内容简介:opencanary/modules目录下为模拟的服务或协议脚本。opencanary/logger.py 为日志生成脚本,我就是在这个文件里直接改了几行代码向web端发送日志,例如post2server函数和log函数;且LoggerBase类定义了各种日志类型。我将opencanary蜜罐框架分析的日志和服务(协议)用xmind进行记录,方便有兴趣的同学进行对照着开发。
opencanary/modules目录下为模拟的服务或协议脚本。
opencanary/logger.py 为日志生成脚本,我就是在这个文件里直接改了几行代码向web端发送日志,例如post2server函数和log函数;且LoggerBase类定义了各种日志类型。
日志格式xmind
我将opencanary蜜罐框架分析的日志和服务(协议)用xmind进行记录,方便有兴趣的同学进行对照着开发。
其中opencanary_web数据库honeypot的OpencanaryLog表的字段也是根据根据日志所包含的所有字段进行设计和开发中随时扩表的。
监听端口
当把opencanary配置选项全部开启之后
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:1433 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:9418 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 12683/python udp 0 0 0.0.0.0:57197 0.0.0.0:* 8994/python udp 0 0 0.0.0.0:5060 0.0.0.0:* 12683/python udp 0 0 0.0.0.0:69 0.0.0.0:* 12683/python udp 0 0 0.0.0.0:123 0.0.0.0:* 12683/python udp 0 0 0.0.0.0:161 0.0.0.0:* 12683/python
应用日志
HTTP
触发方式
访问蜜罐http页面
日志格式
{"dst_host": "172.18.200.58", "dst_port": 80, "local_time": "2019-01-07 13:47:45.817940", "logdata": {"HOSTNAME": "172.18.200.58", "PASSWORD": "admin888", "PATH": "/index.html", "SKIN": "nasLogin", "USERAGENT": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:61.0) Gecko/20100101 Firefox/61.0", "USERNAME": "admin"}, "logtype": 3001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54488}
FTP
触发方式
任意ftp客户端
日志格式
{"dst_host": "172.18.200.58", "dst_port": 21, "local_time": "2019-01-07 13:50:54.264032", "logdata": {"PASSWORD": "admin123", "USERNAME": "ftpadmin"}, "logtype": 2000, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54573}
SSH
触发方式
任意SSH客户端
日志格式
{"dst_host": "172.18.200.58", "dst_port": 2222, "local_time": "2019-01-07 13:54:27.811101", "logdata": {"SESSION": "3"}, "logtype": 4000, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54639}
{"dst_host": "172.18.200.58", "dst_port": 2222, "local_time": "2019-01-07 13:54:27.888686", "logdata": {"LOCALVERSION": "SSH-2.0-OpenSSH_5.1p1 Debian-4", "REMOTEVERSION": "SSH-2.0-OpenSSH_7.0 ZOC_7.16.1"}, "logtype": 4001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54639}
{"dst_host": "172.18.200.58", "dst_port": 2222, "local_time": "2019-01-07 13:54:32.444224", "logdata": {"LOCALVERSION": "SSH-2.0-OpenSSH_5.1p1 Debian-4", "PASSWORD": "root123", "REMOTEVERSION": "SSH-2.0-OpenSSH_7.0 ZOC_7.16.1", "USERNAME": "root"}, "logtype": 4002, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54639}
Telnet
触发方式
telnet 172.18.200.58
日志格式
{"dst_host": "172.18.200.58", "dst_port": 23, "honeycred": false, "local_time": "2019-01-07 13:56:45.341785", "logdata": {"PASSWORD": "admin888", "USERNAME": "admin123"}, "logtype": 6001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54676}
MYSQL
触发方式
mysql -h172.18.200.58 -uroot -p
日志格式
{"dst_host": "172.18.200.58", "dst_port": 3306, "local_time": "2019-01-07 13:58:25.922257", "logdata": {"PASSWORD": "18076c09615de80ddb2903191b783714918b4c4f", "USERNAME": "root"}, "logtype": 8001, "node_id": "opencanary-1", "src_host": "172.18.220.253", "src_port": 46662}
git协议
触发方式
git clone git://192.168.1.7:9418/tmp.git
日志格式
{"dst_host": "192.168.1.7", "dst_port": 9418, "local_time": "2019-01-05 15:38:46.368627", "logdata": {"HOST": "192.168.1.7:9418", "REPO": "tmp.git"}, "logtype": 16001, "node_id": "opencanary-1", "src_host": "192.168.1.3", "src_port": 57606}
NTP协议
触发方式
git clone git://192.168.1.7:9418/tmp.git
ntp监听的是udp的123端口
日志格式
{"dst_host": "0.0.0.0", "dst_port": 123, "local_time": "2019-01-05 15:58:52.075987", "logdata": {"NTP CMD": "monlist"}, "logtype": 11001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 57886}
redis
触发方式
(env) [[email protected] Honeypot]# redis-cli -h 192.168.1.7
192.168.1.7:6379> keys *
(error) NOAUTH Authentication required.
192.168.1.7:6379> config get requirepass
(error) ERR unknown command 'config'
192.168.1.7:6379> auth admin
(error) ERR invalid password
192.168.1.7:6379>
日志格式
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:05:11.637269", "logdata": {"ARGS": "", "CMD": "COMMAND"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:08:14.786249", "logdata": {"ARGS": "*", "CMD": "KEYS"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:09:36.418200", "logdata": {"ARGS": "get requirepass", "CMD": "CONFIG"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:10:09.802402", "logdata": {"ARGS": "admin", "CMD": "AUTH"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
TCP Banner
触发方式
telnet 192.168.1.6 8001
日志格式
{"dst_host": "192.168.1.6", "dst_port": 8001, "local_time": "2019-01-05 17:18:51.601478", "logdata": {"BANNER_ID": "1", "DATA": "", "FUNCTION": "CONNECTION_MADE"}, "logtype": 18002, "node_id": "opencanary-1", "src_host": "192.168.1.3", "src_port": 59176}
{"dst_host": "192.168.1.6", "dst_port": 8001, "local_time": "2019-01-05 17:19:12.996007", "logdata": {"BANNER_ID": "1", "DATA": "", "FUNCTION": "DATA_RECEIVED"}, "logtype": 18004, "node_id": "opencanary-1", "src_host": "192.168.1.3", "src_port": 59176}
LOG_TCP_BANNER_CONNECTION_MADE = 18001
LOG_TCP_BANNER_KEEP_ALIVE_CONNECTION_MADE = 18002
LOG_TCP_BANNER_KEEP_ALIVE_SECRET_RECEIVED = 18003
LOG_TCP_BANNER_KEEP_ALIVE_DATA_RECEIVED = 18004
LOG_TCP_BANNER_DATA_RECEIVED = 18005
VNC
触发方式
我在mac电脑上用vnc viewer连接
日志格式
{"dst_host": "192.168.1.7", "dst_port": 5000, "local_time": "2019-01-06 08:21:28.951940", "logdata": {"VNC Client Response": "58c00be9ee5b7f3b666771dd2bda9309", "VNC Password": "<Password was not in the common list>", "VNC Server Challenge": "953e2dff7e4d3a3114527c282817ce1d"}, "logtype": 12001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 54634}
RDP
触发方式
我在mac电脑上用Microsoft Remote Desktop Beta.app连接
日志格式
{"dst_host": "192.168.1.7", "dst_port": 3389, "local_time": "2019-01-06 08:59:13.890934", "logdata": {"DOMAIN": "", "HOSTNAME": "HelloHost", "PASSWORD": "helloword", "USERNAME": "administrator1"}, "logtype": 14001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 59955}
{"dst_host": "192.168.1.7", "dst_port": 3389, "local_time": "2019-01-06 08:59:26.868856", "logdata": {"INPUT": ""}, "logtype": 14001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 59955}
windows console模式登录的会出现INPUT字段
SIP
触发方式
hydra -l adminsip -p password 192.168.1.7 sip
日志格式
{"dst_host": "0.0.0.0", "dst_port": 5060, "local_time": "2019-01-06 09:55:12.578148", "logdata": {"HEADERS": {"call-id": ["[email protected]"], "content-length": ["0"], "cseq": ["1 REGISTER"], "from": ["<sip:[email protected]>"], "to": ["<sip:[email protected]>"], "via": ["SIP/2.0/UDP 10.0.2.15:46759;received=192.168.1.7"]}}, "logtype": 15001, "node_id": "opencanary-1", "src_host": "192.168.1.7", "src_port": 46759}
SNMP
触发方式
hydra -p password 192.168.1.7 snmp
日志格式
{"dst_host": "0.0.0.0", "dst_port": 161, "local_time": "2019-01-06 11:17:27.266214", "logdata": {"COMMUNITY_STRING": "password", "REQUESTS": ["1.3.6.1.2.1.1.1"]}, "logtype": 13001, "node_id": "opencanary-1", "src_host": "192.168.1.7", "src_port": 47112}
NMAP
OS探测触发方式
sudo nmap -v -Pn -O 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "21", "local_time": "2019-01-06 16:35:24.356080", "logdata": {"FIN": "", "ID": "37499", "IN": "eth1", "LEN": "60", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "PSH": "", "RES": "0x00", "SYN": "", "TOS": "0x00", "TTL": "56", "URG": "", "URGP": "0", "WINDOW": "256"}, "logtype": 5002, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "40098"}
SYN探测触发方式
sudo nmap -sS 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "21", "local_time": "2019-01-06 16:35:24.190176", "logdata": {"ID": "51918", "IN": "eth1", "LEN": "56", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "SYN": "", "TOS": "0x00", "TTL": "58", "URGP": "0", "WINDOW": "512"}, "logtype": 5001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "40088"}
FIN探测触发方式
sudo nmap -sF 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "23", "local_time": "2019-01-06 16:46:18.336954", "logdata": {"FIN": "", "ID": "29768", "IN": "eth1", "LEN": "40", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "TOS": "0x00", "TTL": "59", "URGP": "0", "WINDOW": "1024"}, "logtype": 5005, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "35116"}
XmasTree探测触发方式
sudo nmap -sX 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "139", "local_time": "2019-01-06 16:48:46.225539", "logdata": {"FIN": "", "ID": "19984", "IN": "eth1", "LEN": "40", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "PSH": "", "RES": "0x00", "TOS": "0x00", "TTL": "56", "URG": "", "URGP": "0", "WINDOW": "1024"}, "logtype": 5004, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "50913"}
Null探测触发方式
sudo nmap -sN 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "5060", "local_time": "2019-01-06 16:51:07.789903", "logdata": {"ID": "26441", "IN": "eth1", "LEN": "40", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "TOS": "0x00", "TTL": "50", "URGP": "0", "WINDOW": "1024"}, "logtype": 5003, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "58015"}
MSSQL
mssql登录 sql 账户认证
SQLPro for MSSQL
日志格式
{"dst_host": "172.18.200.58", "dst_port": 1433, "local_time": "2019-01-07 09:04:58.690137", "logdata": {"AppName": "SQLPro for MSSQL (hankinsoft.com)", "CltIntName": "DB-Library", "Database": "test", "HostName": "Piroguehost", "Language": "us_english", "Password": "sa123456", "ServerName": "172.18.200.58:1433", "UserName": "sa"}, "logtype": 9001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 64344}
mssql登录win身份认证
SQLPro for MSSQL
日志格式
{"dst_host": "172.18.200.58", "dst_port": 1433, "local_time": "2019-01-07 09:13:28.669829", "logdata": {"PASSWORD": "", "USERNAME": ""}, "logtype": 9002, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 64499}
HTTPPROXY
触发方式
可以通过浏览器配置一个带有认证的http代理,随便访问一个链接。
日志格式
{"dst_host": "172.18.200.58", "dst_port": 8080, "local_time": "2019-01-07 13:26:47.761297", "logdata": {"PASSWORD": "passsquid", "USERNAME": "squidadmin"}, "logtype": 7001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 53798}
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
- Cleave.js:Web 表单开发之实时格式化显示
- Opus 1.3 发布,Xiph.Org 基金会开发的声音编码格式
- Opus 1.3 发布,Xiph.Org 基金会开发的声音编码格式
- TCP数据段格式+UDP数据段格式详解
- 解决从旧格式的 csproj 迁移到新格式的 csproj 格式 AssemblyInfo 文件值重复问题
- CSS——CSS 基本视觉格式化:① “块盒子”格式化
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
见微知著-WEB用户体验解构
李清 / 机械工业出版社 / 2010-4 / 36.00元
本书用解构分析的方法,系统全面地介绍了Web页面设计的相关知识和要素。 本书从整体到局部地对网站的元素进行解构,包括网站整体布局、整体配色方案,到网站各个功能区域,如登录区、内容区、广告区等,最后到按钮、反馈、验证码、字体、文字语气等多个细节元素。本书通过解构这些元素来讲述如何对用户体验设计进行优化,如何进行搜索引擎优化。 本书适用于网站交互设计师、视觉设计师、产品经理、网站设计人员、......一起来看看 《见微知著-WEB用户体验解构》 这本书的介绍吧!
HTML 压缩/解压工具
在线压缩/解压 HTML 代码
在线进制转换器
各进制数互转换器