From 5ba09875274ea41ad5f8f7209c20d44e4bdeb070 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 4 Jun 2023 23:21:22 +0200 Subject: [PATCH] refactoring example and readme.md --- README.md | 212 ++++++++++++++++++--------- configurations/services/http-80.yaml | 49 ++++++- 2 files changed, 185 insertions(+), 76 deletions(-) diff --git a/README.md b/README.md index b4a7ee5..3155574 100644 --- a/README.md +++ b/README.md @@ -1,68 +1,112 @@ -![CI](https://github.com/mariocandela/beelzebub/actions/workflows/ci.yml/badge.svg) ![Docker](https://github.com/mariocandela/beelzebub/actions/workflows/docker-image.yml/badge.svg) ![codeql](https://github.com/mariocandela/beelzebub/actions/workflows/codeql.yml/badge.svg) -# Beelzebub -[![logo-1.png](https://i.postimg.cc/KvbsJFp3/logo-1.png)](https://postimg.cc/yWfPNqH7) +# Beelzebub: A Highly Secure Honeypot Framework with Low Code and Virtualization using GPT-3 -A secure honeypot framework low code, extremely easy to configure by yaml ๐Ÿš€ +[![CI](https://github.com/mariocandela/beelzebub/actions/workflows/ci.yml/badge.svg)](https://github.com/mariocandela/beelzebub/actions/workflows/ci.yml) [![Docker](https://github.com/mariocandela/beelzebub/actions/workflows/docker-image.yml/badge.svg)](https://github.com/mariocandela/beelzebub/actions/workflows/docker-image.yml) [![codeql](https://github.com/mariocandela/beelzebub/actions/workflows/codeql.yml/badge.svg)](https://github.com/mariocandela/beelzebub/actions/workflows/codeql.yml) -## OpenAI GPT integration -How to integrate with OpenAI GPT-3: [`Medium Article`](https://medium.com/@mario.candela.personal/how-to-build-a-highly-effective-honeypot-with-beelzebub-and-chatgpt-a2f0f05b3e1) +## Overview + +Beelzebub is an advanced honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks. It offers a low code approach for easy implementation and utilizes virtualization techniques powered by GPT-3, the OpenAI language model. + +![Beelzebub Logo](https://i.postimg.cc/KvbsJFp3/logo-1.png) + +## OpenAI GPT Integration + +Learn how to integrate Beelzebub with OpenAI GPT-3 by referring to our comprehensive guide on Medium: [Medium Article](https://medium.com/@mario.candela.personal/how-to-build-a-highly-effective-honeypot-with-beelzebub-and-chatgpt-a2f0f05b3e1) + +For a visual representation of the integration, you can explore the following diagram: [![OpenAI Integration Diagram](https://static.swimlanes.io/24d6634a381aa8eb0decf5bac7ae214d.png)](https://static.swimlanes.io/24d6634a381aa8eb0decf5bac7ae214d.png) -## Telegram bot realtime attacks +## Telegram Bot for Real-Time Attacks - bot: [`telegram channel`](https://t.me/beelzebubhoneypot) +Stay updated on real-time attacks by joining our dedicated Telegram channel: [Telegram Channel](https://t.me/beelzebubhoneypot) -## Examples +## Examples -[`mariocandela/beelzebub-example`](https://github.com/mariocandela/beelzebub-example) +To better understand the capabilities of Beelzebub, you can explore our example repository: [mariocandela/beelzebub-example](https://github.com/mariocandela/beelzebub-example) ## Quick Start -Using [`docker-compose`](https://docs.docker.com/compose/) +We provide two quick start options for build and run Beelzebub: using Docker Compose or the Go compiler. -```bash -$ docker-compose build -$ docker-compose up -d - ``` +### Using Docker Compose -Using [`go compiler`](https://go.dev/doc/install) +1. Build the Docker images: -```bash -$ go mod download -$ go build -$ ./beelzebub - ``` + ```bash + $ docker-compose build + ``` -### Unit Test: +2. Start Beelzebub in detached mode: + + ```bash + $ docker-compose up -d + ``` + +### Using Go Compiler + +1. Download the necessary Go modules: + + ```bash + $ go mod download + ``` + +2. Build the Beelzebub executable: + + ```bash + $ go build + ``` + +3. Run Beelzebub: + + ```bash + $ ./beelzebub + ``` + +## Testing + +We provide two types of tests: unit tests and integration tests. + +### Unit Tests + +To run unit tests: ```bash $ make test.unit - ``` +``` -### Integration test: +### Integration Tests + +To run integration tests: -Run integration testing ```bash $ make test.integration - ``` +``` +## Key Features -## Features +Beelzebub offers a wide range of features to enhance your honeypot environment: -- OpenAPI ChatBot GPT-3 Linux virtualization +- OpenAPI ChatBot GPT-3 Linux virtualization - SSH Honeypot - HTTP Honeypot - TCP Honeypot -- Prometheus openmetrics -- Docker +- Prometheus openmetrics integration +- Docker integration - RabbitMQ integration -## Example configuration service +## Example Configuration -The configurations are inside the /configurations/services directory, just add a new file for each service/port. +Beelzebub allows easy configuration for different services and ports. Simply create a new file for each service/port within the `/configurations/services` directory. -### Example HTTP Honeypot on 80 port +To execute Beelzebub with your custom path, use the following command: + +```bash +$ ./beelzebub --confCore ./configurations/beelzebub.yaml --confServices ./configurations/services/ +``` + +Here are some example configurations for different honeypot scenarios: + +#### Example HTTP Honeypot on Port 80 ###### http-80.yaml @@ -72,26 +116,62 @@ protocol: "http" address: ":80" description: "Wordpress 6.0" commands: - - regex: "index.php" - handler: "" + - regex: "^(/index.php|/index.html|/)$" + handler: + +
+ Wordpress 6 test page +
+ +

Hello from Wordpress

+ + headers: - "Content-Type: text/html" - "Server: Apache/2.4.53 (Debian)" - "X-Powered-By: PHP/7.4.29" statusCode: 200 - - regex: "^(wp-login.php|/wp-admin)$" - handler: "" + - regex: "^(/wp-login.php|/wp-admin)$" + handler: + +
+ Wordpress 6 test page +
+ +
+ + + + + + + +
+ + headers: - "Content-Type: text/html" - "Server: Apache/2.4.53 (Debian)" - "X-Powered-By: PHP/7.4.29" statusCode: 200 - ``` + - regex: "^.*$" + handler: + +
+ 404 +
+ +

Not found!

+ + + headers: + - "Content-Type: text/html" + - "Server: Apache/2.4.53 (Debian)" + - "X-Powered-By: PHP/7.4.29" + statusCode: 404 +``` -![alt text](https://i.postimg.cc/529V6jYz/Schermata-2022-06-02-alle-12-42-46.png) - - -### Example HTTP Honeypot on 8080 port +#### Example HTTP Honeypot on Port 8080 ###### http-8080.yaml @@ -107,13 +187,11 @@ commands: - "www-Authenticate: Basic" - "server: Apache" statusCode: 401 - ``` +``` -![alt text](https://i.postimg.cc/T1cs6qc4/Schermata-2022-06-02-alle-12-43-55.png) +#### Example SSH Honeypot -### Example SSH Honeypot - -###### Honeypot with ChatBot GPT-3 ssh-2222.yaml +###### Honeypot with GPT-3 on Port 2222 ```yaml apiVersion: "v1" @@ -128,8 +206,10 @@ serverName: "ubuntu" passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$" deadlineTimeoutSeconds: 60 plugin: - openAPIChatGPTSecretKey: "Here your ChatBot SecretKey " - ``` + openAPIChatGPTSecretKey: "Your OpenAI Secret Key" +``` + +###### SSH Honeypot on Port 22 ###### ssh-22.yaml @@ -137,56 +217,46 @@ plugin: apiVersion: "v1" protocol: "ssh" address: ":22" + + description: "SSH interactive" commands: - regex: "^ls$" - handler: "Documents Images Desktop Downloads .m2 .kube .ssh .docker" + handler: "Documents Images Desktop Downloads .m2 .kube .ssh .docker" - regex: "^pwd$" handler: "/home/" - regex: "^uname -m$" handler: "x86_64" - regex: "^docker ps$" - handler: "CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES" + handler: "CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES" - regex: "^docker .*$" handler: "Error response from daemon: dial unix docker.raw.sock: connect: connection refused" - regex: "^uname$" handler: "Linux" - regex: "^ps$" - handler: " PID TTY TIME CMD\n21642 ttys000 0:00.07 /bin/dockerd" + handler: "PID TTY TIME CMD\n21642 ttys000 0:00.07 /bin/dockerd" - regex: "^(.+)$" handler: "command not found" serverVersion: "OpenSSH" serverName: "ubuntu" passwordRegex: "^(root|qwerty|Smoker666)$" deadlineTimeoutSeconds: 60 - ``` +``` -![alt text](https://i.postimg.cc/jdpfT0LB/Schermata-2022-06-02-alle-12-46-50.png) +![Screenshot](https://i.postimg.cc/jdpfT0LB/Schermata-2022-06-02-alle-12-46-50.png) -## TODO +## Roadmap -- telnet -- UDP - -# ROADMAP - -- SaaS Platform - - -## Documentation - -- [API Docs](https://) #TODO +Our future plans for Beelzebub include developing it into a robust PaaS platform. ## Contributing -The beelzebub team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. +The Beelzebub team welcomes contributions and project participation. Whether you want to report bugs, contribute new features, or have any questions, please refer to our [Contributor Guide](CONTRIBUTING.md) for detailed information. We encourage all participants and maintainers to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md) and foster a supportive and respectful community. Happy hacking! ## License -This project is licensed under [GNU GPL 3 License](LICENSE). +Beelzebub is licensed under the [GNU GPL 3 License](LICENSE). -[![](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate/?business=P75FH5LXKQTAC&no_recurring=0¤cy_code=EUR) +[![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate/?business=P75FH5LXKQTAC&no_recurring=0¤cy_code=EUR) \ No newline at end of file diff --git a/configurations/services/http-80.yaml b/configurations/services/http-80.yaml index 6cdf8e2..c871469 100644 --- a/configurations/services/http-80.yaml +++ b/configurations/services/http-80.yaml @@ -3,17 +3,56 @@ protocol: "http" address: ":80" description: "Wordpress 6.0" commands: - - regex: "index.php" - handler: "test โ€“ Just another WordPress site
" + - regex: "^(/index.php|/index.html|/)$" + handler: + +
+ Wordpress 6 test page +
+ +

Hello from Wordpress

+ + headers: - "Content-Type: text/html" - "Server: Apache/2.4.53 (Debian)" - "X-Powered-By: PHP/7.4.29" statusCode: 200 - - regex: "^(wp-login.php|/wp-admin)$" - handler: "Log In โ€น test โ€” WordPress

Powered by WordPress

Lost your password?

โ† Go to test

" + - regex: "^(/wp-login.php|/wp-admin)$" + handler: + +
+ Wordpress 6 test page +
+ +
+ + + + + + + +
+ + headers: - "Content-Type: text/html" - "Server: Apache/2.4.53 (Debian)" - "X-Powered-By: PHP/7.4.29" - statusCode: 200 \ No newline at end of file + statusCode: 200 + - regex: "^.*$" + handler: + +
+ 404 +
+ +

Not found!

+ + + headers: + - "Content-Type: text/html" + - "Server: Apache/2.4.53 (Debian)" + - "X-Powered-By: PHP/7.4.29" + statusCode: 404 \ No newline at end of file