Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A Thinkst canary user module which listens on HTTPS
INCIDENT_NAME = "NCCGROUPHTTPS"
VERSION = "0.1"
MODULE_DESCRIPTION = "NCCGROUPHTTPS"
AUTHOR = "Ollie Whitehouse"
AUTHOR_EMAIL = "ollie.whitehouse@nccgroup.com"
CERT_FILE = "/tmp/selfsigned.crt"
KEY_FILE = "/tmp/private.key"
from opencanary.modules import CanaryService
from twisted.internet import ssl,reactor, protocol
from twisted.internet.protocol import Protocol
from twisted.internet.protocol import Factory
from twisted.application import internet
from OpenSSL import crypto, SSL
from socket import gethostname
from pprint import pprint
from time import gmtime, mktime
# Protocol implementation class
class Echo(Protocol):
def dataReceived(self, data):
self.transport.write(data)
# Key generation class
class GenerateKey():
def __init__(self):
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = "GB"
cert.get_subject().ST = "N/A"
cert.get_subject().L = "N/A"
cert.get_subject().O = "NCC Group RIFT"
cert.get_subject().OU = "NCC Group RIFT"
cert.get_subject().CN = "i-byte.example.local"
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha256')
# write out to /tmp
open(CERT_FILE, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
open(KEY_FILE, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
# Main class used as the entry point
class NCCGROUPHTTPS(Factory, CanaryService):
NAME = 'nccgrouphttps'
# Constructor
def __init__(self, config=None, logger=None):
CanaryService.__init__(self, config=config, logger=logger)
# Generate our SSL certificate
tls = GenerateKey()
# What port we should listen on
self.port = config.getVal('nccgroupsa3.port', 8443)
self.listen_addr = config.getVal('device.listen_addr', default='')
# Log type
self.logtype = logger.LOG_USER_2
# This returns the service it wants
def getService(self):
# Setup the SSL Context
context = ssl.DefaultOpenSSLContextFactory(KEY_FILE, CERT_FILE)
# Build our protocol factory
f = protocol.ServerFactory()
f.canaryservice=self
f.logger=self.logger
f.protocol=Echo # this is our protocol handler
# Return the server object
return internet.SSLServer(self.port, f, context, interface=self.listen_addr)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.