+ Updated README

+ Single target + Multiple targets
matricali · Dec 30, 2017 · 34272b5 · 34272b5
1 parent eacb64b
commit 34272b5
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -1 +1,34 @@
-# honeypot-detector
+# honeypot-detector v0.1.3
+
+## Usage
+```bash
+$ honeypot-detector -h
+honeypot-detector v0.1.0
+	usage: ./honeypot-detector [-l targets.lst] [-p port] [-t threads] [-vh] [target]
+```
+
+```bash
+$ honeypot-detector 192.168.0.26
+[!] 192.168.0.26:22 - POSSIBLE HONEYPOT!
+```
+
+```bash
+$ honeypot-detector -l targets.txt
+[+] 192.168.0.87:22 - SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
+[+] 192.168.0.8:22 - SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
+[+] 192.168.0.52:22 - SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
+[+] 192.168.0.58:22 - SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
+[+] 192.168.0.191:22 - SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
+[+] 192.168.0.211:22 - SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
+[+] 192.168.0.124:22 - SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
+[!] 138.68.49.26:22 - POSSIBLE HONEYPOT!
+[+] 192.168.0.73:22 - SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
+[+] 192.168.0.226:22 - SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
+[+] 192.168.0.1:22 - SSH-2.0-OpenSSH_6.6.1
+[+] 192.168.0.177:22 - SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
+[+] 192.168.0.157:22 - SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
+[+] 192.168.0.188:22 - SSH-2.0-OpenSSH_6.6.1
+[!] 138.197.163.83:22 - POSSIBLE HONEYPOT!
+[+] 192.168.0.147:22 - SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
+[+] 192.168.0.142:22 - SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.7
+```
diff --git a/honeypot-detector.c b/honeypot-detector.c
@@ -8,13 +8,15 @@
 #include <arpa/inet.h>
 
 #define BUF_SIZE 1024
+#define HONEYPOT_DETECTOR_VERSION "0.1.3"
 
 int g_verbose = 0;
+int MAX_THREADS = 1;
 
 void print_error(const char *format, ...)
 {
     va_list arg;
-    fprintf(stderr, "\t\033[91m[!] ");
+    fprintf(stderr, "\033[91m[!] ");
     va_start(arg, format);
     vfprintf(stderr, format, arg);
     va_end (arg);
@@ -62,15 +64,15 @@ int probe(char *serverAddr, unsigned int serverPort)
     addr.sin_addr.s_addr = inet_addr(serverAddr);
     addr.sin_port = htons(serverPort);
 
-    print_debug("\t[-] %s:%d - Connecting...", serverAddr, serverPort);
+    print_debug("[-] %s:%d - Connecting...", serverAddr, serverPort);
     ret = connect(sockfd, (struct sockaddr *) &addr, sizeof(addr));
     if (ret < 0) {
         print_error("%s:%d - Error connecting to the server!", serverAddr, serverPort);
         close(sockfd);
         sockfd = 0;
         return -1;
     }
-    print_debug("\t[+] %s:%d - Connected.", serverAddr, serverPort);
+    print_debug("[+] %s:%d - Connected.", serverAddr, serverPort);
 
     memset(buffer, 0, BUF_SIZE);
 
@@ -84,14 +86,14 @@ int probe(char *serverAddr, unsigned int serverPort)
     }
     banner = malloc(sizeof(char) * 1024);
     banner = strdup(strtok(buffer, "\n"));
-    print_debug("\t[?] %s:%d - %s", serverAddr, serverPort, banner);
+    print_debug("[?] %s:%d - %s", serverAddr, serverPort, banner);
 
     char *pkt1 = "SSH-2.0-OpenSSH_7.5";
     char *pkt2 = "\n";
     char *pkt3 = "asd\n      ";
     char *search = "Protocol mismatch.";
 
-    print_debug("\t[<] %s:%d - Sending pkt1: %s", serverAddr, serverPort, strtok(pkt1, "\n"));
+    print_debug("[<] %s:%d - Sending pkt1: %s", serverAddr, serverPort, strtok(pkt1, "\n"));
     ret = sendto(sockfd, pkt1, sizeof(pkt1), 0, (struct sockaddr *) &addr, sizeof(addr));
 
     if (ret < 0) {
@@ -101,7 +103,7 @@ int probe(char *serverAddr, unsigned int serverPort)
         return -1;
     }
 
-    print_debug("\t[<] %s:%d - Sending pkt2: %s", serverAddr, serverPort, pkt2);
+    print_debug("[<] %s:%d - Sending pkt2: %s", serverAddr, serverPort, pkt2);
     ret = sendto(sockfd, pkt2, sizeof(pkt2), 0, (struct sockaddr *) &addr, sizeof(addr));
 
     if (ret < 0) {
@@ -111,7 +113,7 @@ int probe(char *serverAddr, unsigned int serverPort)
         return -1;
     }
 
-    print_debug("\t[<] %s:%d - Sending pkt3: %s", serverAddr, serverPort, pkt3);
+    print_debug("[<] %s:%d - Sending pkt3: %s", serverAddr, serverPort, pkt3);
     ret = sendto(sockfd, pkt3, sizeof(pkt3), 0, (struct sockaddr *) &addr, sizeof(addr));
 
     if (ret < 0) {
@@ -121,20 +123,20 @@ int probe(char *serverAddr, unsigned int serverPort)
         return -1;
     }
 
-    print_debug("\t[>] %s:%d - Receiving...", serverAddr, serverPort);
+    print_debug("[>] %s:%d - Receiving...", serverAddr, serverPort);
     ret = recvfrom(sockfd, buffer, BUF_SIZE, 0, NULL, NULL);
     if (ret < 0) {
         print_error("%s:%d - Error receiving response!!", serverAddr, serverPort);
         close(sockfd);
         sockfd = 0;
         return -1;
     }
-    print_debug("\t[+] %s:%d - Received: %s", serverAddr, serverPort, buffer);
+    print_debug("[+] %s:%d - Received: %s", serverAddr, serverPort, buffer);
 
     if (strstr(buffer, search) != NULL) {
-        printf("\t[+] %s:%d - %s\n", serverAddr, serverPort, banner);
+        printf("[+] %s:%d - %s\n", serverAddr, serverPort, banner);
     } else {
-        printf("\t[!] %s:%d - POSSIBLE HONEYPOT!\n", serverAddr, serverPort);
+        printf("[!] %s:%d - POSSIBLE HONEYPOT!\n", serverAddr, serverPort);
     }
 
     close(sockfd);
@@ -145,19 +147,64 @@ int probe(char *serverAddr, unsigned int serverPort)
 
 int main(int argc, char **argv)
 {
+    int opt = 0;
     int ret = 0;
     unsigned int port = 22;
 
-    if (argc < 2) {
-        printf("usage: %s <ip address> [port]\n", argv[0]);
+    char *hosts_filename = NULL;
+
+    while ((opt = getopt(argc, argv, "l:p:t:vh")) != -1) {
+        switch (opt) {
+            case 'v':
+                g_verbose = 1;
+                break;
+            case 'l':
+                hosts_filename = optarg;
+                break;
+            case 'p':
+                port = atoi(optarg);
+                break;
+            case 't':
+                MAX_THREADS = atoi(optarg);
+                break;
+            case 'h':
+                printf("honeypot-detector v%s\n", HONEYPOT_DETECTOR_VERSION);
+                printf("\tusage: %s [-l targets.lst] [-p port] [-t threads] [-vh] [target]\n", argv[0]);
+                exit(EXIT_SUCCESS);
+            default:
+                fprintf(stderr, "\tusage: %s [-l targets.lst] [-p port] [-t threads] [-vh] [target]\n", argv[0]);
+                exit(EXIT_FAILURE);
+        }
+    }
+
+    if (hosts_filename == NULL) {
+        if (optind < argc) {
+            ret = probe(argv[optind], port);
+            return ret;
+        } else {
+            print_error("No target specified.");
+            exit(EXIT_FAILURE);
+        }
+    }
+
+    // Procesar lista de objetivos
+    FILE *input = 0;
+    ssize_t read;
+    char *temp = 0;
+    size_t len;
+
+    input = fopen(hosts_filename, "r");
+    if (input == NULL) {
+        print_error("Error opening input file. (%s)", hosts_filename);
         exit(EXIT_FAILURE);
     }
 
-    if (argc >= 3) {
-        port = atoi(argv[2]);
+    for (int i = 0; (read = getline(&temp, &len, input)) != -1; i++) {
+        strtok(temp, "\n");
+        ret = probe(temp, port);
     }
 
-    ret = probe(argv[1], port);
+    fclose(input);
 
     return 0;
 }