include docker repos

... skip emobility since it is a dev repo

docker/dionaea/dist/etc/dionaea.cfg

@@ -0,0 +1,66 @@
+[dionaea]
+download.dir=/opt/dionaea/var/dionaea/binaries/
+modules=curl,python,emu
+processors=filter_streamdumper,filter_emu
+
+listen.mode=getifaddrs
+# listen.addresses=127.0.0.1
+# listen.interfaces=eth0,tap0
+
+# Country
+ssl.default.c=CN
+# Common Name/domain name
+ssl.default.cn=
+# Organization
+ssl.default.o=
+# Organizational Unit
+ssl.default.ou=
+
+[logging]
+#default.filename=/opt/dionaea/var/dionaea/dionaea.log
+#default.levels=all
+#default.domains=*
+
+errors.filename=/opt/dionaea/var/dionaea/dionaea-errors.log
+errors.levels=warning,error
+errors.domains=*
+
+[processor.filter_streamdumper]
+name=filter
+config.allow.0.types=accept
+config.allow.1.types=connect
+config.allow.1.protocols=ftpctrl
+config.deny.0.protocols=ftpdata,ftpdatacon,xmppclient
+next=streamdumper
+
+[processor.streamdumper]
+name=streamdumper
+config.path=/opt/dionaea/var/dionaea/bistreams/%Y-%m-%d/
+
+[processor.filter_emu]
+name=filter
+config.allow.0.protocols=smbd,epmapper,nfqmirrord,mssqld
+next=emu
+
+[processor.emu]
+name=emu
+config.limits.files=3
+#512 * 1024
+config.limits.filesize=524288
+config.limits.sockets=3
+config.limits.sustain=120
+config.limits.idle=30
+config.limits.listen=30
+config.limits.cpu=120
+#// 1024 * 1024 * 1024
+config.limits.steps=1073741824
+
+[module.nl]
+# set to yes in case you are interested in the mac address  of the remote (only works for lan)
+lookup_ethernet_addr=yes
+
+[module.python]
+imports=dionaea.log,dionaea.services,dionaea.ihandlers
+sys_paths=default
+service_configs=/opt/dionaea/etc/dionaea/services/*.yaml
+ihandler_configs=/opt/dionaea/etc/dionaea/ihandlers/*.yaml

docker/dionaea/dist/etc/ihandlers/cmdshell.yaml

@@ -0,0 +1 @@
+- name: cmdshell

docker/dionaea/dist/etc/ihandlers/emuprofile.yaml

@@ -0,0 +1 @@
+- name: emuprofile

docker/dionaea/dist/etc/ihandlers/ftp.yaml

@@ -0,0 +1,10 @@
+# ftp client section
+- name: ftp
+  config:
+    # host for active ftp via NAT
+    # * 0.0.0.0 - the initiating connection ip is used for active ftp
+    # * not 0.0.0.0 - gets resolved as hostname and used
+    active_host: "0.0.0.0"
+
+    # ports for active ftp; string indicating a range
+    active_ports: 63001-64000

docker/dionaea/dist/etc/ihandlers/log_json.yaml

@@ -0,0 +1,7 @@
+- name: log_json
+  config:
+    # Uncomment next line to flatten object lists to work with ELK
+    flat_data: true
+    handlers:
+      #- http://127.0.0.1:8080/
+      - file:///opt/dionaea/var/log/dionaea.json

docker/dionaea/dist/etc/ihandlers/log_sqlite.yaml

@@ -0,0 +1,3 @@
+- name: log_sqlite
+  config:
+    file: /opt/dionaea/var/log/dionaea.sqlite

docker/dionaea/dist/etc/ihandlers/store.yaml

@@ -0,0 +1 @@
+- name: store

docker/dionaea/dist/etc/ihandlers/tftp_download.yaml

@@ -0,0 +1 @@
+- name: tftp_download

docker/dionaea/dist/etc/services/epmap.yaml

@@ -0,0 +1 @@
+- name: epmap

docker/dionaea/dist/etc/services/ftp.yaml

@@ -0,0 +1,5 @@
+- name: ftp
+  config:
+    root: /opt/dionaea/var/dionaea/roots/ftp
+    response_messages:
+      welcome_msg: 220 FTP server ready.

docker/dionaea/dist/etc/services/http.yaml

@@ -0,0 +1,17 @@
+- name: http
+  config:
+    root: "/opt/dionaea/var/dionaea/roots/www"
+    ports:
+      - 80
+    ssl_ports:
+      - 443
+    max_request_size: 32768 # maximum size in kbytes of the request (32MB)
+    global_headers:
+      - ["Server", "nginx"]
+    headers:
+      - filename_pattern: ".*\\.php"
+        headers:
+          - ["Content-Type", "text/html; charset=utf-8"]
+          - ["Content-Length", "{content_length}"]
+          - ["Connection", "{connection}"]
+          - ["X-Powered-By", "PHP/5.6"]

docker/dionaea/dist/etc/services/mirror.yaml

@@ -0,0 +1 @@
+- name: mirror

docker/dionaea/dist/etc/services/mongo.yaml

@@ -0,0 +1 @@
+- name: mongo

docker/dionaea/dist/etc/services/mqtt.yaml

@@ -0,0 +1 @@
+- name: mqtt

docker/dionaea/dist/etc/services/mssql.yaml

@@ -0,0 +1 @@
+- name: mssql

docker/dionaea/dist/etc/services/mysql.yaml

@@ -0,0 +1,10 @@
+- name: mysql
+  config:
+    databases:
+      information_schema:
+        path: ":memory:"
+      # example how to extend this
+      # just provide a databasename and path to the database
+      # the database can be altered by attackers, so ... better use a copy
+#      psn:
+#        path: "/path/to/cc_info.sqlite"

docker/dionaea/dist/etc/services/pptp.yaml

@@ -0,0 +1,26 @@
+- name: pptp
+  config:
+# Cisco PIX
+#    firmware_revision: 4608
+#    hostname:
+#    vendor_name: Cisco Systems
+
+# DrayTek
+#    firmware: 1
+#    hostname: Vigor
+#    vendor_name: DrayTek
+
+# Linux
+    firmware: 1
+    hostname: local
+    vendor_name: linux
+
+# Windows
+#    firmware_revision: 0
+#    hostname:
+#    vendor_name: Microsoft
+
+# MikroTik router
+#    firmware_revision: 1
+#    hostname: MikroTik
+#    vendor_name: MikroTik

docker/dionaea/dist/etc/services/sip.yaml

@@ -0,0 +1,40 @@
+- name: sip
+  config:
+    udp_ports:
+      - 5060
+    tcp_ports:
+      - 5060
+    tls_ports:
+      - 5061
+    users: "/opt/dionaea/var/dionaea/sipaccounts.sqlite"
+    rtp:
+      enable: true
+      # how to dump the rtp stream
+      # bistream = dump as bistream
+      modes:
+        - bistream
+        - pcap
+      pcap:
+        path: "var/dionaea/rtp/{personality}/%Y-%m-%d/"
+        filename: "%H:%M:%S_{remote_host}_{remote_port}_in.pcap"
+    personalities:
+      default:
+        domain: "localhost"
+        name: "softphone"
+        personality: "generic"
+#      next-server:
+#        domain: "my-domain"
+#        name: "my server"
+#        personality: "generic"
+#        serve: ["10.0.0.1"]
+#        default_sdp: "default"
+#        handle: ["REGISTER", "INVITE", "BYE", "CANCEL", "ACK"]
+
+    actions:
+      bank-redirect:
+        do: "redirect"
+        params:
+      play-hello:
+        do: "play"
+        params:
+          file: "var/dionaea/.../file.ext"

docker/dionaea/dist/etc/services/smb.yaml

@@ -0,0 +1,57 @@
+- name: smb
+  config:
+
+    ## Generic setting ##
+
+    # 1:"Windows XP Service Pack 0/1",
+    # 2:"Windows XP Service Pack 2",
+    # 3:"Windows XP Service Pack 3",
+    # 4:"Windows 7 Service Pack 1",
+    # 5:"Linux Samba 4.3.11"
+    os_type: 4
+
+     # Additional config
+    primary_domain: WORKGROUP
+    oem_domain_name: WORKGROUP
+    server_name: WIN_SRV
+
+     ## Windows 7 ##
+    native_os: Windows 7 Professional 7600
+    native_lan_manager: Windows 7 Professional 6.1
+    shares:
+      ADMIN$:
+        comment: Remote Admin
+        path: C:\\Windows
+        type: disktree
+      C$:
+        coment: Default Share
+        path: C:\\
+        type:
+          - disktree
+          - special
+      IPC$:
+        comment: Remote IPC
+        type: ipc
+      Printer:
+        comment: Microsoft XPS Document Writer
+        type: printq
+
+     ## Samba ##
+#    native_os: Windows 6.1
+#    native_lan_manager: Samba 4.3.11
+#    shares:
+#      admin:
+#        comment: Remote Admin
+#        path: \\home\\admin
+#        type: disktree
+#      share:
+#        coment: Default Share
+#        path: \\share
+#        type: disktree
+#      IPC$:
+#        comment: Remote IPC
+#        path: IPC Service
+#        type: ipc
+#      Printer:
+#        comment: Printer Drivers
+#        type: printq

docker/dionaea/dist/etc/services/tftp.yaml

@@ -0,0 +1,3 @@
+- name: tftp
+  config:
+    root: /opt/dionaea/var/dionaea/roots/tftp

docker/dionaea/dist/etc/services/upnp.yaml

@@ -0,0 +1,28 @@
+- name: upnp
+  config:
+    root: /opt/dionaea/var/dionaea/roots/upnp
+    # maximum size in kbytes of the request (32MB)
+    max_request_size: 32768
+    personality:
+      # default
+      cache:    "CACHE-CONTROL: max-age=120\r\n"
+      st:       "ST: upnp:rootdevice\r\n"
+      usn:      "USN: uuid:Upnp-IPMI-1_0-1234567890001::upnp:rootdevice\r\n"
+      server:   "SERVER: Linux/2.6.17.WB_WPCM450.1.3 UPnP/1.0, Intel SDK for UPnP devices/1.3.1\r\n"
+      location: "LOCATION: http://192.168.0.1:49152/IPMIdevicedesc.xml\r\n"
+      opt:      "OPT: http://schemas.upnp.org/upnp/1/0/\r\n"
+#      # Samsung TV
+#      cache:     "CACHE-CONTROL: max-age=900\r\n"
+#      st:        "ST: uuid:c1fd12b2-d954-4dba-9e92-a697e1558fb4\r\n"
+#      usn:       "USN: uuid:c1fd12b2-d954-4dba-9e92-a697e1558fb4\r\n"
+#      server:    "SERVER: SHP, UPnP/1.0, Samsung UPnP SDK/1.0\r\n"
+#      location:  "LOCATION: http://192.168.0.10:7677/MainTVServer2\r\n"
+#      opt:       "OPT: http://schemas.upnp.org/upnp/1/0/\r\n"
+#
+#      # XBOX 360
+#      cache:     "CACHE-CONTROL: max-age=1800\r\n"
+#      st:        "ST: urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1\r\n"
+#      usn:       "USN: uuid:531c567a-8c46-4201-bcd4-09afa554d859::urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1\r\n"
+#      server:    "SERVER: Microsoft-Windows/6.3 UPnP/1.0 UPnP-Device-Host/1.0\r\n"
+#      location:  "LOCATION: http://192.168.0.10:1055/upnphost/udhisapi.dll?content=uuid:531c567a-8c46-4201-bcd4-09afa554d859\r\n"
+#      opt:       "OPT: http://schemas.upnp.org/upnp/1/0/\r\n"