GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kung-foo → Freki

kung-foo / Freki

Licence: mit
Freki is a tool to manipulate packets in usermode using NFQUEUE and golang.

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

honeypot

Projects that are alternatives of or similar to Freki

Heralding
Credentials catching honeypot
Stars: ✭ 297 (+590.7%)
Mutual labels:  honeypot
Awesome Honeypots
an awesome list of honeypot resources
Stars: ✭ 5,528 (+12755.81%)
Mutual labels:  honeypot
Conpot
ICS/SCADA honeypot
Stars: ✭ 853 (+1883.72%)
Mutual labels:  honeypot
Honeypot
Low interaction honeypot that displays real time attacks
Stars: ✭ 348 (+709.3%)
Mutual labels:  honeypot
Fatt
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Stars: ✭ 490 (+1039.53%)
Mutual labels:  honeypot
Pyrdp
RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Stars: ✭ 567 (+1218.6%)
Mutual labels:  honeypot
Django Honeypot
🍯 Generic honeypot utilities for use in django projects.
Stars: ✭ 284 (+560.47%)
Mutual labels:  honeypot
Udpot
Simple UDP honeypot script
Stars: ✭ 35 (-18.6%)
Mutual labels:  honeypot
Dionaea
Home of the dionaea honeypot
Stars: ✭ 490 (+1039.53%)
Mutual labels:  honeypot
Honeytrap
Advanced Honeypot framework.
Stars: ✭ 938 (+2081.4%)
Mutual labels:  honeypot
Cowrie
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
Stars: ✭ 3,810 (+8760.47%)
Mutual labels:  honeypot
Honeylambda
honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
Stars: ✭ 454 (+955.81%)
Mutual labels:  honeypot
Routeros
RouterOS Security Research Tooling and Proof of Concepts
Stars: ✭ 603 (+1302.33%)
Mutual labels:  honeypot
Snare
Super Next generation Advanced Reactive honEypot
Stars: ✭ 311 (+623.26%)
Mutual labels:  honeypot
Invisible captcha
🍯 Unobtrusive and flexible spam protection for Rails apps
Stars: ✭ 851 (+1879.07%)
Mutual labels:  honeypot
Wirespy
Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).
Stars: ✭ 293 (+581.4%)
Mutual labels:  honeypot
Opencanary web
The web management platform of honeypot
Stars: ✭ 547 (+1172.09%)
Mutual labels:  honeypot
Isometriksspambundle
Symfony3 Form Spam Protection
Stars: ✭ 38 (-11.63%)
Mutual labels:  honeypot
Malware Samples
A collection of malware samples caught by several honeypots i manage
Stars: ✭ 863 (+1906.98%)
Mutual labels:  honeypot
Acra
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
Stars: ✭ 726 (+1588.37%)
Mutual labels:  honeypot
View All Similar Projects ➔

freki

Travis

The ravenous and greedy one.

Freki is a tool for manipulating packets in userspace. Using iptable's raw table, packets are routed down into userspace where freki takes over. A set of rules is applied allowing for a large amount of flexibility. For example, you can forward all TCP ports to an HTTP honeypot and log the requests. Or you can proxy TCP port 22 into a docker container running an ssh honeypot.

There are currently two builtin loggers:

log_tcp: reads up to 1024 bytes from the connection, and then closes it.

log_http: sends a 200 OK back on every request.

Additionally, there are three mangling behaviors:

rewrite: Rewrites the incoming packet's destination port

proxy: Creates a TCP proxy for the connection to the specified target (can be an IP address, host name, or docker container)

user_conn: When using freki as a library, invoke a user-specified callback with a net.Conn

$ ./bin/freki --help
Usage:
    freki [options] [-v ...] -i=<interface> -r=<rules>
    freki -h | --help | --version
Options:
    -i --interface=<iface>  Bind to this interface.
    -r --rules=<rules>      Rules file.
    -h --help               Show this screen.
    --version               Show version.
    -v                      Enable verbose logging (-vv for very verbose)

Build

requires: go 1.7+, libnetfilter-queue-dev>=1.0.0, libpcap-dev, iptables-dev

Rules Specification

Rules are applied in order (top down) and stop after a match is found. The match field (required) is written using BPF filter syntax. Note: not all filters may apply. For example, the ethernet src and dst headers are generally zero'd out.

rules:
  # allow packets from your machine (1.2.3.4) to reach your ssh server
  - match: tcp dst port 22 and src host 1.2.3.4
    type: passthrough
  # send all tcp coming in on 10022 to 22
  - match: tcp dst port 10022
    type: rewrite
    target: 22
  # proxy all packets coming in on 6379 on to a container named 'redis' (must exist at the time freki starts)
  - match: tcp dst port 6379
    type: proxy
    target: docker://redis:6379
  # proxy all packets coming in on 666 out to portquiz.net:666
  - match: tcp dst port 666
    type: proxy
    target: tcp://portquiz.net:666
  # log http requests on 80 and 8080
  - match: tcp port 80 or tcp port 8080
    type: log_http
  # pass connections on 7000 through 8000 to a registered handler called 'echo'
  - match: tcp portrange 7000-8000
    type: conn_handler
    target: echo
  # drop (no FIN, nothing!)
  - match: tcp portrange 5000-5010
    type: drop
  # forward all remaining tcp packets to a tcp logger. grabs 1024 bytes and then closes.
  - match: tcp
    type: log_tcp
  - match:
    type: passthrough

Notes

If freki hangs or panics, it may leave two iptables rules in place.

The simple fix is: sudo iptables -t raw -F.

Contributors

License

freki is distributed under the terms of the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].