-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfig.default.js
46 lines (37 loc) · 1.46 KB
/
config.default.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
const request = require('request');
const lookupcache = {};
module.exports = {
// SSH port
port : 22,
// Output file
outputfile : './honey.txt',
// Private key file
privatekey : './key',
// Slack webhook
slackwebhook : undefined,
// Slack message format
slackformatter : sshcli => `*SSH honeypot*\n> Username : *${sshcli.username}*\n> Password : *${sshcli.password}*\n> IP : *${sshcli.ip}*\n> Location : *${sshcli.location}*\n\n*Command executed*\n\`\`\` ${sshcli.command || "No command was sent."} \`\`\``,
// IP reverse lookup procedure
iplookup : (ip, sendback) => {
// Only supports v4 for now, terrible string split for now
const v4ip = ip.split(':').pop();
lookupcache[v4ip] ? sendback(lookupcache[v4ip]) : request('https://tools.keycdn.com/geo.json?host=' + v4ip, { json : true }, (err, r, json) => {
const country = json && json.data && json.data.geo && json.data.geo.country_name;
lookupcache[v4ip] = country;
sendback(err, country);
});
},
// Custom responses
responses : [
{
"strategy" : "includes",
"command" : `cat /proc/cpuinfo | grep name | wc -l`,
"response" : "32"
},
{
"strategy" : "includes",
"command" : `/etc/passwd`,
"response" : "root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin"
}
]
};