The web management platform of honeypot
License: BSD 3-Clause "New" or "Revised" License
Tornado+Vue+Mysql+APScheduler+Nginx+Supervisor
可以选择通过脚本自动化安装,也可以选择手工安装。
Thinkst Applied Research
天使用户群和开源贡献者:
@Weiho @kafka @Pa5sw0rd @Cotton @Aa.Kay @冷白开 @YongShao @Lemon
在使用过程当中出现任何问题,请点击这里反馈
centos7 最小化安装需要增加以下两个:
yum install gcc
python -m pip install --upgrade setuptools
之前配置过域名登录 之后就?域名撤了就拉了库里了?登录不上去后台 不想重新安装想解决问题!
多个agent 怎么显示不出来,总只看到一个。。
你好:
其他启动日志显示添加成功, 但是ssh这个报了图里的错误, 麻烦帮忙看一下, 是不是缺少什么依赖, 具体版本是多少, 谢谢
[root@opencancry-web ~]# opencanaryd --start
** We hope you enjoy using OpenCanary. For more open source Canary goodness, head over to canarytokens.org. **
** The honeypot is supported by http://pirogue.org . **
[-] Failed to open opencanary.conf for reading ([Errno 2] No such file or directory: 'opencanary.conf')
[-] Using config file: /root/.opencanary.conf
Unhandled Error
Traceback (most recent call last):
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 642, in run
runApp(config)
File "/usr/lib64/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp
_SomeApplicationRunner(config).run()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 376, in run
self.application = self.createOrGetApplication()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication
application = getApplication(self.config, passphrase)
--- ---
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication
application = service.loadApplication(filename, style, passphrase)
File "/usr/lib64/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication
application = sob.loadValueFromFile(filename, 'application', passphrase)
File "/usr/lib64/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile
exec fileObj in d, d
File "/usr/bin/opencanary.tac", line 37, in
from opencanary.modules.rdp import CanaryRDP
File "/usr/lib/python2.7/site-packages/opencanary/modules/rdp.py", line 5, in
from rdpy.protocol.rdp.rdp import RDPServerObserver
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/rdp.py", line 30, in
import tpkt, x224, sec
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/sec.py", line 25, in
import lic, tpkt
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/lic.py", line 29, in
from t125 import gcc
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/t125/gcc.py", line 27, in
import per, mcs
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/t125/mcs.py", line 34, in
import rdpy.security.rsa_wrapper as rsa
File "/usr/lib64/python2.7/site-packages/rdpy/security/rsa_wrapper.py", line 24, in
import rsa
File "/usr/lib/python2.7/site-packages/rsa/init.py", line 24, in
from rsa.key import newkeys, PrivateKey, PublicKey
exceptions.SyntaxError: Non-ASCII character '\xc3' in file /usr/lib/python2.7/site-packages/rsa/key.py on line 1, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details (key.py, line 1)
Failed to load application: Non-ASCII character '\xc3' in file /usr/lib/python2.7/site-packages/rsa/key.py on line 1, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details (key.py, line 1)
现象:
web后台会通过supervisor启动4个web8000、8001、8002、8003,因为我将jwt改成了随机secret_key,所以这4个进程的随机secret_key都是不同的,导致nginx反代他们的时候,登录生成的token打到后台的某个web进程可能不是用当时登录secret_key生成的那个进程,结果认证失败。
解决:
现代码和部署脚本、部署说明都已经更新。
主要改动在supervisor配置文件,把配置文件内容启动的4个web后台进程改为启动1个web后台就可以了。
Downloading pip-20.2.1-py2.py3-none-any.whl (1.5 MB)
|▏ | 10 kB 4.6 kB/s eta 0:05:22ERROR: Exception:
Traceback (most recent call last):
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/cli/base_command.py", line 216, in _main
status = self.run(options, args)
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/cli/req_command.py", line 182, in wrapper
return func(self, options, args)
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/commands/install.py", line 325, in run
reqs, check_supported_wheels=not options.target_dir
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/resolution/legacy/resolver.py", line 183, in resolve
discovered_reqs.extend(self._resolve_one(requirement_set, req))
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/resolution/legacy/resolver.py", line 388, in _resolve_one
abstract_dist = self._get_abstract_dist_for(req_to_install)
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/resolution/legacy/resolver.py", line 340, in _get_abstract_dist_for
abstract_dist = self.preparer.prepare_linked_requirement(req)
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/operations/prepare.py", line 469, in prepare_linked_requirement
hashes=self._get_linked_req_hashes(req)
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/operations/prepare.py", line 259, in unpack_url
hashes=hashes,
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/operations/prepare.py", line 130, in get_http_url
link, downloader, temp_dir.path, hashes
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/operations/prepare.py", line 282, in _download_http_url
for chunk in download.chunks:
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/cli/progress_bars.py", line 168, in iter
for x in it:
File "/tmp/tmp1VM5Es/pip.zip/pip/_internal/network/utils.py", line 88, in response_chunks
decode_content=False,
File "/tmp/tmp1VM5Es/pip.zip/pip/_vendor/urllib3/response.py", line 576, in stream
data = self.read(amt=amt, decode_content=decode_content)
File "/tmp/tmp1VM5Es/pip.zip/pip/_vendor/urllib3/response.py", line 541, in read
raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
File "/usr/lib64/python2.7/contextlib.py", line 35, in exit
self.gen.throw(type, value, traceback)
File "/tmp/tmp1VM5Es/pip.zip/pip/_vendor/urllib3/response.py", line 451, in _error_catcher
raise ReadTimeoutError(self._pool, None, "Read timed out.")
ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Read timed out.
/usr/bin/python: No module named pip
################pip is installed############
############正在同步最新版本opencanary_web,并且安装第三方依赖包##########
Cloning into '/usr/local/src/opencanary_web'...
remote: Enumerating objects: 144, done.
remote: Counting objects: 100% (144/144), done.
remote: Compressing objects: 100% (110/110), done.
Receiving objects: 13% (163/1247), 44.01 KiB | 1024 bytes/s
大佬您好 看安装介绍适用于centos7 + python2 ,centos 8 + python 3可以安装吗?谢谢
。
ERROR: Command errored out with exit status 1:
command: /usr/bin/python2 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-81OZ0X/simplejson/setup.py'"'"'; file='"'"'/tmp/pip-install-81OZ0X/simplejson/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-81OZ0X/simplejson/pip-egg-info
cwd: /tmp/pip-install-81OZ0X/simplejson/
Complete output (19 lines):
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-install-81OZ0X/simplejson/setup.py", line 116, in
run_setup(not IS_PYPY)
File "/tmp/pip-install-81OZ0X/simplejson/setup.py", line 113, in run_setup
**kw)
File "/usr/lib64/python2.7/distutils/core.py", line 112, in setup
_setup_distribution = dist = klass(attrs)
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 269, in init
_Distribution.init(self,attrs)
File "/usr/lib64/python2.7/distutils/dist.py", line 287, in init
self.finalize_options()
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 302, in finalize_options
ep.load()(self, ep.name, value)
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2341, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2351, in resolve
raise ImportError(str(exc))
ImportError: 'module' object has no attribute 'check_specifier'
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
请问大佬一下后台smtp设置均已完成后仍无法正常发送邮件告警。是需要特定攻击触发,还是攻击列表中存在的攻击行为就会发送呢?
自己有一个web服务,比如phpmyadmin,如何在phpmyadmin上部署探针,可以让web端可以监控到有谁对 phpmyadmin进行攻击呢?
建议加一个攻击列表过滤功能,放外网之后一下就几万页看不完的。
执行启动客户端的命令时报错。我是将客户端和服务端装到同一台机器上了。帮忙看看是什么问题
root@opencanary_web:~ # opencanaryd --start
** We hope you enjoy using OpenCanary. For more open source Canary goodness, head over to canarytokens.org. **
** The honeypot is supported by http://pirogue.org . **
[-] Failed to open opencanary.conf for reading ([Errno 2] No such file or directory: 'opencanary.conf')
[-] Using config file: /root/.opencanary.conf
Unhandled Error
Traceback (most recent call last):
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 642, in run
runApp(config)
File "/usr/lib64/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp
_SomeApplicationRunner(config).run()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 376, in run
self.application = self.createOrGetApplication()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication
application = getApplication(self.config, passphrase)
--- <exception caught here> ---
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication
application = service.loadApplication(filename, style, passphrase)
File "/usr/lib64/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication
application = sob.loadValueFromFile(filename, 'application', passphrase)
File "/usr/lib64/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile
exec fileObj in d, d
File "/usr/bin/opencanary.tac", line 37, in <module>
from opencanary.modules.rdp import CanaryRDP
File "/usr/lib/python2.7/site-packages/opencanary/modules/rdp.py", line 5, in <module>
from rdpy.protocol.rdp.rdp import RDPServerObserver
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/rdp.py", line 30, in <module>
import tpkt, x224, sec
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/sec.py", line 25, in <module>
import lic, tpkt
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/lic.py", line 29, in <module>
from t125 import gcc
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/t125/gcc.py", line 27, in <module>
import per, mcs
File "/usr/lib64/python2.7/site-packages/rdpy/protocol/rdp/t125/mcs.py", line 34, in <module>
import rdpy.security.rsa_wrapper as rsa
File "/usr/lib64/python2.7/site-packages/rdpy/security/rsa_wrapper.py", line 24, in <module>
import rsa
File "/usr/lib/python2.7/site-packages/rsa/__init__.py", line 24, in <module>
from rsa.key import newkeys, PrivateKey, PublicKey
exceptions.SyntaxError: invalid syntax (key.py, line 54)
Failed to load application: invalid syntax (key.py, line 54)
执行 pip install opencanary-0.4.tar.gz 语句报错, python使用的是2.7.5版本
`[root@Opencanary-Server ~]# systemctl status supervisord.service
● supervisord.service - Supervisor daemon
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since 二 2019-04-16 14:41:39 CST; 7s ago
Process: 27074 ExecStart=/usr/bin/supervisord -c /etc/supervisord.conf (code=exited, status=2)
4月 16 14:41:39 Opencanary-Server systemd[1]: Failed to start Supervisor daemon.
4月 16 14:41:39 Opencanary-Server systemd[1]: Unit supervisord.service entered failed state.
4月 16 14:41:39 Opencanary-Server systemd[1]: supervisord.service failed.`
supervisord 服务无法启动,检查发现可能是和supervisor的新版本不兼容造成的
http://www.supervisord.org/changes.html
卸载新版的supervisor,并安装旧版supervisor后,服务可以正常启动
pip uninstall supervisor
rm /etc/supervisord.conf
pip install supervisor==3.3.5
echo_supervisord_conf >/etc/supervisord.conf
systemctl restart supervisord.service
但web页面仍然打不开
Are Updating is planning? or project is dead?
Tornado JWT Auth is not working((((
自动安装完后出现,访问服务器端,出现502错误
自动脚本安装
启动502
排查
No such file or directory: '/usr/local/src/opencanary_web/logs/app.log'
需要创建logs/app.log
mkdir logs
touch app.log
[1] 13457
● supervisord.service - Process Monitoring and Control Daemon
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-01-09 11:16:34 CST; 5min ago
Process: 13100 ExecStart=/usr/bin/supervisord -c /etc/supervisord.conf (code=exited, status=2)
-- The result is failed.
Jan 09 11:16:34 localhost.localdomain systemd[1]: Unit supervisord.service entered failed state.
Jan 09 11:16:34 localhost.localdomain systemd[1]: supervisord.service failed.
Jan 09 11:16:34 localhost.localdomain polkitd[5431]: Unregistered Authentication Agent for unix-proc
请问一下supervisord.service启动失败如何解决?
Failed to create log directory
显示502
supervisord.service: control process exited, code=exited status=203
Failed to start Supervisor daemon.
Unit supervisord.service entered failed state.
supervisord.service failed.
我把客户端和服务端安装到一台虚拟机,同时服务端开启80端口做监听,修改了配置文件中的http协议的端口,手动访问21和http协议端口没有生成对应的攻击日志
安装完客户端显示安装成功,但是服务端看不到客户端
为什么要将.DS_Store和.pyc一起上传...个人认为应该add .gitignore...
[root@itzx-xxaq-lijiabin ~]# opencanaryd --copyconfig
cp: 无法获取"/usr/lib/python2.7/site-packages/opencanary/data/settings.json" 的文件状态(stat): 没有那个文件或目录
[*] A sample config file is ready (/root/.opencanary.conf)
[*] Edit your configuration, then launch with "opencanaryd --start"
Traceback (most recent call last):
File "server.py", line 17, in <module>
from url import url
File "/Users/xuerui/gitrepository/opencanary_web/url.py", line 10, in <module>
from handlers import login, hello
File "/Users/xuerui/gitrepository/opencanary_web/handlers/login.py", line 13, in <module>
import jwt
File "/opt/anaconda3/envs/test2py2.7/lib/python2.7/site-packages/jwt/__init__.py", line 17, in <module>
from .jwk import (
File "/opt/anaconda3/envs/test2py2.7/lib/python2.7/site-packages/jwt/jwk.py", line 60
def is_sign_key(self) -> bool:
^
SyntaxError: invalid syntax
在网上查找,可能是和jwt版本有关?我的jwt版本是0.5.2
Traceback (most recent call last):
File "server.py", line 14, in <module>
from util.task import sched, host_scheduler, check_scheduler
File "/Users/xuerui/gitrepository/opencanary_web/util/task.py", line 12, in <module>
from service.hostservice import hostonline
File "/Users/xuerui/gitrepository/opencanary_web/service/hostservice.py", line 33
print datetime.datetime.now()
^
SyntaxError: invalid syntax
语法有问题,请问还会继续更新吗
不确定是不是我使用问题,部署后,遇到攻击,首页内容不会更新。
First I can login the web successfuly 。But I can't access the web by same username , password and brower.In the meantime there is no changes in the server.Please help urgengtly.
The error is below:
[root@xxx ~]# tailf /usr/local/src/opencanary_web/logs/app.log
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1177, in _execute_context
conn = self._revalidate_connection()
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 463, in _revalidate_connection
"Can't reconnect until invalid "
StatementError: (sqlalchemy.exc.InvalidRequestError) Can't reconnect until invalid transaction is rolled back
[SQL: SELECT User.id AS User_id, User.username AS User_username, User.password AS User_password, User.create_time AS User_create_time
FROM User
WHERE User.username = %(username_1)s AND User.password = %(password_1)s]
[parameters: [{}]]
500 POST /auth/ (127.0.0.1) 5.18ms
[root@xxx]# tailf /var/log/mysqld.log
2020-01-19T04:59:45.327767Z 0 [Note] Skipping generation of SSL certificates as certificate files are present in data directory.
2020-01-19T04:59:45.328534Z 0 [Warning] CA certificate ca.pem is self signed.
2020-01-19T04:59:45.328598Z 0 [Note] Skipping generation of RSA key pair as key files are present in data directory.
2020-01-19T04:59:45.329065Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2020-01-19T04:59:45.329110Z 0 [Note] IPv6 is available.
2020-01-19T04:59:45.329123Z 0 [Note] - '::' resolves to '::';
2020-01-19T04:59:45.329142Z 0 [Note] Server socket created on IP: '::'.
2020-01-19T04:59:45.338876Z 0 [Note] Event Scheduler: Loaded 0 events
2020-01-19T04:59:45.339041Z 0 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.7.29' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL)
RT
web添加白名单ip后提交配置不生效,刷新或下次登录查看白名单ip依然是旧的信息
一直想找一个蜜罐,大部分的蜜罐平台在国内装不上去,期待这个项目继续更新!
我在测试tftp服务的时候,没有产生攻击日志,也没有在/var/tmp/opencanary.log这个文件里生成日志。
这个有没有python3版本的哇
[root@localhost ~]# opencanaryd --start
** We hope you enjoy using OpenCanary. For more open source Canary goodness, head over to canarytokens.org. **
** The honeypot is supported by http://pirogue.org . **
[-] Failed to open opencanary.conf for reading ([Errno 2] No such file or directory: 'opencanary.conf')
[-] Using config file: /root/.opencanary.conf
Unhandled Error
Traceback (most recent call last):
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 642, in run
runApp(config)
File "/usr/lib64/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp
_SomeApplicationRunner(config).run()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 376, in run
self.application = self.createOrGetApplication()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication
application = getApplication(self.config, passphrase)
--- ---
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication
application = service.loadApplication(filename, style, passphrase)
File "/usr/lib64/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication
application = sob.loadValueFromFile(filename, 'application', passphrase)
File "/usr/lib64/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile
exec fileObj in d, d
File "/usr/bin/opencanary.tac", line 9, in
from opencanary.logger import getLogger
File "/usr/lib/python2.7/site-packages/opencanary/logger.py", line 7, in
from twisted.internet import reactor
File "/usr/lib64/python2.7/site-packages/twisted/internet/reactor.py", line 38, in
from twisted.internet import default
File "/usr/lib64/python2.7/site-packages/twisted/internet/default.py", line 56, in
install = _getInstallFunction(platform)
File "/usr/lib64/python2.7/site-packages/twisted/internet/default.py", line 44, in _
exceptions.TypeError: from_buffer() cannot return the address of the raw string within a str or unicode or bytearray object
Failed to load application: from_buffer() cannot return the address of the raw string within a str or unicode or bytearray object
Solved:
pip install --upgrade cffi
Is there a way to install it in another language for example English?
● supervisord.service - Supervisor daemon
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2022-04-19 11:51:01 CST; 37s ago
Process: 2213 ExecStart=/usr/bin/supervisord -c /etc/supervisord.conf (code=exited, status=203/EXEC)
Apr 19 11:51:01 openvas systemd[1]: supervisord.service: control process exited, code=exited status=203
Apr 19 11:51:01 openvas systemd[1]: Failed to start Supervisor daemon.
Apr 19 11:51:01 openvas systemd[1]: Unit supervisord.service entered failed state.
Apr 19 11:51:01 openvas systemd[1]: supervisord.service failed.
看到支持的协议等。这个还会更新么?
亲亲, 我的客户端部署好了,在/var/tmp/opencanary.log里面能查到日志,但是日志没有写入server端,在数据库表OpencanaryLog里面查不到日志,需要如何排查呢。
请问这个蜜罐相比 MHN 和 tpot 有啥不同哈?其优势是什么?谢谢解答。
按照教程把服务安装好,服务并且都正常启动,访问设置好的IP地址显示nginx主页,但是nginx的目录已经指向了蜜罐系统的static目录,访问还是nginx的欢迎页,配置过程中没有出现问题,请问这是怎么回事呢?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.