update scripts to new file layout

iso will not include tpot repo tpot repo will be cloned during install as all the other tools
2025-07-02 01:27:27 -04:00 · 2017-09-26 15:15:17 +00:00
parent b5a4ef948f
commit 1347eac88f
43 changed files with 12923 additions and 13 deletions
--- a/host/etc/dialogrc
+++ b/host/etc/dialogrc
@ -0,0 +1,144 @@
+#
+# Run-time configuration file for dialog
+#
+# Automatically generated by "dialog --create-rc <file>"
+#
+#
+# Types of values:
+#
+# Number     -  <number>
+# String     -  "string"
+# Boolean    -  <ON|OFF>
+# Attribute  -  (foreground,background,highlight?)
+
+# Set aspect-ration.
+aspect = 0
+
+# Set separator (for multiple widgets output).
+separate_widget = ""
+
+# Set tab-length (for textbox tab-conversion).
+tab_len = 0
+
+# Make tab-traversal for checklist, etc., include the list.
+visit_items = OFF
+
+# Shadow dialog boxes? This also turns on color.
+use_shadow = ON
+
+# Turn color support ON or OFF
+use_colors = ON
+
+# Screen color
+screen_color = (WHITE,MAGENTA,ON)
+
+# Shadow color
+shadow_color = (BLACK,BLACK,ON)
+
+# Dialog box color
+dialog_color = (BLACK,WHITE,OFF)
+
+# Dialog box title color
+title_color = (MAGENTA,WHITE,OFF)
+
+# Dialog box border color
+border_color = (WHITE,WHITE,ON)
+
+# Active button color
+button_active_color = (WHITE,MAGENTA,OFF)
+
+# Inactive button color
+button_inactive_color = dialog_color
+
+# Active button key color
+button_key_active_color = button_active_color
+
+# Inactive button key color
+button_key_inactive_color = (RED,WHITE,OFF)
+
+# Active button label color
+button_label_active_color = (YELLOW,MAGENTA,ON)
+
+# Inactive button label color
+button_label_inactive_color = (BLACK,WHITE,OFF)
+
+# Input box color
+inputbox_color = dialog_color
+
+# Input box border color
+inputbox_border_color = dialog_color
+
+# Search box color
+searchbox_color = dialog_color
+
+# Search box title color
+searchbox_title_color = title_color
+
+# Search box border color
+searchbox_border_color = border_color
+
+# File position indicator color
+position_indicator_color = title_color
+
+# Menu box color
+menubox_color = dialog_color
+
+# Menu box border color
+menubox_border_color = border_color
+
+# Item color
+item_color = dialog_color
+
+# Selected item color
+item_selected_color = button_active_color
+
+# Tag color
+tag_color = title_color
+
+# Selected tag color
+tag_selected_color = button_label_active_color
+
+# Tag key color
+tag_key_color = button_key_inactive_color
+
+# Selected tag key color
+tag_key_selected_color = (RED,MAGENTA,ON)
+
+# Check box color
+check_color = dialog_color
+
+# Selected check box color
+check_selected_color = button_active_color
+
+# Up arrow color
+uarrow_color = (MAGENTA,WHITE,ON)
+
+# Down arrow color
+darrow_color = uarrow_color
+
+# Item help-text color
+itemhelp_color = (WHITE,BLACK,OFF)
+
+# Active form text color
+form_active_text_color = button_active_color
+
+# Form text color
+form_text_color = (WHITE,CYAN,ON)
+
+# Readonly form item color
+form_item_readonly_color = (CYAN,WHITE,ON)
+
+# Dialog box gauge color
+gauge_color = title_color
+
+# Dialog box border2 color
+border2_color = dialog_color
+
+# Input box border2 color
+inputbox_border2_color = dialog_color
+
+# Search box border2 color
+searchbox_border2_color = dialog_color
+
+# Menu box border2 color
+menubox_border2_color = dialog_color
--- a/host/etc/issue
+++ b/host/etc/issue
@ -0,0 +1,20 @@
+[H[2J
+[0;35m┌───────────────[1;35m────────────────[0;37m───────────────┐[0m
+[0;35m│[0m [0;35m_____[0m     [1;35m____[0m       [1;35m_[0m       [0;37m_[0m [0;37m_____[0m [0;37m_[0m  [0;1;30;90m___[0m  [0;1;30;90m│[0m
+[1;35m│|_[0m   [1;35m_|[0m   [1;35m|[0m  [1;35m_[0m [0;37m\\[0m [0;37m___[0m [0;37m|[0m [0;37m|_[0m    [0;37m/[0m [0;1;30;90m|___[0m  [0;1;30;90m/[0m [0;1;30;90m|/[0m [0;1;30;90m_[0m [0;1;30;90m\\[0m [0;1;30;90m│[0m
+[1;35m│[0m  [1;35m|[0m [1;35m|__[0;37m___|[0m [0;37m|_)[0m [0;37m/[0m [0;37m_[0m [0;37m\\|[0m [0;1;30;90m__|[0m   [0;1;30;90m|[0m [0;1;30;90m|[0m  [0;1;30;90m/[0m [0;1;30;90m/|[0m [0;35m|[0m [0;35m|[0m [0;35m|[0m [0;35m|│[0m
+[0;37m│[0m  [0;37m|[0m [0;37m|_____|[0m  [0;37m__[0;1;30;90m/[0m [0;1;30;90m(_)[0m [0;1;30;90m|[0m [0;1;30;90m|_[0m    [0;1;30;90m|[0m [0;35m|[0m [0;35m/[0m [0;35m/_|[0m [0;35m|[0m [0;35m|_|[0m [0;35m|│[0m
+[0;37m│[0m  [0;37m|_|[0m     [0;1;30;90m|_|[0m   [0;1;30;90m\\___/[0m [0;1;30;90m\\[0;35m__|[0m   [0;35m|_|/_/(_)_[1;35m|\\___/[0m [1;35m│[0m
+[0;1;30;90m│[0m                                              [1;35m│[0m
+[0;1;30;90m└───────[0;35m────────────────[1;35m────────────────[0;37m───────┘[0m
+
+
+,---- [ [1;35m\n[0m ] [ [0;35m\d[0m ] [ [1;30m\t[0m ]
+|
+| [1;35mIP:[0m
+| [0;35mSSH:[0m
+| [1;30mWEB:[0m
+|
+`----
+
+
--- a/host/etc/nginx/nginx.conf
+++ b/host/etc/nginx/nginx.conf
@ -0,0 +1,96 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+        log_format le_json '{ "timestamp": "$time_iso8601", '
+ 	'"src_ip": "$remote_addr", '
+ 	'"remote_user": "$remote_user", '
+ 	'"body_bytes_sent": "$body_bytes_sent", '
+ 	'"request_time": "$request_time", '
+ 	'"status": "$status", '
+ 	'"request": "$request", '
+ 	'"request_method": "$request_method", '
+ 	'"http_referrer": "$http_referer", '
+ 	'"http_user_agent": "$http_user_agent" }';
+ 
+ 	access_log /var/log/nginx/access.log le_json;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}
--- a/host/etc/nginx/ssl/dhparam4096.pem
+++ b/host/etc/nginx/ssl/dhparam4096.pem
@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAiHmfakVLOStSULBdaTbZY/zeFyEeQ19GY9Z5CJg06dIIgIzhxk9L
+4xsQdQk8giKOjP6SfX0ZgF5CYaurQ3ljYlP0UlAQQo9+fEErbqj3hCzAxtIpd6Yj
+SV6zFdnSjwxWuKAPPywiQNljnHH+Y1KBdbl5VQ9gC3ehtaLo1A4y8q96f6fC5rGU
+nfgw4lTxLvPD7NwaOdFTCyK8tTxvUGNJIvf7805IxZ0BvAiBuVaXStaMcqf5BHLP
+fYpvIiVaCrtto4elu18nL0tf2CN5n9ai4hlr0nPmNrE/Zrrur78Re5F4Ien9kr4d
+xabXvVJJQa9j2NdQO7vk7Cz/dAIiqt/1XKFhll4TTYBqrFVXIwF+FNx636zyOjcO
+nlZk/V+IL/UTPnZOv2PGt5+WetvJJubi6B9XgOgVLduI07woAp5qnRJJt6fJW1aA
+M86By6WLy5P31Py6eFj8nYgj1V703XgQ5lESKYpeVgqA0bh7daNzOCoGQvvUKlTP
+RTu6fs7clw5ta4yYUyvuIKTngH5yGBNdTuP0GWo6Y+Dy1BctVwl2xSw+FhYeuIf/
+EB2A3129H59HhbWyNH337+1dfntHfQRXBsT0YSyDxPurI5/FNGcmw+GZEYk4BB8j
+g7TwH3GBjbKnjnr7SnhanqmWgybgQw6oR9gDC399eR4LiOk9sbxpX1MCAQI=
+-----END DH PARAMETERS-----
--- a/host/etc/nginx/ssl/gen-cert.sh
+++ b/host/etc/nginx/ssl/gen-cert.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Got root?
+myWHOAMI=$(whoami)
+if [ "$myWHOAMI" != "root" ]
+  then
+    echo "Need to run as root ..."
+    exit
+fi
+
+openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "nginx.key" -out "nginx.crt" -days 3650
+
--- a/host/etc/nginx/ssl/gen-dhparam.sh
+++ b/host/etc/nginx/ssl/gen-dhparam.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Got root?
+myWHOAMI=$(whoami)
+if [ "$myWHOAMI" != "root" ]
+  then
+    echo "Need to run as root ..."
+    exit
+fi
+
+if [ "$1" = "2048" ] || [ "$1" = "4096" ] || [ "$1" = "8192" ]
+  then 
+    openssl dhparam -outform PEM -out dhparam$1.pem $1
+  else
+    echo "Usage: ./gen-dhparam [2048, 4096, 8192]..."
+fi
--- a/host/etc/nginx/tpotweb.conf
+++ b/host/etc/nginx/tpotweb.conf
@ -0,0 +1,155 @@
+############################################
+### NGINX T-Pot configuration file by mo ###
+############################################
+
+###################################
+### Allow for 60 reloads per minute
+###################################
+limit_req_zone $binary_remote_addr zone=base:1m rate=1r/s;
+
+server {
+
+    #########################
+    ### Basic server settings
+    #########################
+    listen 64297 ssl http2;
+    index tpotweb.html;
+    ssl_protocols TLSv1.2;
+    server_name example.com;
+    error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html;
+
+
+    ##############################################
+    ### Remove version number add different header
+    ##############################################
+    server_tokens off;
+    more_set_headers 'Server: apache';
+
+
+    ##############################################
+    ### SSL settings and Cipher Suites
+    ##############################################
+    ssl_certificate /etc/nginx/ssl/nginx.crt;
+    ssl_certificate_key /etc/nginx/ssl/nginx.key;
+    
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256';
+    ssl_ecdh_curve secp384r1;
+    ssl_dhparam /etc/nginx/ssl/dhparam4096.pem;
+
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+
+ 
+    ####################################
+    ### OWASP recommendations / settings
+    ####################################
+
+    ### Size Limits & Buffer Overflows 
+    ### the size may be configured based on the needs. 
+    client_body_buffer_size  100K;
+    client_header_buffer_size 1k;
+    client_max_body_size 100k;
+    large_client_header_buffers 2 1k;
+
+    ### Mitigate Slow HHTP DoS Attack
+    ### Timeouts definition ##
+    client_body_timeout   10;
+    client_header_timeout 10;
+    keepalive_timeout     5 5;
+    send_timeout          10;
+
+    ### X-Frame-Options is to prevent from clickJacking attack
+    add_header X-Frame-Options SAMEORIGIN;
+
+    ### disable content-type sniffing on some browsers.
+    add_header X-Content-Type-Options nosniff;
+
+    ### This header enables the Cross-site scripting (XSS) filter
+    add_header X-XSS-Protection "1; mode=block";
+
+    ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+
+
+    ##################################
+    ### Restrict access and basic auth
+    ##################################
+
+    # satisfy all;
+    satisfy any;
+
+    # allow 10.0.0.0/8;
+    # allow 172.16.0.0/12;
+    # allow 192.168.0.0/16;
+    allow 127.0.0.1;
+    allow ::1;
+    deny  all;
+
+    auth_basic           "closed site";
+    auth_basic_user_file /etc/nginx/nginxpasswd;
+
+
+    ##############################
+    ### Limit brute-force attempts
+    ##############################
+    location = / {
+      limit_req zone=base burst=1 nodelay;
+    }   
+
+
+    #################
+    ### Proxied sites
+    #################
+
+    ### Kibana
+    location /kibana/ {
+        proxy_pass http://localhost:64296;
+        rewrite /kibana/(.*)$ /$1 break;
+    }
+
+    ### ES 
+    location /es/ {
+        proxy_pass http://localhost:64298/;
+        rewrite /es/(.*)$ /$1 break;
+    }
+
+    ### head standalone 
+    location /myhead/ {
+        proxy_pass http://localhost:64302/;
+        rewrite /myhead/(.*)$ /$1 break;
+    }
+
+    ### portainer
+    location /ui {
+        proxy_pass http://127.0.0.1:64299;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Host $host;
+        proxy_redirect off;
+        rewrite /ui/(.*)$ /$1 break;
+    }
+    ### web tty
+    location /wetty {
+       proxy_pass http://127.0.0.1:64300/wetty;
+    }  
+
+    ### netdata
+    location /netdata/ {
+        proxy_pass http://localhost:64301;
+        rewrite /netdata/(.*)$ /$1 break;
+    }
+
+    ### spiderfoot
+    location /spiderfoot {
+        proxy_pass http://127.0.0.1:64303;
+    }
+
+        location /static {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/static;
+        }
+
+        location /scanviz {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz;
+        }
+}
--- a/host/etc/rc.local
+++ b/host/etc/rc.local
@ -0,0 +1,2 @@
+#!/bin/bash
+exit 0
--- a/host/etc/systemd/tpot.service
+++ b/host/etc/systemd/tpot.service
@ -0,0 +1,57 @@
+[Unit]
+Description=tpot
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+RestartSec=5
+
+# Get and set internal, external IP infos, but ignore errors
+ExecStartPre=-/opt/tpot/bin/updateip.sh
+
+# Clear state or if persistence is enabled rotate and compress logs from /data
+ExecStartPre=-/bin/bash -c '/opt/tpot/bin/clean.sh on'
+
+# Remove old containers, images and volumes
+ExecStartPre=-/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v
+ExecStartPre=-/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml rm -v
+ExecStartPre=-/bin/bash -c 'docker volume rm $(docker volume ls -q)'
+ExecStartPre=-/bin/bash -c 'docker rm -v $(docker ps -aq)'
+ExecStartPre=-/bin/bash -c 'docker rmi $(docker images | grep "<none>" | awk \'{print $3}\')'
+
+# Get IF, disable offloading, enable promiscious mode for p0f and suricata
+ExecStartPre=/bin/bash -c '/sbin/ethtool --offload $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) rx off tx off'
+ExecStartPre=/bin/bash -c '/sbin/ethtool -K $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) gso off gro off'
+ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " | awk \'{ print $2 }\' | tr -d [:punct:]) promisc on'
+
+# Modify access rights on docker.sock for netdata
+ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
+
+# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
+# Forward all other connections to honeytrap / NFQUEUE
+ExecStartPre=/sbin/iptables -w -A INPUT -s 127.0.0.1 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -d 127.0.0.1 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
+ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+
+# Compose T-Pot up
+ExecStart=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color
+
+# Compose T-Pot down, remove containers and volumes
+ExecStop=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v
+
+# Remove only previously set iptables rules
+ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
+ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
+
+[Install]
+WantedBy=multi-user.target
--- a/host/etc/systemd/wetty.service
+++ b/host/etc/systemd/wetty.service
@ -0,0 +1,13 @@
+[Unit]
+Description=wetty
+Requires=sshd.service
+After=sshd.service
+
+[Service]
+Restart=always
+User=tsec
+Group=tsec
+ExecStart=/usr/bin/node /usr/local/lib/node_modules/wetty/app.js -p 64300 --host 127.0.0.1 --sshhost 127.0.0.1 --sshport 64295
+
+[Install]
+WantedBy=multi-user.target
--- a/host/usr/share/dict/a.txt
+++ b/host/usr/share/dict/a.txt
--- a/host/usr/share/dict/n.txt
+++ b/host/usr/share/dict/n.txt
--- a/host/usr/share/dict/names
+++ b/host/usr/share/dict/names
--- a/host/usr/share/nginx/html/error.html
+++ b/host/usr/share/nginx/html/error.html
--- a/host/usr/share/nginx/html/favicon.ico
+++ b/host/usr/share/nginx/html/favicon.ico
--- a/host/usr/share/nginx/html/navbar.html
+++ b/host/usr/share/nginx/html/navbar.html
@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en_US">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>T-Pot</title>
+  </head>
+  <link href="style.css" rel="stylesheet" type="text/css"/>
+
+  <body bgcolor="#E20074">
+    <center>
+      <a href="/tpotweb.html" target="_top" class="btn">Home</a>
+      <a href="/kibana" target="main" class="btn">Kibana</a>
+      <a href="/myhead/" target="main" class="btn">ES Head</a>
+      <a href="/netdata/" target="_blank" class="btn">Netdata</a>
+      <a href="/spiderfoot/" target="main" class="btn">Spiderfoot</a>
+      <a href="/ui/" target="main" class="btn">Portainer</a>
+      <a href="/wetty/ssh/tsec" target="main" class="btn">WebTTY</a>
+    </center>
+  </body>
+</html>
--- a/host/usr/share/nginx/html/style.css
+++ b/host/usr/share/nginx/html/style.css
@ -0,0 +1,17 @@
+.btn {
+  -webkit-border-radius: 0;
+  -moz-border-radius: 0;
+  border-radius: 0px;
+  font-family: Arial;
+  color: #ffffff;
+  font-size: 12px;
+  background: #E20074;
+  padding: 2px 30px 2px 30px;
+  text-decoration: none;
+}
+
+.btn:hover {
+  background: #c2c2c2;
+  text-decoration: none;
+}
+
--- a/host/usr/share/nginx/html/tpotweb.html
+++ b/host/usr/share/nginx/html/tpotweb.html
@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en_US">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>T-Pot</title>
+  </head>
+
+  <frameset rows='20,*' border='0' frameborder='0' framespacing='0'>
+    <frame src='navbar.html' name='navbar' marginwidth='0' marginheight='0' scrolling='no' noresize>
+    <frame src='/kibana' name='main' marginwidth='0' marginheight='0' scrolling='auto' noresize>
+    <noframes>
+    </noframes>
+  </frameset>
+</html>