Giter Site home page Giter Site logo

cymmetria / ciscoasa_honeypot Goto Github PK

View Code? Open in Web Editor NEW
50.0 10.0 22.0 29 KB

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.

License: MIT License

HTML 13.48% CSS 21.09% JavaScript 38.52% Python 26.33% Dockerfile 0.58%
security security-tools vulnerability honeypot cisco cisco-asa security-vulnerability execution-vulnerability

ciscoasa_honeypot's Introduction

Cisco ASA honeypot

Cymmetria Research, 2018.

https://www.cymmetria.com/

Contact: [email protected]

A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability

It is released under the MIT license for the use of the community.

Usage

Usage: asa_server.py [OPTIONS]

  A low interaction honeypot for the Cisco ASA component capable of
  detecting CVE-2018-0101, a DoS and remote code execution vulnerability

Options:
  -h, --host TEXT         Host to listen
  -p, --port INTEGER      Port to listen
  -i, --ike-port INTEGER  Port to listen for IKE
  -s, --enable_ssl        Enable SSL
  -c, --cert TEXT         Certificate File Path (will generate self signed
                          cert if not supplied)
  -v, --verbose           Verbose logging
  --help                  Show this message and exit.
  
  
Optional settings for hpfeeds logging:  
  --hpfserver	TEXT			hpfeeds Server
  --hpfport		INTEGER			hpfeeds Port
  --hpfident	TEXT			hpfeeds Ident
  --hpfsecret	TEXT			hpfeeds Secret
  --hofchannel	TEXT			hpfeeds Channel
  --serverid	TEXT			hpfeeds Serverid

The hpfeeds logging options can also be set by using the following os environment variables: HPFEEDS_SERVER, HPFEEDS_PORT, HPFEEDS_IDENT, HPFEEDS_SECRET, HPFEEDS_CHANNEL, SERVERID

See also

https://cymmetria.com/blog/honeypot-cisco-asa-vulnerability/

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101

Please consider trying out the MazeRunner Community Edition, the free version of our cyber deception platform. https://community.cymmetria.com/

ciscoasa_honeypot's People

Contributors

dekelb avatar omercnet avatar paralax avatar pyup-bot avatar vorband avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

santosomar paralax scottk212 heikipikker hackmycontrolsystem securitywarrior dekelb bodik vorband yikez978 rakesh72 mmilleror lzy11332211 5l1v3r1 3453-315h dekoder quentind901 seeeyei 31ackhawk foospidy meodmt hary654321

ciscoasa_honeypot's Issues

ImportError: cannot import name 'Fragment'

Using Python 3.6.4

$ pip freeze
asn1crypto==0.24.0
cffi==1.11.4
cryptography==2.1.4
idna==2.6
ike==0.1.1
pkg-resources==0.0.0
pyasn1==0.4.2
pycparser==2.18
rsa==3.4.2
six==1.11.0
$ python asa_server.py
Traceback (most recent call last):
  File "asa_server.py", line 13, in <module>
    import ike_server
  File "/home/user/ciscoasa_honeypot/ike_server.py", line 5, in <module>
    from ike.payloads import Fragment
ImportError: cannot import name 'Fragment'

Docker builds not working - some steps on how to fix

not yet ready for a PR but i've got a building and nearly running Docker image. i have to

  • apk install a bunch of packages like git, build-base, etc
  • pip install a bunch of stuff in Dockerfile to install ike
  • fix requirements.txt for some missing packages
  • pip install my fork of the ike package (PR opened in your ike repo)
  • manually install the util subdir, doesn't install for some reason
  • fix the Dockerfile CMD

no PR yet but here's my local diff:

% git diff
diff --git a/Dockerfile b/Dockerfile
index 214307e..dee3338 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,10 +2,13 @@ FROM python:3-alpine

 COPY requirements.txt /usr/src/app/requirements.txt
 WORKDIR /usr/src/app
-RUN pip install --no-cache -r requirements.txt
+RUN apk add --no-cache git build-base libffi-dev openssl-dev \
+  && pip install cryptography rsa \
+  && pip install --no-cache -r requirements.txt \
+  && apk del git build-base libffi-dev openssl-dev

 COPY . /usr/src/app/

 EXPOSE 8443 5000/udp

-CMD ['python', 'asa_server.py --enable_ssl --verbose']
+CMD python asa_server.py --enable_ssl --verbose
diff --git a/requirements.txt b/requirements.txt
index c652693..e0c977d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,5 @@
-git+git://github.com/Cymmetria/ike.git
+click
+cryptography
+docopt
+rsa
+git+git://github.com/paralax/ike.git@patch-1

Import error

Traceback (most recent call last):
File "/home/surya/tools/ciscoasa_honeypot/asa_server.py", line 13, in
import ike_server
File "/home/surya/tools/ciscoasa_honeypot/ike_server.py", line 4, in
from ike import const
ModuleNotFoundError: No module named 'ike'

I installed like using pip3 install ike
how to fix this issue

Falls over with large number of requests

Hi, thanks for the honeypot.

I am getting a large number of requests from different IPs, doing GET requests to different URLs. The honeypot cannot handle it and throws the following errors:

Fatal Python error: Cannot recover from stack overflow.
File "asa_server.py", line 148 in send_file
Aborted (core dumped)

I've included the full log output below.

Thanks!

...
DEBUG:root:[IP Redcated] - - [15/Feb/2018 19:08:13] "GET http://[Domain Redacted]/proxy.php HTTP/1.1" 404 -
Fatal Python error: Cannot recover from stack overflow.

Thread 0x00007ff783950ab0 (most recent call first):
  File "/usr/local/lib/python3.6/selectors.py", line 445 in select
  File "/usr/local/lib/python3.6/asyncio/base_events.py", line 1395 in _run_once
  File "/usr/local/lib/python3.6/asyncio/base_events.py", line 421 in run_forever
  File "/usr/src/app/ike_server.py", line 67 in start
  File "asa_server.py", line 232 in ike
  File "/usr/local/lib/python3.6/threading.py", line 864 in run
  File "/usr/local/lib/python3.6/threading.py", line 916 in _bootstrap_inner
  File "/usr/local/lib/python3.6/threading.py", line 884 in _bootstrap

Current thread 0x00007ff789b08b28 (most recent call first):
  File "/usr/local/lib/python3.6/traceback.py", line 480 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 486 in __init__
  File "/usr/local/lib/python3.6/traceback.py", line 100 in print_exception
  File "/usr/local/lib/python3.6/logging/__init__.py", line 916 in handleError
  File "/usr/local/lib/python3.6/logging/__init__.py", line 998 in emit
  File "/usr/local/lib/python3.6/logging/__init__.py", line 863 in handle
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1514 in callHandlers
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1452 in handle
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1442 in _log
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1294 in debug
  File "asa_server.py", line 154 in log_message
  File "/usr/local/lib/python3.6/http/server.py", line 536 in log_request
  File "/usr/local/lib/python3.6/http/server.py", line 483 in send_response
  File "asa_server.py", line 131 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  File "asa_server.py", line 148 in send_file
  ...
Aborted (core dumped)

name hpfl is not defined

Hi

I am getting the error "NameError: name 'hpfl' is not defined" in file ike_server.py, line 57 when receiving unsupported packets.
Should be because you are not passing hpfl as argument to the function datagram_received.

Thanks!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.