GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → scrapbird → sarlacc

scrapbird / sarlacc

Licence: MIT license
SMTP server / sinkhole for collecting spam

Programming Languages

python
139335 projects - #7 most used programming language

Labels

spammalwaresmtp-serversinkhole

Projects that are alternatives of or similar to sarlacc

Energizedprotection
A merged collection of hosts from reputable sources. #StayEnergized!
Stars: ✭ 175 (+316.67%)
Mutual labels:  spam, malware
Block
Let's make an annoyance free, better open internet, altogether!
Stars: ✭ 1,849 (+4302.38%)
Mutual labels:  spam, malware
Abused-Legitimate-Services
Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
Stars: ✭ 42 (+0%)
Mutual labels:  malware
vx
Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.
Stars: ✭ 153 (+264.29%)
Mutual labels:  malware
SimpleKotlinMail
A simple, coroutine based Kotlin Email API for both client- and server-side projects
Stars: ✭ 56 (+33.33%)
Mutual labels:  smtp-server
mkpoly
A simple polymorphic engine
Stars: ✭ 28 (-33.33%)
Mutual labels:  malware
v3
E.F.A version 3.x.x.x
Stars: ✭ 38 (-9.52%)
Mutual labels:  spam
malware api class
Malware dataset for security researchers, data scientists. Public malware dataset generated by Cuckoo Sandbox based on Windows OS API calls analysis for cyber security researchers
Stars: ✭ 134 (+219.05%)
Mutual labels:  malware
CEH
Exam Prep for the Ec-council Certified Ethical Hacker 312-50
Stars: ✭ 71 (+69.05%)
Mutual labels:  malware
ioc-fanger
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Stars: ✭ 47 (+11.9%)
Mutual labels:  malware
kiteshield
Packer/Protector for x86-64 ELF binaries on Linux
Stars: ✭ 71 (+69.05%)
Mutual labels:  malware
binary-auditing-solutions
Learn the fundamentals of Binary Auditing. Know how HLL mapping works, get more inner file understanding than ever.
Stars: ✭ 61 (+45.24%)
Mutual labels:  malware
blogspam-api
Implementation of the blogspam.net server in golang
Stars: ✭ 22 (-47.62%)
Mutual labels:  spam
Malware-Collection
Source codes of malwares, stress tests etc. for computer.
Stars: ✭ 27 (-35.71%)
Mutual labels:  malware
brutal-sms
Spam sms sampe nangis, 100% unlimited
Stars: ✭ 47 (+11.9%)
Mutual labels:  spam
blackhole
Blackhole is an MTA written on top of asyncio, utilising async and await statements that dumps all mail it receives to /dev/null.
Stars: ✭ 61 (+45.24%)
Mutual labels:  smtp-server
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+569.05%)
Mutual labels:  malware
unprotect
Unprotect is a python tool for parsing PE malware and extract evasion techniques.
Stars: ✭ 75 (+78.57%)
Mutual labels:  malware
Malware-Zoo
Hashes of infamous malware
Stars: ✭ 18 (-57.14%)
Mutual labels:  malware
ThePhish
ThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+1509.52%)
Mutual labels:  malware
View All Similar Projects ➔

Sarlacc

This is an SMTP server that I use in my malware lab to collect spam from infected hosts.

It will collect all mail items sent to it in a postgres database, storing all attachments in mongodb.

This is work in progress code and there will probably be bugs but it does everything I need.

Warning: There will most likely be breaking changes as I flesh out the plugin API. Once it has stabilized I will give this a version number and try not to break anything else.

Getting Started

docker-compose

To get started with docker-compose, simply run docker-compose up.

The server will then be listening for SMTP connections on port 2500.

Data

To ensure proper data persistence, data for both postgres and mongodb is stored in docker volumes.

Production

If installing in a production environment which requires a proper setup, an install of mongodb and postgresql will be required. To configure sarlacc, copy the default config file to smtpd/src/smtpd.cfg and override the settings you wish to change:

cp smtpd/src/smtpd.cfg.default smtpd/src/smtpd.cfg
$EDITOR smtpd/src/smtpd.cfg

Then edit the file with your required configuration.

You can use the postgres/postgres_init.sql script to initialize the database for use with sarlacc.

psql -h localhost -U postgres < postgres/postgres_init.sql

If you want to use different credentials (you should) then modify the postgres/postgres_init.sql and the config file for the smtp server appropriately.

cd into the smtpd/src directory:

cd smtpd/src

Install the dependencies:

pip install -r requirements.txt

Start the server:

./app.py

The server will then be listening for SMTP connections on port 2500.

Requirements

python3.5

Web Client

The web client has not been built yet, to view the data you will need to manually interact with the databases.

Plugins

You can extend sarlacc via plugins. Simply drop a python file (or a directory with an __init__.py file) into smtpd/src/plugins. There are example's of both types of plugins at smtpd/src/plugins/example.py and smtpd/src/plugins/directory_example.

To get a full idea of what events are available for the plugins to be notified by, check out the smtpd/src/plugins/plugin.py file.

Plugins are also exposed to the internal storage API, from which you can pull email items, recipients, attachments, tag attachments etc etc. Take a look at the smtpd/src/storage.py file for more info on how to use this.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].