aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2026-01-25 09:04:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #89 from g0tmi1k/branding

Browse Source 
Kippo -> Cowrie
This commit is contained in:
Michel Oosterhof
2015-12-23 10:58:55 +04:00
parent 1f75df6827 0a3916f944
commit f6fec48580
17 changed files with 90 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cowrie/commands/base.py
View File

@@ -317,7 +317,7 @@ class command_passwd(HoneyPotCommand):
def lineReceived(self, line):
"""
"""
log.msg( eventid='KIPP0008', realm='passwd', input=line,
log.msg( eventid='COW0008', realm='passwd', input=line,
format='INPUT (%(realm)s): %(input)s' )
self.password = line.strip()
self.callbacks.pop(0)(line)
@@ -581,7 +581,7 @@ class command_perl(HoneyPotCommand):
def lineReceived(self, line):
"""
"""
log.msg( eventid='KIPP0008', realm='perl', input=line,
log.msg( eventid='COW0008', realm='perl', input=line,
format='INPUT (%(realm)s): %(input)s' )
@@ -661,7 +661,7 @@ class command_php(HoneyPotCommand):
def lineReceived(self, line):
"""
"""
log.msg( eventid='KIPP0008', realm='php', input=line,
log.msg( eventid='COW0008', realm='php', input=line,
format='INPUT (%(realm)s): %(input)s' )

2
cowrie/commands/busybox.py
View File

@@ -69,7 +69,7 @@ class command_busybox(HoneyPotCommand):
cmdclass = self.protocol.getCommand(cmd,
self.environ['PATH'].split(':'))
if cmdclass:
log.msg(eventid='KIPP0005', input=line,
log.msg(eventid='COW0005', input=line,
format='Command found: %(input)s')
self.protocol.call_command(cmdclass, *args)
else:

4
cowrie/commands/curl.py
View File

@@ -312,10 +312,10 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
log.msg("Not storing duplicate content " + shasum)
self.protocol.logDispatch(format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
eventid='KIPP0007', url=self.url, outfile=hashPath, shasum=shasum)
eventid='COW0007', url=self.url, outfile=hashPath, shasum=shasum)
log.msg(format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
eventid='KIPP0007', url=self.url, outfile=hashPath, shasum=shasum)
eventid='COW0007', url=self.url, outfile=hashPath, shasum=shasum)
# Link friendly name to hash
os.symlink(shasum, self.safeoutfile)

6
cowrie/commands/fs.py
View File

@@ -30,7 +30,7 @@ class command_cat(HoneyPotCommand):
def lineReceived(self, line):
log.msg( eventid='KIPP0008', realm='cat', input=line,
log.msg( eventid='COW0008', realm='cat', input=line,
format='INPUT (%(realm)s): %(input)s' )
@@ -78,7 +78,7 @@ class command_tail(HoneyPotCommand):
def lineReceived(self, line):
log.msg( eventid='KIPP0008', realm='tail', input=line,
log.msg( eventid='COW0008', realm='tail', input=line,
format='INPUT (%(realm)s): %(input)s' )
@@ -125,7 +125,7 @@ class command_head(HoneyPotCommand):
def lineReceived(self, line):
log.msg( eventid='KIPP0008', realm='head', input=line,
log.msg( eventid='COW0008', realm='head', input=line,
format='INPUT (%(realm)s): %(input)s' )

2
cowrie/commands/scp.py
View File

@@ -69,7 +69,7 @@ class command_scp(HoneyPotCommand):
def lineReceived(self, line):
"""
"""
log.msg( eventid='KIPP0008', realm='scp', input=line,
log.msg( eventid='COW0008', realm='scp', input=line,
format='INPUT (%(realm)s): %(input)s' )
self.protocol.terminal.write( '\x00' )

2
cowrie/commands/sudo.py
View File

@@ -108,7 +108,7 @@ Sudoers I/O plugin version 1.8.5p2''')
cmdclass = self.protocol.getCommand(cmd,
self.environ['PATH'].split(':'))
if cmdclass:
log.msg(eventid='KIPP0005', input=line,
log.msg(eventid='COW0005', input=line,
format='Command found: %(input)s')
self.protocol.call_command(cmdclass, *args)
self.exit()

4
cowrie/commands/wget.py
View File

@@ -165,10 +165,10 @@ class command_wget(HoneyPotCommand):
log.msg("Not storing duplicate content " + shasum)
self.protocol.logDispatch( format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
eventid='KIPP0007', url=self.url, outfile=hash_path, shasum=shasum )
eventid='COW0007', url=self.url, outfile=hash_path, shasum=shasum )
log.msg( format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
eventid='KIPP0007', url=self.url, outfile=hash_path, shasum=shasum )
eventid='COW0007', url=self.url, outfile=hash_path, shasum=shasum )
# link friendly name to hash
os.symlink( shasum, self.safeoutfile )

6
cowrie/core/checkers.py
View File

@@ -33,7 +33,7 @@ class HoneypotPublicKeyChecker:
"""
_pubKey = keys.Key.fromString(credentials.blob)
log.msg(format='public key attempt for user %(username)s with fingerprint %(fingerprint)s',
eventid='KIPP0016',
eventid='COW0016',
username=credentials.username,
fingerprint=_pubKey.fingerprint())
return failure.Failure(error.ConchError('Incorrect signature'))
@@ -120,12 +120,12 @@ class HoneypotPasswordChecker:
theauth = authname(self.cfg)
if theauth.checklogin(theusername, thepassword, ip):
log.msg(eventid='KIPP0002',
log.msg(eventid='COW0002',
format='login attempt [%(username)s/%(password)s] succeeded',
username=theusername, password=thepassword)
return True
else:
log.msg(eventid='KIPP0003',
log.msg(eventid='COW0003',
format='login attempt [%(username)s/%(password)s] failed',
username=theusername, password=thepassword)
return False

54
cowrie/core/dblog.py
View File

@@ -11,21 +11,21 @@ import abc
# dblog now operates based on eventids, no longer on regex parsing of the entry.
# add an eventid using keyword args and it will be picked up by the dblogger
# the KIPPxxxx naming convention is still subject to change.
# the COWxxxx naming convention is still subject to change.
# KIPP0001 : create session
# KIPP0002 : succesful login
# KIPP0003 : failed login
# KIPP0004 : TTY log opened
# KIPP0005 : handle command
# KIPP0006 : handle unknown command
# KIPP0007 : file download
# KIPP0008 : INPUT
# KIPP0009 : SSH Version
# KIPP0010 : Terminal Size
# KIPP0011 : Connection Lost
# KIPP0012 : TTY log closed
# KIPP0013 : env var requested
# COW0001 : create session
# COW0002 : succesful login
# COW0003 : failed login
# COW0004 : TTY log opened
# COW0005 : handle command
# COW0006 : handle unknown command
# COW0007 : file download
# COW0008 : INPUT
# COW0009 : SSH Version
# COW0010 : Terminal Size
# COW0011 : Connection Lost
# COW0012 : TTY log closed
# COW0013 : env var requested
class DBLogger(object):
__metaclass__ = abc.ABCMeta
@@ -37,20 +37,20 @@ class DBLogger(object):
self.re_sessionlog = re.compile(
'.*HoneyPotTransport,([0-9]+),[0-9.]+$')
# KIPP0001 is special since it kicks off new logging session,
# COW0001 is special since it kicks off new logging session,
# and is not handled here
self.events = {
'KIPP0002': self.handleLoginSucceeded,
'KIPP0003': self.handleLoginFailed,
'KIPP0004': self.handleTTYLogOpened,
'KIPP0005': self.handleCommand,
'KIPP0006': self.handleUnknownCommand,
'KIPP0007': self.handleFileDownload,
'KIPP0008': self.handleInput,
'KIPP0009': self.handleClientVersion,
'KIPP0010': self.handleTerminalSize,
'KIPP0011': self._connectionLost,
'KIPP0012': self.handleTTYLogClosed,
'COW0002': self.handleLoginSucceeded,
'COW0003': self.handleLoginFailed,
'COW0004': self.handleTTYLogOpened,
'COW0005': self.handleCommand,
'COW0006': self.handleUnknownCommand,
'COW0007': self.handleFileDownload,
'COW0008': self.handleInput,
'COW0009': self.handleClientVersion,
'COW0010': self.handleTerminalSize,
'COW0011': self._connectionLost,
'COW0012': self.handleTTYLogClosed,
}
self.reported_ssh_port = None
@@ -95,7 +95,7 @@ class DBLogger(object):
return
# connection event is special. adds to list
if ev['eventid'] == 'KIPP0001':
if ev['eventid'] == 'COW0001':
sessionno = ev['sessionno']
peerIP, peerPort = ev['src_ip'], ev['src_port']
hostIP, hostPort = ev['dst_ip'], ev['dst_port']

4
cowrie/core/honeypot.py
View File

@@ -173,10 +173,10 @@ class HoneyPotShell(object):
rargs.append(arg)
cmdclass = self.protocol.getCommand(cmd, environ['PATH'].split(':'))
if cmdclass:
log.msg(eventid='KIPP0005', input=line, format='Command found: %(input)s')
log.msg(eventid='COW0005', input=line, format='Command found: %(input)s')
self.protocol.call_command(cmdclass, *rargs)
else:
log.msg(eventid='KIPP0006',
log.msg(eventid='COW0006',
input=line, format='Command not found: %(input)s')
if len(line):
self.protocol.writeln('bash: %s: command not found' % (cmd,))

38
cowrie/core/output.py
View File

@@ -36,22 +36,22 @@ import re
import copy
import socket
# KIPP0001 : create session
# KIPP0002 : succesful login
# KIPP0003 : failed login
# KIPP0004 : TTY log opened
# KIPP0005 : handle command
# KIPP0006 : handle unknown command
# KIPP0007 : file download
# KIPP0008 : INPUT
# KIPP0009 : SSH Version
# KIPP0010 : Terminal Size
# KIPP0011 : Connection Lost
# KIPP0012 : TTY log closed
# KIPP0013 : env var requested
# KIPP0014 : direct-tcpip request
# KIPP0015 : direct-tcpip data
# KIPP0016 : key fingerprint
# COW0001 : create session
# COW0002 : succesful login
# COW0003 : failed login
# COW0004 : TTY log opened
# COW0005 : handle command
# COW0006 : handle unknown command
# COW0007 : file download
# COW0008 : INPUT
# COW0009 : SSH Version
# COW0010 : Terminal Size
# COW0011 : Connection Lost
# COW0012 : TTY log closed
# COW0013 : env var requested
# COW0014 : direct-tcpip request
# COW0015 : direct-tcpip data
# COW0016 : key fingerprint
class Output(object):
"""
@@ -133,7 +133,7 @@ class Output(object):
del ev['time']
# On disconnect add the tty log
#if ev['eventid'] == 'KIPP0012':
#if ev['eventid'] == 'COW0012':
# FIXME: file is read for each output plugin
#f = file(ev['ttylog'])
#ev['ttylog'] = f.read(10485760)
@@ -155,7 +155,7 @@ class Output(object):
ev['src_ip'] = self.ips[sessionno]
# Connection event is special. adds to session list
if ev['eventid'] == 'KIPP0001':
if ev['eventid'] == 'COW0001':
self.sessions[sessionno] = ev['id']
self.ips[sessionno] = ev['src_ip']
del ev['id']
@@ -165,7 +165,7 @@ class Output(object):
self.write(ev)
# Disconnect is special, remove cached data
if ev['eventid'] == 'KIPP0011':
if ev['eventid'] == 'COW0011':
del self.sessions[sessionno]
del self.ips[sessionno]

8
cowrie/core/protocol.py
View File

@@ -395,7 +395,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
ttylog.ttylog_open(self.ttylog_file, time.time())
self.ttylog_open = True
log.msg(eventid='KIPP0004', ttylog=self.ttylog_file,
log.msg(eventid='COW0004', ttylog=self.ttylog_file,
format='Opening TTY Log: %(ttylog)s')
self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \
@@ -424,7 +424,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
"""
self.bytesReceived += len(data)
if self.bytesReceivedLimit and self.bytesReceived > self.bytesReceivedLimit:
log.msg(eventid='KIPP0015', format='Data upload limit reached')
log.msg(eventid='COW0015', format='Data upload limit reached')
#self.loseConnection()
self.eofReceived()
return
@@ -489,7 +489,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
else:
os.rename(self.stdinlog_file, shasumfile)
os.symlink(shasum, self.stdinlog_file)
log.msg(eventid='KIPP0007',
log.msg(eventid='COW0007',
format='Saved stdin contents to %(outfile)s',
url='stdin', outfile=shasumfile, shasum=shasum)
except IOError as e:
@@ -498,7 +498,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
self.stdinlog_open = False
if self.ttylog_open:
log.msg(eventid='KIPP0012', format='Closing TTY Log: %(ttylog)s',
log.msg(eventid='COW0012', format='Closing TTY Log: %(ttylog)s',
ttylog=self.ttylog_file)
ttylog.ttylog_close(self.ttylog_file, time.time())
self.ttylog_open = False

10
cowrie/core/ssh.py
View File

@@ -41,7 +41,7 @@ class HoneyPotSSHSession(session.SSHSession):
value, rest = getNS(rest)
if rest:
raise ValueError("Bad data given in env request")
log.msg(eventid='KIPP0013', format='request_env: %(name)s=%(value)s',
log.msg(eventid='COW0013', format='request_env: %(name)s=%(value)s',
name=name, value=value)
# Environment variables come after shell or before exec command
if self.session:
@@ -173,7 +173,7 @@ class SSHSessionForCowrieUser:
"""
"""
self.environ['TERM'] = terminal
log.msg(eventid='KIPP0010', width=windowSize[0], height=windowSize[1],
log.msg(eventid='COW0010', width=windowSize[0], height=windowSize[1],
format='Terminal Size: %(width)s %(height)s')
self.windowSize = windowSize
return None
@@ -279,7 +279,7 @@ class CowrieSFTPFile:
"""
self.bytes_written += len(data)
if self.bytesReceivedLimit and self.bytes_written > self.bytesReceivedLimit:
log.msg(eventid='KIPP0015', format='Data upload limit reached')
log.msg(eventid='COW0015', format='Data upload limit reached')
raise filetransfer.SFTPError( filetransfer.FX_FAILURE, "Quota exceeded" )
self.sftpserver.fs.lseek(self.fd, offset, os.SEEK_SET)
self.sftpserver.fs.write(self.fd, data)
@@ -486,7 +486,7 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
"""
"""
remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
log.msg(eventid='KIPP0014', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s',
log.msg(eventid='COW0014', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s',
dst_ip=remoteHP[0], dst_port=remoteHP[1])
return CowrieConnectForwardingChannel(remoteHP,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
@@ -506,7 +506,7 @@ class CowrieConnectForwardingChannel(forwarding.SSHConnectForwardingChannel):
def dataReceived(self, data):
"""
"""
log.msg(eventid='KIPP0015',
log.msg(eventid='COW0015',
format='direct-tcp forward to %(dst_ip)s:%(dst_port)s with data %(data)s',
dst_ip=self.hostport[0], dst_port=self.hostport[1], data=repr(data))
self._close("Connection refused")

6
cowrie/core/transport.py
View File

@@ -168,7 +168,7 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin):
"""
self.transportId = uuid.uuid4().hex[:8]
log.msg(eventid='KIPP0001',
log.msg(eventid='COW0001',
format='New connection: %(src_ip)s:%(src_port)s (%(dst_ip)s:%(dst_port)s) [session: %(sessionno)s]',
src_ip=self.transport.getPeer().host, src_port=self.transport.getPeer().port,
dst_ip=self.transport.getHost().host, dst_port=self.transport.getHost().port,
@@ -236,7 +236,7 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin):
strings, rest = k[:-1], k[-1]
(kexAlgs, keyAlgs, encCS, encSC, macCS, macSC, compCS, compSC, langCS,
langSC) = [s.split(',') for s in strings]
log.msg(eventid='KIPP0009', version=self.otherVersionString,
log.msg(eventid='COW0009', version=self.otherVersionString,
kexAlgs=kexAlgs, keyAlgs=keyAlgs, encCS=encCS, macCS=macCS,
compCS=compCS, format='Remote SSH version: %(version)s')
@@ -269,7 +269,7 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin):
transport.SSHServerTransport.connectionLost(self, reason)
self.transport.connectionLost(reason)
self.transport = None
log.msg(eventid='KIPP0011', format='Connection lost')
log.msg(eventid='COW0011', format='Connection lost')
def sendDisconnect(self, reason, desc):

4
cowrie/dblog/hpfeeds.py
View File

@@ -28,7 +28,7 @@ SIZES = {
OP_SUBSCRIBE: 5+256*2,
}
KIPPOCHAN = 'cowrie.sessions'
COWRIECHAN = 'cowrie.sessions'
class BadClient(Exception):
pass
@@ -221,7 +221,7 @@ class DBLogger(dblog.DBLogger):
self.meta[session]['endTime']=datetime.now().isoformat()
ttylog = self.ttylog(session)
if ttylog: meta['ttylog'] = ttylog.encode('hex')
self.client.publish(KIPPOCHAN, **meta)
self.client.publish(COWRIECHAN, **meta)
def handleLoginFailed(self, session, args):
u, p = args['username'], args['password']

2
cowrie/output/dshield.py
View File

@@ -33,7 +33,7 @@ class Output(cowrie.core.output.Output):
pass
def write(self, entry):
if entry["eventid"] == 'KIPP0002' or entry["eventid"] == 'KIPP0003':
if entry["eventid"] == 'COW0002' or entry["eventid"] == 'COW0003':
date = dateutil.parser.parse(entry["timestamp"])
self.batch.append({
'date' : date.date().__str__(),

22
cowrie/output/mysql.py
View File

@@ -99,7 +99,7 @@ class Output(cowrie.core.output.Output):
docstring here
"""
if entry["eventid"] == 'KIPP0001':
if entry["eventid"] == 'COW0001':
r = yield self.db.runQuery(
"SELECT `id` FROM `sensors` WHERE `ip` = %s", (self.sensor,))
if r:
@@ -115,49 +115,49 @@ class Output(cowrie.core.output.Output):
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
sensorid, entry["src_ip"]))
elif entry["eventid"] == 'KIPP0002':
elif entry["eventid"] == 'COW0002':
self.simpleQuery('INSERT INTO `auth` (`session`, `success`' + \
', `username`, `password`, `timestamp`)' + \
' VALUES (%s, %s, %s, %s, STR_TO_DATE(%s, %s))',
(entry["session"], 1, entry['username'], entry['password'],
entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ'))
elif entry["eventid"] == 'KIPP0003':
elif entry["eventid"] == 'COW0003':
self.simpleQuery('INSERT INTO `auth` (`session`, `success`' + \
', `username`, `password`, `timestamp`)' + \
' VALUES (%s, %s, %s, %s, STR_TO_DATE(%s, %s))',
(entry["session"], 0, entry['username'], entry['password'],
entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ'))
elif entry["eventid"] == 'KIPP0005':
elif entry["eventid"] == 'COW0005':
self.simpleQuery('INSERT INTO `input`' + \
' (`session`, `timestamp`, `success`, `input`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
1, entry["input"]))
elif entry["eventid"] == 'KIPP0006':
elif entry["eventid"] == 'COW0006':
self.simpleQuery('INSERT INTO `input`' + \
' (`session`, `timestamp`, `success`, `input`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
0, entry["input"]))
elif entry["eventid"] == 'KIPP0007':
elif entry["eventid"] == 'COW0007':
self.simpleQuery('INSERT INTO `downloads`' + \
' (`session`, `timestamp`, `url`, `outfile`, `shasum`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s, %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
entry['url'], entry['outfile'], entry['shasum']))
elif entry["eventid"] == 'KIPP0008':
elif entry["eventid"] == 'COW0008':
self.simpleQuery('INSERT INTO `input`' + \
' (`session`, `timestamp`, `realm`, `input`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
entry["realm"], entry["input"]))
elif entry["eventid"] == 'KIPP0009':
elif entry["eventid"] == 'COW0009':
r = yield self.db.runQuery(
'SELECT `id` FROM `clients` WHERE `version` = %s', \
(entry['version'],))
@@ -173,19 +173,19 @@ class Output(cowrie.core.output.Output):
'UPDATE `sessions` SET `client` = %s WHERE `id` = %s',
(id, entry["session"]))
elif entry["eventid"] == 'KIPP0010':
elif entry["eventid"] == 'COW0010':
self.simpleQuery(
'UPDATE `sessions` SET `termsize` = %s WHERE `id` = %s',
('%sx%s' % (entry['width'], entry['height']),
entry["session"]))
elif entry["eventid"] == 'KIPP0011':
elif entry["eventid"] == 'COW0011':
self.simpleQuery(
'UPDATE `sessions` SET `endtime` = STR_TO_DATE(%s, %s)' + \
' WHERE `id` = %s', (entry["timestamp"],
'%Y-%m-%dT%H:%i:%s.%fZ', entry["session"]))
elif entry["eventid"] == 'KIPP0012':
elif entry["eventid"] == 'COW0012':
self.simpleQuery(
'INSERT INTO `ttylog` (`session`, `ttylog`) VALUES (%s, %s)',
(entry["session"], entry["ttylog"]))