{ "info": { "author": "Steve Henderson", "author_email": "steve.henderson@hendotech.com.au", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Topic :: Internet", "Topic :: Security" ], "description": "netsink\n=======\n\nNetwork sinkhole for isolated malware analysis.\n\n|build_status| |pypi_version|\n\nOverview\n--------\n\n``netsink`` is a network daemon that will bind to any number of configured IP ports \nand provide fake services in an attempt to convince running malware that it has an active\nInternet connection.\n\nGetting Started\n---------------\nInstall using ``pip``: ::\n\n\tpip install netsink\n\nStart the ``netsink`` listeners with the default configuration \n(you will need administrator/root access to bind to privilleged ports): ::\n\n\tsudo netsink\n\nYou should see output similar to the following, showing the bound ports: ::\n\n\t2013-03-03 21:01:02,710 [netsink] INFO: Listener 'http' awaiting TCP activity on port/s [80, 8000, 8080, 8090]\n\t2013-03-03 21:01:02,717 [netsink] INFO: Listener 'https' awaiting SSL activity on port/s [443, 8443]\n\t2013-03-03 21:01:02,726 [netsink] INFO: Listener 'dns' awaiting UDP activity on port/s [53]\n\t2013-03-03 21:01:02,726 [netsink] INFO: Waiting...\n\nTo test, open a browser on the same host and navigate to https://127.0.0.1/testing and \nyou should see a netsink response page.\n\nClient Setup\n------------\nTo be useful a client machine must be forced to redirect their traffic to the services\non the ``netsink`` host. This can be achieved in several ways.\n\n**Static DNS Configuration** \n\n``netsink`` includes a DNS server that will advertise\nitself as the destination for any client DNS requests (or as otherwise configured). \nChange the client's network interface to use the ``netsink`` host's address as its \nDNS server. Also set the Default Gateway to the ``netsink`` host if using ``iptables``\nredirection, to capture direct IP address communication attempts.\n\n**DHCP Configuration** \n\nNot currently provided by the ``netsink`` package, however, if\ninstalling on a unix/linux platform, using the operating system's DHCP server package\ncan be effective (for example ``isc-dhcp-server`` on ubuntu). Set the netsink host\nas the address to be returned for DNS and Default Gateway to the clients. Set the client's\nnetwork interface to obtain an address automatically.\n\nTo test, ensure that any changes have been applied to the client's network interface.\nOn Windows, in a command window: ::\n\n\tipconfig /all\n\nThe netsink host's address should be listed as the DNS server on the applicable network \ninterface. Now open a web browser on the client and navigate to www.google.com you \nshould instead see the netsink response page and the DNS/HTTP requests logged on the server.\n\nGoals\n-----\n\nThe primary project goals are:\n\n* Provide malware with communication end points to assist execution and elicit network traffic.\n* Straight-forward installation. Should work out-of-the-box, with minimal configuration, for most scenarios.\n* Easy configuration and extension. Adding custom services and response handling should be as simple as possible.\n\nFeatures\n--------\n\n* DNS redirection based on simple config file\n* HTTP/HTTPS serving of static files based on url regexes\n* Imitate known external IP address lookup sites (thanks to `ipgetter`_ for the compiled list)\n* IRC service to capture connect and channel joins, etc.\n* SMTP/ESMTP server including AUTH and STARTTLS support\n* FTP server support\n* Listening port ranges easily configurable and separate from the modules that handle the traffic. \n* Automatic connection redirection for platforms that support ``iptables``\n* Generic port listener that can dispatch to other modules via packet inspection\n\nPlanned Additions:\n\n* Internal DHCP server to auto configure clients\n* Expand available fake services to include POP3, IMAP, TFTP, etc.\n* Pluggable fake C2 servers\n* Better documentation\n\nIssues\n------\n\nSource code for ``netsink`` is hosted on `GitHub`_. Any bug reports or feature\nrequests can be made using GitHub's `issues system`_.\n\n.. _GitHub: https://github.com/shendo/netsink\n.. _issues system: https://github.com/shendo/netsink/issues\n.. _ipgetter: https://github.com/phoemur/ipgetter\n\n.. |build_status| image:: https://secure.travis-ci.org/shendo/netsink.png?branch=master\n :target: https://travis-ci.org/shendo/netsink\n :alt: Current build status\n\n.. |pypi_version| image:: https://pypip.in/v/netsink/badge.png\n :target: https://pypi.python.org/pypi/netsink\n :alt: Latest PyPI version", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/shendo/netsink", "keywords": null, "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "netsink", "package_url": "https://pypi.org/project/netsink/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/netsink/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/shendo/netsink" }, "release_url": "https://pypi.org/project/netsink/0.5/", "requires_dist": null, "requires_python": null, "summary": "Network Sinkhole for Isolated Malware Analysis", "version": "0.5" }, "last_serial": 1333775, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "5972b1560bd3143aba87955e9af34725", "sha256": "5cfa58284d51f1491dc3cea7b32c9f1a45c54897d6bacf396763b28eb30acb72" }, "downloads": -1, "filename": "netsink-0.1.tar.gz", "has_sig": false, "md5_digest": "5972b1560bd3143aba87955e9af34725", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22107, "upload_time": "2013-03-03T12:43:03", "url": "https://files.pythonhosted.org/packages/ab/e5/287ca9f922b15fd5708ef77fce811e3f76a8dbb289d8c8bcb674378cc453/netsink-0.1.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "42d5d18d6cde2092eedd7c0a06801fef", "sha256": "26c55f7d18a8ee57c4ae2123267a416f2604cd5dae51350e103a3045321d5e2c" }, "downloads": -1, "filename": "netsink-0.2-py2-none-any.whl", "has_sig": false, "md5_digest": "42d5d18d6cde2092eedd7c0a06801fef", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 28571, "upload_time": "2014-08-16T01:38:00", "url": "https://files.pythonhosted.org/packages/49/51/935a6bb4c3df9ba268d9befe051c8f3ed9c6c4b105ee97e8615080aee624/netsink-0.2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e4fb6497ac2379ab721aefc66ac43061", "sha256": "1afede8e3aca38a062b993cf86de0f37ad6b33ba10fcba423956bc27ee4184ac" }, "downloads": -1, "filename": "netsink-0.2.tar.gz", "has_sig": false, "md5_digest": "e4fb6497ac2379ab721aefc66ac43061", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 28050, "upload_time": "2014-08-16T01:37:57", "url": "https://files.pythonhosted.org/packages/d9/f4/e37bc042280f34c804bb91ef8bf26ccc4c31ffdb49ee2461ab123ffaa72a/netsink-0.2.tar.gz" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "d23703ff9c040ad7096f55b1579522b4", "sha256": "836fc6f747c821d0901cf6611d28b5566730fa046e5db96151e8acb9772152fe" }, "downloads": -1, "filename": "netsink-0.3-py2-none-any.whl", "has_sig": false, "md5_digest": "d23703ff9c040ad7096f55b1579522b4", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 30058, "upload_time": "2014-08-17T02:58:11", "url": "https://files.pythonhosted.org/packages/da/1f/0ece9b600da82215af362df573c325646651c4f305e47d099f5bd2db469d/netsink-0.3-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8e792ef05ec0c9d13315ad60a7087976", "sha256": "e6ad3737bf21770cbcafa03d99c1c797618363c6b71ee6dc416f66c73323898a" }, "downloads": -1, "filename": "netsink-0.3.tar.gz", "has_sig": false, "md5_digest": "8e792ef05ec0c9d13315ad60a7087976", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 30918, "upload_time": "2014-08-17T02:58:08", "url": "https://files.pythonhosted.org/packages/5b/d9/682670b2603d5803ecb74951d5f225a5cd721235be84177c82553ecdb167/netsink-0.3.tar.gz" } ], "0.4": [ { "comment_text": "", "digests": { "md5": "e04c0767cb3949240b5715bbf1f7a382", "sha256": "9b0534f2a718c3f0622619c61673470eabecbb01d3a907b17554c37a766bd25e" }, "downloads": -1, "filename": "netsink-0.4-py2-none-any.whl", "has_sig": false, "md5_digest": "e04c0767cb3949240b5715bbf1f7a382", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 33543, "upload_time": "2014-08-31T12:40:27", "url": "https://files.pythonhosted.org/packages/ea/55/5169d340d7c78f00e62217a2488ecbea4086c3af423c28feb1cb78005d92/netsink-0.4-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "6b9883be267fae747ae826c51400638b", "sha256": "0c2529fa0d4ecd779d4eb57f95ec6045406c3f9461382ca1cb7f651d951199f5" }, "downloads": -1, "filename": "netsink-0.4.tar.gz", "has_sig": false, "md5_digest": "6b9883be267fae747ae826c51400638b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32276, "upload_time": "2014-08-31T12:40:20", "url": "https://files.pythonhosted.org/packages/06/57/0e276eb1b11b2a2ba05864e1bfb4f3b76bac66615256b09d09d08a5b4fde/netsink-0.4.tar.gz" } ], "0.5": [ { "comment_text": "", "digests": { "md5": "99c183ab2a4a4529fcdcefedc2849790", "sha256": "6b74984f8732db82c3357d6e618c93ec535346c6d73ae3cbcadbb331d8eeedaf" }, "downloads": -1, "filename": "netsink-0.5-py2-none-any.whl", "has_sig": false, "md5_digest": "99c183ab2a4a4529fcdcefedc2849790", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 33804, "upload_time": "2014-12-07T01:06:50", "url": "https://files.pythonhosted.org/packages/c2/10/e5b74a6ac4fcdf0017ef28b3bf4e81ea789f901bc93509776d2b543ea3e3/netsink-0.5-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3e9f24d389ce14189a4a7f59dfd99f63", "sha256": "919a174b8f9bb37a89ddd5edc4d5454e7dcb44af0cafc95207d53febf1994e9b" }, "downloads": -1, "filename": "netsink-0.5.tar.gz", "has_sig": false, "md5_digest": "3e9f24d389ce14189a4a7f59dfd99f63", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32254, "upload_time": "2014-12-07T01:06:47", "url": "https://files.pythonhosted.org/packages/04/59/acea564533e3c1c4a56782f072e239c9e1afcf2eeebbfe4c6b8e259e4390/netsink-0.5.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "99c183ab2a4a4529fcdcefedc2849790", "sha256": "6b74984f8732db82c3357d6e618c93ec535346c6d73ae3cbcadbb331d8eeedaf" }, "downloads": -1, "filename": "netsink-0.5-py2-none-any.whl", "has_sig": false, "md5_digest": "99c183ab2a4a4529fcdcefedc2849790", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 33804, "upload_time": "2014-12-07T01:06:50", "url": "https://files.pythonhosted.org/packages/c2/10/e5b74a6ac4fcdf0017ef28b3bf4e81ea789f901bc93509776d2b543ea3e3/netsink-0.5-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3e9f24d389ce14189a4a7f59dfd99f63", "sha256": "919a174b8f9bb37a89ddd5edc4d5454e7dcb44af0cafc95207d53febf1994e9b" }, "downloads": -1, "filename": "netsink-0.5.tar.gz", "has_sig": false, "md5_digest": "3e9f24d389ce14189a4a7f59dfd99f63", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 32254, "upload_time": "2014-12-07T01:06:47", "url": "https://files.pythonhosted.org/packages/04/59/acea564533e3c1c4a56782f072e239c9e1afcf2eeebbfe4c6b8e259e4390/netsink-0.5.tar.gz" } ] }