FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.
The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol.
Demo Site
Support credssp ntlmv2 nla authentication.
Support to configure the image displayed when user login.
SSH
Support user login.
Support fake terminal commands, such as id, uid, whoami, etc.
Account format: username:password:home:uid
IMAP & SMTP
Support user login and interaction.
Mysql
Support sql statement query interaction
HTTP
Support website clone, You need to install the chrome browser and chrome driver to work.
The configuration of all protocols and parameters is generated by genConfig subcommand.
Use 172.16.0.0/16 subnet to generate the configuration file:
fapro genConfig -n 172.16.0.0/16 > fapro.json
Or use local address instead of the virtual network:
fapro genConfig > fapro.json
Run the protocol simulator
Run FaPro in verbose mode and start the web service on port 8080:
fapro run -v -l :8080
Tcp syn logging
For windows users, please install winpcap or npcap.
Use ELK to analyze protocol logs:
Configuration
This section contains the sample configuration used by FaPro.
{
“version”: “0.40”,
“network”: “127.0.0.1/32”,
“network_build”: “localhost”,
“storage”: null,
“geo_db”: “/tmp/geoip_city.mmdb”,
“hostname”: “fapro1”,
“use_logq”: true,
“cert_name”: “unknown”,
“syn_dev”: “any”,
“udp_dev”: “any”,
“icmp_dev”: “any”,
“exclusions”: [],
“hosts”: [
{
“ip”: “127.0.0.1”,
“handlers”: [
{
“handler”: “dcerpc”,
“port”: 135,
“params”: {
“accounts”: [
“administrator:123456”,
],
“domain_name”: “DESKTOP-Q1Test”
}
}
]
}
]
}
Create a virtual network, The subnet is 172.16.0.0/24, include 2 hosts,
172.16.0.3 run dns, ssh service,
and 172.16.0.5 run rpc, rdp service,
protocol access logs are saved to elasticsearch, exclude the access log of 127.0.0.1 and 8.8.8.8.
{
“version”: “0.40”,
“network”: “172.16.0.0/24”,
“network_build”: “userdef”,
“storage”: “es://http://127.0.0.1:9200”,
“use_logq”: true,
“cert_name”: “unknown”,
“syn_dev”: “any”,
“udp_dev”: “any”,
“icmp_dev”: “any”,
“exclusions”: [“127.0.0.1”, “8.8.8.8”],
“geo_db”: “”,
“hosts”: [
{
“ip”: “172.16.0.3”,
“handlers”: [
{
“handler”: “dns”,
“port”: 53,
“params”: {
“accounts”: [
“admin:123456”
],
“appname”: “domain”
}
},
{
“handler”: “ssh”,
“port”: 22,
“params”: {
“accounts”: [
“root:5555555:/root:0”
],
“prompt”: “$ “,
“server_version”: “SSH-2.0-OpenSSH_7.4”
}
}
]
},
{
“ip”: “172.16.0.5”,
“handlers”: [
{
“handler”: “dcerpc”,
“port”: 135,
“params”: {
“accounts”: [
“administrator:123456”
],
“domain_name”: “DESKTOP-Q1Test”
}
},
{
“handler”: “rdp”,
“port”: 3389,
“params”: {
“accounts”: [
“administrator:123456”
],
“auth”: false,
“domain_name”: “DESKTOP-Q1Test”,
“image”: “rdp.jpg”,
“sec_layer”: “auto”
}
}
]
}
]
}
Automatically generate service configuration
Use the ipclone.py script in Scripts, You can clone the ip service configuration from fofa to quickly generate the service configuration of the real machine.
This repository contains tools created by yogSahare0 while learning Python 3 for ethical hacking and penetration testing.…
"NetSecChallenger" provides a suite of automated tools designed for security professionals and network administrators to…
The essential tool for cybersecurity enthusiasts! This guide provides a detailed walkthrough on how to…
Meet "Poodone," the ultimate Python script designed for cybersecurity enthusiasts and professionals alike. Packed with…
The Linux version is no longer supported! The last Linux version is 6.0 that you…
Jin is a hacking command-line tools designed to make your scan port, gathering urls, check…