• Stars
    star
    259
  • Rank 157,669 (Top 4 %)
  • Language
    Python
  • License
    Other
  • Created over 7 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Decept Network Protocol Proxy

Decept Proxy

Yay, another network proxy. What makes this any different from any others?

  • Created with portability in mind, it only uses as standard python libraries, so you can drop it on a box and not worry, as long as python 2 is there.

  • Supports SSL endpoirnts, IPV6, Unix Sockets, Abstract Namespace sockets, L3 protocols/captures and also L2 bridging and passive modes.

  • Any traffic that passes through Decept.py can be dumped into a .fuzzer file format that is suitable for fuzzing with the Mutiny Fuzzing Framework.

  • SSH proxying/sniffing/filtering with lil_sshniffer.py and lil_netkit.py

  • HTTP/HTTPS multiplexing. Examine hosts.conf for more information.

  • Based off of the tcp proxy.py from Black Hat Python by Justin Seitz

[<_<] Decept proxy/sniffer [>_>]


usage: decept.py <local_host> <local_port> <remote_host> <remote_port> [OPTIONS]

optional arguments:
  -h, --help            show this help message and exit
  --quiet               Don't show hexdumps
  --recv_first          Receive stuff first?
  --timeout TIMEOUT     Timeout for outbound socket
  --loglast LOGLAST     Log the last packet (unimplimented)
  --fuzzer FUZZFILE     *.fuzzer output for mutiny (extensions required)
  --dumpraw DUMPDIR     Directory to dump raw packet files into
                        (fmt = %d-%s % (pkt_num,[inbound|outbound]))
  --max-packet-len LEN  Max amount of data per packet when sending data
  --dont_kill           For when you don't want the connection to die if
                        neither side sends packets for TIMEOUT seconds.
                        Use with --expect if you still need the session
                        to end though.
  --expect RESPCOUNT    Useful with --dont_kill. Wait for RESPCOUNT
                        responses from the remote server, and then kill
                        the connection. Good for fuzzing campaigns.

  -l, {ssl,udp,tcp}|[L3 Proto]     Local endpoint type
  -r, {ssl,udp,tcp}|[L3 Proto]     Remote endpoint type

  --rbind_addr IPADDR   IP address to use for remote side. Make sure that
                        you have the IP somewhere on an interface though.
  --rbind_port PORT     PORT to bind to for remote side.

SSL Options:
  --lcert SSL_PEM_CERT  Cert to use for accepting local SSL
                        (Optionally cert and key in one file)
  --lkey SSL_PEM_KEY    Private key for local cert
  --rcert SSL_PEM_CERT  Cert to use for connecting to remote SSL
                        (Optionally cert and key in one file)
  --rkey SSL_PEM_KEY    Private key for remote cert
  --rverify HOSTNAME    Verify remote side as host HOSTNAME before
                        connecting.

Hook Files:
  Optional function definitions for processing data between inbound
  and outbound endpoints. Can pass data between the hooks/proxy with
  the userdata parameters. Look at `hooks` folder for some examples/
  prebuilt useful things.

  --hookfile <file> | Functions imported from file:
        string outbound_hook(outbound,userdata=[]):
        string inbound_hook(outbound,userdata=[]):

Tap Mode (--tap):
    Decept will replicate any inbound/outbound traffic over localhost now
    also, such that you can view traffic that has been decrypted or processed
    by the inbound/outbound hooks in something more legit than the hexdump
    function. (e.g. tcpdump/wireshark/tshark/etc)

Host Config File:
  Optionally, instead of specifying a remote host, if you specify a valid
  filename, you can multiplex HTTP/HTTPS connections to different URLs.
  Please examine the example "hosts.conf" for more information.

------------------------------------------------------------------------

L2 usage: decept.py <local_int> <local_mac> <remote_int> <remote_mac>

L2 options:
  --l2_filter MACADDR   Ignore inbound traffic except from MACADDR
  --l2_MTU    MTU       Set Maximum Transmision Unit for socket
  --l2_forward          Bridge the local interface and remote interface

  --pcap PCAPDIR     Directory to store pcaps
  --pps                 Create a new pcap for each session
  --snaplen SNAPLEN     Length of packet truncation
  --pcap_interface IFACE  Specify which interface the packets will be
                          coming in on. "eth0" by default.

L4 Usage: decept.py 127.0.0.1 9999 10.0.0.1 8080
L3 Usage: decept.py 127.0.0.1 0 10.0.0.1 0 -l icmp -r icmp
L2 Usage: decept.py lo 00:00:00:00:00:00 eth0 ff:aa:cc:ee:dd:00
Unix: decept.py localsocketname 0 remotesocketname 0
Abstract: decept.py \\x00localsocketname 0 \\x00remotesocketname 0

Arp Poisoning options:
    --poison     <config-file>    Contains "mac1|mac2|ip1|ip2" to poison.
    --poison_int <interface>      Interface on which to poison (eth0 default)

lil_sshniffer.py

Main lil_sshniffer uses:

  1. SSH MITM: With the '--sniff' flag, lil_sshniffer will accept an SSH connection on the Localhost/local port specified and then try to connect to the given RHOST/RPORT with the credentials provided. All traffic is logged and can be filtered/acted upon before traversing all the way through with the '--filter' flag (lil_netkit.py for more info).

  2. Fuzzing an SSH wrapped service: Without the '-s' flag, lil_sshniffer will take a connection and wrap in in whatever type of SSH connection you want. (--subsystem/--pty/--interactive/ --pty)

[^.^] lil_sshniffer.py [^.^] ~For all your sshniffing needs~

usage: lil_sshniffer.py rhost
                        [-h] [--lhost LHOST] [--lport LPORT] [--rport RPORT]
                        [-d] [-l] [-P] [-s] [-k SPOOF_KEY] [-r] [-a AUTH_KEY]
                        [-u USERNAME] [-p PASSWORD] [-t TIMEOUT]
                        [--subsystem SUBSYSTEM | --execute EXECUTE | --interactive]
                        [-f] [-?] [-j]

positional arguments:
  rhost                 Remote address to connect to

optional arguments:
  -h, --help            show this help message and exit
  --lhost LHOST         Local address to bind to
  --lport LPORT         Local port to bind to
  --rport RPORT         Remote port to connect to
  -d, --debug           Extra output
  -l, --logging         Enable/disable logging
  -P, --pty             Allocate a pty also
  -s, --sniff           Create an inbound and outbound SSH Server
  -k SPOOF_KEY, --spoof_key SPOOF_KEY
                        RSA key to use for spoofing
  -r, --retry           Do the retry hack >_<
  -a AUTH_KEY, --auth_key AUTH_KEY
                        Key for authenticating outbound
  -u USERNAME, --username USERNAME
                        Username for outbound connection (leave blank for
                        prompt)
  -p PASSWORD, --password PASSWORD
                        Password for outbound connection (leave blank for
                        prompt)
  -t TIMEOUT, --timeout TIMEOUT
                        Timeout for sockets
  --subsystem SUBSYSTEM, -S SUBSYSTEM
                        Execute the given subsystem (scp/sftp/ssh/netconf/etc)
  --execute EXECUTE, -e EXECUTE
                        Execute a single command
  --interactive, -i     Requests a shell w/pty (default)
  -f, --filtering       Filter input and output w/lil_netkit
  -?, --cisco           For when you're filtering on a connection with a Cisco
                        CLI device
  -j, --hijack          Hijack ssh session after target quits

More Repositories

1

clamav

ClamAV - Documentation is here: https://docs.clamav.net
C
3,200
star
2

pyrebox

Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU
C
1,604
star
3

GhIDA

Python
714
star
4

mutiny-fuzzer

Python
530
star
5

MBRFilter

Cisco Talos MBR Filter Driver
C
318
star
6

moflow

Release Branches for MoFlow
C++
296
star
7

ROPMEMU

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.
Python
282
star
8

Ghidraaas

Python
207
star
9

DynDataResolver

Python
204
star
10

binary_function_similarity

Jupyter Notebook
186
star
11

fnc-1

Fake News Challenge
Python
173
star
12

BASS

BASS - BASS Automated Signature Synthesizer
Python
171
star
13

file2pcap

C
162
star
14

Barbervisor

Intel x86 bare metal hypervisor for researching snapshot fuzzing ideas.
Rust
145
star
15

TeslaDecrypt

Decryption Tool
C++
132
star
16

snort-faq

Snort FAQ
110
star
17

osquery_queries

Cisco Orbital - Osquery queries by Talos
96
star
18

FIRST

91
star
19

snap_wtf_macos

WTF Snapshot fuzzing of macOS targets
Python
86
star
20

FIRST-plugin-ida

Python
85
star
21

Winbox_Protocol_Dissector

Lua
67
star
22

locky

C
66
star
23

pylocky_decryptor

Python
64
star
24

cvdupdate

ClamAV Private Database Mirror Updater Tool
Python
62
star
25

smi_check

Smart Install Client Scanner
Python
61
star
26

clamav-bytecode-compiler

ClamAV ByteCode Compiler
C
60
star
27

covnavi

Python
59
star
28

IOCs

Indicators of Compromise
55
star
29

Mussels

Python
43
star
30

CASC

Python
40
star
31

clamav-safebrowsing

Python
37
star
32

freesentry

C++
34
star
33

clamav-docker

Dockerfiles for the ClamAV project
Shell
34
star
34

Re2Pcap

Python
33
star
35

oil-pumpjack

Oil Pumpjack: open source materials to create your own oil pumpjack managed by an Arduino
Python
31
star
36

FIRST-server

CSS
30
star
37

clamav-fuzz-corpus

Seed Corpus for clamav-devel oss-fuzz integration.
HTML
30
star
38

flokibot

Python
25
star
39

remcos-decoder

Talos Decryptor POC for Remcos RAT version 2.0.5 and earlier
Python
21
star
40

badgerboard

Verilog
16
star
41

crashdog

C
15
star
42

Daemonlogger

The Official Github Repository of Daemonlogger
C
14
star
43

useful-tools

Python
14
star
44

Nim-IDA-FLIRT-Generator

Nim-IDA-FLIRT-Generator
Python
13
star
45

clamav-documentation

ClamAV Documentation
JavaScript
13
star
46

clamav-mussels-cookbook

12
star
47

snort2-docker

Vim Script
10
star
48

ida_tilegx

C
6
star
49

NibiruDecrypt

C#
6
star
50

mussels-recipe-scrapbook

2
star
51

Threat-Round-Up

1
star
52

clamav-async-rs

1
star