102 | 		}
103 | 
104 | 		vfsMap[f.Name()] = vfsFile
105 | 	}
106 | 
107 | 	return vfsMap, nil
108 | }
109 | 
110 | func traverseDir(file os.DirEntry, path, basePath string) (map[string]plugin.VFSFile, error) {
111 | 	if !file.IsDir() {
112 | 		return nil, fmt.Errorf("%q not a directory", path)
113 | 	}
114 | 
115 | 	return readDir(path, basePath)
116 | }
117 | 
118 | func main() {
119 | 	path := flag.String("path", "", "The path to the directory structure to clone")
120 | 	home := flag.String("home", "/home/{}", "Specify the home directory (add '{}' in place of the username)")
121 | 	out := flag.String("out", "out.json", "Where to write the VFS to")
122 | 
123 | 	flag.Parse()
124 | 
125 | 	if len(*path) == 0 {
126 | 		fmt.Println("A path is required")
127 | 		os.Exit(1)
128 | 	}
129 | 
130 | 	files, err := readDir(*path, *path)
131 | 
132 | 	if err != nil {
133 | 		fmt.Println("Error:", err)
134 | 		os.Exit(1)
135 | 	}
136 | 
137 | 	vfsRoot := plugin.VFSFile{
138 | 		Type:  plugin.T_DIR,
139 | 		Name:  "",
140 | 		Mode:  0755,
141 | 		Owner: "root",
142 | 		Files: files,
143 | 	}
144 | 	vfs := plugin.VFS{
145 | 		Root: vfsRoot,
146 | 		Home: *home,
147 | 		User: &plugin.User{
148 | 			Username: "{}",
149 | 			Group:    "{}",
150 | 		},
151 | 	}
152 | 
153 | 	_, homeFolder, err := vfs.FindFile("/home")
154 | 
155 | 	if err != nil {
156 | 		fmt.Println("Error:", err)
157 | 		os.Exit(3)
158 | 	}
159 | 
160 | 	homeFolder.Files["{}"] = plugin.VFSFile{
161 | 		Type:  plugin.T_DIR,
162 | 		Name:  "{}",
163 | 		Owner: "{}",
164 | 		Group: "{}",
165 | 		Mode:  0775 | os.ModeDir,
166 | 		Files: make(map[string]plugin.VFSFile),
167 | 	}
168 | 
169 | 	j, err := json.Marshal(vfs)
170 | 
171 | 	if err != nil {
172 | 		fmt.Println("JSON Error:", err)
173 | 		os.Exit(4)
174 | 	}
175 | 
176 | 	if err = os.WriteFile(*out, j, 0770); err != nil {
177 | 		fmt.Println(err)
178 | 	}
179 | }
180 | 


--------------------------------------------------------------------------------
/core/db.go:
--------------------------------------------------------------------------------
 1 | package core
 2 | 
 3 | import (
 4 | 	"time"
 5 | 
 6 | 	"gorm.io/driver/sqlite"
 7 | 	"gorm.io/gorm"
 8 | 	"gorm.io/gorm/logger"
 9 | )
10 | 
11 | // PasswordConnection defines the model that describes the table in which all the usernames
12 | // and passwords that any peer attempts to access the system with will be stored.
13 | type PasswordConnection struct {
14 | 	gorm.Model
15 | 	ID        uint64    `gorm:"primaryKey; autoIncrement; not_null;"` // type:bigint for MySQL
16 | 	IPAddress string    `gorm:"index; type:mediumtext not null"`
17 | 	Username  string    `gorm:"index; not null"`
18 | 	Password  string    `gorm:"index; not null"`
19 | 	CreatedAt time.Time `gorm:"autoCreateTime:milli"`
20 | 	UpdatedAt time.Time `gorm:"autoCreateTime:milli"`
21 | }
22 | 
23 | // KeyConnection defines the model that describes the table in which all the usernames
24 | // and public key that any peer attempts to access the system with will be stored.
25 | type KeyConnection struct {
26 | 	gorm.Model
27 | 	ID        uint64    `gorm:"primaryKey; autoIncrement; not_null;"` // type:bigint for MySQL
28 | 	IPAddress string    `gorm:"index; type:mediumtext not null; unique_index:uidx_key_ip"`
29 | 	Username  string    `gorm:"index; not null"`
30 | 	Key       string    `gorm:"index; not null"`
31 | 	KeyHash   string    `gorm:"index; not null; unique_index:uidx_key_ip"`
32 | 	Type      string    `gorm:"not null"`
33 | 	CreatedAt time.Time `gorm:"autoCreateTime:milli"`
34 | 	UpdatedAt time.Time `gorm:"autoCreateTime:milli"`
35 | }
36 | 
37 | // ConnectDB connects to the database and returns the db object.
38 | func ConnectDB(verbose bool) (*gorm.DB, error) {
39 | 	logLevel := logger.Silent
40 | 
41 | 	if verbose {
42 | 		logLevel = logger.Info
43 | 	}
44 | 
45 | 	// Connect to the database. Maybe this can change in the futurue to support more
46 | 	// types of databases (MySQL, MariaDB, PostgreSQL, etc).
47 | 	db, err := gorm.Open(sqlite.Open("honeyshell.db"), &gorm.Config{
48 | 		Logger: logger.Default.LogMode(logLevel),
49 | 	})
50 | 
51 | 	if err != nil {
52 | 		return nil, err
53 | 	}
54 | 
55 | 	// Create all the tables and make sure all possible migrations are applied automatically.
56 | 	db.AutoMigrate(&PasswordConnection{})
57 | 	db.AutoMigrate(&KeyConnection{})
58 | 
59 | 	return db, nil
60 | }
61 | 


--------------------------------------------------------------------------------
/core/encryption.go:
--------------------------------------------------------------------------------
 1 | package core
 2 | 
 3 | import (
 4 | 	"crypto/rand"
 5 | 	"crypto/rsa"
 6 | 	"crypto/x509"
 7 | 	"encoding/asn1"
 8 | 
 9 | 	//"encoding/gob"
10 | 	"encoding/pem"
11 | )
12 | 
13 | // Encryption is the object that defines an encryption key class.
14 | type Encryption struct {
15 | 	key     *rsa.PrivateKey
16 | 	bitSize int
17 | }
18 | 
19 | // GenerateKey generates a set of public and private keys.
20 | func (enc *Encryption) GenerateKey() bool {
21 | 	// Create a new rand reader.
22 | 	reader := rand.Reader
23 | 
24 | 	// Generate the key.
25 | 	key, err := rsa.GenerateKey(reader, enc.bitSize)
26 | 
27 | 	// Return if there was an error.
28 | 	if err != nil {
29 | 		return false
30 | 	}
31 | 
32 | 	// Save the key in the struct.
33 | 	enc.key = key
34 | 
35 | 	return true
36 | }
37 | 
38 | // GetPrivateKey gets the PEM private key string.
39 | func (enc *Encryption) GetPrivateKey() string {
40 | 	// Create the PEM private key block.
41 | 	privateKey := &pem.Block{
42 | 		Type:  "PRIVATE KEY",
43 | 		Bytes: x509.MarshalPKCS1PrivateKey(enc.key),
44 | 	}
45 | 
46 | 	// Get the private key bytes.
47 | 	privateBytes := pem.EncodeToMemory(privateKey)
48 | 
49 | 	// Return the string of the private bytes.
50 | 	return string(privateBytes)
51 | }
52 | 
53 | // GetPublicKey gets the public PEM key string.
54 | func (enc *Encryption) GetPublicKey() string {
55 | 	// Get the asn1 bytes from the public key.
56 | 	asn1Bytes, err := asn1.Marshal(enc.key.PublicKey)
57 | 
58 | 	if err != nil {
59 | 		return ""
60 | 	}
61 | 
62 | 	// Create the PEM block.
63 | 	publicKey := &pem.Block{
64 | 		Type:  "PUBLIC KEY",
65 | 		Bytes: asn1Bytes,
66 | 	}
67 | 
68 | 	// Encode the key into memory.
69 | 	strPubKey := pem.EncodeToMemory(publicKey)
70 | 
71 | 	// Return the string representation.
72 | 	return string(strPubKey)
73 | }
74 | 


--------------------------------------------------------------------------------
/core/hashing.go:
--------------------------------------------------------------------------------
 1 | package core
 2 | 
 3 | import (
 4 | 	"encoding/hex"
 5 | 
 6 | 	"golang.org/x/crypto/sha3"
 7 | )
 8 | 
 9 | // GetSHA3256Hash returns the SHA3-256 hash of a given string.
10 | func GetSHA3256Hash(str []byte) ([]byte, error) {
11 | 	// Create a new sha object.
12 | 	h := sha3.New256()
13 | 
14 | 	// Add our string to the hash.
15 | 	if _, err := h.Write([]byte(str)); err != nil {
16 | 		return nil, err
17 | 	}
18 | 
19 | 	// Return the SHA3-256 digest.
20 | 	return h.Sum(nil), nil
21 | }
22 | 
23 | // ByteArrayToHex converts a set of bytes to a hex encoded string.
24 | func ByteArrayToHex(payload []byte) string {
25 | 	return hex.EncodeToString(payload)
26 | }
27 | 


--------------------------------------------------------------------------------
/core/logman.go:
--------------------------------------------------------------------------------
 1 | package core
 2 | 
 3 | import (
 4 | 	"log"
 5 | 	"os"
 6 | 	"sync"
 7 | )
 8 | 
 9 | // Logman is a struct that handles logging to a file.
10 | type Logman struct {
11 | 	filename string
12 | 	*log.Logger
13 | }
14 | 
15 | var theLog *Logman
16 | var once sync.Once
17 | 
18 | // GetLogmanInstance gets (or create) the instance of the logger.
19 | func GetLogmanInstance() *Logman {
20 | 	once.Do(func() {
21 | 		theLog = CreateLogmanLogger("honeyshell.log")
22 | 	})
23 | 
24 | 	return theLog
25 | }
26 | 
27 | // CreateLogmanLogger creates a logger.
28 | func CreateLogmanLogger(fname string) *Logman {
29 | 	file, _ := os.OpenFile(fname, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0777)
30 | 
31 | 	return &Logman{
32 | 		filename: fname,
33 | 		Logger:   log.New(file, "", log.Ldate|log.Ltime),
34 | 	}
35 | }
36 | 


--------------------------------------------------------------------------------
/core/ssh_server.go:
--------------------------------------------------------------------------------
  1 | package core
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"log"
  6 | 	"net"
  7 | 	"os"
  8 | 	"path/filepath"
  9 | 	"strings"
 10 | 
 11 | 	"github.com/wisepythagoras/honeyshell/plugin"
 12 | 	"golang.org/x/crypto/ssh"
 13 | 	"golang.org/x/term"
 14 | 	"gorm.io/gorm"
 15 | )
 16 | 
 17 | // SSHServer This is the object that defines an SSH server.
 18 | type SSHServer struct {
 19 | 	Logger        *Logman
 20 | 	db            *gorm.DB
 21 | 	Port          int
 22 | 	Address       string
 23 | 	Key           string
 24 | 	Banner        string
 25 | 	config        *ssh.ServerConfig
 26 | 	listener      net.Listener
 27 | 	PluginManager *plugin.PluginManager
 28 | }
 29 | 
 30 | // Init Initializes the SSH server.
 31 | func (server *SSHServer) Init() bool {
 32 | 	server.config = &ssh.ServerConfig{
 33 | 		PasswordCallback:  server.passwordChecker,
 34 | 		PublicKeyCallback: server.publicKeyChecker,
 35 | 		ServerVersion:     server.Banner,
 36 | 		AuthLogCallback:   server.authLogHandler,
 37 | 	}
 38 | 
 39 | 	// Now read the server's private key.
 40 | 	privateKeyBytes, err := os.ReadFile(server.Key)
 41 | 
 42 | 	if err != nil {
 43 | 		log.Println("Failed to load private key", err)
 44 | 		server.Logger.Println("Failed to load private key", err)
 45 | 		return false
 46 | 	}
 47 | 
 48 | 	privateKey, err := ssh.ParsePrivateKey(privateKeyBytes)
 49 | 
 50 | 	if err != nil {
 51 | 		log.Println("Failed to parse private key", err)
 52 | 		server.Logger.Println("Failed to parse private key", err)
 53 | 		return false
 54 | 	}
 55 | 
 56 | 	server.config.AddHostKey(privateKey)
 57 | 
 58 | 	// Listen on the provided port.
 59 | 	listener, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", server.Port))
 60 | 	server.listener = listener
 61 | 
 62 | 	if err != nil {
 63 | 		log.Println("Unable to listen on the provided port", err)
 64 | 		server.Logger.Println("Unable to listen on the provided port", err)
 65 | 	}
 66 | 
 67 | 	log.Println("Starting on port", server.Port)
 68 | 	server.Logger.Println("Starting on port", server.Port)
 69 | 
 70 | 	return true
 71 | }
 72 | 
 73 | // authLogHandler is meant to just display when a user connects.
 74 | func (server *SSHServer) authLogHandler(c ssh.ConnMetadata, method string, err error) {
 75 | 	if method == "none" {
 76 | 		ip := c.RemoteAddr()
 77 | 		clientBanner := string(c.ClientVersion())
 78 | 
 79 | 		log.Println(ip.String(), "client connected with", clientBanner, "for user", c.User())
 80 | 		server.Logger.Println(ip.String(), "client connected with", clientBanner, "for user", c.User())
 81 | 	}
 82 | }
 83 | 
 84 | // passwordChecker will take the connection metadata and password that was used and log it along with
 85 | // other needed information to both the log file/stdout and database.
 86 | func (server *SSHServer) passwordChecker(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
 87 | 	ip := c.RemoteAddr()
 88 | 	ipStr, _, _ := net.SplitHostPort(ip.String())
 89 | 	ipObj := net.ParseIP(ipStr)
 90 | 	username := c.User()
 91 | 	password := string(pass)
 92 | 
 93 | 	// Add the password to the database.
 94 | 	server.db.Create(&PasswordConnection{
 95 | 		IPAddress: ipStr,
 96 | 		Username:  username,
 97 | 		Password:  password,
 98 | 	}).Commit()
 99 | 
100 | 	server.Logger.Printf("%s %s pass:%s\n", ip.String(), username, password)
101 | 	log.Printf("%s %s pass:%s\n", ip.String(), username, password)
102 | 
103 | 	// If a plugin manager was passed in and initialized, then call all of the plugins that offer a password login
104 | 	// interception function.
105 | 	if server.PluginManager != nil {
106 | 		for _, pl := range server.PluginManager.GetPasswordIntercepts() {
107 | 			if shouldLogin := pl.CallPasswordInterceptor(username, password, &ipObj); shouldLogin {
108 | 				return nil, nil
109 | 			}
110 | 		}
111 | 	}
112 | 
113 | 	return nil, fmt.Errorf("incorrect password for %q", c.User())
114 | }
115 | 
116 | // publicKeyChecker handles any attempt to send a public key. This could be especially helpful when monitoring
117 | // the keys of your organization. If you see a strange IP using it, it's been compromised.
118 | func (server *SSHServer) publicKeyChecker(c ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
119 | 	ip := c.RemoteAddr()
120 | 	username := c.User()
121 | 
122 | 	// Now we get the SHA3-256 hash of the public key, because it may be too long
123 | 	// to display on the screen.
124 | 	pubKeyHash, _ := GetSHA3256Hash(pubKey.Marshal())
125 | 
126 | 	server.Logger.Printf("%s %s key:%s (%s)\n",
127 | 		ip.String(),
128 | 		username,
129 | 		ByteArrayToHex(pubKeyHash),
130 | 		pubKey.Type())
131 | 	log.Printf("%s %s key:%s (%s)\n",
132 | 		ip.String(),
133 | 		username,
134 | 		ByteArrayToHex(pubKeyHash),
135 | 		pubKey.Type())
136 | 
137 | 	// Add the key to the database.
138 | 	server.db.Create(&KeyConnection{
139 | 		IPAddress: ip.String(),
140 | 		Username:  username,
141 | 		Key:       string(pubKey.Marshal()),
142 | 		KeyHash:   ByteArrayToHex(pubKeyHash),
143 | 	}).Commit()
144 | 
145 | 	return nil, fmt.Errorf("unknown public key for %q", c.User())
146 | }
147 | 
148 | // SetDB sets the database. For some reason this can't be passed in the constructor / initializer,
149 | // because this error happens: "panic: runtime error: cgo argument has Go pointer to Go pointer".
150 | func (server *SSHServer) SetDB(db *gorm.DB) {
151 | 	server.db = db
152 | }
153 | 
154 | // HandleSSHAuth Handles the authentication process, as well as any individual session.
155 | func (server *SSHServer) HandleSSHAuth(connection *net.Conn) bool {
156 | 	conn, chans, reqs, err := ssh.NewServerConn(*connection, server.config)
157 | 
158 | 	if err != nil {
159 | 		log.Println("Error during handshake", err)
160 | 		server.Logger.Println("Error during handshake", err)
161 | 		return false
162 | 	}
163 | 
164 | 	// At this point the user would be logged in.
165 | 
166 | 	log.Printf("User %s logged in via %s\n", conn.User(), string(conn.ClientVersion()))
167 | 
168 | 	// When I figure out what to do in this stage, this will have to be handled by something like the
169 | 	// code here: https://github.com/gogs/gogs/blob/main/internal/ssh/ssh.go
170 | 	// Ideally the honypot would log all payloads.
171 | 	go ssh.DiscardRequests(reqs)
172 | 
173 | 	for c := range chans {
174 | 		if c.ChannelType() != "session" {
175 | 			c.Reject(ssh.UnknownChannelType, "unknown channel type")
176 | 			continue
177 | 		}
178 | 
179 | 		channel, requests, err := c.Accept()
180 | 
181 | 		if err != nil {
182 | 			log.Fatalf("Could not accept channel: %v", err)
183 | 		}
184 | 
185 | 		go func(in <-chan *ssh.Request) {
186 | 			for req := range in {
187 | 				if req.Type == "shell" || req.Type == "pty" {
188 | 					req.Reply(true, nil)
189 | 				}
190 | 			}
191 | 		}(requests)
192 | 
193 | 		user := &plugin.User{
194 | 			Username: conn.User(),
195 | 			Group:    conn.User(),
196 | 		}
197 | 
198 | 		sessionVFS := *server.PluginManager.PluginVFS
199 | 		sessionVFS.User = user
200 | 
201 | 		sessionTerm := term.NewTerminal(channel, "$ ")
202 | 		session := &plugin.Session{
203 | 			VFS:     &sessionVFS,
204 | 			Term:    sessionTerm,
205 | 			Manager: server.PluginManager,
206 | 			User:    user,
207 | 		}
208 | 		sessionTerm.AutoCompleteCallback = session.AutoCompleteCallback
209 | 
210 | 		// Change over to the home directory so that the session starts from there.
211 | 		session.Chdir(server.PluginManager.PluginVFS.Home)
212 | 
213 | 		if server.PluginManager.LoginMessageFn != nil {
214 | 			loginMessage := server.PluginManager.LoginMessageFn(session)
215 | 			session.TermWrite(loginMessage)
216 | 		}
217 | 
218 | 		// Set the initial prompt.
219 | 		sessionTerm.SetPrompt(server.PluginManager.PromptPlugin(session))
220 | 
221 | 		go func() {
222 | 			defer channel.Close()
223 | 
224 | 			for {
225 | 				line, err := sessionTerm.ReadLine()
226 | 
227 | 				if err != nil {
228 | 					break
229 | 				}
230 | 
231 | 				if strings.Trim(line, " ") == "" {
232 | 					continue
233 | 				}
234 | 
235 | 				parts := strings.SplitN(line, " ", 2)
236 | 				cmd := parts[0]
237 | 				args := &plugin.CmdArgs{}
238 | 
239 | 				if strings.HasPrefix(cmd, ".") {
240 | 					pwd := session.GetPWD()
241 | 					cmd = filepath.Join(pwd, cmd)
242 | 				}
243 | 
244 | 				if len(parts) > 1 {
245 | 					args.RawArgs = parts[1]
246 | 					args.Parse()
247 | 				}
248 | 
249 | 				if commandFn, ok := server.PluginManager.GetCommand(cmd); ok {
250 | 					commandFn(args, session)
251 | 				} else {
252 | 					out := ""
253 | 
254 | 					if strings.HasPrefix(cmd, "/") {
255 | 						// TODO: In this case we want to handle what happens if a directory is found:
256 | 						//     bash: /dir/here: Is a directory
257 | 						// Or if a file is not executable:
258 | 						//     bash: ./path/to/file: Permission denied
259 | 						out = fmt.Sprintf("%s: No such file or directory\n", line)
260 | 					} else {
261 | 						out = fmt.Sprintf("%s: command not found\n", line)
262 | 					}
263 | 
264 | 					sessionTerm.Write([]byte(out))
265 | 					server.Logger.Println("[client] $", line)
266 | 					log.Println("[client] $", line)
267 | 				}
268 | 
269 | 				sessionTerm.SetPrompt(server.PluginManager.PromptPlugin(session))
270 | 			}
271 | 		}()
272 | 	}
273 | 
274 | 	return true
275 | }
276 | 
277 | // ListenLoop Run the listener for our server.
278 | func (server *SSHServer) ListenLoop() {
279 | 	// Now, this is the main loop where all the connections should be captured.
280 | 	for {
281 | 		connection, err := server.listener.Accept()
282 | 
283 | 		if err != nil {
284 | 			log.Println("Error on accepting connection", err)
285 | 			server.Logger.Println("Error on accepting connection", err)
286 | 		}
287 | 
288 | 		// Handle authentication in a goroutine so that the loop is freed up for a possible
289 | 		// concurrent connection.
290 | 		go func() {
291 | 			server.HandleSSHAuth(&connection)
292 | 		}()
293 | 	}
294 | }
295 | 
296 | // Stop will stop the SSH server from running.
297 | func (server *SSHServer) Stop() {
298 | 	server.listener.Close()
299 | }
300 | 


--------------------------------------------------------------------------------
/core/utils.go:
--------------------------------------------------------------------------------
 1 | package core
 2 | 
 3 | // #include <stdlib.h>
 4 | // #include <pwd.h>
 5 | // #include <sys/types.h>
 6 | // #include <unistd.h>
 7 | import "C"
 8 | 
 9 | import (
10 | 	"errors"
11 | 	"fmt"
12 | 	"net"
13 | 	"syscall"
14 | 	"unsafe"
15 | )
16 | 
17 | // ChangePermissions changes the permissions to a specific user. For example, you
18 | // can supply `nobody` when the server is run so that even if there's a vulnerability
19 | // and an attacker can escape the sandbox, they won't have any permissions.
20 | func ChangePermissions(name string) (uint32, uint32, error) {
21 | 	// Get the passwd before moving on.
22 | 	passwdC, err := GetPasswd(name)
23 | 
24 | 	if passwdC == nil {
25 | 		return 0, 0, fmt.Errorf("%s", err.Error())
26 | 	} else {
27 | 		// Set the group id before anything else.
28 | 		if int(C.setgid(passwdC.pw_gid)) == -1 {
29 | 			return 0, 0, fmt.Errorf("unable to set group id")
30 | 		}
31 | 
32 | 		// Set the user id after the group id.
33 | 		if int(C.setuid(passwdC.pw_uid)) == -1 {
34 | 			return 0, 0, fmt.Errorf("unable to set user id")
35 | 		}
36 | 	}
37 | 
38 | 	return uint32(passwdC.pw_gid), uint32(passwdC.pw_uid), nil
39 | }
40 | 
41 | // SockAddrToIP returns the IP address of a sockaddr.
42 | func SockAddrToIP(sock *syscall.Sockaddr) (ip net.IP, port int, success bool) {
43 | 	switch sock := (*sock).(type) {
44 | 	case *syscall.SockaddrInet4:
45 | 		return net.IP((&sock.Addr)[:]), sock.Port, true
46 | 	case *syscall.SockaddrInet6:
47 | 		return net.IP((&sock.Addr)[:]), sock.Port, true
48 | 	}
49 | 
50 | 	return
51 | }
52 | 
53 | // GetPasswd gets the passwd of a specific user.
54 | func GetPasswd(name string) (*C.struct_passwd, error) {
55 | 	// Read the name as a C string.
56 | 	nameC := C.CString(name)
57 | 
58 | 	// Then defer the pointer and call getpwnam.
59 | 	defer C.free(unsafe.Pointer(nameC))
60 | 	passwdC, err := C.getpwnam(nameC)
61 | 
62 | 	if passwdC == nil {
63 | 		if err == nil {
64 | 			return nil, errors.New("unable to load the user")
65 | 		}
66 | 
67 | 		return nil, err
68 | 	}
69 | 
70 | 	// Finally return the passwd.
71 | 	return passwdC, nil
72 | }
73 | 


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
 1 | module github.com/wisepythagoras/honeyshell
 2 | 
 3 | go 1.23.4
 4 | 
 5 | require (
 6 | 	github.com/yuin/gopher-lua v1.1.1
 7 | 	golang.org/x/crypto v0.32.0
 8 | 	golang.org/x/term v0.28.0
 9 | 	gorm.io/driver/sqlite v1.5.6
10 | 	gorm.io/gorm v1.25.10
11 | 	layeh.com/gopher-luar v1.0.11
12 | )
13 | 
14 | require (
15 | 	github.com/jinzhu/inflection v1.0.0 // indirect
16 | 	github.com/jinzhu/now v1.1.5 // indirect
17 | 	github.com/mattn/go-sqlite3 v1.14.22 // indirect
18 | 	golang.org/x/sys v0.29.0 // indirect
19 | )
20 | 


--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
 1 | github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 2 | github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 3 | github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 4 | github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 5 | github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 6 | github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 7 | github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 8 | github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 9 | github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
10 | github.com/yuin/gopher-lua v0.0.0-20190206043414-8bfc7677f583/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
11 | github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
12 | github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
13 | golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
14 | golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
15 | golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
16 | golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
17 | golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
18 | golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
19 | golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
20 | gorm.io/driver/sqlite v1.5.6 h1:fO/X46qn5NUEEOZtnjJRWRzZMe8nqJiQ9E+0hi+hKQE=
21 | gorm.io/driver/sqlite v1.5.6/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4=
22 | gorm.io/gorm v1.25.10 h1:dQpO+33KalOA+aFYGlK+EfxcI5MbO7EP2yYygwh9h+s=
23 | gorm.io/gorm v1.25.10/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
24 | layeh.com/gopher-luar v1.0.11 h1:8zJudpKI6HWkoh9eyyNFaTM79PY6CAPcIr6X/KTiliw=
25 | layeh.com/gopher-luar v1.0.11/go.mod h1:TPnIVCZ2RJBndm7ohXyaqfhzjlZ+OA2SZR/YwL8tECk=
26 | 


--------------------------------------------------------------------------------
/plugin/cmd_args.go:
--------------------------------------------------------------------------------
  1 | package plugin
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"regexp"
  6 | 	"strings"
  7 | 
  8 | 	lua "github.com/yuin/gopher-lua"
  9 | 	luar "layeh.com/gopher-luar"
 10 | )
 11 | 
 12 | // OptConfig manages options.
 13 | type OptConfig struct {
 14 | 	Opts       map[string]bool
 15 | 	ParsedOpts map[string]any
 16 | 	BareArgs   []string
 17 | }
 18 | 
 19 | // AddOne adds a single argument and a boolean on whether it has args to
 20 | // the map.
 21 | func (o *OptConfig) AddOne(arg string, hasArg bool) {
 22 | 	o.Opts[arg] = hasArg
 23 | }
 24 | 
 25 | // AddBoth is similar ot AddOne, but it also adds a long description.
 26 | func (o *OptConfig) AddBoth(short, long string, hasArg bool) {
 27 | 	o.Opts[short] = hasArg
 28 | 	o.Opts[long] = hasArg
 29 | }
 30 | 
 31 | // Get returns the parsed options.
 32 | func (o *OptConfig) Get(arg string) any {
 33 | 	if o.ParsedOpts == nil {
 34 | 		return nil
 35 | 	}
 36 | 
 37 | 	if val, ok := o.ParsedOpts[arg]; ok {
 38 | 		return val
 39 | 	}
 40 | 
 41 | 	return nil
 42 | }
 43 | 
 44 | type CmdArgs struct {
 45 | 	RawArgs string
 46 | 	argMap  map[string]any
 47 | }
 48 | 
 49 | func (args *CmdArgs) ParseOpts(optsConfig *OptConfig, multiCharSingleDash bool) (map[string]any, []string, error) {
 50 | 	parts := strings.Split(args.RawArgs, " ")
 51 | 	bareArgs := make([]string, 0)
 52 | 	opts := make(map[string]any)
 53 | 	bypassNext := false
 54 | 
 55 | 	optsConfig.ParsedOpts = opts
 56 | 	optsConfig.BareArgs = bareArgs
 57 | 
 58 | 	for i, part := range parts {
 59 | 		if part == "" || bypassNext {
 60 | 			bypassNext = false
 61 | 			continue
 62 | 		}
 63 | 
 64 | 		args := make([]string, 0)
 65 | 
 66 | 		if !multiCharSingleDash || strings.HasPrefix(part, "--") {
 67 | 			args = append(args, part)
 68 | 		} else {
 69 | 			temp := strings.Split(strings.Replace(part, "-", "", 1), "")
 70 | 
 71 | 			for _, arg := range temp {
 72 | 				args = append(args, "-"+arg)
 73 | 			}
 74 | 		}
 75 | 
 76 | 		for _, arg := range args {
 77 | 			if hasArg, ok := optsConfig.Opts[arg]; ok {
 78 | 				// Check for arguments.
 79 | 				if !hasArg {
 80 | 					optsConfig.ParsedOpts[strings.ReplaceAll(arg, "-", "")] = true
 81 | 				} else {
 82 | 					if i >= len(parts)-1 || parts[i+1][0] == '-' {
 83 | 						noValFound := fmt.Errorf("Argument %q requires a value, but none was found", part)
 84 | 						return optsConfig.ParsedOpts, optsConfig.BareArgs, noValFound
 85 | 					}
 86 | 
 87 | 					optsConfig.ParsedOpts[strings.ReplaceAll(part, "-", "")] = parts[i+1]
 88 | 					bypassNext = true
 89 | 				}
 90 | 			} else {
 91 | 				optsConfig.BareArgs = append(optsConfig.BareArgs, part)
 92 | 			}
 93 | 		}
 94 | 	}
 95 | 
 96 | 	return optsConfig.ParsedOpts, optsConfig.BareArgs, nil
 97 | }
 98 | 
 99 | func (args *CmdArgs) Parse() {
100 | 	args.argMap = make(map[string]any)
101 | 	parts := strings.Split(args.RawArgs, " ")
102 | 
103 | 	for i, part := range parts {
104 | 		part = strings.Trim(part, " ")
105 | 
106 | 		if len(part) == 0 {
107 | 			continue
108 | 		}
109 | 
110 | 		if part[0] == '-' && part[1] == '-' {
111 | 			key := strings.Trim(part, "-")
112 | 
113 | 			if i < len(parts)-1 && parts[i+1][0] != '-' {
114 | 				args.argMap[key] = parts[i+1]
115 | 			}
116 | 
117 | 			args.argMap[key] = true
118 | 		} else if part[0] == '-' {
119 | 			key := strings.Trim(part, "-")
120 | 
121 | 			if i < len(parts)-1 && len(parts[i+1]) > 0 && parts[i+1][0] != '-' {
122 | 				args.argMap[key] = parts[i+1]
123 | 			}
124 | 
125 | 			args.argMap[key] = true
126 | 
127 | 			for _, char := range key {
128 | 				args.argMap[string(char)] = true
129 | 			}
130 | 		} else {
131 | 			args.argMap["raw"] = part
132 | 		}
133 | 	}
134 | }
135 | 
136 | func (args *CmdArgs) Get(key string) any {
137 | 	if v, ok := args.argMap[key]; ok {
138 | 		return v
139 | 	}
140 | 
141 | 	return nil
142 | }
143 | 
144 | func (args *CmdArgs) Array() []string {
145 | 	re := regexp.MustCompile(`(\s+)`)
146 | 	rawArgs := strings.Trim(re.ReplaceAllString(args.RawArgs, " "), " ")
147 | 	return strings.Split(rawArgs, " ")
148 | }
149 | 
150 | func (args *CmdArgs) ArrayWithCommand(cmd string) []string {
151 | 	cmdArgs := []string{cmd}
152 | 	return append(cmdArgs, args.Array()...)
153 | }
154 | 
155 | func (args *CmdArgs) ForEach(callback func(string, any)) {
156 | 	for k, v := range args.argMap {
157 | 		callback(k, v)
158 | 	}
159 | }
160 | 
161 | func CreateOptsConfig() *OptConfig {
162 | 	return &OptConfig{
163 | 		Opts: make(map[string]bool),
164 | 	}
165 | }
166 | 
167 | func OptsModule(L *lua.LState) *lua.LTable {
168 | 	module := L.NewTable()
169 | 
170 | 	L.SetField(module, "CreateOptsConfig", luar.New(L, CreateOptsConfig))
171 | 
172 | 	return module
173 | }
174 | 


--------------------------------------------------------------------------------
/plugin/config.go:
--------------------------------------------------------------------------------
 1 | package plugin
 2 | 
 3 | import (
 4 | 	"log"
 5 | 	"math/rand"
 6 | 	"net"
 7 | 	"path/filepath"
 8 | 	"time"
 9 | )
10 | 
11 | type TermWriteFn func(...string)
12 | 
13 | type CommandFn func(*CmdArgs, *Session)
14 | type PasswordInterceptFn func(string, string, *net.IP) bool
15 | type PromptFn func(*Session) string
16 | type LoginMessageFn func(*Session) string
17 | 
18 | // Config is a struct that handles everything related to the sandbox. For
19 | // example, the registered commands, the password interceptor, the fake
20 | // prompt, and other things.
21 | type Config struct {
22 | 	CommandCallbacks    map[string]CommandFn
23 | 	PasswordInterceptor PasswordInterceptFn
24 | 	PromptFn            PromptFn
25 | 	LoginMessageFn      LoginMessageFn
26 | 	vfs                 *VFS
27 | }
28 | 
29 | // Init initializes the instance. This must run, as it instanciates the
30 | // command callbacks.
31 | func (c *Config) Init() {
32 | 	c.CommandCallbacks = make(map[string]CommandFn)
33 | }
34 | 
35 | // RegisterCommand adds a command to the list of supported commands. This
36 | // means that an attacker can run the command by the supplied `cmd` and then
37 | // that will run the command function (`cmdFn`).
38 | func (c *Config) RegisterCommand(cmd, dir string, cmdFn CommandFn) bool {
39 | 	if cmdFn == nil {
40 | 		log.Println("No command function for command", cmd)
41 | 		return false
42 | 	}
43 | 
44 | 	log.Println("Registering command", cmd)
45 | 	c.CommandCallbacks[cmd] = cmdFn
46 | 
47 | 	if c.vfs != nil {
48 | 		_, file, err := c.vfs.FindFile(dir)
49 | 
50 | 		if err != nil {
51 | 			log.Println("Error:", err)
52 | 			return false
53 | 		}
54 | 
55 | 		if file.Type == T_SYMLINK {
56 | 			_, file, err = c.vfs.FindFile(filepath.Join("/", file.LinkTo))
57 | 
58 | 			if err != nil {
59 | 				log.Println("Error:", err)
60 | 				return false
61 | 			}
62 | 		}
63 | 
64 | 		if _, ok := file.Files[cmd]; ok {
65 | 			log.Printf("Error: command \"%s%s\" already exists\n", dir, cmd)
66 | 			return false
67 | 		}
68 | 
69 | 		file.Files[cmd] = VFSFile{
70 | 			Type:    T_FILE,
71 | 			Mode:    0755,
72 | 			Name:    cmd,
73 | 			CmdFn:   cmdFn,
74 | 			Owner:   "root",
75 | 			Group:   "root",
76 | 			ModTime: time.Now().Add(time.Duration(-rand.Intn(30)) * time.Hour),
77 | 		}
78 | 		c.CommandCallbacks[filepath.Join(dir, cmd)] = cmdFn
79 | 	}
80 | 
81 | 	return true
82 | }
83 | 
84 | func (c *Config) RegisterLoginMessage(loginMsgFn LoginMessageFn) {
85 | 	c.LoginMessageFn = loginMsgFn
86 | }
87 | 
88 | func (c *Config) RegisterPasswordIntercept(interceptor PasswordInterceptFn) {
89 | 	c.PasswordInterceptor = interceptor
90 | }
91 | 
92 | func (c *Config) RegisterPrompt(promptFn PromptFn) {
93 | 	c.PromptFn = promptFn
94 | }
95 | 


--------------------------------------------------------------------------------
/plugin/manager.go:
--------------------------------------------------------------------------------
  1 | package plugin
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"regexp"
  6 | 
  7 | 	"gorm.io/gorm"
  8 | )
  9 | 
 10 | // PluginManager handles all things related to the plugins. Use this
 11 | // instance to load plugins and get commands.
 12 | type PluginManager struct {
 13 | 	DB              *gorm.DB
 14 | 	PluginVFS       *VFS
 15 | 	plugins         []*Plugin
 16 | 	passwordPlugins []*Plugin
 17 | 	commandMap      map[string]CommandFn
 18 | 	PromptPlugin    PromptFn
 19 | 	LoginMessageFn  LoginMessageFn
 20 | }
 21 | 
 22 | // LoadPlugins loads the plugin by supplying a `path`.
 23 | func (pm *PluginManager) LoadPlugins(path string) error {
 24 | 	var err error
 25 | 	pm.plugins, err = LoadPlugins(path, pm.DB)
 26 | 	pm.passwordPlugins = make([]*Plugin, 0)
 27 | 	pm.commandMap = make(map[string]CommandFn)
 28 | 
 29 | 	if err != nil {
 30 | 		return err
 31 | 	}
 32 | 
 33 | 	for _, pl := range pm.plugins {
 34 | 		err = pl.Init(pm.PluginVFS)
 35 | 
 36 | 		if err != nil {
 37 | 			return err
 38 | 		}
 39 | 
 40 | 		if pl.HasPasswordIntercept() {
 41 | 			pm.passwordPlugins = append(pm.passwordPlugins, pl)
 42 | 		}
 43 | 
 44 | 		if pl.HasCommandDefined() {
 45 | 			for cmd, commandFn := range pl.Commands() {
 46 | 				pm.commandMap[cmd] = commandFn
 47 | 			}
 48 | 		}
 49 | 
 50 | 		if pl.HasPromptFn() {
 51 | 			pm.PromptPlugin = pl.Config.PromptFn
 52 | 		}
 53 | 
 54 | 		if pl.HasLoginMessage() {
 55 | 			pm.LoginMessageFn = pl.Config.LoginMessageFn
 56 | 		}
 57 | 	}
 58 | 
 59 | 	if pm.PromptPlugin == nil {
 60 | 		pm.PromptPlugin = pm.defaultPrompt
 61 | 	}
 62 | 
 63 | 	return nil
 64 | }
 65 | 
 66 | // defaultPrompt displays a very basic bash-like prompt.
 67 | func (pm *PluginManager) defaultPrompt(s *Session) string {
 68 | 	if s.User.Username == "root" {
 69 | 		return "# "
 70 | 	}
 71 | 
 72 | 	return "$ "
 73 | }
 74 | 
 75 | // GetComand returns a function handler and a boolean (if it was found or not)
 76 | // for a command (as a string).
 77 | func (pm *PluginManager) GetCommand(cmd string) (CommandFn, bool) {
 78 | 	if cmd, ok := pm.commandMap[cmd]; ok {
 79 | 		return cmd, ok
 80 | 	}
 81 | 
 82 | 	return nil, false
 83 | }
 84 | 
 85 | func (pm *PluginManager) MatchCommand(part string) ([]CommandFn, []string) {
 86 | 	commands := make([]string, 0)
 87 | 	cmdFns := make([]CommandFn, 0)
 88 | 	reg := regexp.MustCompile(fmt.Sprintf("^%s", part))
 89 | 
 90 | 	for cmd, cmdFn := range pm.commandMap {
 91 | 		if reg.MatchString(cmd) {
 92 | 			commands = append(commands, cmd)
 93 | 			cmdFns = append(cmdFns, cmdFn)
 94 | 		}
 95 | 	}
 96 | 
 97 | 	return cmdFns, commands
 98 | }
 99 | 
100 | func (pm *PluginManager) GetPasswordIntercepts() []*Plugin {
101 | 	return pm.passwordPlugins
102 | }
103 | 


--------------------------------------------------------------------------------
/plugin/module.go:
--------------------------------------------------------------------------------
 1 | package plugin
 2 | 
 3 | import (
 4 | 	"log"
 5 | 
 6 | 	"github.com/wisepythagoras/honeyshell/plugin/native"
 7 | 	lua "github.com/yuin/gopher-lua"
 8 | 	luar "layeh.com/gopher-luar"
 9 | )
10 | 
11 | type nativeModule struct {
12 | 	L *lua.LState
13 | }
14 | 
15 | // importFn will load a supported module into the Lua runtime.
16 | func (nm *nativeModule) importFn(module string) *lua.LTable {
17 | 	switch module {
18 | 	case "fmt":
19 | 		return native.FmtModule(nm.L)
20 | 	case "time":
21 | 		return native.TimeModule(nm.L)
22 | 	case "io":
23 | 		return native.IoModule(nm.L)
24 | 	case "os":
25 | 		return native.OsModule(nm.L)
26 | 	case "json":
27 | 		return native.JsonModule(nm.L)
28 | 	case "strings":
29 | 		return native.StringsModule(nm.L)
30 | 	case "filepath":
31 | 		return native.FilepathModule(nm.L)
32 | 	case "tabwriter":
33 | 		return native.TabWriterModule(nm.L)
34 | 	case "opts":
35 | 		return OptsModule(nm.L)
36 | 	default:
37 | 		log.Fatalf("No module %q found", module)
38 | 	}
39 | 
40 | 	return nil
41 | }
42 | 
43 | // createImportFn exposes the `import` function in Lua so that you can
44 | // call `import("something")` to load native modules.
45 | func (nm *nativeModule) createImportFn() {
46 | 	nm.L.SetGlobal("import", luar.New(nm.L, nm.importFn))
47 | }
48 | 


--------------------------------------------------------------------------------
/plugin/native/db.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	lua "github.com/yuin/gopher-lua"
 5 | 	"gorm.io/gorm"
 6 | 	luar "layeh.com/gopher-luar"
 7 | )
 8 | 
 9 | func DBModule(L *lua.LState, db *gorm.DB) *lua.LTable {
10 | 	module := L.NewTable()
11 | 
12 | 	rawDBQuery := func(query string, args ...any) any {
13 | 		var results []map[string]any
14 | 
15 | 		db.Raw(query, args...).Scan(&results)
16 | 
17 | 		for i, res := range results {
18 | 			for k, v := range res {
19 | 				if iValue, ok := v.(*interface{}); ok {
20 | 					results[i][k] = *iValue
21 | 				}
22 | 			}
23 | 		}
24 | 
25 | 		return results
26 | 	}
27 | 
28 | 	L.SetField(module, "query", luar.New(L, rawDBQuery))
29 | 
30 | 	return module
31 | }
32 | 


--------------------------------------------------------------------------------
/plugin/native/filepath.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"path/filepath"
 5 | 
 6 | 	lua "github.com/yuin/gopher-lua"
 7 | 	luar "layeh.com/gopher-luar"
 8 | )
 9 | 
10 | func FilepathModule(L *lua.LState) *lua.LTable {
11 | 	module := L.NewTable()
12 | 
13 | 	L.SetField(module, "Abs", luar.New(L, filepath.Abs))
14 | 	L.SetField(module, "Base", luar.New(L, filepath.Base))
15 | 	L.SetField(module, "Clean", luar.New(L, filepath.Clean))
16 | 	L.SetField(module, "Dir", luar.New(L, filepath.Dir))
17 | 	L.SetField(module, "Ext", luar.New(L, filepath.Ext))
18 | 	L.SetField(module, "FromSlash", luar.New(L, filepath.FromSlash))
19 | 	L.SetField(module, "Glob", luar.New(L, filepath.Glob))
20 | 	L.SetField(module, "IsAbs", luar.New(L, filepath.IsAbs))
21 | 	L.SetField(module, "Join", luar.New(L, filepath.Join))
22 | 	L.SetField(module, "Match", luar.New(L, filepath.Match))
23 | 	L.SetField(module, "Rel", luar.New(L, filepath.Rel))
24 | 	L.SetField(module, "Split", luar.New(L, filepath.Split))
25 | 	L.SetField(module, "SplitList", luar.New(L, filepath.SplitList))
26 | 	L.SetField(module, "ToSlash", luar.New(L, filepath.ToSlash))
27 | 	L.SetField(module, "VolumeName", luar.New(L, filepath.VolumeName))
28 | 	L.SetField(module, "Walk", luar.New(L, filepath.Walk))
29 | 	L.SetField(module, "WalkDir", luar.New(L, filepath.WalkDir))
30 | 
31 | 	return module
32 | }
33 | 


--------------------------------------------------------------------------------
/plugin/native/fmt.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 
 6 | 	lua "github.com/yuin/gopher-lua"
 7 | 	luar "layeh.com/gopher-luar"
 8 | )
 9 | 
10 | func FmtModule(L *lua.LState) *lua.LTable {
11 | 	module := L.NewTable()
12 | 
13 | 	L.SetField(module, "Fprint", luar.New(L, fmt.Fprint))
14 | 	L.SetField(module, "Fprintf", luar.New(L, fmt.Fprintf))
15 | 	L.SetField(module, "Fprintln", luar.New(L, fmt.Fprintln))
16 | 	L.SetField(module, "Print", luar.New(L, fmt.Print))
17 | 	L.SetField(module, "Printf", luar.New(L, fmt.Printf))
18 | 	L.SetField(module, "Println", luar.New(L, fmt.Println))
19 | 	L.SetField(module, "Sprintf", luar.New(L, fmt.Sprintf))
20 | 
21 | 	return module
22 | }
23 | 


--------------------------------------------------------------------------------
/plugin/native/io.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"bytes"
 5 | 	"io"
 6 | 
 7 | 	lua "github.com/yuin/gopher-lua"
 8 | 	luar "layeh.com/gopher-luar"
 9 | )
10 | 
11 | func createWriter() io.Writer {
12 | 	return new(bytes.Buffer)
13 | }
14 | 
15 | func IoModule(L *lua.LState) *lua.LTable {
16 | 	module := L.NewTable()
17 | 
18 | 	L.SetField(module, "MultiWriter", luar.New(L, io.MultiWriter))
19 | 	L.SetField(module, "ReadAll", luar.New(L, io.ReadAll))
20 | 	L.SetField(module, "ReadAtLeast", luar.New(L, io.ReadAtLeast))
21 | 	L.SetField(module, "ReadFull", luar.New(L, io.ReadFull))
22 | 	L.SetField(module, "WriteString", luar.New(L, io.WriteString))
23 | 	L.SetField(module, "CreateWriter", luar.New(L, createWriter))
24 | 
25 | 	return module
26 | }
27 | 


--------------------------------------------------------------------------------
/plugin/native/json.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"encoding/json"
 5 | 	"log"
 6 | 
 7 | 	lua "github.com/yuin/gopher-lua"
 8 | 	luar "layeh.com/gopher-luar"
 9 | )
10 | 
11 | func jsonMarshal(obj any) string {
12 | 	var res []byte
13 | 	var err error
14 | 
15 | 	if res, err = json.Marshal(obj); err != nil {
16 | 		log.Println(err)
17 | 		return ""
18 | 	}
19 | 
20 | 	return string(res)
21 | }
22 | 
23 | func jsonUnmarshal(jsonStr string) any {
24 | 	res := make(map[string]any)
25 | 	var err error
26 | 
27 | 	if err = json.Unmarshal([]byte(jsonStr), &res); err != nil {
28 | 		log.Println(err)
29 | 		return nil
30 | 	}
31 | 
32 | 	return res
33 | }
34 | 
35 | func JsonModule(L *lua.LState) *lua.LTable {
36 | 	module := L.NewTable()
37 | 
38 | 	L.SetField(module, "Marshal", luar.New(L, jsonMarshal))
39 | 	L.SetField(module, "Unmarshal", luar.New(L, jsonUnmarshal))
40 | 
41 | 	return module
42 | }
43 | 


--------------------------------------------------------------------------------
/plugin/native/net.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"net"
 5 | 
 6 | 	lua "github.com/yuin/gopher-lua"
 7 | 	luar "layeh.com/gopher-luar"
 8 | )
 9 | 
10 | func NetModule(L *lua.LState) *lua.LTable {
11 | 	module := L.NewTable()
12 | 
13 | 	L.SetField(module, "IPv4", luar.New(L, net.IPv4))
14 | 	L.SetField(module, "IPv4allrouter", luar.New(L, net.IPv4allrouter))
15 | 	L.SetField(module, "IPv4allsys", luar.New(L, net.IPv4allsys))
16 | 	L.SetField(module, "IPv4bcast", luar.New(L, net.IPv4bcast))
17 | 	L.SetField(module, "IPv6interfacelocalallnodes", luar.New(L, net.IPv6interfacelocalallnodes))
18 | 	L.SetField(module, "IPv4len", luar.New(L, net.IPv4len))
19 | 	L.SetField(module, "IPv4zero", luar.New(L, net.IPv4zero))
20 | 	L.SetField(module, "IPv6len", luar.New(L, net.IPv6len))
21 | 	L.SetField(module, "IPv4Mask", luar.New(L, net.IPv4Mask))
22 | 	L.SetField(module, "IPv6linklocalallnodes", luar.New(L, net.IPv6linklocalallnodes))
23 | 	L.SetField(module, "IPv6linklocalallrouters", luar.New(L, net.IPv6linklocalallrouters))
24 | 	L.SetField(module, "IPv6loopback", luar.New(L, net.IPv6loopback))
25 | 	L.SetField(module, "IPv6unspecified", luar.New(L, net.IPv6unspecified))
26 | 	L.SetField(module, "IPv6zero", luar.New(L, net.IPv6zero))
27 | 	L.SetField(module, "JoinHostPort", luar.New(L, net.JoinHostPort))
28 | 	L.SetField(module, "LookupHost", luar.New(L, net.LookupHost))
29 | 	L.SetField(module, "LookupIP", luar.New(L, net.LookupIP))
30 | 	L.SetField(module, "ParseIP", luar.New(L, net.ParseIP))
31 | 	L.SetField(module, "ResolveIPAddr", luar.New(L, net.ResolveIPAddr))
32 | 	L.SetField(module, "ResolveTCPAddr", luar.New(L, net.ResolveTCPAddr))
33 | 	L.SetField(module, "ResolveUDPAddr", luar.New(L, net.ResolveUDPAddr))
34 | 	L.SetField(module, "ResolveUnixAddr", luar.New(L, net.ResolveUnixAddr))
35 | 	L.SetField(module, "SplitHostPort", luar.New(L, net.SplitHostPort))
36 | 
37 | 	return module
38 | }
39 | 


--------------------------------------------------------------------------------
/plugin/native/os.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"os"
 5 | 
 6 | 	lua "github.com/yuin/gopher-lua"
 7 | 	luar "layeh.com/gopher-luar"
 8 | )
 9 | 
10 | func OsModule(L *lua.LState) *lua.LTable {
11 | 	module := L.NewTable()
12 | 
13 | 	L.SetField(module, "Chdir", luar.New(L, os.Chdir))
14 | 	L.SetField(module, "Chmod", luar.New(L, os.Chmod))
15 | 	L.SetField(module, "Chown", luar.New(L, os.Chown))
16 | 	L.SetField(module, "Create)", luar.New(L, os.Create))
17 | 	L.SetField(module, "CreateTemp", luar.New(L, os.CreateTemp))
18 | 	L.SetField(module, "DirFS", luar.New(L, os.DirFS))
19 | 	L.SetField(module, "Environ", luar.New(L, os.Environ))
20 | 	L.SetField(module, "ExpandEnv", luar.New(L, os.ExpandEnv))
21 | 	L.SetField(module, "FindProcess", luar.New(L, os.FindProcess))
22 | 	L.SetField(module, "Getegid", luar.New(L, os.Getegid))
23 | 	L.SetField(module, "Geteuid", luar.New(L, os.Geteuid))
24 | 	L.SetField(module, "Getgid", luar.New(L, os.Getgid))
25 | 	L.SetField(module, "Getgroups", luar.New(L, os.Getgroups))
26 | 	L.SetField(module, "Getpid", luar.New(L, os.Getpid))
27 | 	L.SetField(module, "Getuid", luar.New(L, os.Getuid))
28 | 	L.SetField(module, "Link", luar.New(L, os.Link))
29 | 	L.SetField(module, "LookupEnv", luar.New(L, os.LookupEnv))
30 | 	L.SetField(module, "Lstat", luar.New(L, os.Lstat))
31 | 	L.SetField(module, "Mkdir", luar.New(L, os.Mkdir))
32 | 	L.SetField(module, "MkdirAll", luar.New(L, os.MkdirAll))
33 | 	L.SetField(module, "MkdirTemp", luar.New(L, os.MkdirTemp))
34 | 	L.SetField(module, "NewFile", luar.New(L, os.NewFile))
35 | 	L.SetField(module, "Open", luar.New(L, os.Open))
36 | 	L.SetField(module, "OpenFile", luar.New(L, os.OpenFile))
37 | 	L.SetField(module, "Pipe", luar.New(L, os.Pipe))
38 | 	L.SetField(module, "ReadDir", luar.New(L, os.ReadDir))
39 | 	L.SetField(module, "ReadFile", luar.New(L, os.ReadFile))
40 | 	L.SetField(module, "Readlink", luar.New(L, os.Readlink))
41 | 	L.SetField(module, "Remove", luar.New(L, os.Remove))
42 | 	L.SetField(module, "RemoveAll", luar.New(L, os.RemoveAll))
43 | 	L.SetField(module, "Rename", luar.New(L, os.Rename))
44 | 	L.SetField(module, "SameFile", luar.New(L, os.SameFile))
45 | 	L.SetField(module, "Setenv", luar.New(L, os.Setenv))
46 | 	L.SetField(module, "Stat", luar.New(L, os.Stat))
47 | 	L.SetField(module, "Symlink", luar.New(L, os.Symlink))
48 | 	L.SetField(module, "TempDir", luar.New(L, os.TempDir))
49 | 	L.SetField(module, "Truncate", luar.New(L, os.Truncate))
50 | 	L.SetField(module, "Unsetenv", luar.New(L, os.Unsetenv))
51 | 	L.SetField(module, "WriteFile", luar.New(L, os.WriteFile))
52 | 
53 | 	L.SetField(module, "DevNull", luar.New(L, os.DevNull))
54 | 	L.SetField(module, "ModeAppend", luar.New(L, os.ModeAppend))
55 | 	L.SetField(module, "ModeCharDevice", luar.New(L, os.ModeCharDevice))
56 | 	L.SetField(module, "ModeDevice", luar.New(L, os.ModeDevice))
57 | 	L.SetField(module, "ModeDir", luar.New(L, os.ModeDir))
58 | 	L.SetField(module, "ModeExclusive", luar.New(L, os.ModeExclusive))
59 | 	L.SetField(module, "ModeIrregular", luar.New(L, os.ModeIrregular))
60 | 	L.SetField(module, "ModeNamedPipe", luar.New(L, os.ModeNamedPipe))
61 | 	L.SetField(module, "ModePerm", luar.New(L, os.ModePerm))
62 | 	L.SetField(module, "ModeSetgid", luar.New(L, os.ModeSetgid))
63 | 	L.SetField(module, "ModeSetuid", luar.New(L, os.ModeSetuid))
64 | 	L.SetField(module, "ModeSocket", luar.New(L, os.ModeSocket))
65 | 	L.SetField(module, "ModeSticky", luar.New(L, os.ModeSticky))
66 | 	L.SetField(module, "ModeSymlink", luar.New(L, os.ModeSymlink))
67 | 	L.SetField(module, "ModeTemporary", luar.New(L, os.ModeTemporary))
68 | 	L.SetField(module, "ModeType", luar.New(L, os.ModeType))
69 | 	L.SetField(module, "O_APPEND", luar.New(L, os.O_APPEND))
70 | 	L.SetField(module, "O_CREATE", luar.New(L, os.O_CREATE))
71 | 	L.SetField(module, "O_EXCL", luar.New(L, os.O_EXCL))
72 | 	L.SetField(module, "O_RDONLY", luar.New(L, os.O_RDONLY))
73 | 	L.SetField(module, "O_RDWR", luar.New(L, os.O_RDWR))
74 | 	L.SetField(module, "O_SYNC", luar.New(L, os.O_SYNC))
75 | 	L.SetField(module, "O_TRUNC", luar.New(L, os.O_TRUNC))
76 | 	L.SetField(module, "O_WRONLY", luar.New(L, os.O_WRONLY))
77 | 	L.SetField(module, "Stdout", luar.New(L, os.Stdout))
78 | 	L.SetField(module, "Stderr", luar.New(L, os.Stderr))
79 | 	L.SetField(module, "Stdin", luar.New(L, os.Stdin))
80 | 
81 | 	return module
82 | }
83 | 


--------------------------------------------------------------------------------
/plugin/native/strings.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"strings"
 5 | 
 6 | 	lua "github.com/yuin/gopher-lua"
 7 | 	luar "layeh.com/gopher-luar"
 8 | )
 9 | 
10 | func StringsModule(L *lua.LState) *lua.LTable {
11 | 	module := L.NewTable()
12 | 
13 | 	L.SetField(module, "Clone", luar.New(L, strings.Clone))
14 | 	L.SetField(module, "Compare", luar.New(L, strings.Compare))
15 | 	L.SetField(module, "Contains", luar.New(L, strings.Contains))
16 | 	L.SetField(module, "ContainsAny", luar.New(L, strings.ContainsAny))
17 | 	L.SetField(module, "Count", luar.New(L, strings.Count))
18 | 	L.SetField(module, "Cut", luar.New(L, strings.Cut))
19 | 	L.SetField(module, "EqualFold", luar.New(L, strings.EqualFold))
20 | 	L.SetField(module, "Fields", luar.New(L, strings.Fields))
21 | 	L.SetField(module, "HasPrefix", luar.New(L, strings.HasPrefix))
22 | 	L.SetField(module, "HasSuffix", luar.New(L, strings.HasSuffix))
23 | 	L.SetField(module, "Index", luar.New(L, strings.Index))
24 | 	L.SetField(module, "Join", luar.New(L, strings.Join))
25 | 	L.SetField(module, "Replace", luar.New(L, strings.Replace))
26 | 	L.SetField(module, "ReplaceAll", luar.New(L, strings.ReplaceAll))
27 | 	L.SetField(module, "Split", luar.New(L, strings.Split))
28 | 	L.SetField(module, "SplitAfter", luar.New(L, strings.SplitAfter))
29 | 	L.SetField(module, "ToUpper", luar.New(L, strings.ToUpper))
30 | 	L.SetField(module, "Trim", luar.New(L, strings.Trim))
31 | 
32 | 	return module
33 | }
34 | 


--------------------------------------------------------------------------------
/plugin/native/tabwriter.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"text/tabwriter"
 5 | 
 6 | 	lua "github.com/yuin/gopher-lua"
 7 | 	luar "layeh.com/gopher-luar"
 8 | )
 9 | 
10 | func TabWriterModule(L *lua.LState) *lua.LTable {
11 | 	module := L.NewTable()
12 | 
13 | 	L.SetField(module, "AlignRight", luar.New(L, tabwriter.AlignRight))
14 | 	L.SetField(module, "Debug", luar.New(L, tabwriter.Debug))
15 | 	L.SetField(module, "DiscardEmptyColumns", luar.New(L, tabwriter.DiscardEmptyColumns))
16 | 	L.SetField(module, "Escape", luar.New(L, tabwriter.Escape))
17 | 	L.SetField(module, "FilterHTML", luar.New(L, tabwriter.FilterHTML))
18 | 	L.SetField(module, "NewWriter", luar.New(L, tabwriter.NewWriter))
19 | 	L.SetField(module, "StripEscape", luar.New(L, tabwriter.StripEscape))
20 | 	L.SetField(module, "TabIndent", luar.New(L, tabwriter.TabIndent))
21 | 
22 | 	return module
23 | }
24 | 


--------------------------------------------------------------------------------
/plugin/native/time.go:
--------------------------------------------------------------------------------
 1 | package native
 2 | 
 3 | import (
 4 | 	"time"
 5 | 
 6 | 	lua "github.com/yuin/gopher-lua"
 7 | 	luar "layeh.com/gopher-luar"
 8 | )
 9 | 
10 | func TimeModule(L *lua.LState) *lua.LTable {
11 | 	module := L.NewTable()
12 | 
13 | 	L.SetField(module, "After", luar.New(L, time.After))
14 | 	L.SetField(module, "AfterFunc", luar.New(L, time.AfterFunc))
15 | 	L.SetField(module, "Date", luar.New(L, time.Date))
16 | 	L.SetField(module, "Hour", luar.New(L, time.Hour))
17 | 	L.SetField(module, "Microsecond", luar.New(L, time.Microsecond))
18 | 	L.SetField(module, "Millisecond", luar.New(L, time.Millisecond))
19 | 	L.SetField(module, "Minute", luar.New(L, time.Minute))
20 | 	L.SetField(module, "Nanosecond", luar.New(L, time.Nanosecond))
21 | 	L.SetField(module, "NewTicker", luar.New(L, time.NewTicker))
22 | 	L.SetField(module, "NewTimer", luar.New(L, time.NewTimer))
23 | 	L.SetField(module, "Now", luar.New(L, time.Now))
24 | 	L.SetField(module, "Parse", luar.New(L, time.Parse))
25 | 	L.SetField(module, "ParseDuration", luar.New(L, time.ParseDuration))
26 | 	L.SetField(module, "ParseInLocation", luar.New(L, time.ParseInLocation))
27 | 	L.SetField(module, "Second", luar.New(L, time.Second))
28 | 	L.SetField(module, "Since", luar.New(L, time.Since))
29 | 	L.SetField(module, "Sleep", luar.New(L, time.Sleep))
30 | 	L.SetField(module, "Tick", luar.New(L, time.Tick))
31 | 	L.SetField(module, "Unix", luar.New(L, time.Unix))
32 | 
33 | 	return module
34 | }
35 | 


--------------------------------------------------------------------------------
/plugin/plugin.go:
--------------------------------------------------------------------------------
  1 | package plugin
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"io/fs"
  6 | 	"net"
  7 | 	"path/filepath"
  8 | 
  9 | 	"github.com/wisepythagoras/honeyshell/plugin/native"
 10 | 	lua "github.com/yuin/gopher-lua"
 11 | 	"gorm.io/gorm"
 12 | 	luar "layeh.com/gopher-luar"
 13 | )
 14 | 
 15 | type Plugin struct {
 16 | 	Path   string
 17 | 	Dir    fs.DirEntry
 18 | 	Main   fs.DirEntry
 19 | 	L      *lua.LState
 20 | 	Config *Config
 21 | 	DB     *gorm.DB
 22 | 	vfs    *VFS
 23 | }
 24 | 
 25 | func (p *Plugin) GetPath(withMain bool) string {
 26 | 	pluginPath := filepath.Join(p.Path, p.Dir.Name())
 27 | 
 28 | 	if withMain {
 29 | 		pluginPath = filepath.Join(pluginPath, p.Main.Name())
 30 | 	}
 31 | 
 32 | 	return pluginPath
 33 | }
 34 | 
 35 | func (p *Plugin) Init(vfs *VFS) error {
 36 | 	p.L = lua.NewState()
 37 | 
 38 | 	p.vfs = vfs
 39 | 
 40 | 	// Set up the environment here.
 41 | 	nativeMod := nativeModule{L: p.L}
 42 | 	nativeMod.createImportFn()
 43 | 
 44 | 	p.L.SetGlobal("db", luar.New(p.L, native.DBModule(p.L, p.DB)))
 45 | 	p.L.SetGlobal("dirname", luar.New(p.L, p.GetPath(false)))
 46 | 	p.L.SetGlobal("toBytes", luar.New(p.L, stringToBytes))
 47 | 	p.L.SetGlobal("toString", luar.New(p.L, bytesToString))
 48 | 	p.L.SetGlobal("newMap", luar.New(p.L, newMap))
 49 | 	p.L.SetGlobal("newBoolMap", luar.New(p.L, newBoolMap))
 50 | 	p.L.SetGlobal("len", luar.New(p.L, arrayLen))
 51 | 
 52 | 	// Allow requiring lua files from the plugin's directory.
 53 | 	pkg := p.L.GetGlobal("package")
 54 | 	newPath := fmt.Sprintf("%s/?.lua;%s", p.GetPath(false), pkg.String())
 55 | 	p.L.SetField(pkg, "path", luar.New(p.L, newPath))
 56 | 
 57 | 	// Run the extension's main file.
 58 | 	if err := p.L.DoFile(p.GetPath(true)); err != nil {
 59 | 		panic(err)
 60 | 	}
 61 | 
 62 | 	// Finally find and call the install function.
 63 | 	installFn, ok := p.L.GetGlobal("install").(*lua.LFunction)
 64 | 
 65 | 	if !ok {
 66 | 		return fmt.Errorf("the install function wasn't found")
 67 | 	}
 68 | 
 69 | 	p.Config = &Config{vfs: p.vfs}
 70 | 	p.Config.Init()
 71 | 
 72 | 	err := p.L.CallByParam(lua.P{
 73 | 		Fn:      installFn,
 74 | 		NRet:    0,
 75 | 		Protect: true,
 76 | 	}, luar.New(p.L, p.Config))
 77 | 
 78 | 	if err != nil {
 79 | 		return err
 80 | 	}
 81 | 
 82 | 	return nil
 83 | }
 84 | 
 85 | func (p *Plugin) SetVFS(vfs *VFS) {
 86 | 	p.vfs = vfs
 87 | }
 88 | 
 89 | func (p *Plugin) HasPasswordIntercept() bool {
 90 | 	return p.Config.PasswordInterceptor != nil
 91 | }
 92 | 
 93 | func (p *Plugin) HasCommandDefined() bool {
 94 | 	return len(p.Config.CommandCallbacks) > 0
 95 | }
 96 | 
 97 | func (p *Plugin) HasLoginMessage() bool {
 98 | 	return p.Config.LoginMessageFn != nil
 99 | }
100 | 
101 | func (p *Plugin) HasPromptFn() bool {
102 | 	return p.Config.PromptFn != nil
103 | }
104 | 
105 | func (p *Plugin) Commands() map[string]CommandFn {
106 | 	return p.Config.CommandCallbacks
107 | }
108 | 
109 | func (p *Plugin) CallPasswordInterceptor(username, password string, ip *net.IP) bool {
110 | 	if !p.HasPasswordIntercept() {
111 | 		return false
112 | 	}
113 | 
114 | 	return p.Config.PasswordInterceptor(username, password, ip)
115 | }
116 | 


--------------------------------------------------------------------------------
/plugin/session.go:
--------------------------------------------------------------------------------
 1 | package plugin
 2 | 
 3 | import (
 4 | 	"golang.org/x/term"
 5 | )
 6 | 
 7 | type Session struct {
 8 | 	VFS     *VFS
 9 | 	Term    *term.Terminal
10 | 	Manager *PluginManager
11 | 	pwd     string
12 | 	User    *User
13 | }
14 | 
15 | func (s *Session) AutoCompleteCallback(line string, pos int, key rune) (newLine string, newPos int, ok bool) {
16 | 	if key == 9 {
17 | 		_, matchingCmds := s.Manager.MatchCommand(line)
18 | 
19 | 		for _, cmd := range matchingCmds {
20 | 			s.Term.Write([]byte(cmd))
21 | 		}
22 | 
23 | 		s.Term.Write([]byte("\n"))
24 | 	}
25 | 
26 | 	return line, pos, ok
27 | }
28 | 
29 | func (s *Session) TermWrite(data ...string) {
30 | 	for _, v := range data {
31 | 		s.Term.Write([]byte(v))
32 | 	}
33 | }
34 | 
35 | func (s *Session) Chdir(newPath string) error {
36 | 	path, _, err := s.VFS.FindFile(newPath)
37 | 
38 | 	if err != nil {
39 | 		return err
40 | 	}
41 | 
42 | 	s.VFS.PWD = path
43 | 	s.pwd = path
44 | 
45 | 	return nil
46 | }
47 | 
48 | func (s *Session) GetPWD() string {
49 | 	return s.pwd
50 | }
51 | 


--------------------------------------------------------------------------------
/plugin/user.go:
--------------------------------------------------------------------------------
1 | package plugin
2 | 
3 | type User struct {
4 | 	Username string
5 | 	Group    string
6 | }
7 | 


--------------------------------------------------------------------------------
/plugin/utils.go:
--------------------------------------------------------------------------------
  1 | package plugin
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"os"
  6 | 	"path/filepath"
  7 | 
  8 | 	"gorm.io/gorm"
  9 | )
 10 | 
 11 | func LoadPlugins(path string, db *gorm.DB) ([]*Plugin, error) {
 12 | 	files, err := os.ReadDir(path)
 13 | 	plugins := []*Plugin{}
 14 | 
 15 | 	if err != nil {
 16 | 		return plugins, err
 17 | 	}
 18 | 
 19 | 	for _, f := range files {
 20 | 		if !f.IsDir() {
 21 | 			continue
 22 | 		}
 23 | 
 24 | 		extFiles, err := os.ReadDir(filepath.Join(path, f.Name()))
 25 | 
 26 | 		if err != nil {
 27 | 			return plugins, err
 28 | 		}
 29 | 
 30 | 		var mainFile os.DirEntry = nil
 31 | 
 32 | 		for _, extFile := range extFiles {
 33 | 			if extFile.IsDir() {
 34 | 				continue
 35 | 			}
 36 | 
 37 | 			if extFile.Name() == "main.lua" {
 38 | 				mainFile = extFile
 39 | 			}
 40 | 		}
 41 | 
 42 | 		if mainFile == nil {
 43 | 			return plugins, fmt.Errorf("extension folder %q doesn't have an entry point (main.lua)", f.Name())
 44 | 		}
 45 | 
 46 | 		extension := &Plugin{
 47 | 			Path: path,
 48 | 			Dir:  f,
 49 | 			Main: mainFile,
 50 | 			DB:   db,
 51 | 		}
 52 | 
 53 | 		plugins = append(plugins, extension)
 54 | 	}
 55 | 
 56 | 	return plugins, nil
 57 | }
 58 | 
 59 | func stringToBytes(str string) []byte {
 60 | 	return []byte(str)
 61 | }
 62 | 
 63 | func bytesToString(b []byte) string {
 64 | 	return string(b)
 65 | }
 66 | 
 67 | func newMap() map[string]any {
 68 | 	return make(map[string]any)
 69 | }
 70 | 
 71 | func newBoolMap() map[string]bool {
 72 | 	return make(map[string]bool)
 73 | }
 74 | 
 75 | func arrayLen(arr any) int {
 76 | 	switch x := arr.(type) {
 77 | 	case []string:
 78 | 		return len(x)
 79 | 	case []int:
 80 | 		return len(x)
 81 | 	case []int8:
 82 | 		return len(x)
 83 | 	case []int16:
 84 | 		return len(x)
 85 | 	case []int32:
 86 | 		return len(x)
 87 | 	case []int64:
 88 | 		return len(x)
 89 | 	case []uint:
 90 | 		return len(x)
 91 | 	case []uint8:
 92 | 		return len(x)
 93 | 	case []uint16:
 94 | 		return len(x)
 95 | 	case []uint32:
 96 | 		return len(x)
 97 | 	case []uint64:
 98 | 		return len(x)
 99 | 	case []float32:
100 | 		return len(x)
101 | 	case []float64:
102 | 		return len(x)
103 | 	case []any:
104 | 		return len(x)
105 | 	}
106 | 
107 | 	return 0
108 | }
109 | 


--------------------------------------------------------------------------------
/plugin/vfs.go:
--------------------------------------------------------------------------------
  1 | package plugin
  2 | 
  3 | import (
  4 | 	"encoding/json"
  5 | 	"fmt"
  6 | 	"os"
  7 | 	"path/filepath"
  8 | 	"strings"
  9 | 	"time"
 10 | )
 11 | 
 12 | const T_DIR = 1
 13 | const T_FILE = 2
 14 | const T_SYMLINK = 3
 15 | const T_ANY = 4
 16 | 
 17 | // Perm is the basic permissions structure of a Linux file.
 18 | type Perm struct {
 19 | 	Read  bool
 20 | 	Write bool
 21 | 	Exec  bool
 22 | }
 23 | 
 24 | // VFSFile represents the virtual file in the VFS. It can be a regular
 25 | // file (text, executable, etc) or a directory containing its own set of
 26 | // files.
 27 | type VFSFile struct {
 28 | 	Type     int                `json:"t"`
 29 | 	Name     string             `json:"n"`
 30 | 	Files    map[string]VFSFile `json:"f"`
 31 | 	Contents string             `json:"c"`
 32 | 	Mode     os.FileMode        `json:"m"`
 33 | 	Owner    string             `json:"o"`
 34 | 	Group    string             `json:"g"`
 35 | 	ModTime  time.Time          `json:"mt"`
 36 | 	LinkTo   string             `json:"lt"`
 37 | 	NLink    int                `json:"nl"`
 38 | 	CmdFn    CommandFn          `json:"-"`
 39 | }
 40 | 
 41 | // findFile returns the directory of a file, which it finds by its name.
 42 | func (f *VFSFile) findFile(name string, rest []string) (string, *VFSFile, error) {
 43 | 	if name == f.Name && len(rest) == 0 {
 44 | 		return name, f, nil
 45 | 	} else if name == f.Name && len(rest) > 0 {
 46 | 		if f.Type != T_DIR {
 47 | 			return "", nil, fmt.Errorf("file not a directory")
 48 | 		}
 49 | 
 50 | 		if file, ok := f.Files[rest[0]]; ok {
 51 | 			newPath, newFile, err := file.findFile(rest[0], rest[1:])
 52 | 
 53 | 			if err != nil {
 54 | 				return "", nil, err
 55 | 			}
 56 | 
 57 | 			if name == "" {
 58 | 				name = "/"
 59 | 			}
 60 | 
 61 | 			return filepath.Join(name, newPath), newFile, nil
 62 | 		}
 63 | 	}
 64 | 
 65 | 	return "", nil, fmt.Errorf("file not found")
 66 | }
 67 | 
 68 | // CanAccess returns the permissions the user has on the specific file.
 69 | func (f *VFSFile) CanAccess(user *User) Perm {
 70 | 	var buf [32]bool
 71 | 	w := 0
 72 | 
 73 | 	// 13, one for each of "dalTLDpSugct?"
 74 | 	for i := 0; i < 13; i++ {
 75 | 		if f.Mode&(1<<uint(32-1-i)) != 0 {
 76 | 			buf[w] = true
 77 | 			w++
 78 | 		}
 79 | 	}
 80 | 
 81 | 	if w == 0 {
 82 | 		buf[w] = false
 83 | 		w++
 84 | 	}
 85 | 
 86 | 	// 9, one for each of "rwxrwxrwx"
 87 | 	for i := 0; i < 9; i++ {
 88 | 		if f.Mode&(1<<uint(9-1-i)) != 0 {
 89 | 			buf[w] = true
 90 | 		} else {
 91 | 			buf[w] = false
 92 | 		}
 93 | 
 94 | 		w++
 95 | 	}
 96 | 
 97 | 	rawPerms := buf[:w]
 98 | 	perm := Perm{}
 99 | 
100 | 	if user.Username == f.Owner {
101 | 		perm.Read = rawPerms[1]
102 | 		perm.Write = rawPerms[2]
103 | 		perm.Exec = rawPerms[3]
104 | 	} else if user.Username != f.Owner && user.Group == f.Group {
105 | 		perm.Read = rawPerms[4]
106 | 		perm.Write = rawPerms[5]
107 | 		perm.Exec = rawPerms[6]
108 | 	} else if user.Username != f.Owner && user.Group != f.Group {
109 | 		perm.Read = rawPerms[7]
110 | 		perm.Write = rawPerms[8]
111 | 		perm.Exec = rawPerms[9]
112 | 	}
113 | 
114 | 	return perm
115 | }
116 | 
117 | // ForEach loops through all of the files.
118 | func (f *VFSFile) ForEach(callback func(*VFSFile, int)) {
119 | 	if f.Type == T_FILE {
120 | 		callback(f, 0)
121 | 		return
122 | 	}
123 | 
124 | 	i := 0
125 | 
126 | 	for _, file := range f.Files {
127 | 		callback(&file, i)
128 | 		i++
129 | 	}
130 | }
131 | 
132 | // StrMode converts the permissions (or mode) of a file into a string.
133 | func (f *VFSFile) StrMode() string {
134 | 	return f.Mode.String()
135 | }
136 | 
137 | // VFS is the recursive struct that describes the virtual file system.
138 | type VFS struct {
139 | 	Root VFSFile `json:"root"`
140 | 	Home string  `json:"home"`
141 | 	PWD  string  `json:"-"`
142 | 	User *User   `json:"-"`
143 | }
144 | 
145 | // resolveDotPath is a helper function that converts a dot path to an absolute
146 | // path.
147 | func (vfs *VFS) resolveDotPath(path string) string {
148 | 	if path == "." || path == "./" {
149 | 		return vfs.PWD
150 | 	}
151 | 
152 | 	return filepath.Join(vfs.PWD, path)
153 | }
154 | 
155 | // FindFile returns the path and VFSFile of a file in the path.
156 | func (vfs *VFS) FindFile(path string) (string, *VFSFile, error) {
157 | 	if path == "" {
158 | 		path = "/"
159 | 	} else if len(path) > 2 && strings.HasSuffix(path, "/") {
160 | 		path = path[:len(path)-1]
161 | 	}
162 | 
163 | 	if strings.HasPrefix(path, "~") {
164 | 		if path == "~" || path == "~/" || path == "~/." {
165 | 			path = vfs.Home
166 | 		} else {
167 | 			path = filepath.Join(vfs.Home, strings.Replace(path, "~/", "", 1))
168 | 		}
169 | 	} else if path == "." || strings.HasPrefix(path, "./") {
170 | 		path = vfs.resolveDotPath(path)
171 | 	} else if path == ".." || strings.HasPrefix(path, "../") {
172 | 		path = filepath.Join(vfs.PWD, path)
173 | 	} else if !strings.HasPrefix(path, "/") {
174 | 		path = filepath.Join(vfs.PWD, path)
175 | 	}
176 | 
177 | 	username := "{}"
178 | 
179 | 	if vfs.User != nil {
180 | 		username = vfs.User.Username
181 | 	}
182 | 
183 | 	if path == "/" {
184 | 		return "/", &vfs.Root, nil
185 | 	} else if strings.HasPrefix(path, "/home/"+username) {
186 | 		path = strings.Replace(path, "/home/"+username, "/home/{}", 1)
187 | 	}
188 | 
189 | 	parts := strings.Split(path, "/")
190 | 
191 | 	return vfs.Root.findFile(parts[0], parts[1:])
192 | }
193 | 
194 | // Mkdir creates a new directory at the given path.
195 | func (vfs *VFS) Mkdir(path string, mode os.FileMode) (*VFSFile, error) {
196 | 	_, file, err := vfs.FindFile(filepath.Dir(path))
197 | 
198 | 	if err != nil {
199 | 		return nil, err
200 | 	}
201 | 
202 | 	if file.Type != T_DIR {
203 | 		return nil, fmt.Errorf("cannot create directory ‘%s‘: No such file or directory", path)
204 | 	}
205 | 
206 | 	realUser := *vfs.User
207 | 
208 | 	if vfs.User.Username == realUser.Username {
209 | 		realUser = User{
210 | 			Username: "{}",
211 | 			Group:    "{}",
212 | 		}
213 | 	}
214 | 
215 | 	perms := file.CanAccess(&realUser)
216 | 
217 | 	if !perms.Write {
218 | 		return nil, fmt.Errorf("cannot create directory ‘%s‘: Permission denied", path)
219 | 	}
220 | 
221 | 	base := filepath.Base(path)
222 | 
223 | 	if _, ok := file.Files[base]; ok {
224 | 		return nil, fmt.Errorf("file %q already exists", path)
225 | 	}
226 | 
227 | 	if mode == 0 {
228 | 		mode = 0775
229 | 	}
230 | 
231 | 	newFile := VFSFile{
232 | 		Name:    base,
233 | 		Type:    T_DIR,
234 | 		Mode:    mode | os.ModeDir,
235 | 		Files:   make(map[string]VFSFile),
236 | 		Owner:   "{}",
237 | 		Group:   "{}",
238 | 		ModTime: time.Now(),
239 | 	}
240 | 
241 | 	file.Files[base] = newFile
242 | 
243 | 	return &newFile, nil
244 | }
245 | 
246 | // Rmfile deletes a file in the filesystem.
247 | func (vfs *VFS) Rmfile(path string) error {
248 | 	_, parentFolder, err := vfs.FindFile(filepath.Dir(path))
249 | 
250 | 	if err != nil {
251 | 		return err
252 | 	}
253 | 
254 | 	realUser := *vfs.User
255 | 
256 | 	if vfs.User.Username == realUser.Username {
257 | 		realUser = User{
258 | 			Username: "{}",
259 | 			Group:    "{}",
260 | 		}
261 | 	}
262 | 
263 | 	var file VFSFile
264 | 	var ok bool
265 | 
266 | 	base := filepath.Base(path)
267 | 
268 | 	if file, ok = parentFolder.Files[base]; !ok {
269 | 		return fmt.Errorf("no such file or directory")
270 | 	}
271 | 
272 | 	perms := file.CanAccess(&realUser)
273 | 
274 | 	if !perms.Write {
275 | 		return fmt.Errorf("permission denied")
276 | 	}
277 | 
278 | 	delete(parentFolder.Files, base)
279 | 
280 | 	return nil
281 | }
282 | 
283 | // WriteFile adds contents to a specific file in the path.
284 | func (vfs *VFS) WriteFile(path, contents string) error {
285 | 	_, parentFolder, err := vfs.FindFile(filepath.Dir(path))
286 | 
287 | 	if err != nil {
288 | 		return err
289 | 	}
290 | 
291 | 	realUser := *vfs.User
292 | 
293 | 	if vfs.User.Username == realUser.Username {
294 | 		realUser = User{
295 | 			Username: "{}",
296 | 			Group:    "{}",
297 | 		}
298 | 	}
299 | 
300 | 	base := filepath.Base(path)
301 | 	perms := parentFolder.CanAccess(&realUser)
302 | 
303 | 	if !perms.Write {
304 | 		return fmt.Errorf("permission denied")
305 | 	}
306 | 
307 | 	file, ok := parentFolder.Files[base]
308 | 
309 | 	if ok && file.Type == T_DIR {
310 | 		return fmt.Errorf("file is a directory")
311 | 	} else if ok && !file.CanAccess(&realUser).Write {
312 | 		return fmt.Errorf("permission denied")
313 | 	}
314 | 
315 | 	// TODO: Implement all modes, read, write, append.
316 | 	if ok {
317 | 		file.Contents = contents
318 | 	} else {
319 | 		file = VFSFile{
320 | 			Type:     T_FILE,
321 | 			Mode:     0664,
322 | 			Name:     base,
323 | 			Contents: contents,
324 | 			Owner:    "{}",
325 | 			Group:    "{}",
326 | 			ModTime:  time.Now(),
327 | 		}
328 | 	}
329 | 
330 | 	parentFolder.Files[base] = file
331 | 
332 | 	return nil
333 | }
334 | 
335 | // ReadVFSJSONFile reads the JSON file which contains the the virtual file system model.
336 | func ReadVFSJSONFile(path string) (*VFS, error) {
337 | 	data, err := os.ReadFile(path)
338 | 
339 | 	if err != nil {
340 | 		return nil, err
341 | 	}
342 | 
343 | 	vfs := &VFS{}
344 | 
345 | 	if err = json.Unmarshal(data, vfs); err != nil {
346 | 		return nil, err
347 | 	}
348 | 
349 | 	return vfs, nil
350 | }
351 | 


--------------------------------------------------------------------------------
/plugin/vfs_test.go:
--------------------------------------------------------------------------------
  1 | package plugin_test
  2 | 
  3 | import (
  4 | 	"encoding/json"
  5 | 	"testing"
  6 | 
  7 | 	"github.com/wisepythagoras/honeyshell/plugin"
  8 | )
  9 | 
 10 | const testVfs = "{\"root\":{\"t\":1,\"n\":\"\",\"f\":{\"home\":{\"t\":1,\"n\":\"home\",\"f\":{\"{}\":{\"t\":1,\"n\":\"{}\",\"f\":{\"test.txt\":{\"t\":2,\"n\":\"test.txt\",\"o\":\"{}\",\"c\":\"This is a test file\",\"m\":432}},\"o\":\"{}\",\"m\":2147484157}},\"o\":\"root\",\"m\":2147484141},\"etc\":{\"t\":1,\"n\":\"etc\",\"f\":{\"hostname\":{\"t\":2,\"n\":\"hostname\",\"o\":\"root\",\"c\":\"test-hostname\",\"m\":420},\"issue\":{\"t\":2,\"n\":\"issue\",\"o\":\"root\",\"c\":\"Ubuntu 22.04\",\"m\":420}},\"o\":\"root\",\"m\":2147484141}},\"o\":\"root\",\"m\":2147484141},\"home\":\"/home/{}\"}"
 11 | 
 12 | func TestPathResolution(t *testing.T) {
 13 | 	vfs := &plugin.VFS{}
 14 | 	err := json.Unmarshal([]byte(testVfs), vfs)
 15 | 	vfs.User = &plugin.User{
 16 | 		Username: "{}",
 17 | 		Group:    "{}",
 18 | 	}
 19 | 
 20 | 	if err != nil {
 21 | 		t.Errorf("Error: %s", err)
 22 | 	}
 23 | 
 24 | 	p, f, err := vfs.FindFile("/etc/issue")
 25 | 
 26 | 	if err != nil {
 27 | 		t.Errorf("Error: %s", err)
 28 | 	}
 29 | 
 30 | 	if p != "/etc/issue" {
 31 | 		t.Errorf("Invalid path %q", p)
 32 | 	}
 33 | 
 34 | 	if f.Contents != "Ubuntu 22.04" {
 35 | 		t.Errorf("Invalid contents %q", f.Contents)
 36 | 	}
 37 | 
 38 | 	_, _, err = vfs.FindFile("/home/{}/file-that-doesnt-exist.txt")
 39 | 
 40 | 	if err == nil {
 41 | 		t.Error("File found when there should be one")
 42 | 	}
 43 | 
 44 | 	_, _, err = vfs.FindFile("/home/{}/")
 45 | 
 46 | 	if err != nil {
 47 | 		t.Error("Error:", err)
 48 | 	}
 49 | 
 50 | 	_, _, err = vfs.FindFile("/")
 51 | 
 52 | 	if err != nil {
 53 | 		t.Error("Error:", err)
 54 | 	}
 55 | }
 56 | 
 57 | func TestChdir(t *testing.T) {
 58 | 	vfs := &plugin.VFS{}
 59 | 	err := json.Unmarshal([]byte(testVfs), vfs)
 60 | 	vfs.User = &plugin.User{
 61 | 		Username: "{}",
 62 | 		Group:    "{}",
 63 | 	}
 64 | 
 65 | 	if err != nil {
 66 | 		t.Errorf("Error: %s", err)
 67 | 	}
 68 | 
 69 | 	session := plugin.Session{
 70 | 		VFS: vfs,
 71 | 		User: &plugin.User{
 72 | 			Username: "test",
 73 | 			Group:    "test",
 74 | 		},
 75 | 	}
 76 | 	session.Chdir(vfs.Home)
 77 | 
 78 | 	pwd := session.GetPWD()
 79 | 
 80 | 	if pwd != vfs.Home {
 81 | 		t.Errorf("%q != %q", pwd, vfs.Home)
 82 | 	}
 83 | 
 84 | 	p, f, err := vfs.FindFile("test.txt")
 85 | 
 86 | 	if err != nil {
 87 | 		t.Errorf("Error: %s", err)
 88 | 	}
 89 | 
 90 | 	if p != "/home/{}/test.txt" {
 91 | 		t.Errorf("%q != \"/home/{}/test.txt\"", p)
 92 | 	}
 93 | 
 94 | 	if f.Contents != "This is a test file" {
 95 | 		t.Errorf("%q != \"This is a test file\"", f.Contents)
 96 | 	}
 97 | 
 98 | 	p, f, err = vfs.FindFile("../../../etc/hostname")
 99 | 
100 | 	if err != nil {
101 | 		t.Errorf("Error: %s", err)
102 | 	}
103 | 
104 | 	if p != "/etc/hostname" {
105 | 		t.Errorf("%q != \"/etc/hostname\"", p)
106 | 	}
107 | 
108 | 	if f.Contents != "test-hostname" {
109 | 		t.Errorf("%q != \"test-hostname\"", f.Contents)
110 | 	}
111 | 
112 | 	session.Chdir("/")
113 | 	p, f, err = vfs.FindFile("~/test.txt")
114 | 
115 | 	if err != nil {
116 | 		t.Errorf("Error: %s", err)
117 | 	}
118 | 
119 | 	if p != "/home/{}/test.txt" {
120 | 		t.Errorf("%q != \"/home/{}/test.txt\"", p)
121 | 	}
122 | 
123 | 	if f.Contents != "This is a test file" {
124 | 		t.Errorf("%q != \"This is a test file\"", f.Contents)
125 | 	}
126 | 
127 | 	_, _, err = vfs.FindFile("~/doesnt-exist")
128 | 
129 | 	if err == nil {
130 | 		t.Error("File found where there should't be one")
131 | 	}
132 | }
133 | 


--------------------------------------------------------------------------------