From df3490f0c7a9d11ec8795cc7185ff25b57f2b525 Mon Sep 17 00:00:00 2001 From: Raven Scott Date: Wed, 10 Jul 2024 05:52:41 -0400 Subject: [PATCH] first commit --- client.js | 195 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ server.js | 60 +++++++++++++++++ 2 files changed, 255 insertions(+) create mode 100644 client.js create mode 100644 server.js diff --git a/client.js b/client.js new file mode 100644 index 0000000..62f4865 --- /dev/null +++ b/client.js @@ -0,0 +1,195 @@ +const node = require('hyper-ipc-secure')(); +const crypto = require('hypercore-crypto'); +const fs = require('fs'); +const { exec } = require('child_process'); +const net = require('net'); +const http = require('http'); +const ftpd = require('ftpd'); +const TelnetServer = require('telnet'); +const smtpServer = require('smtp-server').SMTPServer; +const dns = require('native-dns'); + +// Generate key pair and save to file if it doesn't exist +if (!fs.existsSync('kp.json')) { + const kp = crypto.keyPair(); + fs.writeFileSync('kp.json', JSON.stringify({ + publicKey: kp.publicKey.toString('hex'), + secretKey: kp.secretKey.toString('hex') + })); +} + +const kp = JSON.parse(fs.readFileSync('kp.json')); +kp.publicKey = Buffer.from(kp.publicKey, 'hex'); +kp.secretKey = Buffer.from(kp.secretKey, 'hex'); +// Server public key (should be securely shared or known) +const serverPublicKey = '7c5b0b674e1af93a4df37a86ebc2cd58666c45fb46a78bbd02f198bbcf345f4c'; // Ensure this matches the server public key + +// Register client with the server +async function registerClient() { + try { + console.log('Attempting to register client...'); + console.log(`Server public key: ${serverPublicKey}`); + console.log(`Client public key: ${kp.publicKey.toString('hex')}`); + + const result = await node.run(Buffer.from(serverPublicKey, 'hex'), 'register.client', { publicKey: kp.publicKey.toString('hex') }); + console.log('Client registered with the server'); + console.log(result); + } catch (e) { + console.error('Failed to register client:', e.message); + } +} + +// Simulate honeypots and report attacks +function setupHoneypots() { + // SSH Honeypot + const sshServer = net.createServer((socket) => { + const attackerIP = socket.remoteAddress; + const timestamp = new Date(); + console.log(`SSH attack detected from IP: ${attackerIP}`); + reportAttack({ + service: 'SSH', + ip: attackerIP, + timestamp, + data: 'SSH connection attempt' + }); + socket.end(); + }).listen(2222, () => console.log('SSH Honeypot running on port 2222')); + + // HTTP Honeypot + const httpServer = http.createServer((req, res) => { + const attackerIP = req.connection.remoteAddress; + const timestamp = new Date(); + console.log(`HTTP attack detected from IP: ${attackerIP}`); + reportAttack({ + service: 'HTTP', + ip: attackerIP, + timestamp, + data: `HTTP request: ${req.method} ${req.url}` + }); + res.end('Honeypot'); + }).listen(88, () => console.log('HTTP Honeypot running on port 88')); + + // FTP Honeypot + const ftpServer = new ftpd.FtpServer('0.0.0.0', { + getInitialCwd: () => '/', + getRoot: () => '/' + }); + ftpServer.on('client:connected', (connection) => { + const attackerIP = connection.socket.remoteAddress; + const timestamp = new Date(); + console.log(`FTP attack detected from IP: ${attackerIP}`); + reportAttack({ + service: 'FTP', + ip: attackerIP, + timestamp, + data: 'FTP connection attempt' + }); + }); + ftpServer.listen(21); + console.log('FTP Honeypot running on port 21'); + + // Telnet Honeypot + const telnetServer = new TelnetServer({ shellPrompt: '/ # ' }); + telnetServer.on('client', (client) => { + const attackerIP = client.socket.remoteAddress; + const timestamp = new Date(); + console.log(`Telnet attack detected from IP: ${attackerIP}`); + reportAttack({ + service: 'Telnet', + ip: attackerIP, + timestamp, + data: 'Telnet connection attempt' + }); + client.on('data', (data) => { + console.log(`Received Telnet data: ${data.toString()}`); + reportAttack({ + service: 'Telnet', + ip: attackerIP, + timestamp: new Date(), + data: `Telnet data: ${data.toString()}` + }); + }); + client.end(); + }); + telnetServer.listen(23); + console.log('Telnet Honeypot running on port 23'); + + // SMTP Honeypot + const smtp = new smtpServer({ + onData(stream, session, callback) { + let emailData = ''; + stream.on('data', (chunk) => { + emailData += chunk; + }); + stream.on('end', () => { + const attackerIP = session.remoteAddress; + const timestamp = new Date(); + console.log(`SMTP attack detected from IP: ${attackerIP}`); + reportAttack({ + service: 'SMTP', + ip: attackerIP, + timestamp, + data: `SMTP data: ${emailData}` + }); + callback(); + }); + } + }); + smtp.listen(25, () => console.log('SMTP Honeypot running on port 25')); + + // DNS Honeypot + const dnsServer = dns.createServer(); + dnsServer.on('request', (request, response) => { + const attackerIP = request.address.address; + const timestamp = new Date(); + console.log(`DNS attack detected from IP: ${attackerIP}`); + reportAttack({ + service: 'DNS', + ip: attackerIP, + timestamp, + data: `DNS request: ${request.question[0].name}` + }); + response.answer.push(dns.A({ + name: request.question[0].name, + address: '127.0.0.1', + ttl: 600, + })); + response.send(); + }); + dnsServer.serve(53); + console.log('DNS Honeypot running on port 53'); +} + +// Report attack to the server +async function reportAttack(details) { + try { + console.log(`Reporting attack: ${JSON.stringify(details)}`); + const result = await node.run(Buffer.from(serverPublicKey, 'hex'), 'report.attack', { details }); + console.log('Reported attack to server:', result); + } catch (e) { + console.error('Failed to report attack:', e.message); + } +} + +// Define ban IP service +node.serve(kp, 'ban.ip', async (args) => { + const ipToBan = args.ip; + console.log(`Received ban command for IP: ${ipToBan}`); + exec(`csf -d ${ipToBan}`, (error, stdout, stderr) => { + if (error) { + console.error(`Error executing ban command: ${error.message}`); + return; + } + if (stderr) { + console.error(`Command stderr: ${stderr}`); + return; + } + console.log(`Ban command executed: ${stdout}`); + }); + return { status: 'banned', ip: ipToBan }; +}); + +// Start the client +console.log('Client is running...'); +registerClient(); +setupHoneypots(); \ No newline at end of file diff --git a/server.js b/server.js new file mode 100644 index 0000000..a9f4c46 --- /dev/null +++ b/server.js @@ -0,0 +1,60 @@ +const node = require('hyper-ipc-secure')(); +const crypto = require('hypercore-crypto'); +const fs = require('fs'); + +// Generate key pair and save to file if it doesn't exist +if (!fs.existsSync('kp.json')) { + const kp = crypto.keyPair(); + fs.writeFileSync('kp.json', JSON.stringify({ + publicKey: kp.publicKey.toString('hex'), + secretKey: kp.secretKey.toString('hex') + })); +} + +// Read key pair from file +const kp = JSON.parse(fs.readFileSync('kp.json')); +kp.publicKey = Buffer.from(kp.publicKey, 'hex'); +kp.secretKey = Buffer.from(kp.secretKey, 'hex'); + +// Store clients +let clients = []; + +// Function to extract IPv4 address from potential IPv6 format +function extractIPv4(ip) { + const ipv4Match = ip.match(/(\d{1,3}\.){3}\d{1,3}/); + return ipv4Match ? ipv4Match[0] : ip; +} + +// Define services +node.serve(kp, 'report.attack', async (args) => { + const attackDetails = args.details; + console.log(`Received attack report from client. Details: ${JSON.stringify(attackDetails, null, 2)}`); + + // Extract and use IPv4 address + const attackerIP = extractIPv4(attackDetails.ip); + for (const client of clients) { + try { + await node.run(client, 'ban.ip', { ip: attackerIP }); + console.log(`Sent ban command to client for IP: ${attackerIP}`); + } catch (e) { + console.error(`Failed to send ban command to client: ${e.message}`); + } + } + return { status: 'ban commands sent' }; +}); + +node.serve(kp, 'register.client', async (args) => { + try { + console.log('Received register client request:', args); + const clientPublicKey = Buffer.from(args.publicKey, 'hex'); + clients.push(clientPublicKey); + console.log(`Client registered: ${args.publicKey}`); + return { status: 'registered' }; + } catch (e) { + console.error('Failed to register client:', e.message); + return { status: 'error', message: e.message }; + } +}); + +// Start the server +// Add server start logic if required \ No newline at end of file