Giter Site home page Giter Site logo

dyneteq / breach-harbor-collector Goto Github PK

View Code? Open in Web Editor NEW
1.0 0.0 0.0 41 KB

A service that collects data from inbound attacks, logs them and (optionally) sends them over to the BREACH::HARBOR Core API

Home Page: https://breachharbor.com

License: GNU General Public License v3.0

Dockerfile 1.60% Shell 0.22% Python 98.18%
cybersecurity honeypots python

breach-harbor-collector's Introduction

BREACH :: HARBOR Collector

Python Unit Tests

About

BREACH::HARBOR Collector is a service that collects data from inbound attacks, logs them and sends them over to the BREACH::HARBOR Core API.

The service can be ran autonomously for research and monitoring purposes without any connection to the separate Core API service.

Quick start

Docker

Build:

docker build -t bh-collector .

Start:

# We need to mount a volume with the .env file in order to reftect the changes
docker run -p 80:8080 -p 22:2222 -v "$(pwd)/.env:/app/.env" bh-collector

Development

Prerequisities

Activate venv

source .venv/bin/activate

Copy .env.example to .env and setup the env variables:

API_POST_URL=https://api.breachharbor.local
API_TOKEN=jfxPSG2qugTvKIhWfXEv5t0kb0Stjh8ljDRhmA
API_ENABLED=true
COLLECTOR_ID=ABCDEF-123
LOGGING_LEVEL=INFO
LOGGING_ENABLED=false
SERVICE_HTTP_ENABLED=true
SERVICE_HTTP_PORT=8080
SERVICE_SSH_ENABLED=true 
SERVICE_SSH_PORT=2222

Generate an SSH key pair

You will need to create the SSH key pair If you wish to enable the SSH service:

ssh-keygen -t rsa -b 4096 -f ./certificates/id_rsa -N ""

Start the service

Run simply as your $user with ports over 1024 or with sudo for :80 access (not recommended):

sudo `which python3` start.py

How to dock a new collector to the BREACH::HARBOR Core API

  • Generate a new token on the Add new collector page
  • Clone this repository on the collector
  • Create or copy the .env file and fill in the variable values
  • Run with docker or locally with python
  • Verify the connection by checking the systemd status and the cloud collector page

Services that are (or will) supported by each collector

  • [20] FTP (File Transfer Protocol - Data)
  • [21] FTP (File Transfer Protocol - Control)
  • [22] SSH (Secure Shell)
  • [23] Telnet
  • [25] SMTP (Simple Mail Transfer Protocol)
  • [53] DNS (Domain Name System)
  • [80] HTTP (Hypertext Transfer Protocol)
  • [110] POP3 (Post Office Protocol - Version 3)
  • [143] IMAP (Internet Message Access Protocol)
  • [443] HTTPS (Hypertext Transfer Protocol Secure)
  • [3389] RDP (Remote Desktop Protocol)
  • [445] SMB (Server Message Block)
  • [465] SMTPS (Simple Mail Transfer Protocol Secure)
  • [587] SMTP Submission (Message Submission Agent)
  • [993] IMAPS (IMAP Secure)
  • [995] POP3S (Post Office Protocol - Version 3 Secure)
  • [1433] MSSQL (Microsoft SQL Server)
  • [1723] PPTP (Point-to-Point Tunneling Protocol)
  • [3306] MySQL (Database System)
  • [8080] HTTP Proxy (Commonly Used for Web Proxies)

Security best practices

WARNING: Always ensure that the rest of your network is secure and that the machine running the service is isolated from other systems.

License

This project is licensed under the terms of the GNU General Public License v3.0. For the full license text, please see the LICENSE file in the project root.

breach-harbor-collector's People

Contributors

chrisvel avatar

Stargazers

avatar

breach-harbor-collector's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.