{ "info": { "author": "Peter Adkins", "author_email": "peter.adkins@kernelpicnic.net", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3" ], "description": ".. figure:: https://github.com/darkarnium/kako/raw/master/docs/images/kako.png?raw=true\n :alt: \n\nThis project provides honeypots for a number of well known and deployed\nembedded device vulnerabilities.\n\nThis project is intended for use in cataloging attack sources, droppers\nand payloads. The default configuration will run a given set of\nsimulations and capture information relating to the origin of the\nrequests, the body of the request, and attempt to process and collect\nthe payload - if supported.\n\nDependencies\n------------\n\nThe following Python packages are required for Kako to function\ncorrectly:\n\n- ``click`` - Command-line argument processing.\n- ``boto3`` - Amazon AWS integration.\n- ``requests`` - HTTP request library.\n- ``cerberus`` - Validation of messages and other documents.\n\nOnce these modules are installed, a valid configuration file is\nrequired. See the **Configuration** section for more information.\n\nConfiguration\n-------------\n\nThe configuration for Kako is performed via a YAML document - named\n``kako.yaml`` by default.\n\nOutput\n------\n\nTwo output formats are supported by Kako at this time: AWS SNS, and\nflat-file JSON. The former is intended for environments which may be\npart of a wider distributed deployment, whereas the latter allows for\neasy integration into existing environments which may also collect other\nhoneypot logs from disk via something like Logstash.\n\nFile (JSON)\n~~~~~~~~~~~\n\nGenerates a new JSON document for each captured interaction with the\nhoneypot, this is then appended to a file in the provided destination\ndirectory. Each line of this file should be processed as a new JSON\ndocument, as writing a new file per interaction can quickly yield a\nmassive number of small documents on disk.\n\nAWS SNS\n~~~~~~~\n\nFor use with SNS output, Kako assumes that ``boto3`` is able to\nenumerate credentials to access the configured SNS and S3 resources\nwithout intervention. This may be via ``~/.aws/credentials`` file, IAM\nInstance Profiles (when deployed in AWS), environment variables, or\notherwise.\n\nThere is currently no ability to provide AWS access keys directly.\n\nAWS Configuration\n~~~~~~~~~~~~~~~~~\n\nIn order for Kako to operate properly, an SNS topic should be configured\ninside of AWS. The ARN for this topic will need to be provided as part\nof the Kako configuration, and a set of access-keys with permission to\nPublish to this SNS Topic ARN will be required to be present per the\nabove section ('AWS API'). Further to this, the 'results->topic'\nattribute in the Kako configuration should be set to the ARN for this\nAWS SNS topic.\n\nThe output from the SNS Topic can be configured as desired. However,\nthis has been successfully deployed using SNS to push messages into an\nSQS queue from which an external process consumes messages.\n\nPolicies\n^^^^^^^^\n\nThe following provides an example IAM policy which can be used to create\nand grant a user access to publish to the SNS topic - for use with Kako:\n\n::\n\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sns:Publish\"\n ],\n \"Resource\": [\n \"arn:aws:sns:us-west-2::\"\n ]\n }\n ]\n }\n\nSimulations\n-----------\n\nA number of example simulations can be found in the following\nrepository:\n\n- https://www.github.com/darkarnium/kako-simulations/\n\nServers\n-------\n\nIn order to simplify implementation of a new simulation, a number of\nservers are included. These servers implement the minimum required\nfunctionality to bind sockets, accept connections and read / write to\nthe client.\n\nThe following servers are currently included:\n\n- Telnet\n\n - Accepts any username / password pair for login.\n - Simulates a ``BusyBox`` telnet service with basic shell commands.\n - Records full interaction on disconnect / exit - via ``capture()``.\n\n- HTTP\n\n - Simulates a ``uhttpd`` HTTP service with no routes.\n - Records request on server response - via ``capture()``.\n\n- HTTPS\n\n - The same as HTTP but has an SSL listener though use of\n ``ssl.wrap_socket()``.\n\nThe above servers can also be extended without too much effort to\nimplement required functionality for the given vulnerable service.\n\nInstallation\n~~~~~~~~~~~~\n\nInstallation and configuration of a new simulation can be performed in\nthe following manner:\n\n1. Add a new simulation into the configured simulation directory - with\n a file suffix of ``.yaml``.\n2. Start / Restart Kako.\n3. Done! :)\n\nSSL\n~~~\n\nFor services that require SSL an SSL certificate and private key are\nrequired. These can easily be generated with the following command:\n\n::\n\n openssl req -new -subj '/C=US/ST=California/L=San Jose/O=NETGEAR/OU=Home Consumer Products/CN=www.routerlogin.net' \\\n -x509 -keyout conf/routerlogin.pem -out conf/routerlogin.pem -days 3650 -nodes\n\nFAQ\n---\n\nWhy not X, Y, Z already existing Honeypot project(s)?\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nThis project was primarily developed as a learning exercise :)\n\nIt was developed in response to receiving a number of packet captures\nfrom production networks being probed by machines attempting to exploit\na number of IoT vulnerabilities en masse. Although the captures\ncontained information about the method(s) of infection - such as HTTP\nrequests - the payloads themselves were missing. As a result a number of\nsimulations were built and deployed in a number of regions in order to\ncatalog and retrieve these payloads as well as document the associated\norigins and droppers for later analysis.\n\nThe use of AWS SQS / SNS on the back-end allows for easy deployment and\naggregation of captures back into a central location (ElasticSearch) via\nHTTPS.\n\nAdditional Reading\n------------------\n\n- Example and common Kako simulations\n\n - https://www.github.com/darkarnium/kako-simulations/\n\n- Ogawa project for consuming data from AWS SQS into ElasticSearch.\n\n - https://www.github.com/darkarnium/ogawa/", "description_content_type": null, "docs_url": null, "download_url": "https://github.com/darkarnium/kako/archive/1.0.0.tar.gz", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://www.github.com/darkarnium/kako", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "kako", "package_url": "https://pypi.org/project/kako/", "platform": "", "project_url": "https://pypi.org/project/kako/", "project_urls": { "Download": "https://github.com/darkarnium/kako/archive/1.0.0.tar.gz", "Homepage": "https://www.github.com/darkarnium/kako" }, "release_url": "https://pypi.org/project/kako/1.0.0/", "requires_dist": null, "requires_python": "", "summary": "Manifest driven IoT honeypots", "version": "1.0.0" }, "last_serial": 3478929, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "0b7728e34c78209f037f40b208d9cdec", "sha256": "b3a630b8a1fc126ba05359bb5dae98b1e91b4d038add4a035149e37efd8c9af8" }, "downloads": -1, "filename": "kako-1.0.0.tar.gz", "has_sig": false, "md5_digest": "0b7728e34c78209f037f40b208d9cdec", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16457, "upload_time": "2018-01-10T22:04:25", "url": "https://files.pythonhosted.org/packages/b6/3d/c092c8a27541c24be1639eada4e265f0642051546c0b2422a7391e485945/kako-1.0.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "0b7728e34c78209f037f40b208d9cdec", "sha256": "b3a630b8a1fc126ba05359bb5dae98b1e91b4d038add4a035149e37efd8c9af8" }, "downloads": -1, "filename": "kako-1.0.0.tar.gz", "has_sig": false, "md5_digest": "0b7728e34c78209f037f40b208d9cdec", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16457, "upload_time": "2018-01-10T22:04:25", "url": "https://files.pythonhosted.org/packages/b6/3d/c092c8a27541c24be1639eada4e265f0642051546c0b2422a7391e485945/kako-1.0.0.tar.gz" } ] }