shafr / esp-canary Goto Github PK

Simple ESP8266 / ESP32 Canary that simulates predefined application server and notifies you using E-mail, Telegram, etc if it was accessed.

License: MIT License

C++ 92.98% C 5.24% Python 0.47% Shell 1.31%

esp8266 esp32 canary honeypots

esp-canary's Introduction

esp-canary

What

This is simple ESP-8266 or ESP-32-based canary application that:

connects to a local Wifi:
acts as a Tomcat server
listens to a different Ping type requests on local network
notifies you if it is being accessed or scanned via Telegram

Before #27 it had also MQTT / E-mail capabilities, but I found that unused on one side and uses to much memory & there were no sense of having canary that would store access attempts for later investigation. It has to be instant - so you can react as soon as something happens.

Why

My home network had grown exponentially with each added device: laptops, phones, nas, RPi's, smart-home devices. Even with correctly configured firewall - each of them poses a security threat.

I was looking for some simple bash script / application that would notify me when network is breached since first thing after getting in would be scanning the network.

The question was not if but when this would happen.

Prerequisite:

Any of ESP8266 or ESP32 based boards.
Visual Studio Code + Platformio plugin in order to build and upload project

How to use:

Clone project
Update src/user_config.h contents with your settings
Upload file system image using platformio - PlatformIO: Upload file system image or pio run -t uploadfs
Upload sketch using PlatformIO: upload

Configuration: Home-Assistant configuration

Scanner tools status:

NMap:

Reacts to a NMap -A scan.
Does not react to a ping scan (nmap -sn), regular scan (nmap) or quick scan (nmap -T4 -F)
Reacts to quick scan plus (-sV -T4 -O -F --version-light ) or higher (intense or slow)

Advanced IP Scanner (2.4):

Reacts to a standard scan

Network Analyzer 7.7 (iOS):

Does not react to port scan.

TODOs:

See TODO List

Credits:

Logo was generated using PhotoFunia website. I would gladly accept any other.
Thanks to @fanuch for pointing out that this is canary, not sandbox

esp-canary's People

Contributors

Stargazers

Watchers

Forkers

saikek dezorian rakhithjk ldicdican augus204

esp-canary's Issues

ICMP / Ping handling ?

This should be a great starting point:

https://github.com/esp8266/Arduino/blob/master/libraries/Netdump/examples/Netdump/Netdump.ino

Ability to configure / flash device without platformio

Since we are already using EspAsyncWebServer and LittleFS it should be possible to do the following:

flash firmware
connect to hotspot
connect to IP (192.168.4.1:<random_port>)
set wifi / telegram / etc configuration
reboot and use !

HostsException not working for ICMP PING ?

I changed the HostsException IP to an IP I would like to ignore for PING ICMP messages.
However my Telegram still gets spammed with ICMP PING's from this host.

Tomcat Crashes

I've noticed that recently Tomcat became unstable. I was blaming NetCapture lib, but it seems to have no relation, with disabled ping, this error still occures.
Stacktrace:

Exception Cause: 29  [StoreProhibited: A store referenced a page mapped with an attribute that does not permit stores]

0x402049f4: lfs_file_opencfg at ??:?
0x4000050c: ?? ??:0
0x401027a4: wDev_ProcessFiq at ??:?
0x40217f51: littlefs_impl::LittleFSImpl::open(char const*, fs::OpenMode, fs::AccessMode) at ??:?
0x40100d0e: malloc at ??:?
0x4021b737: String::changeBuffer(unsigned int) at ??:?
0x40204c50: lfs_file_open at ??:?
0x40218010: littlefs_impl::LittleFSImpl::open(char const*, fs::OpenMode, fs::AccessMode) at ??:?
0x40100d0e: malloc at ??:?
0x40100d0e: malloc at ??:?
0x40219ffc: fs::FS::open(char const*, char const*) at ??:?
0x40233028: sdfat::FatVolume::clusterFirstBlock(unsigned int) const at ??:?
0x4021b772: String::changeBuffer(unsigned int) at ??:?
0x4021ba98: String::operator=(String const&) at ??:?
0x4021a060: fs::FS::open(String const&, char const*) at ??:?
0x4020d175: fs::File::~File() at ??:?
0x40212145: AsyncStaticWebHandler::_fileExists(AsyncWebServerRequest*, String const&) at ??:?
0x40233028: sdfat::FatVolume::clusterFirstBlock(unsigned int) const at ??:?
0x4021b772: String::changeBuffer(unsigned int) at ??:?
0x4021b6c9: String::invalidate() at ??:?
0x40212281: AsyncStaticWebHandler::_getFile(AsyncWebServerRequest*) at ??:?
0x4021237b: AsyncStaticWebHandler::canHandle(AsyncWebServerRequest*) at ??:?
0x4021b863: String::reserve(unsigned int) at ??:?
0x4020fd4c: AsyncWebServer::_attachHandler(AsyncWebServerRequest*) at ??:?
0x4021bc40: String::concat(char const*, unsigned int) at ??:?
0x4020d704: AsyncWebServerRequest::_parseLine() at ??:?
0x4021c6fc: String::trim() at ??:?
0x4020d990: AsyncWebServerRequest::_onData(void*, unsigned int) at ??:?
0x40100cd7: free at ??:?
0x40100532: millis at ??:?
0x4020d9e9: std::_Function_handler<void (void*, AsyncClient*, void*, unsigned int), AsyncWebServerRequest::AsyncWebServerRequest(AsyncWebServer*, AsyncClient*)::{lambda(void*, AsyncClient*, void*, unsigned int)#8}>::_M_invoke(std::_Any_data const&, void*, AsyncClient*, void*, unsigned int) at WebRequest.cpp:?
0x4020b12e: AsyncClient::_recv(std::shared_ptr<ACErrorTracker>&, tcp_pcb*, pbuf*, long) at ??:?
0x4020b2da: AsyncClient::_s_recv(void*, tcp_pcb*, pbuf*, long) at ??:?
0x402570a0: tcp_input at /local/users/gauchard/arduino/arduino_esp8266/esp8266-lwip/tools/sdk/lwip2/builder/lwip2-src/src/core/tcp_in.c:501 (discriminator 1)
0x40100d0e: malloc at ??:?
0x4025cc7a: ip4_input at /local/users/gauchard/arduino/arduino_esp8266/esp8266-lwip/tools/sdk/lwip2/builder/lwip2-src/src/core/ipv4/ip4.c:1467

Email, MQTT & OThers

See #27