Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- """
- Simple skeleton for a honeypot targeting PHP Injection attacks. Use/change as you see fit, try to at least give some cred if you find it useful. :)
- Requries: MongoDB, pymongo, bottle
- Author: @tehsyntx
- thembits.blogspot.com
- """
- from bottle import run, route, error, response, request
- import datetime
- import simplejson
- import pymongo
- import os
- import base64
- WORKDIR = '/honeydata/'
- @error(400)
- def badreq(error):
- response.status = 200
- return ''
- @error(404)
- def notfound(error):
- response.status = 200
- ip = request['REMOTE_ADDR']
- hlog = pymongo.Connection().honey.http
- if request.method == 'POST':
- pdata = request.body.read()
- resp = 'POST %s HTTP/1.1\n' % request.path
- for key in request.headers.keys():
- resp += '%s : %s\n' % (key, request.headers[key])
- resp += '\n'
- resp += '%s\n' % pdata
- idata = base64.b64encode(resp)
- hlog.insert({ "honeysrc" : "honeypot_name", # Change to for example your hostname
- "src" : ip,
- "method" : "POST",
- "time" : str(datetime.datetime.utcnow())[:-7],
- "data" : idata})
- response.headers['Server'] = 'Apache'
- return ''
- elif request.method == 'GET' and 'http:' in request.path:
- try:
- resp = 'GET %s HTTP/1.1\n' % request.path
- for key in request.headers.keys():
- resp += '%s: %s\n' % (key, request.headers[key])
- idata = base64.b64encode(resp)
- hlog.insert({ "honeysrc" : "honeypot_name", # Change to for example your hostname
- "src" : ip,
- "method" : "GET",
- "time" : str(datetime.datetime.utcnow())[:-7],
- "data" : idata})
- response.headers['Server'] = 'Apache'
- except:
- return str(e)
- # Return content of injected file (Google is often used to verify vulnerability before injecting)
- if 'google' in request.path and 'humans' in request.path:
- return open('%shumans.txt' % WORKDIR, 'r').read()
- else:
- response.headers['Server'] = 'Apache'
- return ''
- @route('/')
- def root():
- response.headers['Server'] = 'Apache'
- return '' # Change to return some real page for more "realistic" look.
- run(host='10.10.10.10', port=8080) # Make sure to change IP (..and port)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement