Created
February 12, 2024 22:02
-
-
Save peralta/508dc72275aa4130e1ad71ae3688c11c to your computer and use it in GitHub Desktop.
sshd simple honeypot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"io" | |
"io/ioutil" | |
"log" | |
"net" | |
"flag" | |
"github.com/gliderlabs/ssh" | |
"golang.org/x/crypto/ssh/terminal" | |
"github.com/kalikaneko/gop0f" | |
) | |
func main() { | |
portPtr := flag.Int("port", 2222, "TCP port to listen on ") | |
sshkeyFilePtr := flag.String("keyfile", "ssh.key", "SSH private key file") | |
p0fSocketPtr := flag.String("p0f_socket", "/var/run/p0f/p0f.socket", "p0f socket location") | |
sshVersionPtr := flag.String("ssh_version", "OpenSSH_6.9", "SSH version banner") | |
flag.Parse() | |
key, err := ioutil.ReadFile(*sshkeyFilePtr) | |
if err != nil { | |
panic(err) | |
} | |
log.Println("connecting to p0f socket...") | |
p0fclient, err := gop0f.New(*p0fSocketPtr) | |
if err != nil { | |
panic(err) | |
} | |
ssh.Handle(func(sess ssh.Session) { | |
log.Println(sess.RemoteAddr().String(), " REMOTE CMD: ", sess.Command()) | |
log.Println(sess.RemoteAddr().String(), " ENV: ", sess.Environ()) | |
io.WriteString(sess, fmt.Sprintf("Login successful!\n")) | |
_, _, isTty := sess.Pty() | |
if isTty { | |
captureInteractiveCmd(sess) | |
} | |
io.WriteString(sess, fmt.Sprintf("Segmentation fault! (core dumped)\n")) | |
sess.Exit(0) | |
}) | |
keyOpt := ssh.HostKeyPEM(key) | |
passOpt := ssh.PasswordAuth(func(ctx ssh.Context, pass string) bool { | |
resp, err := getP0fFromAddr(p0fclient, ctx.RemoteAddr()) | |
if err != nil { | |
panic(err) | |
} | |
log.Println(ctx.RemoteAddr().String(), resp.OsName, ctx.ClientVersion(), ctx.User(), pass) | |
return true | |
}) | |
versionOpt := SetVersion(*sshVersionPtr) | |
publicKeyOpt := ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool { | |
log.Println(ctx.RemoteAddr().String(), ctx.ClientVersion(), ctx.User(), "[public key attempted]") | |
return true | |
}) | |
port := fmt.Sprint(":", *portPtr) | |
log.Println("starting ssh server on port", *portPtr) | |
log.Fatal(ssh.ListenAndServe(port, nil, keyOpt, passOpt, publicKeyOpt, versionOpt)) | |
} | |
func SetVersion(version string) ssh.Option { | |
return func(srv *ssh.Server) error { | |
srv.Version = version | |
return nil | |
} | |
} | |
func getP0fFromAddr(p0fclient *gop0f.GoP0f, addr net.Addr) (gop0f.IPInfo, error) { | |
host, _, _ := net.SplitHostPort(addr.String()) | |
return p0fclient.Query(net.ParseIP(host)) | |
} | |
func captureInteractiveCmd(sess ssh.Session) { | |
term := terminal.NewTerminal(sess, fmt.Sprintf("%s> ", sess.User())) | |
line, _ := term.ReadLine() | |
log.Println(sess.RemoteAddr().String(), " CMD: ", line) | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment