adding missing files

Author: tom

config/id.go

@@ -0,0 +1,73 @@
+package config
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"net"
+	"os"
+	"strings"
+
+	"github.com/denisbrodbeck/machineid"
+	. "github.com/klauspost/cpuid/v2"
+
+	"helix-honeypot/model"
+)
+
+func getMacAddress() ([]string, error) {
+	ifas, err := net.Interfaces()
+	if err != nil {
+		return nil, fmt.Errorf("error getting network interfaces: %v", err)
+	}
+	var as []string
+	for _, ifa := range ifas {
+		a := ifa.HardwareAddr.String()
+		if a != "" {
+			as = append(as, a)
+		}
+	}
+	return as, nil
+}
+
+func MakeMachineId() (string, error) {
+	// Generate a machine id from multiple values
+	var hostid model.HostIDStruct
+	id, err := machineid.ID()
+	if err != nil {
+		fmt.Errorf("error generating machine id: %v", err)
+	}
+	hostname, err := os.Hostname()
+	if err != nil {
+		fmt.Errorf("error getting hostname: %v", err)
+	}
+	macSlice, err := getMacAddress()
+	if err != nil {
+		fmt.Errorf("error getting mac address: %v", err)
+	}
+
+	hostid.MachineID = id
+	hostid.ProcessorHash = CPU.BrandName
+	hostid.ProcessorFeatures = strings.Join(CPU.FeatureSet(), ",")
+	hostid.CacheLine = fmt.Sprint(CPU.CacheLine)
+	hostid.CacheL1D = fmt.Sprint(CPU.Cache.L1D)
+	hostid.CacheL1I = fmt.Sprint(CPU.Cache.L1I)
+	hostid.CacheL2 = fmt.Sprint(CPU.Cache.L2)
+	hostid.CacheL3 = fmt.Sprint(CPU.Cache.L3)
+	hostid.CPUFrequency = fmt.Sprint(CPU.Hz)
+	hostid.PhysicalCores = fmt.Sprint(CPU.PhysicalCores)
+	hostid.LogicalCores = fmt.Sprint(CPU.LogicalCores)
+	hostid.ThreadsPerCore = fmt.Sprint(CPU.ThreadsPerCore)
+	hostid.VendorID = CPU.VendorID.String()  // convert VendorID to string
+	hostid.MacAddress = macSlice
+	hostid.Hostname = hostname
+
+	hostIDBytes, err := json.Marshal(hostid)
+	if err != nil {
+		return "", fmt.Errorf("error marshalling hostid: %v", err)
+	}
+	hash := sha256.Sum256(hostIDBytes)
+
+	return hex.EncodeToString(hash[:]), nil
+}
+

honeypots/defense/defense.go

@@ -0,0 +1,86 @@
+package defense
+
+import (
+	"github.com/labstack/echo/v4"
+	"helix-honeypot/model"
+	"helix-honeypot/logger"
+
+	"net/http"
+	"math/rand"
+	crand "crypto/rand"
+	"strconv"
+)
+
+// Literally streams cruff to the response
+func ActiveDefenseHandler(c echo.Context) error {
+	prng := crand.Reader
+	return c.Stream(http.StatusCreated, "application/json", prng)
+}
+
+// RedirectLoopHandler serves a redirect loop that follows a sequence of URLs from "a" to "z"
+func RedirectLoopHandler(c echo.Context) error {
+	// Get the current redirect index from the query parameter "index"
+	index := c.QueryParam("index")
+	if index == "" {
+		index = "0"
+	}
+
+	// Convert the index to an integer
+	redirectIndex := 0
+	// Handle any conversion errors
+	if i, err := strconv.Atoi(index); err == nil && i >= 0 {
+		redirectIndex = i
+	}
+
+	// Calculate the next character in the sequence
+	nextIndex := (redirectIndex + 1) % 26
+	nextChar := string('a' + nextIndex)
+
+	// Set the next redirect URL
+	nextURL := "/" + nextChar
+
+	// Set response headers for the forever redirect
+	c.Response().Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+	c.Response().Header().Set("Pragma", "no-cache")
+	c.Response().Header().Set("Expires", "0")
+	c.Response().Header().Set("Location", nextURL)
+
+	// Send the forever redirect response
+	return c.Redirect(http.StatusMovedPermanently, nextURL)
+}
+
+// RandomHandler randomly chooses between ActiveDefenseHandler and RedirectLoopHandler
+func RandomHandler(c echo.Context) error {
+	handlers := []func(echo.Context) error{
+		ActiveDefenseHandler,
+		func(c echo.Context) error {
+			return RedirectLoopHandler(c)
+		},
+	}
+
+	// Randomly select a handler
+	randomIndex := rand.Intn(len(handlers))
+	selectedHandler := handlers[randomIndex]
+
+	// Execute the selected handler
+	return selectedHandler(c)
+}
+
+func StartDefenseHoneypot(cfg *model.Config) {
+	e := NewRouter()
+
+	// Initialize logger
+	customLogger, err := logger.NewCustomLogger(cfg)
+	if err != nil {
+		e.Logger.Fatal(err)
+		return
+	}
+
+	// Set the logger middleware
+	e.Use(customLogger.Middleware)
+	// Routes for Active Defense Mode
+	e.GET("/*", RandomHandler)
+	e.POST("/*", RandomHandler)
+
+	e.Logger.Fatal(e.Start(cfg.DEF.Host + ":" + cfg.DEF.Port))
+}

honeypots/defense/router.go

@@ -0,0 +1,13 @@
+package defense
+
+import (
+	"github.com/labstack/echo/v4"
+	"github.com/labstack/gommon/log"
+)
+
+func NewRouter() *echo.Echo {
+	echoRouter := echo.New()
+	echoRouter.Logger.SetLevel(log.DEBUG)
+	echoRouter.HideBanner = true
+	return echoRouter
+}

honeypots/http/http.go

@@ -0,0 +1,28 @@
+package http
+
+import (
+	"github.com/labstack/echo/v4"
+	"helix-honeypot/model"
+	"helix-honeypot/logger"
+	"net/http"
+)
+
+func StartHTTPHoneypot(cfg *model.Config) {
+	e := NewRouter()
+
+	// Initialize logger
+	customLogger, err := logger.NewCustomLogger(cfg)
+	if err != nil {
+		e.Logger.Fatal(err)
+		return
+	}
+
+	// Set the logger middleware
+	e.Use(customLogger.Middleware)
+
+	e.GET("/*", func(c echo.Context) error {
+		return c.String(http.StatusOK, "OK")
+	})
+
+	e.Logger.Fatal(e.Start(cfg.HTTP.Host + ":" + cfg.HTTP.Port))
+}

honeypots/http/router.go

@@ -0,0 +1,13 @@
+package http
+
+import (
+	"github.com/labstack/echo/v4"
+	"github.com/labstack/gommon/log"
+)
+
+func NewRouter() *echo.Echo {
+	echoRouter := echo.New()
+	echoRouter.Logger.SetLevel(log.DEBUG)
+	echoRouter.HideBanner = true
+	return echoRouter
+}

honeypots/k8s/generator/empty.go

@@ -0,0 +1,44 @@
+package generator
+
+type Metadata struct {
+	ResourceVersion string `json:"resourceVersion"`
+}
+
+type ColumnDefinition struct {
+	Name        string `json:"name"`
+	Type        string `json:"type"`
+	Format      string `json:"format"`
+	Description string `json:"description"`
+	Priority    int    `json:"priority"`
+}
+
+type Table struct {
+	Kind              string             `json:"kind"`
+	ApiVersion        string             `json:"apiVersion"`
+	Metadata          Metadata           `json:"metadata"`
+	ColumnDefinitions []map[string]interface{} `json:"columnDefinitions"`
+	Rows              []interface{}      `json:"rows"`
+}
+
+// ConvertMapToColumnDefinition converts a map into a ColumnDefinition struct
+func ConvertMapToColumnDefinition(defMap map[string]interface{}) ColumnDefinition {
+	return ColumnDefinition{
+		Name:        defMap["name"].(string),
+		Type:        defMap["type"].(string),
+		Format:      defMap["format"].(string),
+		Description: defMap["description"].(string),
+		Priority:    defMap["priority"].(int),
+	}
+}
+
+// GenerateEmptyList generates a Table instance with default values
+func GenerateEmptyList() Table {
+	columnDefs := GenerateColumnDefinitions()
+	return Table{
+		Kind:              "Table",
+		ApiVersion:        "meta.k8s.io/v1",
+		Metadata:          Metadata{ResourceVersion: "561"},
+		ColumnDefinitions: columnDefs,
+		Rows:              []interface{}{},
+	}
+}

honeypots/k8s/generator/generator.go

@@ -0,0 +1,81 @@
+package generator
+
+import (
+	"math/rand"
+	"sort"
+	"time"
+
+	"helix-honeypot/model"
+)
+
+func generatePodConfig(cfg *model.Config, namespace string, podNames []string, resourceVersion string) map[string]interface{} {
+	rand.Seed(time.Now().UnixNano()) // Seeding the random number generator
+	pods := make([]interface{}, rand.Intn(110)+10)
+	for i := range pods {
+		pods[i] = GeneratePod(cfg, namespace, podNames)
+	}
+
+	// Sort pods
+	sort.SliceStable(pods, func(i, j int) bool {
+		iPod := pods[i].(map[string]interface{})
+		jPod := pods[j].(map[string]interface{})
+		iName := iPod["object"].(map[string]interface{})["metadata"].(map[string]interface{})["name"].(string)
+		jName := jPod["object"].(map[string]interface{})["metadata"].(map[string]interface{})["name"].(string)
+		return iName < jName
+	})
+
+	config := map[string]interface{}{
+		"kind":       "Table",
+		"apiVersion": "meta.k8s.io/v1",
+		"metadata": map[string]interface{}{
+			"resourceVersion": resourceVersion,
+		},
+		"columnDefinitions": GenerateColumnDefinitions(),
+		"rows":              pods,
+	}
+
+	return config
+}
+
+func GenerateKubeSystemConfig(cfg *model.Config, namespace string) map[string]interface{} {
+	podNames := []string{
+		"kube-apiserver", "kube-controller-manager", "kube-scheduler",
+		"kube-proxy", "etcd", "coredns", "kube-addon-manager",
+		"kube-flannel", "kube-calico", "kube-dns", "kube-sidecar",
+		"kube-state-metrics", "kube-ingress-controller", "kube-dashboard",
+		"kube-metrics-scraper", "kube-network-manager", "kube-node-exporter",
+		"kube-persistent-storage", "kube-csi", "kubelet", "kube-proxy",
+		"kube-vpnkit-controller", "kube-storage-provisioner",
+	}
+	return generatePodConfig(cfg, namespace, podNames, "1110")
+}
+
+
+func GenerateDefaultNamespaceConfig(cfg *model.Config, namespace string) map[string]interface{} {
+	podNames := []string{
+		"database", "message-queue", "cache", "nginx", "apache", "tomcat",
+		"redis", "elasticsearch", "rabbitmq", "kafka", "memcached", "mysql",
+		"postgres", "mongo", "cassandra", "influxdb", "grafana", "prometheus",
+		"wordpress", "jenkins", "gitlab", "drupal", "magento", "django",
+		"laravel", "nodejs", "express", "flask", "spring-boot", "react",
+		"angular", "vuejs", "emberjs", "kubernetes", "docker", "minio",
+		"jupyter", "tensorflow", "spark", "git", "consul", "vault",
+		"kibana", "haproxy", "traefik", "graylog", "sonarqube", "nexus",
+		"zookeeper", "etcd", "nextcloud", "ghost", "owncloud", "clickhouse",
+		"metabase", "nginx-ingress", "kong", "keycloak", "rancher", "logstash",
+		"aws-lambda", "aws-s3", "aws-dynamodb", "aws-rds", "aws-sqs", "aws-sns",
+		"gcp-cloud-run", "gcp-datastore", "gcp-pubsub", "azure-functions", "azure-storage", "azure-cosmosdb",
+		"azure-service-bus", "kafka", "rabbitmq", "hadoop", "couchbase", "couchdb",
+		"neo4j", "clickhouse", "varnish", "traefik", "gitlab-runner", "nats",
+		"apollo", "jitsi", "rocketmq", "deno", "glusterfs", "prometheus-operator",
+		"rancher", "knative", "fluentd", "openfaas", "loki", "istio",
+		"redis-cache", "postgresql", "mongodb", "couchbase", "apache-kafka", "nginx-ingress-controller",
+		"jenkins-x", "drone", "openshift", "gitlab-ci", "bitbucket-pipelines", "teamcity",
+		"spinnaker", "artifactory", "nexus-repository", "kong-api-gateway", "tyk-api-gateway", "azure-apim",
+		"consul-service-mesh", "linkerd", "kuma", "flannel", "weave", "cilium",
+		"argocd", "fluxcd", "istio", "knative", "keda", "helm",
+		"tekton", "argo-workflows", "falco", "sysdig", "calico", "openshift-sdn",
+		"fluent-bit", "logstash", "telegraf", "papertrail", "logentries", "logdna",
+	}
+	return generatePodConfig(cfg, namespace, podNames, "3572")
+}