HoneyPy activează un port și dă ban pe IP oricui încearcă să se conecteze la el.
#!/usr/bin/env python
import socket, os, sys, getopt
from struct import *
print "\033[95m /\\ /\\/ __\\"
print " / /_/ / / Honeypy - A HoneyPot for port scans"
print "/ __ / /"
print "\\/ /_/\\____/ \033[0m"
print "Usage: ./honeypy -p 1337\n"
if not os.geteuid() == 0:
sys.exit('\033[91mScript must be run as root\033[0m')
ops, args = getopt.getopt(sys.argv[1:],"p:h:l:")
h,p,noblock = '', 5000, False
for o, a in ops:
if o == '-h':
h = a
if o == '-p':
p = int(a)
if o == '-l':
noblock = True
ls, s = socket.socket(socket.AF_INET, socket.SOCK_STREAM), socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
ls.bind((h, p))
print '\033[92mStarted on listening on port \033[0m' + str(p)
ls.listen(5)
while 1:
packet = s.recvfrom(500)
packet = packet[0]
iph = packet[0:20]
iph = unpack('!BBHHHBBH4s4s' , iph)
version = iph[0] >> 4
ihl = iph[0] & 0xF
iph_length = ihl * 4
s_addr,d_addr = socket.inet_ntoa(iph[8]), socket.inet_ntoa(iph[9]);
tcp_header = packet[iph_length:iph_length+20]
tcph = unpack('!HHLLBBHHH' , tcp_header)
dest_port,length = tcph[1], tcph[4] >> 4
if (str(dest_port) == str(p)):
print '\033[93mINDAVER DETECTED:\033[0m ', str(s_addr)
if (noblock == False):
print 'Blocking IP...'
os.system("iptables -A INPUT -s " + str(s_addr) + " -j DROP")