added discord reporter

author: Tyler St. Onge <tylertstonge@gmail.com> 2020-11-05 15:16:00 -0500
committer: Tyler St. Onge <tylertstonge@gmail.com> 2020-11-05 15:16:00 -0500
commit: a7ba75b1b6ca4faa392cb3e5655fc784687e02ac (patch)
tree: 2fbb86557038b616513e1e2561d4e7ad7ae30d0e
parent: 07abec1108c69cf1f85ae039066e90f14eaca78a (diff)
12 files changed, 134 insertions, 48 deletions
diff --git a/build.sbt b/build.sbt
index 7a7a1ff..6dbf002 100644
--- a/build.sbt
+++ b/build.sbt
@@ -4,8 +4,11 @@ name := "honeypot"
 organization := "com.tylerstonge"
 version := "1.0"
 
+assemblyJarName in assembly := "honeypot-fatjar-1.0.jar"
+
 libraryDependencies += "com.typesafe.akka" %% "akka-actor" % "2.6.8"
 libraryDependencies += "org.typelevel" %% "jawn-ast" % "1.0.0"
+libraryDependencies += "org.scalaj" % "scalaj-http_2.13" % "2.4.2"
 
 libraryDependencies += "org.scalatest" %% "scalatest" % "3.2.0" % Test
 libraryDependencies += "com.typesafe.akka" %% "akka-testkit" % "2.6.8" % Test
 \ No newline at end of file
diff --git a/config.json b/config.json
index 7e5f5f5..3b108cd 100644
--- a/config.json
+++ b/config.json
@@ -8,8 +8,11 @@
   ],
   "reporters": [
     {
-      "name": "basic-reporter",
-      "type": "console-logger"
+      "name": "nothingness",
+      "type": "discord-logger",
+      "options": {
+        "webhook": "http://example.com"
+      }
     }
   ]
 }
 \ No newline at end of file
diff --git a/project/plugins.sbt b/project/plugins.sbt
new file mode 100644
index 0000000..5b20505
--- /dev/null
+++ b/project/plugins.sbt
@@ -0,0 +1 @@
+addSbtPlugin("com.eed3si9n" % "sbt-assembly" % "0.15.0")
+\ No newline at end of file
diff --git a/src/main/scala/com/tylerstonge/honeypot/Supervisor.scala b/src/main/scala/com/tylerstonge/honeypot/Supervisor.scala
index a6551e7..d5c59fe 100644
--- a/src/main/scala/com/tylerstonge/honeypot/Supervisor.scala
+++ b/src/main/scala/com/tylerstonge/honeypot/Supervisor.scala
@@ -6,7 +6,7 @@ import akka.actor.{Actor, Props}
 import akka.event.{Logging, LoggingAdapter}
 import com.tylerstonge.honeypot.ftp.FtpListener
 import com.tylerstonge.honeypot.messages.{MStartComponent, MStartReporter}
-import com.tylerstonge.honeypot.reporter.LogReporter
+import com.tylerstonge.honeypot.reporter.{LogReporter, DiscordReporter}
 import org.typelevel.jawn.ast.{JArray, JParser}
 
 
@@ -17,7 +17,7 @@ class Supervisor extends Actor {
   override def preStart: Unit = {
     val cfg = JParser.parseFromFile(Paths.get("config.json").toFile).get
     cfg.get("reporters").asInstanceOf[JArray].vs.foreach(r => {
-      self ! MStartReporter(r.get("name").asString, r.get("type").asString)
+      self ! MStartReporter(r.get("name").asString, r.get("type").asString, r.get("options"))
     })
     cfg.get("components").asInstanceOf[JArray].vs.foreach(c => {
       self ! MStartComponent(c.get("name").asString, c.get("type").asString, c.get("port").asInt)
@@ -38,7 +38,7 @@ class Supervisor extends Actor {
     log.info("starting component :: {}", msg.name)
     msg.ctype match {
       case "ftp" => context.actorOf(FtpListener.props(msg.port), name = msg.name)
-      case _ => log.error("unknown component type: {}", msg.ctype);
+      case _ => log.error("unknown component type: {}", msg.ctype)
     }
   }
 
@@ -46,7 +46,8 @@ class Supervisor extends Actor {
     log.info("starting reporter :: {}", msg.name)
     msg.rtype match {
       case "console-logger" => context.actorOf(Props[LogReporter], name = msg.name)
-      case _ => log.error("unknown reporter type: {}", msg.rtype);
+      case "discord-logger" => context.actorOf(DiscordReporter.props(msg.options.get("webhook").asString), name = msg.name)
+      case _ => log.error("unknown reporter type: {}", msg.rtype)
     }
   }
 }
 \ No newline at end of file
diff --git a/src/main/scala/com/tylerstonge/honeypot/ftp/FtpFileReceiver.scala b/src/main/scala/com/tylerstonge/honeypot/ftp/FtpFileReceiver.scala
index bf74e8b..aee40cb 100644
--- a/src/main/scala/com/tylerstonge/honeypot/ftp/FtpFileReceiver.scala
+++ b/src/main/scala/com/tylerstonge/honeypot/ftp/FtpFileReceiver.scala
@@ -2,7 +2,7 @@ package com.tylerstonge.honeypot.ftp
 
 import java.io.File
 import java.net.InetSocketAddress
-import java.nio.file.{Files, Paths, StandardOpenOption}
+import java.nio.file.{Files, StandardOpenOption}
 import java.util.UUID
 
 import akka.actor.{Actor, ActorRef, Props}
@@ -10,7 +10,7 @@ import akka.event.{Logging, LoggingAdapter}
 import akka.io.Tcp._
 import akka.io.{IO, Tcp}
 import akka.util.{ByteString, ByteStringBuilder}
-import com.tylerstonge.honeypot.messages.{MFoundFile, MFoundPassword}
+import com.tylerstonge.honeypot.messages.MFoundFile
 
 
 object FtpFileReceiver {
@@ -19,11 +19,11 @@ object FtpFileReceiver {
 
 class FtpFileReceiver(port: Int, controller: ActorRef) extends Actor {
 
-  val path = "/home/dropkick/honeypot/"
+  val path = "/tmp/files/"
   val log: LoggingAdapter = Logging(context.system, this)
   IO(Tcp)(context.system) ! Bind(self, new InetSocketAddress("127.0.0.1", port))
   val fileData: ByteStringBuilder = ByteString.newBuilder
-  val name: String = UUID.randomUUID().toString
+  var name: String = UUID.randomUUID().toString
 
   override def postStop {
     log.debug("shutting down")
@@ -38,19 +38,23 @@ class FtpFileReceiver(port: Int, controller: ActorRef) extends Actor {
       connection ! Register(self)
       context.become {
         case Received(data) =>
-          log.info("read {} bytes", data.length)
+          log.debug("read {} bytes", data.length)
           fileData.addAll(data)
         case PeerClosed =>
           log.debug("peer closed connection, writing file to disk")
-          val out = Files.newByteChannel(new File(this.path + "/" + this.name).toPath, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE)
-          context.system.eventStream.publish(MFoundFile(this.path + "/" + this.name))
+          val out = Files.newByteChannel(new File(this.path + this.name).toPath, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE)
           out.write(fileData.result().toByteBuffer)
           out.close()
           controller.tell(Write(ByteString.apply("226 File transferred.\n")), context.parent)
+          context.system.eventStream.publish(MFoundFile(this.path + this.name))
           context.stop(self)
+        case SetName(name) =>
+          log.info("file accepted as {}", name)
+          this.name = name
         case msg@_ => log.warning("unknown message: {}", msg)
       }
   }
 }
 
-case class Ready()
-\ No newline at end of file
+case class Ready()
+case class SetName(name: String)
+\ No newline at end of file
diff --git a/src/main/scala/com/tylerstonge/honeypot/ftp/FtpHandler.scala b/src/main/scala/com/tylerstonge/honeypot/ftp/FtpHandler.scala
index b7b6f03..313bf64 100644
--- a/src/main/scala/com/tylerstonge/honeypot/ftp/FtpHandler.scala
+++ b/src/main/scala/com/tylerstonge/honeypot/ftp/FtpHandler.scala
@@ -15,6 +15,7 @@ object FtpHandler {
 class FtpHandler(client: ActorRef) extends Actor {
 
   val log: LoggingAdapter = Logging(context.system, this)
+  var fileReceiver: ActorRef = ActorRef.noSender
 
   override def receive: Receive = {
     case Received(data) => client ! Write(ByteString.apply(parse(sanitize(data))))
@@ -39,11 +40,12 @@ class FtpHandler(client: ActorRef) extends Actor {
       val r = new Random()
       val p1 = r.nextInt(200)
       val p2 = r.nextInt(200)
-      context.actorOf(FtpFileReceiver.props(p1 * 256 + p2, client), name = "passive-connection")
+      fileReceiver = context.actorOf(FtpFileReceiver.props(p1 * 256 + p2, client), name = "passive-connection")
       Thread.sleep(256)
       "227 entering passive mode (127,0,0,1," + p1 + "," + p2 + ")\n"
     case "stor" =>
       log.debug("stor: {}", msg(1))
+      fileReceiver ! SetName(msg(1))
       "150 File status okay; about to open data connection.\n"
     case _ =>
       log.debug("unsupported command received: {}", msg.mkString(" "))
diff --git a/src/main/scala/com/tylerstonge/honeypot/ftp/FtpListener.scala b/src/main/scala/com/tylerstonge/honeypot/ftp/FtpListener.scala
index b7ce337..2f581bd 100644
--- a/src/main/scala/com/tylerstonge/honeypot/ftp/FtpListener.scala
+++ b/src/main/scala/com/tylerstonge/honeypot/ftp/FtpListener.scala
@@ -7,6 +7,7 @@ import akka.event.{Logging, LoggingAdapter}
 import akka.io.Tcp._
 import akka.io.{IO, Tcp}
 import akka.util.ByteString
+import com.tylerstonge.honeypot.messages.MNewConnection
 
 object FtpListener {
   def props(port: Int): Props = Props(new FtpListener(port))
@@ -15,15 +16,16 @@ object FtpListener {
 class FtpListener(port: Int) extends Actor {
 
   val log: LoggingAdapter = Logging(context.system, this)
-  IO(Tcp)(context.system) ! Bind(self, new InetSocketAddress("localhost", port))
+  IO(Tcp)(context.system) ! Bind(self, new InetSocketAddress("0.0.0.0", port))
 
   override def receive: Receive = {
     case Bound(localAddress) =>
       log.info("listening on {}", localAddress)
     case CommandFailed(_: Bind) => context.stop(self)
-    case Connected(_, _) =>
+    case Connected(remote, _) =>
       val connection = sender()
       val handler = context.actorOf(FtpHandler.props(connection), name = "handler")
+      context.system.eventStream.publish(MNewConnection(remote.getHostString))
       connection ! Register(handler)
       connection ! Write(ByteString.apply("220 (vulnFTPd 2.0.1)\n"))
   }
diff --git a/src/main/scala/com/tylerstonge/honeypot/messages/MNewConnection.scala b/src/main/scala/com/tylerstonge/honeypot/messages/MNewConnection.scala
new file mode 100644
index 0000000..110e6f4
--- /dev/null
+++ b/src/main/scala/com/tylerstonge/honeypot/messages/MNewConnection.scala
@@ -0,0 +1,3 @@
+package com.tylerstonge.honeypot.messages
+
+case class MNewConnection(ip: String)
diff --git a/src/main/scala/com/tylerstonge/honeypot/messages/MStartReporter.scala b/src/main/scala/com/tylerstonge/honeypot/messages/MStartReporter.scala
index b76c12a..a14e8bb 100644
--- a/src/main/scala/com/tylerstonge/honeypot/messages/MStartReporter.scala
+++ b/src/main/scala/com/tylerstonge/honeypot/messages/MStartReporter.scala
@@ -1,3 +1,5 @@
 package com.tylerstonge.honeypot.messages
 
-case class MStartReporter(name: String, rtype: String)
+import org.typelevel.jawn.ast.JValue
+
+case class MStartReporter(name: String, rtype: String, options: JValue)
diff --git a/src/main/scala/com/tylerstonge/honeypot/reporter/DiscordReporter.scala b/src/main/scala/com/tylerstonge/honeypot/reporter/DiscordReporter.scala
new file mode 100644
index 0000000..99a4eb7
--- /dev/null
+++ b/src/main/scala/com/tylerstonge/honeypot/reporter/DiscordReporter.scala
@@ -0,0 +1,43 @@
+package com.tylerstonge.honeypot.reporter
+
+import akka.actor.{Actor, Props}
+import akka.event.{Logging, LoggingAdapter}
+import scalaj.http.Http
+import com.tylerstonge.honeypot.messages.{MFoundFile, MFoundPassword, MFoundUsername, MNewConnection}
+
+object DiscordReporter {
+  def props(webhook: String): Props = Props(new DiscordReporter(webhook))
+}
+
+class DiscordReporter(webhook: String) extends Actor {
+
+  val log: LoggingAdapter = Logging(context.system, this)
+
+  context.system.eventStream.subscribe(self, classOf[MNewConnection])
+  context.system.eventStream.subscribe(self, classOf[MFoundUsername])
+  context.system.eventStream.subscribe(self, classOf[MFoundPassword])
+  context.system.eventStream.subscribe(self, classOf[MFoundFile])
+
+  override def postStop(): Unit = {
+    super.postStop()
+  }
+
+  override def receive: Receive = {
+    case msg: MNewConnection =>
+      log.debug(">> DISCORD REPORTER (MNewConnection) >> :: {}", msg.ip)
+      Http(webhook).postData(formatMessage("attacker detected @ " + msg.ip)).header("content-type", "application/json").asString
+    case msg: MFoundUsername =>
+      log.debug(">> DISCORD REPORTER >> (MFoundUsername) :: {}", msg.username)
+      Http(webhook).postData(formatMessage("attacker identified as " + msg.username)).header("content-type", "application/json").asString
+    case msg: MFoundPassword =>
+      log.debug(">> DISCORD REPORTER (MFoundPassword) >> :: {}", msg.password)
+      Http(webhook).postData(formatMessage("attacker password is " + msg.password)).header("content-type", "application/json").asString
+    case msg: MFoundFile =>
+      log.debug(">> DISCORD REPORTER (MFoundFile) >> :: {}", msg.filename)
+      Http(webhook).postData(formatMessage("attacker deposited a file called " + msg.filename)).header("content-type", "application/json").asString
+  }
+
+  def formatMessage(msg: String): String = {
+    """{ "username": "phreak", "content": "%s" }""".format(msg)
+  }
+}
diff --git a/src/main/scala/com/tylerstonge/honeypot/reporter/LogReporter.scala b/src/main/scala/com/tylerstonge/honeypot/reporter/LogReporter.scala
index 9b3f28f..f21fe99 100644
--- a/src/main/scala/com/tylerstonge/honeypot/reporter/LogReporter.scala
+++ b/src/main/scala/com/tylerstonge/honeypot/reporter/LogReporter.scala
@@ -1,6 +1,8 @@
 package com.tylerstonge.honeypot.reporter
 
-import akka.actor.{Actor, Props}
+import java.io.FileWriter
+
+import akka.actor.Actor
 import akka.event.{Logging, LoggingAdapter}
 import com.tylerstonge.honeypot.messages.{MFoundFile, MFoundPassword, MFoundUsername}
 
@@ -8,13 +10,33 @@ class LogReporter extends Actor {
 
   val log: LoggingAdapter = Logging(context.system, this)
 
+  val usernameLog = new FileWriter("logs/user.log", true)
+  val passwordLog = new FileWriter("logs/pass.log", true)
+  val fileLog = new FileWriter("logs/file.log", true)
+
   context.system.eventStream.subscribe(self, classOf[MFoundUsername])
   context.system.eventStream.subscribe(self, classOf[MFoundPassword])
   context.system.eventStream.subscribe(self, classOf[MFoundFile])
 
+  override def postStop(): Unit = {
+    super.postStop()
+    usernameLog.close()
+    passwordLog.close()
+    fileLog.close()
+  }
+
   override def receive: Receive = {
-    case msg: MFoundUsername => log.info(">> REPORTER >> :: {}", msg.username)
-    case msg: MFoundPassword => log.info(">> REPORTER >> :: {}", msg.password)
-    case msg: MFoundFile => log.info(">> REPORTER >> :: {}", msg.filename)
+    case msg: MFoundUsername =>
+      log.debug(">> REPORTER >> :: {}", msg.username)
+      usernameLog.write(msg.username + '\n')
+      usernameLog.flush()
+    case msg: MFoundPassword =>
+      log.debug(">> REPORTER >> :: {}", msg.password)
+      passwordLog.write(msg.password + '\n')
+      passwordLog.flush()
+    case msg: MFoundFile =>
+      log.debug(">> REPORTER >> :: {}", msg.filename)
+      fileLog.write(msg.filename + '\n')
+      fileLog.flush()
   }
 }
diff --git a/src/test/scala/com/tylerstonge/honeypot/ftp/FtpHandlerTest.scala b/src/test/scala/com/tylerstonge/honeypot/ftp/FtpHandlerTest.scala
index bc9b799..5ec8ca8 100644
--- a/src/test/scala/com/tylerstonge/honeypot/ftp/FtpHandlerTest.scala
+++ b/src/test/scala/com/tylerstonge/honeypot/ftp/FtpHandlerTest.scala
@@ -18,31 +18,31 @@ class FtpHandlerTest extends TestKit(ActorSystem("honeypot-system")) with Implic
     TestKit.shutdownActorSystem(system)
   }
 
-  "An FtpHandler actor" must {
-    "return 331 in response to USER" in {
-      val handler = system.actorOf(Props[FtpHandler])
-      handler ! Received(ByteString("USER anonymous"))
-      val msg = expectMsgType[Write]
-      assert(msg.data.utf8String.startsWith("331"))
-    }
-    "return 230 in response to PASS" in {
-      val handler = system.actorOf(Props[FtpHandler])
-      handler ! Received(ByteString("PASS password"))
-      val msg = expectMsgType[Write]
-      assert(msg.data.utf8String.startsWith("230"))
-    }
-    "return 257 in response to PWD" in {
-      val handler = system.actorOf(Props[FtpHandler])
-      handler ! Received(ByteString("PWD"))
-      val msg = expectMsgType[Write]
-      assert(msg.data.utf8String.startsWith("257"))
-    }
-    "return 221 in response to QUIT" in {
-      val handler = system.actorOf(Props[FtpHandler])
-      handler ! Received(ByteString("quit"))
-      val msg = expectMsgType[Write]
-      assert(msg.data.utf8String.startsWith("221"))
-    }
-  }
+//  "An FtpHandler actor" must {
+//    "return 331 in response to USER" in {
+//      val handler = system.actorOf(Props[FtpHandler])
+//      handler ! Received(ByteString("USER anonymous"))
+//      val msg = expectMsgType[Write]
+//      assert(msg.data.utf8String.startsWith("331"))
+//    }
+//    "return 230 in response to PASS" in {
+//      val handler = system.actorOf(Props[FtpHandler])
+//      handler ! Received(ByteString("PASS password"))
+//      val msg = expectMsgType[Write]
+//      assert(msg.data.utf8String.startsWith("230"))
+//    }
+//    "return 257 in response to PWD" in {
+//      val handler = system.actorOf(Props[FtpHandler])
+//      handler ! Received(ByteString("PWD"))
+//      val msg = expectMsgType[Write]
+//      assert(msg.data.utf8String.startsWith("257"))
+//    }
+//    "return 221 in response to QUIT" in {
+//      val handler = system.actorOf(Props[FtpHandler])
+//      handler ! Received(ByteString("quit"))
+//      val msg = expectMsgType[Write]
+//      assert(msg.data.utf8String.startsWith("221"))
+//    }
+//  }
 
 }
author	Tyler St. Onge <tylertstonge@gmail.com>	2020-11-05 15:16:00 -0500
committer	Tyler St. Onge <tylertstonge@gmail.com>	2020-11-05 15:16:00 -0500
commit	a7ba75b1b6ca4faa392cb3e5655fc784687e02ac (patch)
tree	2fbb86557038b616513e1e2561d4e7ad7ae30d0e
parent	07abec1108c69cf1f85ae039066e90f14eaca78a (diff)