FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.
The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol.
Demo Site
Support credssp ntlmv2 nla authentication.
Support to configure the image displayed when user login.
SSH
Support user login.
Support fake terminal commands, such as id, uid, whoami, etc.
Account format: username:password:home:uid
IMAP & SMTP
Support user login and interaction.
Mysql
Support sql statement query interaction
HTTP
Support website clone, You need to install the chrome browser and chrome driver to work.
The configuration of all protocols and parameters is generated by genConfig subcommand.
Use 172.16.0.0/16 subnet to generate the configuration file:
fapro genConfig -n 172.16.0.0/16 > fapro.json
Or use local address instead of the virtual network:
fapro genConfig > fapro.json
Run the protocol simulator
Run FaPro in verbose mode and start the web service on port 8080:
fapro run -v -l :8080
Tcp syn logging
For windows users, please install winpcap or npcap.
Use ELK to analyze protocol logs:
Configuration
This section contains the sample configuration used by FaPro.
{
“version”: “0.40”,
“network”: “127.0.0.1/32”,
“network_build”: “localhost”,
“storage”: null,
“geo_db”: “/tmp/geoip_city.mmdb”,
“hostname”: “fapro1”,
“use_logq”: true,
“cert_name”: “unknown”,
“syn_dev”: “any”,
“udp_dev”: “any”,
“icmp_dev”: “any”,
“exclusions”: [],
“hosts”: [
{
“ip”: “127.0.0.1”,
“handlers”: [
{
“handler”: “dcerpc”,
“port”: 135,
“params”: {
“accounts”: [
“administrator:123456”,
],
“domain_name”: “DESKTOP-Q1Test”
}
}
]
}
]
}
Create a virtual network, The subnet is 172.16.0.0/24, include 2 hosts,
172.16.0.3 run dns, ssh service,
and 172.16.0.5 run rpc, rdp service,
protocol access logs are saved to elasticsearch, exclude the access log of 127.0.0.1 and 8.8.8.8.
{
“version”: “0.40”,
“network”: “172.16.0.0/24”,
“network_build”: “userdef”,
“storage”: “es://http://127.0.0.1:9200”,
“use_logq”: true,
“cert_name”: “unknown”,
“syn_dev”: “any”,
“udp_dev”: “any”,
“icmp_dev”: “any”,
“exclusions”: [“127.0.0.1”, “8.8.8.8”],
“geo_db”: “”,
“hosts”: [
{
“ip”: “172.16.0.3”,
“handlers”: [
{
“handler”: “dns”,
“port”: 53,
“params”: {
“accounts”: [
“admin:123456”
],
“appname”: “domain”
}
},
{
“handler”: “ssh”,
“port”: 22,
“params”: {
“accounts”: [
“root:5555555:/root:0”
],
“prompt”: “$ “,
“server_version”: “SSH-2.0-OpenSSH_7.4”
}
}
]
},
{
“ip”: “172.16.0.5”,
“handlers”: [
{
“handler”: “dcerpc”,
“port”: 135,
“params”: {
“accounts”: [
“administrator:123456”
],
“domain_name”: “DESKTOP-Q1Test”
}
},
{
“handler”: “rdp”,
“port”: 3389,
“params”: {
“accounts”: [
“administrator:123456”
],
“auth”: false,
“domain_name”: “DESKTOP-Q1Test”,
“image”: “rdp.jpg”,
“sec_layer”: “auto”
}
}
]
}
]
}
Automatically generate service configuration
Use the ipclone.py script in Scripts, You can clone the ip service configuration from fofa to quickly generate the service configuration of the real machine.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…