telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

prep for 18.04

Browse Source
This commit is contained in:
Marco Ochse
2018-03-25 18:35:32 +00:00
parent 60cb42b34d
commit c9a33870ff
57 changed files with 2268 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docker/conpot/Dockerfile
View File

@ -1,5 +1,4 @@
FROM alpine
MAINTAINER MO
# Include dist
ADD dist/ /root/dist/
@ -12,6 +11,7 @@ RUN apk -U --no-cache add bash \
git \
libev \
libtool \
libcap \
libxslt \
libxslt-dev \
mariadb-dev \
@ -27,16 +27,23 @@ RUN apk -U --no-cache add bash \
# Setup ConPot
git clone https://github.com/mushorg/conpot /opt/conpot/ && \
cd /opt/conpot/ && \
git checkout d157229e4587188ad3d3af5dddcd71200713852d && \
cp /root/dist/requirements.txt /opt/conpot/ && \
# Patch to accept ENV for MIB path
cp /root/dist/snmp_server.py /opt/conpot/conpot/protocols/snmp/ && \
python setup.py install && \
cd / && \
# Monkey patch, see https://github.com/mushorg/conpot/issues/361
cp /root/dist/conpot.bin /usr/bin/conpot && \
chmod u+x /usr/bin/conpot && \
rm -rf /opt/conpot /tmp/* /var/tmp/* && \
setcap cap_net_bind_service=+ep /usr/bin/conpot && \
# Get wireshark manuf db for scapy, setup configs, user, groups
mkdir -p /etc/conpot /var/log/conpot /usr/share/wireshark && \
wget https://github.com/wireshark/wireshark/raw/master/manuf -o /usr/share/wireshark/manuf && \
mv /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/kamstrup_382/ && \
cp /root/dist/conpot.cfg /etc/conpot/conpot.cfg && \
cp -R /root/dist/templates /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/ && \
addgroup -g 2000 conpot && \
adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot && \
@ -56,5 +63,5 @@ RUN apk -U --no-cache add bash \
rm -rf /root/* && \
rm -rf /var/cache/apk/*
# Run supervisor upon container start
CMD ["/usr/bin/conpot", "--template", "kamstrup_382", "--logfile", "/var/log/conpot/conpot.log", "--config", "/etc/conpot/conpot.cfg"]
# Start conpot
CMD /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG

2
docker/conpot/README.md
View File

@ -1,4 +1,4 @@
[![](https://images.microbadger.com/badges/version/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/conpot:1710.svg)](https://microbadger.com/images/dtagdevsec/conpot:1710 "Get your own image badge on microbadger.com")
[![](https://images.microbadger.com/badges/version/dtagdevsec/conpot:1804.svg)](https://microbadger.com/images/dtagdevsec/conpot:1804 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/conpot:1804.svg)](https://microbadger.com/images/dtagdevsec/conpot:1804 "Get your own image badge on microbadger.com")
# conpot

5
docker/conpot/dist/conpot.bin vendored Normal file
View File

@ -0,0 +1,5 @@
#!/usr/bin/python
# EASY-INSTALL-SCRIPT: 'Conpot==0.5.1','conpot'
__import__('gevent.monkey').monkey.patch_all()
__requires__ = 'Conpot==0.5.1'
__import__('pkg_resources').run_script('Conpot==0.5.1', 'conpot')

2
docker/conpot/dist/conpot.cfg vendored
View File

@ -10,7 +10,7 @@ group = conpot
[json]
enabled = True
filename = /var/log/conpot/conpot.json
filename = %(CONPOT_JSON_LOG)s
[sqlite]
enabled = False

49
docker/conpot/dist/requirements.txt vendored
View File

@ -1,26 +1,25 @@
gevent>=1.0
pysnmp
pysmi
lxml
bottle
jinja2
beautifulsoup4
requests
sphinx==1.5.5
libtaxii>=1.1.0
MySQL-python
xlrd
crc16
natsort
scapy
enum34
hpfeeds
modbus-tk
stix-validator
stix
cybox
bacpypes==0.16.1
pyghmi
mixbox
modbus-tk
cpppo
beautifulsoup4==4.6.0
bottle==0.12.13
cpppo==3.9.7
crc16==0.1.1
cybox==2.1.0.13
enum34==1.1.6
gevent==1.3a1
hpfeeds==1.0
jinja2==2.10
libtaxii==1.1.110
lxml==4.1.1
mixbox==1.0.2
modbus-tk==0.5.8
MySQL-python==1.2.5
natsort==5.2.0
pyghmi==1.0.38
pysmi==0.2.2
pysnmp==4.4.4
requests==2.18.4
scapy==2.4.0rc4
sphinx==1.5.5
stix==1.2.0.2
stix-validator==2.5.0
xlrd==1.1.0

195
docker/conpot/dist/snmp_server.py vendored Normal file
View File

@ -0,0 +1,195 @@
# Copyright (C) 2013 Lukas Rist <glaslos@gmail.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
import logging
import tempfile
import shutil
import os
from lxml import etree
from conpot.protocols.snmp.command_responder import CommandResponder
from conpot.protocols.snmp.build_pysnmp_mib_wrapper import find_mibs, compile_mib
import conpot.core as conpot_core
logger = logging.getLogger()
class SNMPServer(object):
def __init__(self, template, template_directory, args):
"""
:param host: hostname or ip address on which to server the snmp service (string).
:param port: listen port (integer).
:param template: path to the protocol specific xml configuration file (string).
"""
self.dom = etree.parse(template)
self.cmd_responder = None
if args.mibpaths:
self.compiled_mibs = args.mibpaths
else:
self.compiled_mibs = [os.path.join(template_directory, 'snmp', 'mibs_compiled')]
if args.raw_mib:
self.raw_mibs = args.raw_mib
else:
self.raw_mibs = [os.path.join(template_directory, 'snmp', 'mibs_raw')]
def xml_general_config(self, dom):
snmp_config = dom.xpath('//snmp/config/*')
if snmp_config:
for entity in snmp_config:
# TARPIT: individual response delays
if entity.attrib['name'].lower() == 'tarpit':
if entity.attrib['command'].lower() == 'get':
self.cmd_responder.resp_app_get.tarpit = self.config_sanitize_tarpit(entity.text)
elif entity.attrib['command'].lower() == 'set':
self.cmd_responder.resp_app_set.tarpit = self.config_sanitize_tarpit(entity.text)
elif entity.attrib['command'].lower() == 'next':
self.cmd_responder.resp_app_next.tarpit = self.config_sanitize_tarpit(entity.text)
elif entity.attrib['command'].lower() == 'bulk':
self.cmd_responder.resp_app_bulk.tarpit = self.config_sanitize_tarpit(entity.text)
# EVASION: response thresholds
if entity.attrib['name'].lower() == 'evasion':
if entity.attrib['command'].lower() == 'get':
self.cmd_responder.resp_app_get.threshold = self.config_sanitize_threshold(entity.text)
elif entity.attrib['command'].lower() == 'set':
self.cmd_responder.resp_app_set.threshold = self.config_sanitize_threshold(entity.text)
elif entity.attrib['command'].lower() == 'next':
self.cmd_responder.resp_app_next.threshold = self.config_sanitize_threshold(entity.text)
elif entity.attrib['command'].lower() == 'bulk':
self.cmd_responder.resp_app_bulk.threshold = self.config_sanitize_threshold(entity.text)
def xml_mib_config(self, dom, mibpaths, rawmibs_dirs):
try:
mibs = dom.xpath('//snmp/mibs/*')
tmp_mib_dir = tempfile.mkdtemp(dir=os.environ['CONPOT_TMP'])
mibpaths.append(tmp_mib_dir)
available_mibs = find_mibs(rawmibs_dirs)
databus = conpot_core.get_databus()
# parse mibs and oid tables
for mib in mibs:
mib_name = mib.attrib['name']
# compile the mib file if it is found and not already loaded.
if mib_name in available_mibs and not self.cmd_responder.has_mib(mib_name):
compile_mib(mib_name, tmp_mib_dir)
for symbol in mib:
symbol_name = symbol.attrib['name']
# retrieve instance from template
if 'instance' in symbol.attrib:
# convert instance to (int-)tuple
symbol_instance = symbol.attrib['instance'].split('.')
symbol_instance = tuple(map(int, symbol_instance))
else:
# use default instance (0)
symbol_instance = (0,)
# retrieve value from databus
value = databus.get_value(symbol.xpath('./value/text()')[0])
profile_map_name = symbol.xpath('./value/text()')[0]
# register this MIB instance to the command responder
self.cmd_responder.register(mib_name,
symbol_name,
symbol_instance,
value,
profile_map_name)
finally:
# cleanup compiled mib files
shutil.rmtree(tmp_mib_dir)
def config_sanitize_tarpit(self, value):
# checks tarpit value for being either a single int or float,
# or a series of two concatenated integers and/or floats separated by semicolon and returns
# either the (sanitized) value or zero.
if value is not None:
x, _, y = value.partition(';')
try:
_ = float(x)
except ValueError:
logger.error("SNMP invalid tarpit value: '%s'. Assuming no latency.", value)
# first value is invalid, ignore the whole setting.
return '0;0'
try:
_ = float(y)
# both values are fine.
return value
except ValueError:
# second value is invalid, use the first one.
return x
else:
return '0;0'
def config_sanitize_threshold(self, value):
# checks DoS thresholds for being either a single int or a series of two concatenated integers
# separated by semicolon and returns either the (sanitized) value or zero.
if value is not None:
x, _, y = value.partition(';')
try:
_ = int(x)
except ValueError:
logger.error("SNMP invalid evasion threshold: '%s'. Assuming no DoS evasion.", value)
# first value is invalid, ignore the whole setting.
return '0;0'
try:
_ = int(y)
# both values are fine.
return value
except ValueError:
# second value is invalid, use the first and ignore the second.
return str(x) + ';0'
else:
return '0;0'
def start(self, host, port):
self.cmd_responder = CommandResponder(host, port, self.compiled_mibs)
self.xml_general_config(self.dom)
self.xml_mib_config(self.dom, self.compiled_mibs, self.raw_mibs)
logger.info('SNMP server started on: %s', (host, self.get_port()))
self.cmd_responder.serve_forever()
def stop(self):
if self.cmd_responder:
self.cmd_responder.stop()
def get_port(self):
if self.cmd_responder:
return self.cmd_responder.server_port
else:
return None

675
docker/conpot/dist/templates/IEC104/template.xml vendored Normal file
View File

@ -0,0 +1,675 @@
<!-- Copyright (C) 2017 Patrick Reichenberger (University of Passau) <patrick.reichenberger@t-online.de>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<core>
<template>
<!-- General information about the template -->
<entity name="unit">S7-300</entity>
<entity name="vendor">Siemens</entity>
<entity name="description">Creates a simple device for IEC 60870-5-104</entity>
<entity name="protocols">IEC104, SNMP</entity>
<entity name="creator">Patrick Reichenberger</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
<!-- SNMPv2-MIB -->
<key name="SystemDescription">
<value type="value">"Siemens, SIMATIC, S7-300"</value>
</key>
<key name="sysObjectID">
<value type="value">"0.0"</value>
</key>
<key name="Uptime">
<value type="function">conpot.emulators.misc.uptime.Uptime</value>
</key>
<key name="sysContact">
<value type="value">"Corporate IT"</value>
</key>
<key name="sysName">
<value type="value">"DE-BER01"</value>
</key>
<key name="sysLocation">
<value type="value">"BER01, T2E"</value>
</key>
<key name="sysServices">
<value type="value">"72"</value>
</key>
<!-- IF-MIB -->
<key name="ifNumber">
<value type="value">1</value>
</key>
<key name="ifIndex">
<value type="value">1</value>
</key>
<key name="ifDescr">
<value type="value">"Siemens, SIMATIC NET, CP 343-1 PN, 6GK7 343-1EX21-0XE0, HW: Version 2, FW: Version V1.2.3, Ethernet Port 1, Rack 0, 100Mbit"</value>
</key>
<key name="ifType">
<value type="value">6</value>
</key>
<key name="ifMtu">
<value type="value">1000</value>
</key>
<key name="ifSpeed">
<value type="value">100000000</value>
</key>
<key name="ifPhysAddress">
<value type="value">"\x00\x0e\x8c\x29\xc5\x1a"</value>
</key>
<key name="ifAdminStatus">
<value type="value">1</value>
</key>
<key name="ifOperStatus">
<value type="value">1</value>
</key>
<key name="ifLastChange">
<value type="function">conpot.emulators.misc.uptime.Uptime</value>
</key>
<key name="FacilityName">
<value type="value">"Compagnie Generale des Eaux"</value>
</key>
<key name="0">
<value type="value">0</value>
</key>
<key name="1">
<value type="value">1</value>
</key>
<key name="ifInOctets">
<value type="value">1618895</value>
</key>
<key name="ifInUcastPkts">
<value type="value">7018</value>
</key>
<key name="ifInNUcastPkts">
<value type="value">291</value>
</key>
<key name="ifOutOctets">
<value type="value">455107</value>
</key>
<key name="ifOutUcastPkts">
<value type="value">872264</value>
</key>
<key name="ifOutUNcastPkts">
<value type="value">143</value>
</key>
<!-- IP-MIB -->
<key name="ipForwarding">
<value type="value">2</value>
</key>
<key name="ipDefaultTTL">
<value type="value">60</value>
</key>
<key name="ipInReceives">
<value type="value">31271</value>
</key>
<key name="ipInHdrErrors">
<value type="value">0</value>
</key>
<key name="ipInAddrErrors">
<value type="value">0</value>
</key>
<key name="ipForwDatagrams">
<value type="value">0</value>
</key>
<key name="ipInUnknownProtos">
<value type="value">0</value>
</key>
<key name="ipInDiscards">
<value type="value">0</value>
</key>
<key name="ipInDelivers">
<value type="value">31282</value>
</key>
<key name="ipOutRequests">
<value type="value">69023</value>
</key>
<key name="ipOutDiscards">
<value type="value">0</value>
</key>
<key name="ipOutNoRoutes">
<value type="value">0</value>
</key>
<key name="ipReasmTimeout">
<value type="value">60</value>
</key>
<key name="ipReasmReqds">
<value type="value">7</value>
</key>
<key name="ipReasmOKs">
<value type="value">3</value>
</key>
<key name="ipReasmFails">
<value type="value">0</value>
</key>
<key name="ipFragOKs">
<value type="value">0</value>
</key>
<key name="ipFragFails">
<value type="value">0</value>
</key>
<key name="ipFragCreates">
<value type="value">0</value>
</key>
<key name="ipAdEntAddr">
<value type="value">"217.172.190.137"</value>
</key>
<key name="ipAdEntIfIndex">
<value type="value">1</value>
</key>
<key name="ipAdEntNetMask">
<value type="value">"255.255.255.255"</value>
</key>
<key name="ipAdEntBcastAddr">
<value type="value">1</value>
</key>
<key name="ipAdEntReasmMaxSize">
<value type="value">65528</value>
</key>
<key name="ipRoutingDiscards">
<value type="value">0</value>
</key>
<key name="icmpInMsgs">
<value type="value">4</value>
</key>
<key name="icmpInErrors">
<value type="value">0</value>
</key>
<key name="icmpInDestUnreachs">
<value type="value">1</value>
</key>
<key name="icmpInTimeExcds">
<value type="value">0</value>
</key>
<key name="icmpInParmProbs">
<value type="value">0</value>
</key>
<key name="icmpInSrcQuenchs">
<value type="value">0</value>
</key>
<key name="icmpInRedirects">
<value type="value">0</value>
</key>
<key name="icmpInEchos">
<value type="value">0</value>
</key>
<key name="icmpInEchoReps">
<value type="value">0</value>
</key>
<key name="icmpInTimestamps">
<value type="value">0</value>
</key>
<key name="icmpInTimestampReps">
<value type="value">0</value>
</key>
<key name="icmpInAddrMasks">
<value type="value">0</value>
</key>
<key name="icmpInAddrMaskReps">
<value type="value">0</value>
</key>
<key name="icmpOutMsgs">
<value type="value">0</value>
</key>
<key name="icmpOutErrors">
<value type="value">0</value>
</key>
<key name="icmpOutDestUnreachs">
<value type="value">144</value>
</key>
<key name="icmpOutTimeExcds">
<value type="value">0</value>
</key>
<key name="icmpOutParmProbs">
<value type="value">0</value>
</key>
<key name="icmpOutSrcQuenchs">
<value type="value">0</value>
</key>
<key name="icmpOutRedirects">
<value type="value">0</value>
</key>
<key name="icmpOutEchos">
<value type="value">0</value>
</key>
<key name="icmpOutEchoReps">
<value type="value">0</value>
</key>
<key name="icmpOutTimestamps">
<value type="value">0</value>
</key>
<key name="icmpOutTimestampReps">
<value type="value">0</value>
</key>
<key name="icmpOutAddrMasks">
<value type="value">0</value>
</key>
<key name="icmpOutAddrMaskReps">
<value type="value">0</value>
</key>
<!-- TCP-MIB -->
<key name="tcpRtoAlgorithm">
<value type="value">2</value>
</key>
<key name="tcpRtoMin">
<value type="value">0</value>
</key>
<key name="tcpRtoMax">
<value type="value">100</value>
</key>
<key name="tcpMaxConn">
<value type="value">-1</value>
</key>
<key name="tcpActiveOpens">
<value type="value">0</value>
</key>
<key name="tcpPassiveOpens">
<value type="value">101</value>
</key>
<key name="tcpAttemptFails">
<value type="value">42</value>
</key>
<key name="tcpEstabResets">
<value type="value">45</value>
</key>
<key name="tcpCurrEstab">
<value type="value">0</value>
</key>
<key name="tcpInSegs">
<value type="value">30321</value>
</key>
<key name="tcpOutSegs">
<value type="value">67821</value>
</key>
<key name="tcpRetransSegs">
<value type="value">2511</value>
</key>
<key name="tcpConnState">
<value type="value">2</value>
</key>
<key name="tcpConnLocalAddress">
<value type="value">"217.172.190.137"</value>
</key>
<key name="tcpConnLocalPort">
<value type="value">2404</value>
</key>
<key name="tcpConnRemAddress">
<value type="value">"0.0.0.0"</value>
</key>
<key name="tcpConnRemPort">
<value type="value">0</value>
</key>
<key name="tcpInErrs">
<value type="value">1</value>
</key>
<key name="tcpOutRsts">
<value type="value">728</value>
</key>
<!-- UDP-MIB -->
<key name="udpInDatagrams">
<value type="value">1441</value>
</key>
<key name="udpNoPorts">
<value type="value">1280</value>
</key>
<key name="udpInErrors">
<value type="value">23</value>
</key>
<key name="udpOutDatagrams">
<value type="value">47</value>
</key>
<key name="udpLocalAddress">
<value type="value">"217.172.190.137"</value>
</key>
<key name="udpLocalPort">
<value type="value">161</value>
</key>
<key name="SystemName">
<value type="value">"CP 343-1 IT"</value>
</key>
<!-- IEC104 Protocol parameter -->
<!-- Timeout of connection establishment -->
<key name="T_0">
<value type="value">30</value>
</key>
<!-- Timeout of send or test APDUs (Wartezeit auf Quittung) -->
<key name="T_1">
<value type="value">15</value>
</key>
<!-- Timeout for acknowledges in case of no data messages T_2 < T_1 (Quittieren nach x sek) -->
<key name="T_2">
<value type="value">10</value>
</key>
<!-- Timeout for sending test frames in case of a long idle state -->
<key name="T_3">
<value type="value">20</value>
</key>
<!-- Maximum difference receive sequence number to send state variable (Max. Anzahl unquittierter Telegramme) -->
<!-- not implemented yet -->
<key name="k">
<value type="value">12</value>
</key>
<!-- Latest acknowledge after receiving w I-format APDUs (Quittieren nach w Telegrammen) -->
<key name="w">
<value type="value">8</value>
</key>
<!-- Maximum frame size (in bytes) -->
<key name="MaxFrameSize">
<value type="value">254</value>
</key>
<!-- Devices -->
<!-- 13- -->
<key name="13_20">
<value type="value">1</value>
</key>
<key name="13_21">
<value type="value">0</value>
</key>
<key name="13_22">
<value type="value">0</value>
</key>
<key name="13_24">
<value type="value">1</value>
</key>
<key name="13_25">
<value type="value">1</value>
</key>
<key name="13_32">
<value type="value">1</value>
</key>
<key name="13_33">
<value type="value">1</value>
</key>
<key name="13_34">
<value type="value">1</value>
</key>
<key name="13_35">
<value type="value">1</value>
</key>
<key name="13_36">
<value type="value">1</value>
</key>
<key name="13_37">
<value type="value">1</value>
</key>
<key name="13_38">
<value type="value">1</value>
</key>
<key name="13_39">
<value type="value">1</value>
</key>
<key name="13_40">
<value type="value">0</value>
</key>
<key name="13_41">
<value type="value">1</value>
</key>
<key name="13_42">
<value type="value">0</value>
</key>
<!-- 22- -->
<key name="22_19">
<value type="value">1</value>
</key>
<key name="22_20">
<value type="value">1</value>
</key>
<key name="22_21">
<value type="value">0</value>
</key>
<key name="22_22">
<value type="value">0</value>
</key>
<key name="22_24">
<value type="value">1</value>
</key>
<key name="22_25">
<value type="value">1</value>
</key>
<key name="22_42">
<value type="value">1</value>
</key>
<key name="22_43">
<value type="value">1</value>
</key>
<key name="22_54">
<value type="value">1</value>
</key>
<!-- 33- -->
<key name="33_2">
<value type="value">1</value>
</key>
<key name="33_3">
<value type="value">2</value>
</key>
<key name="33_4">
<value type="value">1</value>
</key>
<key name="33_5">
<value type="value">2</value>
</key>
<key name="33_6">
<value type="value">2</value>
</key>
<key name="33_7">
<value type="value">1</value>
</key>
<key name="33_8">
<value type="value">1</value>
</key>
<key name="33_9">
<value type="value">1</value>
</key>
<key name="33_10">
<value type="value">1</value>
</key>
<key name="33_11">
<value type="value">1</value>
</key>
<!-- 60- -->
<key name="60_6">
<value type="value">2</value>
</key>
<key name="60_7">
<value type="value">1</value>
</key>
<key name="60_8">
<value type="value">1</value>
</key>
<key name="60_9">
<value type="value">1</value>
</key>
<key name="60_20">
<value type="value">1</value>
</key>
<key name="60_21">
<value type="value">1</value>
</key>
<key name="60_32">
<value type="value">1</value>
</key>
<key name="60_34">
<value type="value">1</value>
</key>
<key name="60_35">
<value type="value">1</value>
</key>
<key name="60_36">
<value type="value">1</value>
</key>
<!-- 100- -->
<key name="100_12">
<value type="value">103</value>
</key>
<key name="100_13">
<value type="value">31</value>
</key>
<key name="100_51">
<value type="value">-49</value>
</key>
<key name="100_108">
<value type="value">28871</value>
</key>
<key name="100_109">
<value type="value">13781</value>
</key>
<key name="100_178">
<value type="value">119</value>
</key>
<key name="100_179">
<value type="value">219</value>
</key>
<key name="100_190">
<value type="value">1009</value>
</key>
<key name="100_191">
<value type="value">-2</value>
</key>
<key name="100_192">
<value type="value">701</value>
</key>
<key name="100_193">
<value type="value">441</value>
</key>
<!-- 101- -->
<key name="101_63">
<value type="value">103</value>
</key>
<key name="101_205">
<value type="value">31</value>
</key>
<key name="101_100">
<value type="value">5</value>
</key>
<key name="101_101">
<value type="value">49</value>
</key>
<key name="101_102">
<value type="value">119</value>
</key>
<key name="101_105">
<value type="value">500</value>
</key>
<key name="101_106">
<value type="value">1</value>
</key>
<!-- 107- -->
<key name="107_3">
<value type="value">16.2</value>
</key>
<key name="107_77">
<value type="value">15.9</value>
</key>
<key name="107_78">
<value type="value">512.1</value>
</key>
<key name="107_79">
<value type="value">433.4</value>
</key>
<key name="107_90">
<value type="value">344.4</value>
</key>
<key name="107_130">
<value type="value">-0.44013</value>
</key>
<key name="107_131">
<value type="value">43.0</value>
</key>
<key name="107_132">
<value type="value">41.2</value>
</key>
<key name="107_141">
<value type="value">12.1</value>
</key>
<key name="107_200">
<value type="value">91</value>
</key>
<key name="107_201">
<value type="value">98.8</value>
</key>
<key name="107_202">
<value type="value">110</value>
</key>
<key name="107_203">
<value type="value">85.1</value>
</key>
<key name="107_204">
<value type="value">85.2</value>
</key>
<key name="107_205">
<value type="value">410</value>
</key>
<key name="107_206">
<value type="value">592</value>
</key>
<key name="107_207">
<value type="value">1.5</value>
</key>
<key name="107_208">
<value type="value">44.7</value>
</key>
<key name="107_209">
<value type="value">11.9</value>
</key>
<key name="107_210">
<value type="value">221.45</value>
</key>
<key name="107_211">
<value type="value">13.4</value>
</key>
<key name="107_212">
<value type="value">0.000402</value>
</key>
<!-- 109- -->
<key name="109_3">
<value type="value">16.2</value>
</key>
<key name="109_7">
<value type="value">15.9</value>
</key>
<key name="109_8">
<value type="value">880</value>
</key>
<key name="109_10">
<value type="value">344.4</value>
</key>
<key name="109_40">
<value type="value">41.2</value>
</key>
<key name="109_41">
<value type="value">12.1</value>
</key>
<key name="empty">
<value type="value">""</value>
</key>
</key_value_mappings>
</databus>
</core>

78
docker/conpot/dist/templates/default/template.xml vendored Normal file
View File

@ -0,0 +1,78 @@
<core>
<template>
<!-- General information about the template -->
<entity name="unit">S7-200</entity>
<entity name="vendor">Siemens</entity>
<entity name="description">Rough simulation of a basic Siemens S7-200 CPU with 2 slaves</entity>
<entity name="protocols">HTTP, MODBUS, s7comm, SNMP</entity>
<entity name="creator">the conpot team</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
<key name="FacilityName">
<value type="value">"DoE Water Service"</value>
</key>
<key name="SystemName">
<value type="value">"Central Pump"</value>
</key>
<key name="SystemDescription">
<value type="value">"Pump Control Unit"</value>
</key>
<key name="Uptime">
<value type="function">conpot.emulators.misc.uptime.Uptime</value>
</key>
<key name="sysObjectID">
<value type="value">"0.0"</value>
</key>
<key name="sysContact">
<value type="value">"DoE"</value>
</key>
<key name="sysName">
<value type="value">"Pump Control Unit"</value>
</key>
<key name="sysLocation">
<value type="value">"DoE"</value>
</key>
<key name="sysServices">
<value type="value">"72"</value>
</key>
<key name="memoryModbusSlave0BlockA">
<value type="value">[random.randint(0,1) for b in range(0,128)]</value>
</key>
<key name="memoryModbusSlave0BlockB">
<value type="value">[random.randint(0,1) for b in range(0,32)]</value>
</key>
<key name="memoryModbusSlave255BlockA">
<value type="value">[random.randint(0,1) for b in range(0,128)]</value>
</key>
<key name="memoryModbusSlave255BlockB">
<value type="value">[random.randint(0,1) for b in range(0,32)]</value>
</key>
<key name="memoryModbusSlave1BlockA">
<value type="value">[random.randint(0,1) for b in range(0,128)]</value>
</key>
<key name="memoryModbusSlave1BlockB">
<value type="value">[random.randint(0,1) for b in range(0,32)]</value>
</key>
<key name="memoryModbusSlave2BlockC">
<value type="value">[random.randint(0,1) for b in range(0,8)]</value>
</key>
<key name="memoryModbusSlave2BlockD">
<value type="value">[0 for b in range(0,32)]</value>
</key>
<key name="Copyright">
<value type="value">"Original Siemens Equipment"</value>
</key>
<key name="s7_id">
<value type="value">"88111222"</value>
</key>
<key name="s7_module_type">
<value type="value">"IM151-8 PN/DP CPU"</value>
</key>
<key name="empty">
<value type="value">""</value>
</key>
</key_value_mappings>
</databus>
</core>

93
docker/conpot/dist/templates/guardian_ast/template.xml vendored Normal file
View File

@ -0,0 +1,93 @@
<core>
<template>
<!-- General information about the template -->
<entity name="unit">Guardian AST tank-monitoring system</entity>
<entity name="vendor">Guardian</entity>
<entity name="description">Guardian AST tank-monitoring system</entity>
<entity name="protocols">guardian_ast</entity>
<entity name="creator">the conpot team</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
<key name="product1">
<value type="value">"SUPER"</value>
</key>
<key name="product2">
<value type="value">"UNLEAD"</value>
</key>
<key name="product3">
<value type="value">"DIESEL"</value>
</key>
<key name="product4">
<value type="value">"ADBLUE"</value>
</key>
<key name="station_name">
<value type="value">"AVIA"</value>
</key>
<key name="vol1">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="vol2">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="vol3">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="vol4">
<value type="value">random.randint(1000, 9050)</value>
</key>
<key name="ullage1">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="ullage2">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="ullage3">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="ullage4">
<value type="value">random.randint(3000, 9999)</value>
</key>
<key name="height1">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="height2">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="height3">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="height4">
<value type="value">round(random.uniform(25.00, 75.99), 2)</value>
</key>
<key name="h2o1">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="h2o2">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="h2o3">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="h2o4">
<value type="value">round(random.uniform(0.0, 9.99), 2)</value>
</key>
<key name="temp1">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="temp2">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="temp3">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="temp4">
<value type="value">round(random.uniform(50.0, 59.99), 2)</value>
</key>
<key name="empty">
<value type="value">""</value>
</key>
</key_value_mappings>
</databus>
</core>

18
docker/conpot/dist/templates/ipmi/template.xml vendored Normal file
View File

@ -0,0 +1,18 @@
<core>
<template>
<!-- General information about the template -->
<entity name="unit">371</entity>
<entity name="vendor">IPMI</entity>
<entity name="description">Creates a simple IPMI device</entity>
<entity name="protocols">IPMI</entity>
<entity name="creator">Lukas Rist</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
<key name="SystemName">
<value type="value">"DoE"</value>
</key>
</key_value_mappings>
</databus>
</core>

20
docker/conpot/dist/kamstrup_382/template.xml → docker/conpot/dist/templates/kamstrup_382/template.xml vendored
View File

@ -413,43 +413,43 @@
<value type="value">''</value>
</key>
<key name="nameserver_1">
<value type="value">'192.168.254.111'</value>
<value type="value">'0.0.0.0'</value>
</key>
<key name="nameserver_2">
<value type="value">'192.168.254.112'</value>
<value type="value">'0.0.0.0'</value>
</key>
<key name="nameserver_3">
<value type="value">'0.0.0.0'</value>
</key>
<key name="mac_address">
<value type="value">'00:13:EA:00:72:FA'</value>
<value type="value">'00:13:EA:00:00:00'</value>
</key>
<key name="use_dhcp">
<value type="value">'YES'</value>
</key>
<key name="ip_addr">
<value type="value">'192.168.201.101'</value>
<value type="value">'192.168.1.210'</value>
</key>
<key name="ip_gateway">
<value type="value">'192.168.201.254'</value>
<value type="value">'192.168.1.1'</value>
</key>
<key name="ip_subnet">
<value type="value">'255.255.255.0'</value>
</key>
<key name="ip_addr_dhcp">
<value type="value">'192.168.200.1'</value>
<value type="value">'192.168.0.1'</value>
</key>
<key name="ip_gateway_dhcp">
<value type="value">'192.168.200.254'</value>
<value type="value">'192.168.0.254'</value>
</key>
<key name="ip_subnet_dhcp">
<value type="value">'255.255.255.0'</value>
</key>
<key name="kap_a_server_hostname">
<value type="value">'de_fra_lxg00.local.dom'</value>
<value type="value">'kapserver.evilpowerprovider.org'</value>
</key>
<key name="kap_a_server_ip">
<value type="value">'192.168.254.201'</value>
<value type="value">'202.202.202.1'</value>
</key>
<key name="kap_a_server_port">
<value type="value">'50'</value>
@ -513,4 +513,4 @@
</key>
</key_value_mappings>
</databus>
</core>
</core>

15
docker/conpot/dist/templates/proxy/template.xml vendored Normal file
View File

@ -0,0 +1,15 @@
<core>
<template>
<!-- General information about the template -->
<entity name="unit">Proxy</entity>
<entity name="vendor">None</entity>
<entity name="description">Sample template that demonstrates the proxy feature.</entity>
<entity name="protocols">Proxy</entity>
<entity name="creator">the conpot team</entity>
</template>
<databus>
<!-- Core value that can be retrieved from the databus by key -->
<key_value_mappings>
</key_value_mappings>
</databus>
</core>

134
docker/conpot/docker-compose.yml
View File

@ -1,19 +1,139 @@
version: '2.1'
# CONPOT TEMPLATE=[default, IEC104, guardian_ast, ipmi, kamstrup_382, proxy]
version: '2.2'
networks:
conpot_local:
conpot_local_default:
conpot_local_IEC104:
conpot_local_guardian_ast:
conpot_local_ipmi:
conpot_local_kamstrup_382:
services:
# Conpot service
conpot:
container_name: conpot
# Conpot default service
conpot_default:
build: .
container_name: conpot_default
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_default.json
- CONPOT_LOG=/var/log/conpot/conpot_default.log
- CONPOT_TEMPLATE=default
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
# - /var/run/conpot/
networks:
- conpot_local
- conpot_local_default
ports:
- "80:80"
- "102:102"
- "161:161"
- "502:502"
# - "623:623"
- "44818:44818"
- "47808:47808"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot IEC104 service
conpot_IEC104:
build: .
container_name: conpot_IEC104
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_IEC104.json
- CONPOT_LOG=/var/log/conpot/conpot_IEC104.log
- CONPOT_TEMPLATE=IEC104
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_IEC104
ports:
# - "161:161"
- "2404:2404"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot guardian_ast service
conpot_guardian_ast:
build: .
container_name: conpot_guardian_ast
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_guardian_ast.json
- CONPOT_LOG=/var/log/conpot/conpot_guardian_ast.log
- CONPOT_TEMPLATE=guardian_ast
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_guardian_ast
ports:
- "10001:10001"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot ipmi
conpot_ipmi:
build: .
container_name: conpot_ipmi
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_ipmi.json
- CONPOT_LOG=/var/log/conpot/conpot_ipmi.log
- CONPOT_TEMPLATE=ipmi
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_ipmi
ports:
- "623:623"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot
# Conpot kamstrup_382
conpot_kamstrup_382:
build: .
container_name: conpot_kamstrup_382
restart: always
environment:
- CONPOT_CONFIG=/etc/conpot/conpot.cfg
- CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
- CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
- CONPOT_TEMPLATE=kamstrup_382
- CONPOT_TMP=/tmp/conpot
- PYTHON_EGG_CACHE=/tmp/conpot
tmpfs:
- /tmp/conpot:exec
- /var/run/conpot/
networks:
- conpot_local_kamstrup_382
ports:
- "1025:1025"
- "50100:50100"
image: "dtagdevsec/conpot:1710"
image: "dtagdevsec/conpot:1804"
read_only: true
volumes:
- /data/conpot/log:/var/log/conpot