diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 4236e84..7214fda 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -17,7 +17,11 @@ "Bash(xxd)", "Bash(curl -s http://192.168.1.200:2375/version)", "Bash(python3 -m json.tool)", - "Bash(curl -s http://192.168.1.200:9200/)" + "Bash(curl -s http://192.168.1.200:9200/)", + "Bash(docker image:*)", + "Read(//home/anti/Tools/cowrie/src/cowrie/data/txtcmds/**)", + "Read(//home/anti/Tools/cowrie/src/cowrie/data/txtcmds/bin/**)", + "mcp__plugin_context-mode_context-mode__ctx_index" ] } } diff --git a/.hypothesis/constants/2107e411391c4391 b/.hypothesis/constants/2107e411391c4391 new file mode 100644 index 0000000..9fa3139 --- /dev/null +++ b/.hypothesis/constants/2107e411391c4391 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/cli.py +# hypothesis_version: 6.151.11 + +[8000, ',', ', ', '--all', '--api', '--api-port', '--archetype', '--config', '--deckies', '--decky', '--distro', '--dry-run', '--emit-syslog', '--host', '--id', '--interface', '--ip-start', '--ipvlan', '--log-file', '--min-deckies', '--mode', '--mutate-interval', '--no-cache', '--output', '--parallel', '--port', '--randomize-distros', '--randomize-services', '--services', '--subnet', '--watch', '--web-port', '-a', '-c', '-d', '-f', '-i', '-m', '-n', '-o', '-w', '/index.html', 'Available Services', 'Default Services', 'Description', 'Display Name', 'Docker Image', 'Image', 'Machine Archetypes', 'Name', 'Ports', 'Slug', 'archetypes', 'bold cyan', 'correlate', 'decnet', 'decnet.cli', 'decnet.log', 'decnet.web.api:app', 'decnet_web', 'dim', 'dist', 'distros', 'green', 'json', 'linux', 'mutate', 'services', 'swarm', 'syslog', 'table', 'unihost', 'uvicorn', 'web'] \ No newline at end of file diff --git a/.hypothesis/constants/390b2f90b99b41d6 b/.hypothesis/constants/390b2f90b99b41d6 new file mode 100644 index 0000000..ad0d9fe --- /dev/null +++ b/.hypothesis/constants/390b2f90b99b41d6 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/deployer.py +# hypothesis_version: 6.151.11 + +[5.0, ', ', '--build', '--no-cache', '--watch', '-d', '-f', '1', 'DECNET Deckies', 'DOCKER_BUILDKIT', 'Decky', 'Deployed Deckies', 'Hostname', 'IP', 'IPvlan', 'IPvlan L2', 'MACVLAN', 'Services', 'Status', '[green]up[/]', '[red]degraded[/]', 'absent', 'bold', 'build', 'cmdline', 'compose', 'decnet-compose.yml', 'decnet.cli', 'decnet.web.api:app', 'decnet_logging.py', 'docker', 'down', 'green', 'manifest for', 'manifest unknown', 'mutate', 'name', 'not found', 'pid', 'pull access denied', 'red', 'rm', 'running', 'stop', 'templates', 'up', 'uvicorn'] \ No newline at end of file diff --git a/.hypothesis/constants/4dac674385794ba3 b/.hypothesis/constants/4dac674385794ba3 new file mode 100644 index 0000000..7c9e91a --- /dev/null +++ b/.hypothesis/constants/4dac674385794ba3 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/cli.py +# hypothesis_version: 6.151.11 + +[8000, ',', ', ', '--all', '--api', '--api-port', '--archetype', '--config', '--deckies', '--decky', '--distro', '--dry-run', '--emit-syslog', '--host', '--id', '--interface', '--ip-start', '--ipvlan', '--log-file', '--min-deckies', '--mode', '--mutate-interval', '--no-cache', '--output', '--parallel', '--port', '--randomize-distros', '--randomize-services', '--services', '--subnet', '--watch', '--web-port', '-a', '-c', '-d', '-f', '-i', '-m', '-n', '-o', '-w', '.collector.log', '/index.html', 'Available Services', 'Default Services', 'Description', 'Display Name', 'Docker Image', 'Image', 'Machine Archetypes', 'Name', 'Ports', 'Slug', '__main__', 'a', 'archetypes', 'bold cyan', 'collect', 'correlate', 'decnet', 'decnet.cli', 'decnet.log', 'decnet.web.api:app', 'decnet_web', 'dim', 'dist', 'distros', 'green', 'json', 'linux', 'mutate', 'services', 'swarm', 'syslog', 'table', 'unihost', 'uvicorn', 'web'] \ No newline at end of file diff --git a/.hypothesis/constants/582281e144215c53 b/.hypothesis/constants/582281e144215c53 new file mode 100644 index 0000000..a6c9ecc --- /dev/null +++ b/.hypothesis/constants/582281e144215c53 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/web/collector.py +# hypothesis_version: 6.151.11 + +['"', '%Y-%m-%d %H:%M:%S', '-', '.json', '/', 'Actor', 'Attributes', 'Collector error: %s', 'Unknown', '[', '\\', '\\"', '\\\\', '\\]', '\\]\\s+(.+)$', ']', 'a', 'attacker_ip', 'client_ip', 'container', 'decky', 'decnet', 'decnet.web.collector', 'event', 'event_type', 'fields', 'id', 'ip', 'msg', 'name', 'raw_line', 'remote_ip', 'replace', 'service', 'src', 'src_ip', 'start', 'timestamp', 'type', 'utf-8'] \ No newline at end of file diff --git a/.hypothesis/constants/60a3c86a584e294c b/.hypothesis/constants/60a3c86a584e294c new file mode 100644 index 0000000..34a6ce5 --- /dev/null +++ b/.hypothesis/constants/60a3c86a584e294c @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/archetypes.py +# hypothesis_version: 6.151.11 + +[', ', 'Database Server', 'DevOps Host', 'Domain Controller', 'File Server', 'IoT Device', 'Linux Server', 'Mail Server', 'Monitoring Node', 'Network Printer', 'VoIP Server', 'Web Server', 'Windows Server', 'Windows Workstation', 'alpine', 'conpot', 'database-server', 'deaddeck', 'debian', 'devops-host', 'docker_api', 'domain-controller', 'embedded', 'fedora', 'file-server', 'ftp', 'http', 'imap', 'industrial-control', 'iot-device', 'k8s', 'ldap', 'linux', 'linux-server', 'llmnr', 'mail-server', 'monitoring-node', 'mqtt', 'mysql', 'pop3', 'postgres', 'printer', 'rdp', 'redis', 'rocky9', 'sip', 'smb', 'smtp', 'snmp', 'ssh', 'telnet', 'ubuntu20', 'ubuntu22', 'voip-server', 'web-server', 'windows', 'windows-server', 'windows-workstation'] \ No newline at end of file diff --git a/.hypothesis/constants/6ba706253a49285d b/.hypothesis/constants/6ba706253a49285d new file mode 100644 index 0000000..1c432ff --- /dev/null +++ b/.hypothesis/constants/6ba706253a49285d @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/os_fingerprint.py +# hypothesis_version: 6.151.12 + +['0', '1', '128', '15', '2', '255', '3', '30', '6', '60', '64', 'bsd', 'cisco', 'embedded', 'linux', 'net.ipv4.tcp_ecn', 'net.ipv4.tcp_sack', 'windows'] \ No newline at end of file diff --git a/.hypothesis/constants/791b462f64ea40d5 b/.hypothesis/constants/791b462f64ea40d5 new file mode 100644 index 0000000..1c432ff --- /dev/null +++ b/.hypothesis/constants/791b462f64ea40d5 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/os_fingerprint.py +# hypothesis_version: 6.151.12 + +['0', '1', '128', '15', '2', '255', '3', '30', '6', '60', '64', 'bsd', 'cisco', 'embedded', 'linux', 'net.ipv4.tcp_ecn', 'net.ipv4.tcp_sack', 'windows'] \ No newline at end of file diff --git a/.hypothesis/constants/8fed64ad712afb13 b/.hypothesis/constants/8fed64ad712afb13 new file mode 100644 index 0000000..67dd0b5 --- /dev/null +++ b/.hypothesis/constants/8fed64ad712afb13 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/cli.py +# hypothesis_version: 6.151.11 + +[8000, ',', ', ', '--all', '--api', '--api-port', '--archetype', '--config', '--deckies', '--decky', '--distro', '--dry-run', '--emit-syslog', '--host', '--id', '--interface', '--ip-start', '--ipvlan', '--log-file', '--min-deckies', '--mode', '--mutate-interval', '--no-cache', '--output', '--parallel', '--port', '--randomize-distros', '--randomize-services', '--services', '--subnet', '--watch', '--web-port', '-a', '-c', '-d', '-f', '-i', '-m', '-n', '-o', '-w', '/index.html', 'Available Services', 'Default Services', 'Description', 'Display Name', 'Docker Image', 'Image', 'Machine Archetypes', 'Name', 'Ports', 'Slug', 'archetypes', 'bold cyan', 'collect', 'correlate', 'decnet', 'decnet.cli', 'decnet.log', 'decnet.web.api:app', 'decnet_web', 'dim', 'dist', 'distros', 'green', 'json', 'linux', 'mutate', 'services', 'swarm', 'syslog', 'table', 'unihost', 'uvicorn', 'web'] \ No newline at end of file diff --git a/.hypothesis/constants/b2a5c1b311f8c5a5 b/.hypothesis/constants/b2a5c1b311f8c5a5 new file mode 100644 index 0000000..3fe508a --- /dev/null +++ b/.hypothesis/constants/b2a5c1b311f8c5a5 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/os_fingerprint.py +# hypothesis_version: 6.151.12 + +['0', '1', '1000', '128', '15', '2', '250', '255', '3', '30', '6', '60', '6168', '64', 'bsd', 'cisco', 'embedded', 'linux', 'net.ipv4.tcp_ecn', 'net.ipv4.tcp_sack', 'windows'] \ No newline at end of file diff --git a/.hypothesis/constants/b3253f4311be6feb b/.hypothesis/constants/b3253f4311be6feb new file mode 100644 index 0000000..0581c5a --- /dev/null +++ b/.hypothesis/constants/b3253f4311be6feb @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/web/collector.py +# hypothesis_version: 6.151.11 + +['"', '%Y-%m-%d %H:%M:%S', '-', '.json', '/', 'Actor', 'Attributes', 'Collector error: %s', 'Unknown', '[', '\\', '\\"', '\\\\', '\\]', '\\]\\s+(.+)$', ']', 'a', 'attacker_ip', 'client_ip', 'container', 'decky', 'decnet.web.collector', 'event', 'event_type', 'fields', 'id', 'ip', 'msg', 'name', 'raw_line', 'remote_ip', 'replace', 'service', 'src', 'src_ip', 'start', 'timestamp', 'type', 'utf-8'] \ No newline at end of file diff --git a/.hypothesis/constants/b73e974453072677 b/.hypothesis/constants/b73e974453072677 new file mode 100644 index 0000000..7c9e91a --- /dev/null +++ b/.hypothesis/constants/b73e974453072677 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/cli.py +# hypothesis_version: 6.151.11 + +[8000, ',', ', ', '--all', '--api', '--api-port', '--archetype', '--config', '--deckies', '--decky', '--distro', '--dry-run', '--emit-syslog', '--host', '--id', '--interface', '--ip-start', '--ipvlan', '--log-file', '--min-deckies', '--mode', '--mutate-interval', '--no-cache', '--output', '--parallel', '--port', '--randomize-distros', '--randomize-services', '--services', '--subnet', '--watch', '--web-port', '-a', '-c', '-d', '-f', '-i', '-m', '-n', '-o', '-w', '.collector.log', '/index.html', 'Available Services', 'Default Services', 'Description', 'Display Name', 'Docker Image', 'Image', 'Machine Archetypes', 'Name', 'Ports', 'Slug', '__main__', 'a', 'archetypes', 'bold cyan', 'collect', 'correlate', 'decnet', 'decnet.cli', 'decnet.log', 'decnet.web.api:app', 'decnet_web', 'dim', 'dist', 'distros', 'green', 'json', 'linux', 'mutate', 'services', 'swarm', 'syslog', 'table', 'unihost', 'uvicorn', 'web'] \ No newline at end of file diff --git a/.hypothesis/constants/c7dc8a77b9584727 b/.hypothesis/constants/c7dc8a77b9584727 new file mode 100644 index 0000000..67dd0b5 --- /dev/null +++ b/.hypothesis/constants/c7dc8a77b9584727 @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/cli.py +# hypothesis_version: 6.151.11 + +[8000, ',', ', ', '--all', '--api', '--api-port', '--archetype', '--config', '--deckies', '--decky', '--distro', '--dry-run', '--emit-syslog', '--host', '--id', '--interface', '--ip-start', '--ipvlan', '--log-file', '--min-deckies', '--mode', '--mutate-interval', '--no-cache', '--output', '--parallel', '--port', '--randomize-distros', '--randomize-services', '--services', '--subnet', '--watch', '--web-port', '-a', '-c', '-d', '-f', '-i', '-m', '-n', '-o', '-w', '/index.html', 'Available Services', 'Default Services', 'Description', 'Display Name', 'Docker Image', 'Image', 'Machine Archetypes', 'Name', 'Ports', 'Slug', 'archetypes', 'bold cyan', 'collect', 'correlate', 'decnet', 'decnet.cli', 'decnet.log', 'decnet.web.api:app', 'decnet_web', 'dim', 'dist', 'distros', 'green', 'json', 'linux', 'mutate', 'services', 'swarm', 'syslog', 'table', 'unihost', 'uvicorn', 'web'] \ No newline at end of file diff --git a/.hypothesis/constants/de34182254a7e1ec b/.hypothesis/constants/de34182254a7e1ec new file mode 100644 index 0000000..99bc6fd --- /dev/null +++ b/.hypothesis/constants/de34182254a7e1ec @@ -0,0 +1,4 @@ +# file: /home/anti/Tools/DECNET/decnet/composer.py +# hypothesis_version: 6.151.11 + +['10m', '3.8', '5', 'BASE_IMAGE', 'HOSTNAME', 'NET_ADMIN', 'args', 'build', 'cap_add', 'command', 'container_name', 'depends_on', 'driver', 'environment', 'external', 'hostname', 'image', 'infinity', 'ipv4_address', 'json-file', 'logging', 'max-file', 'max-size', 'network_mode', 'networks', 'options', 'restart', 'services', 'sleep', 'sysctls', 'unless-stopped', 'version'] \ No newline at end of file diff --git a/.hypothesis/unicode_data/16.0.0/codec-utf-8.json.gz b/.hypothesis/unicode_data/16.0.0/codec-utf-8.json.gz index f534d58..c5b5bd7 100644 Binary files a/.hypothesis/unicode_data/16.0.0/codec-utf-8.json.gz and b/.hypothesis/unicode_data/16.0.0/codec-utf-8.json.gz differ diff --git a/decnet.collector.log b/decnet.collector.log new file mode 100644 index 0000000..bac1371 --- /dev/null +++ b/decnet.collector.log @@ -0,0 +1 @@ +Collector starting → /home/anti/Tools/DECNET/decnet.log diff --git a/decnet/archetypes.py b/decnet/archetypes.py index d581ff3..00f9c41 100644 --- a/decnet/archetypes.py +++ b/decnet/archetypes.py @@ -148,7 +148,7 @@ ARCHETYPES: dict[str, Archetype] = { slug="deaddeck", display_name="Deaddeck (Entry Point)", description="Internet-facing entry point with real interactive SSH — no honeypot emulation", - services=["real_ssh"], + services=["ssh"], preferred_distros=["debian", "ubuntu22"], nmap_os="linux", ), diff --git a/decnet/services/real_ssh.py b/decnet/services/real_ssh.py deleted file mode 100644 index 328fb30..0000000 --- a/decnet/services/real_ssh.py +++ /dev/null @@ -1,46 +0,0 @@ -from pathlib import Path - -from decnet.services.base import BaseService - -TEMPLATES_DIR = Path(__file__).parent.parent.parent / "templates" / "real_ssh" - - -class RealSSHService(BaseService): - """ - Fully interactive OpenSSH server — no honeypot emulation. - - Used for the deaddeck (entry-point machine). Attackers get a real shell. - Credentials are intentionally weak to invite exploitation. - - service_cfg keys: - password Root password (default: "admin") - hostname Override container hostname - """ - - name = "real_ssh" - ports = [22] - default_image = "build" - - def compose_fragment( - self, - decky_name: str, - log_target: str | None = None, - service_cfg: dict | None = None, - ) -> dict: - cfg = service_cfg or {} - env: dict = { - "SSH_ROOT_PASSWORD": cfg.get("password", "admin"), - } - if "hostname" in cfg: - env["SSH_HOSTNAME"] = cfg["hostname"] - - return { - "build": {"context": str(TEMPLATES_DIR)}, - "container_name": f"{decky_name}-real-ssh", - "restart": "unless-stopped", - "cap_add": ["NET_BIND_SERVICE"], - "environment": env, - } - - def dockerfile_context(self) -> Path: - return TEMPLATES_DIR diff --git a/decnet/services/ssh.py b/decnet/services/ssh.py index 427e92e..db2ce54 100644 --- a/decnet/services/ssh.py +++ b/decnet/services/ssh.py @@ -2,7 +2,7 @@ from pathlib import Path from decnet.services.base import BaseService -TEMPLATES_DIR = Path(__file__).parent.parent.parent / "templates" / "real_ssh" +TEMPLATES_DIR = Path(__file__).parent.parent.parent / "templates" / "ssh" class SSHService(BaseService): diff --git a/development/DEVELOPMENT.md b/development/DEVELOPMENT.md index 67d84d2..7e664bf 100644 --- a/development/DEVELOPMENT.md +++ b/development/DEVELOPMENT.md @@ -4,7 +4,7 @@ *Goal: Ensure every service is interactive enough to feel real during manual exploration.* ### Remote Access & Shells -- [x] **SSH (Cowrie)** — Custom filesystem, realistic user database, and command execution. +- [ ] **SSH (Cowrie)** — Custom filesystem, realistic user database, and command execution. - [ ] **Telnet (Cowrie)** — Realistic banner and command emulation. - [ ] **RDP** — Realistic NLA authentication and screen capture (where possible). - [ ] **VNC** — Realistic RFB protocol handshake and authentication. diff --git a/development/nmap-output-post-fixes.txt b/development/nmap-output-post-fixes.txt new file mode 100644 index 0000000..65bc975 --- /dev/null +++ b/development/nmap-output-post-fixes.txt @@ -0,0 +1,476 @@ +Nmap scan report for 192.168.1.200 +Host is up (0.0000020s latency). +Not shown: 65515 closed tcp ports (reset) +PORT STATE SERVICE VERSION +21/tcp open ftp vsftpd (before 2.0.8) or WU-FTPD +23/tcp open telnet? +| fingerprint-strings: +| DNSStatusRequestTCP, DNSVersionBindReqTCP, DistCCD, JavaRMI, LANDesk-RC, LDAPBindReq, NULL, NotesRPC, RPCCheck, Radmin, TerminalServer, WMSRequest, X11Probe, mydoom, tn3270: +| login: +| FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, LDAPSearchReq, RTSPRequest: +| login: +| Password: +| Login incorrect +| login: +| Hello, Help, Kerberos, LPDString, NessusTPv10, NessusTPv11, NessusTPv12, SSLSessionReq, SSLv23SessionReq, TerminalServerCookie, Verifier, VerifierAdvanced, WWWOFFLEctrlstat: +| login: +| Password: +| SIPOptions: +| login: +| Password: +| Login incorrect +| login: Password: +| Login incorrect +| login: Password: +| Login incorrect +| login: Password: +| Login incorrect +| login: Password: +| Login incorrect +|_ login: Password: +25/tcp open smtp Postfix smtpd +|_smtp-commands: omega-decky, PIPELINING, SIZE 10240000, VRFY, ETRN, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN +80/tcp open http Apache httpd 2.4.54 +|_http-title: 403 Forbidden +|_http-server-header: Werkzeug/3.1.8 Python/3.11.2 +110/tcp open pop3 Dovecot pop3d ([omega-decky]) +|_pop3-capabilities: USER +143/tcp open imap Dovecot imapd +|_imap-capabilities: IMAP4rev1 AUTH=PLAIN OK completed AUTH=LOGINA0001 CAPABILITY +389/tcp open ldap Cisco LDAP server +445/tcp open microsoft-ds +| fingerprint-strings: +| SMBProgNeg: +| SMBr +|_ "3DUfw +1433/tcp open ms-sql-s? +1883/tcp open mqtt +| mqtt-subscribe: +| Topics and their most recent payloads: +| plant/water/pump2/status: STANDBY +| plant/alarm/high_pressure: 0 +| plant/water/chlorine/residual: 0.8 +| plant/water/chlorine/dosing: 1.2 +| plant/water/pump1/rpm: 1419 +| plant/water/tank1/level: 76.6 +| plant/$SYS/broker/uptime: 2847392 +| plant/$SYS/broker/version: Mosquitto 2.0.15 +| plant/water/valve/inlet/state: OPEN +| plant/water/valve/drain/state: CLOSED +| plant/water/tank1/pressure: 2.86 +| plant/water/pump1/status: RUNNING +| plant/alarm/low_chlorine: 0 +|_ plant/alarm/pump_fault: 0 +2375/tcp open docker Docker 24.0.5 +| fingerprint-strings: +| GetRequest: +| HTTP/1.1 404 NOT FOUND +| Server: Werkzeug/3.1.8 Python/3.11.2 +| Date: Fri, 10 Apr 2026 06:25:23 GMT +| Content-Type: application/json +| Content-Length: 46 +| Connection: close +| {"message": "page not found", "response": 404} +| HTTPOptions: +| HTTP/1.1 200 OK +| Server: Werkzeug/3.1.8 Python/3.11.2 +| Date: Fri, 10 Apr 2026 06:25:23 GMT +| Content-Type: text/html; charset=utf-8 +| Allow: HEAD, OPTIONS, GET +| Content-Length: 0 +| Connection: close +| Hello: +| +| +|
+| +|Error code: 400
+|Message: Bad request syntax ('EHLO').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +| +| RTSPRequest: +| +| +| +| +|Error code: 400
+|Message: Bad request version ('RTSP/1.0').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +| +| docker: +| HTTP/1.1 200 OK +| Server: Werkzeug/3.1.8 Python/3.11.2 +| Date: Fri, 10 Apr 2026 06:25:23 GMT +| Content-Type: application/json +| Content-Length: 187 +| Connection: close +|_ {"Version": "24.0.5", "ApiVersion": "1.43", "MinAPIVersion": "1.12", "GitCommit": "ced0996", "GoVersion": "go1.20.6", "Os": "linux", "Arch": "amd64", "KernelVersion": "5.15.0-76-generic"} +| docker-version: +| KernelVersion: 5.15.0-76-generic +| MinAPIVersion: 1.12 +| Arch: amd64 +| Os: linux +| GoVersion: go1.20.6 +| Version: 24.0.5 +| GitCommit: ced0996 +|_ ApiVersion: 1.43 +3306/tcp open mysql MySQL 5.7.38-log +| mysql-info: +| Protocol: 10 +| Version: 5.7.38-log +| Thread ID: 1 +| Capabilities flags: 63487 +| Some Capabilities: Support41Auth, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, ConnectWithDatabase, SupportsTransactions, IgnoreSpaceBeforeParenthesis, SupportsCompression, LongColumnFlag, SupportsLoadDataLocal, ODBCClient, LongPassword, Speaks41ProtocolNew, InteractiveClient, FoundRows, IgnoreSigpipes, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins +| Status: Autocommit +| Salt: pv!magic!O}%>UM|gu^1 +|_ Auth Plugin Name: mysql_native_password +3389/tcp open ms-wbt-server xrdp +5060/tcp open sip (SIP end point; Status: 401 Unauthorized) +| fingerprint-strings: +| HTTPOptions: +| SIP/2.0 401 Unauthorized +| Via: +| From: +| Call-ID: +| CSeq: +| WWW-Authenticate: Digest realm="omega-decky", nonce="fa63b9f8e719d810", algorithm=MD5 +| Content-Length: 0 +| RTSPRequest: +| SIP/2.0 401 Unauthorized +| Via: +| From: +| Call-ID: +| CSeq: +| WWW-Authenticate: Digest realm="omega-decky", nonce="25b193b6f8c63e9d", algorithm=MD5 +| Content-Length: 0 +| SIPOptions: +| SIP/2.0 401 Unauthorized +| Via: SIP/2.0/TCP nm;branch=foo +| From:Error code: 400
+|Message: Bad request version ('RTSP/1.0').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +| +| SSLSessionReq: +| +| +| +| +|Error code: 400
+|Message: Bad request syntax (' +| <= +| ').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +|_ +9200/tcp open wap-wsp? +| fingerprint-strings: +| GetRequest: +| HTTP/1.0 200 OK +| Server: elasticsearch +| Date: Fri, 10 Apr 2026 06:25:23 GMT +| Content-Type: application/json; charset=UTF-8 +| Content-Length: 477 +| X-elastic-product: Elasticsearch +| {"name": "omega-decky", "cluster_name": "elasticsearch", "cluster_uuid": "xC3Pr9abTq2mNkOeLvXwYA", "version": {"number": "7.17.9", "build_flavor": "default", "build_type": "docker", "build_hash": "ef48222227ee6b9e70e502f0f0daa52435ee634d", "build_date": "2023-01-31T05:34:43.305517834Z", "build_snapshot": false, "lucene_version": "8.11.1", "minimum_wire_compatibility_version": "6.8.0", "minimum_index_compatibility_version": "6.0.0-beta1"}, "tagline": "You Know, for Search"} +| HTTPOptions: +| HTTP/1.0 501 Unsupported method ('OPTIONS') +| Server: elasticsearch +| Date: Fri, 10 Apr 2026 06:25:23 GMT +| Connection: close +| Content-Type: text/html;charset=utf-8 +| Content-Length: 360 +| +| +| +| +|Error code: 501
+|Message: Unsupported method ('OPTIONS').
+|Error code explanation: 501 - Server does not support this operation.
+| +| +| RTSPRequest: +| +| +| +| +|Error code: 400
+|Message: Bad request version ('RTSP/1.0').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +|_ +27017/tcp open mongod? +|_mongodb-databases: ERROR: Script execution failed (use -d to debug) +|_mongodb-info: ERROR: Script execution failed (use -d to debug) +8 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service : +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port23-TCP:V=7.92%I=9%D=4/10%Time=69D897D3%P=x86_64-redhat-linux-gnu%r( +SF:NULL,7,"login:\x20")%r(GenericLines,2C,"login:\x20\xff\xfb\x01Password: +SF:\x20\nLogin\x20incorrect\nlogin:\x20")%r(tn3270,16,"login:\x20\xff\xfe\ +SF:x18\xff\xfe\x19\xff\xfc\x19\xff\xfe\0\xff\xfc\0")%r(GetRequest,2C,"logi +SF:n:\x20\xff\xfb\x01Password:\x20\nLogin\x20incorrect\nlogin:\x20")%r(HTT +SF:POptions,2C,"login:\x20\xff\xfb\x01Password:\x20\nLogin\x20incorrect\nl +SF:ogin:\x20")%r(RTSPRequest,2C,"login:\x20\xff\xfb\x01Password:\x20\nLogi +SF:n\x20incorrect\nlogin:\x20")%r(RPCCheck,7,"login:\x20")%r(DNSVersionBin +SF:dReqTCP,7,"login:\x20")%r(DNSStatusRequestTCP,7,"login:\x20")%r(Hello,1 +SF:4,"login:\x20\xff\xfb\x01Password:\x20")%r(Help,14,"login:\x20\xff\xfb\ +SF:x01Password:\x20")%r(SSLSessionReq,14,"login:\x20\xff\xfb\x01Password:\ +SF:x20")%r(TerminalServerCookie,14,"login:\x20\xff\xfb\x01Password:\x20")% +SF:r(SSLv23SessionReq,14,"login:\x20\xff\xfb\x01Password:\x20")%r(Kerberos +SF:,14,"login:\x20\xff\xfb\x01Password:\x20")%r(X11Probe,7,"login:\x20")%r +SF:(FourOhFourRequest,2C,"login:\x20\xff\xfb\x01Password:\x20\nLogin\x20in +SF:correct\nlogin:\x20")%r(LPDString,14,"login:\x20\xff\xfb\x01Password:\x +SF:20")%r(LDAPSearchReq,2C,"login:\x20\xff\xfb\x01Password:\x20\nLogin\x20 +SF:incorrect\nlogin:\x20")%r(LDAPBindReq,7,"login:\x20")%r(SIPOptions,BE," +SF:login:\x20\xff\xfb\x01Password:\x20\nLogin\x20incorrect\nlogin:\x20Pass +SF:word:\x20\nLogin\x20incorrect\nlogin:\x20Password:\x20\nLogin\x20incorr +SF:ect\nlogin:\x20Password:\x20\nLogin\x20incorrect\nlogin:\x20Password:\x +SF:20\nLogin\x20incorrect\nlogin:\x20Password:\x20")%r(LANDesk-RC,7,"login +SF::\x20")%r(TerminalServer,7,"login:\x20")%r(NotesRPC,7,"login:\x20")%r(D +SF:istCCD,7,"login:\x20")%r(JavaRMI,7,"login:\x20")%r(Radmin,7,"login:\x20 +SF:")%r(NessusTPv12,14,"login:\x20\xff\xfb\x01Password:\x20")%r(NessusTPv1 +SF:1,14,"login:\x20\xff\xfb\x01Password:\x20")%r(NessusTPv10,14,"login:\x2 +SF:0\xff\xfb\x01Password:\x20")%r(WMSRequest,7,"login:\x20")%r(mydoom,7,"l +SF:ogin:\x20")%r(WWWOFFLEctrlstat,14,"login:\x20\xff\xfb\x01Password:\x20" +SF:)%r(Verifier,14,"login:\x20\xff\xfb\x01Password:\x20")%r(VerifierAdvanc +SF:ed,14,"login:\x20\xff\xfb\x01Password:\x20"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port445-TCP:V=7.92%I=9%D=4/10%Time=69D897D8%P=x86_64-redhat-linux-gnu%r +SF:(SMBProgNeg,51,"\0\0\0M\xffSMBr\0\0\0\0\x80\0\xc0\0\0\0\0\0\0\0\0\0\0\0 +SF:\0\0\0@\x06\0\0\x01\0\x11\x07\0\x03\x01\0\x01\0\0\xfa\0\0\0\0\x01\0\0\0 +SF:\0\0p\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\x08\0\x11\"3DUfw\x88"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port1433-TCP:V=7.92%I=9%D=4/10%Time=69D897D8%P=x86_64-redhat-linux-gnu% +SF:r(ms-sql-s,2F,"\x04\x01\0/\0\0\x01\0\0\0\x1a\0\x06\x01\0\x20\0\x01\x02\ +SF:0!\0\x01\x03\0\"\0\x04\x04\0&\0\x01\xff\x0e\0\x07\xd0\0\0\x02\0\0\0\0\0 +SF:\0"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port5060-TCP:V=7.92%I=9%D=4/10%Time=69D897E0%P=x86_64-redhat-linux-gnu% +SF:r(SIPOptions,F7,"SIP/2\.0\x20401\x20Unauthorized\r\nVia:\x20SIP/2\.0/TC +SF:P\x20nm;branch=foo\r\nFrom:\x20Error\x20code:\x20400
\n\x20\x20\x20\x20\x20\x20\x20\x20Messa +SF:ge:\x20Bad\x20request\x20syntax\x20\('\\x16\\x03\\x00\\x00S\\x01\\x00\\ +SF:x00O\\x03\\x00\?G\xc3\x97\xc3\xb7\xc2\xba,\xc3\xae\xc3\xaa\xc2\xb2`~\xc +SF:3\xb3\\x00\xc3\xbd\\x82{\xc2\xb9\xc3\x95\\x96\xc3\x88w\\x9b\xc3\xa6\xc3 +SF:\x84\xc3\x9b<=\xc3\x9bo\xc3\xaf\\x10n\\x00\\x00\(\\x00\\x16\\x00\\x1 +SF:3\\x00'\)\.
\n\x20\x20\x20\x20\x20\x20\x20\x20Error\x20code\x20ex +SF:planation:\x20400\x20-\x20Bad\x20request\x20syntax\x20or\x20unsupported +SF:\x20method\.
\n\x20\x20\x20\x20\n\n")%r(GetRequest,E0, +SF:"HTTP/1\.1\x20404\x20NOT\x20FOUND\r\nServer:\x20Werkzeug/3\.1\.8\x20Pyt +SF:hon/3\.11\.2\r\nDate:\x20Fri,\x2010\x20Apr\x202026\x2006:25:23\x20GMT\r +SF:\nContent-Type:\x20application/json\r\nContent-Length:\x2052\r\nConnect +SF:ion:\x20close\r\n\r\n{\"kind\":\x20\"Status\",\x20\"status\":\x20\"Fail +SF:ure\",\x20\"code\":\x20404}")%r(HTTPOptions,C7,"HTTP/1\.1\x20200\x20OK\ +SF:r\nServer:\x20Werkzeug/3\.1\.8\x20Python/3\.11\.2\r\nDate:\x20Fri,\x201 +SF:0\x20Apr\x202026\x2006:25:23\x20GMT\r\nContent-Type:\x20text/html;\x20c +SF:harset=utf-8\r\nAllow:\x20GET,\x20HEAD,\x20OPTIONS\r\nContent-Length:\x +SF:200\r\nConnection:\x20close\r\n\r\n")%r(RTSPRequest,16C,"\n\n\x20\x20\x20\x20\n\x20\x20\x20\x20\x +SF:20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20 +SF:\x20Error\x20code:\x20400
\n\x20 +SF:\x20\x20\x20\x20\x20\x20\x20Message:\x20Bad\x20request\x20version\x2 +SF:0\('RTSP/1\.0'\)\.
\n\x20\x20\x20\x20\x20\x20\x20\x20Error\x20cod +SF:e\x20explanation:\x20400\x20-\x20Bad\x20request\x20syntax\x20or\x20unsu +SF:pported\x20method\.
\n\x20\x20\x20\x20\n\n"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port9200-TCP:V=7.92%I=9%D=4/10%Time=69D897D3%P=x86_64-redhat-linux-gnu% +SF:r(GetRequest,293,"HTTP/1\.0\x20200\x20OK\r\nServer:\x20elasticsearch\x2 +SF:0\r\nDate:\x20Fri,\x2010\x20Apr\x202026\x2006:25:23\x20GMT\r\nContent-T +SF:ype:\x20application/json;\x20charset=UTF-8\r\nContent-Length:\x20477\r\ +SF:nX-elastic-product:\x20Elasticsearch\r\n\r\n{\"name\":\x20\"omega-decky +SF:\",\x20\"cluster_name\":\x20\"elasticsearch\",\x20\"cluster_uuid\":\x20 +SF:\"xC3Pr9abTq2mNkOeLvXwYA\",\x20\"version\":\x20{\"number\":\x20\"7\.17\ +SF:.9\",\x20\"build_flavor\":\x20\"default\",\x20\"build_type\":\x20\"dock +SF:er\",\x20\"build_hash\":\x20\"ef48222227ee6b9e70e502f0f0daa52435ee634d\ +SF:",\x20\"build_date\":\x20\"2023-01-31T05:34:43\.305517834Z\",\x20\"buil +SF:d_snapshot\":\x20false,\x20\"lucene_version\":\x20\"8\.11\.1\",\x20\"mi +SF:nimum_wire_compatibility_version\":\x20\"6\.8\.0\",\x20\"minimum_index_ +SF:compatibility_version\":\x20\"6\.0\.0-beta1\"},\x20\"tagline\":\x20\"Yo +SF:u\x20Know,\x20for\x20Search\"}")%r(HTTPOptions,223,"HTTP/1\.0\x20501\x2 +SF:0Unsupported\x20method\x20\('OPTIONS'\)\r\nServer:\x20elasticsearch\x20 +SF:\r\nDate:\x20Fri,\x2010\x20Apr\x202026\x2006:25:23\x20GMT\r\nConnection +SF::\x20close\r\nContent-Type:\x20text/html;charset=utf-8\r\nContent-Lengt +SF:h:\x20360\r\n\r\n\n\n\x20\x20\x2 +SF:0\x20\n\x20\x20\x20\x20\x20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20\x20+SF:Error\x20code:\x20501
\n\x20\x20\x20\x20\x20\x20\x20\x20Message:\ +SF:x20Unsupported\x20method\x20\('OPTIONS'\)\.
\n\x20\x20\x20\x20\x20\x +SF:20\x20\x20Error\x20code\x20explanation:\x20501\x20-\x20Server\x20doe +SF:s\x20not\x20support\x20this\x20operation\.
\n\x20\x20\x20\x20 +SF:\n\n")%r(RTSPRequest,16C,"\n\n\x20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20\x20Error\x20code:\x20400
\n\x20\x20\x20\x20\x20\x20\x20 +SF:\x20Message:\x20Bad\x20request\x20version\x20\('RTSP/1\.0'\)\.
\n +SF:\x20\x20\x20\x20\x20\x20\x20\x20Error\x20code\x20explanation:\x20400 +SF:\x20-\x20Bad\x20request\x20syntax\x20or\x20unsupported\x20method\.
\ +SF:n\x20\x20\x20\x20\n\n"); +MAC Address: F2:5F:2F:EE:5B:96 (Unknown) +Service Info: Hosts: omega-decky, omega-decky + +Host script results: +|_ms-sql-info: ERROR: Script execution failed (use -d to debug) +| smb2-time: +| date: 2026-04-10T06:33:53 +|_ start_date: 2026-04-10T06:33:53 +| smb-security-mode: +| account_used: guest +| authentication_level: user +| challenge_response: supported +|_ message_signing: disabled (dangerous, but default) +| smb2-security-mode: +| 2.0.2: +|_ Message signing enabled but not required +|_clock-skew: mean: -77663d15h16m57s, deviation: 109832d23h14m31s, median: -155327d06h33m54s + +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 784.93 seconds diff --git a/postpostfixnmap.txt b/postpostfixnmap.txt new file mode 100644 index 0000000..992d459 --- /dev/null +++ b/postpostfixnmap.txt @@ -0,0 +1,549 @@ +# Nmap 7.92 scan initiated Sat Apr 11 04:21:11 2026 as: nmap -A -O -p- -sV -sC --version-intensity 9 -oN postpostfixnmap.txt 192.168.1.200,201 +Nmap scan report for 192.168.1.200 +Host is up (0.000031s latency). +Not shown: 65510 closed tcp ports (reset) +PORT STATE SERVICE VERSION +21/tcp open ftp vsftpd (before 2.0.8) or WU-FTPD +23/tcp open telnet? +| fingerprint-strings: +| DNSStatusRequestTCP, DNSVersionBindReqTCP, DistCCD, JavaRMI, LANDesk-RC, LDAPBindReq, NULL, NotesRPC, RPCCheck, Radmin, TLSSessionReq, TerminalServer, WMSRequest, X11Probe, mydoom, tn3270: +| login: +| FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, LDAPSearchReq, RTSPRequest: +| login: +| Password: +| Login incorrect +| login: +| Hello, Help, Kerberos, LPDString, NessusTPv10, NessusTPv11, NessusTPv12, SSLSessionReq, SSLv23SessionReq, TerminalServerCookie, Verifier, VerifierAdvanced, WWWOFFLEctrlstat: +| login: +| Password: +| SIPOptions: +| login: +| Password: +| Login incorrect +| login: Password: +| Login incorrect +| login: Password: +| Login incorrect +| login: Password: +| Login incorrect +| login: Password: +| Login incorrect +|_ login: Password: +25/tcp open smtp Postfix smtpd +|_smtp-commands: omega-decky, PIPELINING, SIZE 10240000, VRFY, ETRN, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN +80/tcp open http Apache httpd 2.4.54 +|_http-server-header: Werkzeug/3.1.8 Python/3.11.2 +|_http-title: 403 Forbidden +110/tcp open pop3 +|_pop3-capabilities: TOP AUTH-RESP-CODE SASL RESP-CODES UIDL USER +| fingerprint-strings: +| DNSStatusRequestTCP, DNSVersionBindReqTCP, GenericLines, NULL, RPCCheck, SMBProgNeg, X11Probe: +| +OK omega-decky Dovecot POP3 ready. +| FourOhFourRequest, GetRequest, HTTPOptions, Hello, Help, Kerberos, LPDString, RTSPRequest, SSLSessionReq, SSLv23SessionReq, TLSSessionReq, TerminalServerCookie: +| +OK omega-decky Dovecot POP3 ready. +| -ERR Command not recognized +| LDAPSearchReq: +| +OK omega-decky Dovecot POP3 ready. +| -ERR Command not recognized +|_ -ERR Command not recognized +143/tcp open imap Dovecot imapd +|_imap-capabilities: ENABLE LOGIN-REFERRALS ID completed SASL-IR CAPABILITY AUTH=PLAIN AUTH=LOGINA0001 IDLE OK LITERAL+ IMAP4rev1 +389/tcp open ldap Cisco LDAP server +445/tcp open microsoft-ds +| fingerprint-strings: +| SMBProgNeg: +| SMBr +|_ "3DUfw +502/tcp open mbap? +1433/tcp open ms-sql-s? +1883/tcp open mqtt +| mqtt-subscribe: +| Topics and their most recent payloads: +| plant/alarm/pump_fault: 0 +| plant/water/tank1/pressure: 2.65 +| plant/alarm/high_pressure: 0 +| plant/$SYS/broker/version: Mosquitto 2.0.15 +| plant/alarm/low_chlorine: 0 +| plant/water/valve/inlet/state: OPEN +| plant/water/chlorine/residual: 0.7 +| plant/water/pump1/status: RUNNING +| plant/water/pump2/status: STANDBY +| plant/water/valve/drain/state: CLOSED +| plant/water/pump1/rpm: 1432 +| plant/water/tank1/level: 77.9 +| plant/water/chlorine/dosing: 1.2 +|_ plant/$SYS/broker/uptime: 2847392 +2121/tcp open ccproxy-ftp? +| fingerprint-strings: +| GenericLines: +| 200 FTP server ready. +| Command ' +| understood +| NULL: +|_ 200 FTP server ready. +2375/tcp open docker Docker 24.0.5 +| fingerprint-strings: +| GetRequest: +| HTTP/1.1 404 NOT FOUND +| Server: Werkzeug/3.1.8 Python/3.11.2 +| Date: Sat, 11 Apr 2026 08:21:18 GMT +| Content-Type: application/json +| Content-Length: 46 +| Connection: close +| {"message": "page not found", "response": 404} +| HTTPOptions: +| HTTP/1.1 200 OK +| Server: Werkzeug/3.1.8 Python/3.11.2 +| Date: Sat, 11 Apr 2026 08:21:18 GMT +| Content-Type: text/html; charset=utf-8 +| Allow: HEAD, GET, OPTIONS +| Content-Length: 0 +| Connection: close +| Hello: +| +| +| +| +|Error code: 400
+|Message: Bad request syntax ('EHLO').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +| +| RTSPRequest: +| +| +| +| +|Error code: 400
+|Message: Bad request version ('RTSP/1.0').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +| +| docker: +| HTTP/1.1 200 OK +| Server: Werkzeug/3.1.8 Python/3.11.2 +| Date: Sat, 11 Apr 2026 08:21:18 GMT +| Content-Type: application/json +| Content-Length: 187 +| Connection: close +|_ {"Version": "24.0.5", "ApiVersion": "1.43", "MinAPIVersion": "1.12", "GitCommit": "ced0996", "GoVersion": "go1.20.6", "Os": "linux", "Arch": "amd64", "KernelVersion": "5.15.0-76-generic"} +| docker-version: +| GitCommit: ced0996 +| GoVersion: go1.20.6 +| KernelVersion: 5.15.0-76-generic +| Version: 24.0.5 +| Arch: amd64 +| MinAPIVersion: 1.12 +| ApiVersion: 1.43 +|_ Os: linux +3306/tcp open mysql MySQL 5.7.38-log +| mysql-info: +| Protocol: 10 +| Version: 5.7.38-log +| Thread ID: 1 +| Capabilities flags: 63487 +| Some Capabilities: LongPassword, LongColumnFlag, IgnoreSpaceBeforeParenthesis, SupportsLoadDataLocal, InteractiveClient, Speaks41ProtocolOld, SupportsCompression, Speaks41ProtocolNew, IgnoreSigpipes, DontAllowDatabaseTableColumn, SupportsTransactions, Support41Auth, ODBCClient, ConnectWithDatabase, FoundRows, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults +| Status: Autocommit +| Salt: pv!magic!O}%>UM|gu^1 +|_ Auth Plugin Name: mysql_native_password +3389/tcp open ms-wbt-server xrdp +5060/tcp open sip (SIP end point; Status: 401 Unauthorized) +| fingerprint-strings: +| HTTPOptions: +| SIP/2.0 401 Unauthorized +| Via: +| From: +| Call-ID: +| CSeq: +| WWW-Authenticate: Digest realm="omega-decky", nonce="39b4807e4f2565a7", algorithm=MD5 +| Content-Length: 0 +| RTSPRequest: +| SIP/2.0 401 Unauthorized +| Via: +| From: +| Call-ID: +| CSeq: +| WWW-Authenticate: Digest realm="omega-decky", nonce="73b517049d1e9586", algorithm=MD5 +| Content-Length: 0 +| SIPOptions: +| SIP/2.0 401 Unauthorized +| Via: SIP/2.0/TCP nm;branch=foo +| From:Error code: 400
+|Message: Bad request version ('RTSP/1.0').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +| +| SSLSessionReq: +| +| +| +| +|Error code: 400
+|Message: Bad request syntax (' +| <= +| ').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +|_ +8800/tcp open sunwebadmin? +| fingerprint-strings: +| GetRequest: +| HTTP/1.1 302 Found +| Date: Sat, 11 Apr 2026 08:17:44 GMT +| Content-Type: text/html +| Location: /index.html +| Content-Length: 0 +| HTTPOptions: +| HTTP/1.1 200 OK +| Date: Sat, 11 Apr 2026 08:17:44 GMT +| Allow: GET,HEAD,POST,OPTIONS,TRACE +| Content-Length: 0 +| Connection: close +|_ Content-Type: text/html +9200/tcp open wap-wsp? +| fingerprint-strings: +| GetRequest: +| HTTP/1.0 200 OK +| Server: elasticsearch +| Date: Sat, 11 Apr 2026 08:21:18 GMT +| Content-Type: application/json; charset=UTF-8 +| Content-Length: 477 +| X-elastic-product: Elasticsearch +| {"name": "omega-decky", "cluster_name": "elasticsearch", "cluster_uuid": "xC3Pr9abTq2mNkOeLvXwYA", "version": {"number": "7.17.9", "build_flavor": "default", "build_type": "docker", "build_hash": "ef48222227ee6b9e70e502f0f0daa52435ee634d", "build_date": "2023-01-31T05:34:43.305517834Z", "build_snapshot": false, "lucene_version": "8.11.1", "minimum_wire_compatibility_version": "6.8.0", "minimum_index_compatibility_version": "6.0.0-beta1"}, "tagline": "You Know, for Search"} +| HTTPOptions: +| HTTP/1.0 501 Unsupported method ('OPTIONS') +| Server: elasticsearch +| Date: Sat, 11 Apr 2026 08:21:18 GMT +| Connection: close +| Content-Type: text/html;charset=utf-8 +| Content-Length: 360 +| +| +| +| +|Error code: 501
+|Message: Unsupported method ('OPTIONS').
+|Error code explanation: 501 - Server does not support this operation.
+| +| +| RTSPRequest: +| +| +| +| +|Error code: 400
+|Message: Bad request version ('RTSP/1.0').
+|Error code explanation: 400 - Bad request syntax or unsupported method.
+| +|_ +10201/tcp open rsms? +27017/tcp open mongod? +|_mongodb-info: ERROR: Script execution failed (use -d to debug) +|_mongodb-databases: ERROR: Script execution failed (use -d to debug) +44818/tcp open EtherNetIP-2? +9 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service : +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port23-TCP:V=7.92%I=9%D=4/11%Time=69DA047E%P=x86_64-redhat-linux-gnu%r( +SF:NULL,7,"login:\x20")%r(GenericLines,2C,"login:\x20\xff\xfb\x01Password: +SF:\x20\nLogin\x20incorrect\nlogin:\x20")%r(tn3270,16,"login:\x20\xff\xfe\ +SF:x18\xff\xfe\x19\xff\xfc\x19\xff\xfe\0\xff\xfc\0")%r(GetRequest,2C,"logi +SF:n:\x20\xff\xfb\x01Password:\x20\nLogin\x20incorrect\nlogin:\x20")%r(HTT +SF:POptions,2C,"login:\x20\xff\xfb\x01Password:\x20\nLogin\x20incorrect\nl +SF:ogin:\x20")%r(RTSPRequest,2C,"login:\x20\xff\xfb\x01Password:\x20\nLogi +SF:n\x20incorrect\nlogin:\x20")%r(RPCCheck,7,"login:\x20")%r(DNSVersionBin +SF:dReqTCP,7,"login:\x20")%r(DNSStatusRequestTCP,7,"login:\x20")%r(Hello,1 +SF:4,"login:\x20\xff\xfb\x01Password:\x20")%r(Help,14,"login:\x20\xff\xfb\ +SF:x01Password:\x20")%r(SSLSessionReq,14,"login:\x20\xff\xfb\x01Password:\ +SF:x20")%r(TerminalServerCookie,14,"login:\x20\xff\xfb\x01Password:\x20")% +SF:r(TLSSessionReq,7,"login:\x20")%r(SSLv23SessionReq,14,"login:\x20\xff\x +SF:fb\x01Password:\x20")%r(Kerberos,14,"login:\x20\xff\xfb\x01Password:\x2 +SF:0")%r(X11Probe,7,"login:\x20")%r(FourOhFourRequest,2C,"login:\x20\xff\x +SF:fb\x01Password:\x20\nLogin\x20incorrect\nlogin:\x20")%r(LPDString,14,"l +SF:ogin:\x20\xff\xfb\x01Password:\x20")%r(LDAPSearchReq,2C,"login:\x20\xff +SF:\xfb\x01Password:\x20\nLogin\x20incorrect\nlogin:\x20")%r(LDAPBindReq,7 +SF:,"login:\x20")%r(SIPOptions,BE,"login:\x20\xff\xfb\x01Password:\x20\nLo +SF:gin\x20incorrect\nlogin:\x20Password:\x20\nLogin\x20incorrect\nlogin:\x +SF:20Password:\x20\nLogin\x20incorrect\nlogin:\x20Password:\x20\nLogin\x20 +SF:incorrect\nlogin:\x20Password:\x20\nLogin\x20incorrect\nlogin:\x20Passw +SF:ord:\x20")%r(LANDesk-RC,7,"login:\x20")%r(TerminalServer,7,"login:\x20" +SF:)%r(NotesRPC,7,"login:\x20")%r(DistCCD,7,"login:\x20")%r(JavaRMI,7,"log +SF:in:\x20")%r(Radmin,7,"login:\x20")%r(NessusTPv12,14,"login:\x20\xff\xfb +SF:\x01Password:\x20")%r(NessusTPv11,14,"login:\x20\xff\xfb\x01Password:\x +SF:20")%r(NessusTPv10,14,"login:\x20\xff\xfb\x01Password:\x20")%r(WMSReque +SF:st,7,"login:\x20")%r(mydoom,7,"login:\x20")%r(WWWOFFLEctrlstat,14,"logi +SF:n:\x20\xff\xfb\x01Password:\x20")%r(Verifier,14,"login:\x20\xff\xfb\x01 +SF:Password:\x20")%r(VerifierAdvanced,14,"login:\x20\xff\xfb\x01Password:\ +SF:x20"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port110-TCP:V=7.92%I=9%D=4/11%Time=69DA047E%P=x86_64-redhat-linux-gnu%r +SF:(NULL,25,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n")%r(Gen +SF:ericLines,25,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n")%r +SF:(GetRequest,42,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n-E +SF:RR\x20Command\x20not\x20recognized\r\n")%r(HTTPOptions,42,"\+OK\x20omeg +SF:a-decky\x20Dovecot\x20POP3\x20ready\.\r\n-ERR\x20Command\x20not\x20reco +SF:gnized\r\n")%r(RTSPRequest,42,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x +SF:20ready\.\r\n-ERR\x20Command\x20not\x20recognized\r\n")%r(RPCCheck,25," +SF:\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n")%r(DNSVersionBin +SF:dReqTCP,25,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n")%r(D +SF:NSStatusRequestTCP,25,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\ +SF:.\r\n")%r(Hello,42,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r +SF:\n-ERR\x20Command\x20not\x20recognized\r\n")%r(Help,42,"\+OK\x20omega-d +SF:ecky\x20Dovecot\x20POP3\x20ready\.\r\n-ERR\x20Command\x20not\x20recogni +SF:zed\r\n")%r(SSLSessionReq,42,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x2 +SF:0ready\.\r\n-ERR\x20Command\x20not\x20recognized\r\n")%r(TerminalServer +SF:Cookie,42,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n-ERR\x2 +SF:0Command\x20not\x20recognized\r\n")%r(TLSSessionReq,42,"\+OK\x20omega-d +SF:ecky\x20Dovecot\x20POP3\x20ready\.\r\n-ERR\x20Command\x20not\x20recogni +SF:zed\r\n")%r(SSLv23SessionReq,42,"\+OK\x20omega-decky\x20Dovecot\x20POP3 +SF:\x20ready\.\r\n-ERR\x20Command\x20not\x20recognized\r\n")%r(Kerberos,42 +SF:,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n-ERR\x20Command\ +SF:x20not\x20recognized\r\n")%r(SMBProgNeg,25,"\+OK\x20omega-decky\x20Dove +SF:cot\x20POP3\x20ready\.\r\n")%r(X11Probe,25,"\+OK\x20omega-decky\x20Dove +SF:cot\x20POP3\x20ready\.\r\n")%r(FourOhFourRequest,42,"\+OK\x20omega-deck +SF:y\x20Dovecot\x20POP3\x20ready\.\r\n-ERR\x20Command\x20not\x20recognized +SF:\r\n")%r(LPDString,42,"\+OK\x20omega-decky\x20Dovecot\x20POP3\x20ready\ +SF:.\r\n-ERR\x20Command\x20not\x20recognized\r\n")%r(LDAPSearchReq,5F,"\+O +SF:K\x20omega-decky\x20Dovecot\x20POP3\x20ready\.\r\n-ERR\x20Command\x20no +SF:t\x20recognized\r\n-ERR\x20Command\x20not\x20recognized\r\n"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port445-TCP:V=7.92%I=9%D=4/11%Time=69DA0483%P=x86_64-redhat-linux-gnu%r +SF:(SMBProgNeg,51,"\0\0\0M\xffSMBr\0\0\0\0\x80\0\xc0\0\0\0\0\0\0\0\0\0\0\0 +SF:\0\0\0@\x06\0\0\x01\0\x11\x07\0\x03\x01\0\x01\0\0\xfa\0\0\0\0\x01\0\0\0 +SF:\0\0p\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\x08\0\x11\"3DUfw\x88"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port1433-TCP:V=7.92%I=9%D=4/11%Time=69DA0483%P=x86_64-redhat-linux-gnu% +SF:r(ms-sql-s,2F,"\x04\x01\0/\0\0\x01\0\0\0\x1a\0\x06\x01\0\x20\0\x01\x02\ +SF:0!\0\x01\x03\0\"\0\x04\x04\0&\0\x01\xff\x0e\0\x07\xd0\0\0\x02\0\0\0\0\0 +SF:\0"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port2121-TCP:V=7.92%I=9%D=4/11%Time=69DA047E%P=x86_64-redhat-linux-gnu% +SF:r(NULL,17,"200\x20FTP\x20server\x20ready\.\r\n")%r(GenericLines,3A,"200 +SF:\x20FTP\x20server\x20ready\.\r\n500\x20Command\x20'\\r\\n'\x20not\x20un +SF:derstood\r\n"); +==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== +SF-Port5060-TCP:V=7.92%I=9%D=4/11%Time=69DA048A%P=x86_64-redhat-linux-gnu% +SF:r(SIPOptions,F7,"SIP/2\.0\x20401\x20Unauthorized\r\nVia:\x20SIP/2\.0/TC +SF:P\x20nm;branch=foo\r\nFrom:\x20Error\x20code:\x20400
\n\x20\x20\x20\x20\x20\x20\x20\x20Messa +SF:ge:\x20Bad\x20request\x20syntax\x20\('\\x16\\x03\\x00\\x00S\\x01\\x00\\ +SF:x00O\\x03\\x00\?G\xc3\x97\xc3\xb7\xc2\xba,\xc3\xae\xc3\xaa\xc2\xb2`~\xc +SF:3\xb3\\x00\xc3\xbd\\x82{\xc2\xb9\xc3\x95\\x96\xc3\x88w\\x9b\xc3\xa6\xc3 +SF:\x84\xc3\x9b<=\xc3\x9bo\xc3\xaf\\x10n\\x00\\x00\(\\x00\\x16\\x00\\x1 +SF:3\\x00'\)\.
\n\x20\x20\x20\x20\x20\x20\x20\x20Error\x20code\x20ex +SF:planation:\x20400\x20-\x20Bad\x20request\x20syntax\x20or\x20unsupported +SF:\x20method\.
\n\x20\x20\x20\x20\n\n")%r(GetRequest,E0, +SF:"HTTP/1\.1\x20404\x20NOT\x20FOUND\r\nServer:\x20Werkzeug/3\.1\.8\x20Pyt +SF:hon/3\.11\.2\r\nDate:\x20Sat,\x2011\x20Apr\x202026\x2008:21:18\x20GMT\r +SF:\nContent-Type:\x20application/json\r\nContent-Length:\x2052\r\nConnect +SF:ion:\x20close\r\n\r\n{\"kind\":\x20\"Status\",\x20\"status\":\x20\"Fail +SF:ure\",\x20\"code\":\x20404}")%r(HTTPOptions,C7,"HTTP/1\.1\x20200\x20OK\ +SF:r\nServer:\x20Werkzeug/3\.1\.8\x20Python/3\.11\.2\r\nDate:\x20Sat,\x201 +SF:1\x20Apr\x202026\x2008:21:18\x20GMT\r\nContent-Type:\x20text/html;\x20c +SF:harset=utf-8\r\nAllow:\x20HEAD,\x20GET,\x20OPTIONS\r\nContent-Length:\x +SF:200\r\nConnection:\x20close\r\n\r\n")%r(RTSPRequest,16C,"\n\n\x20\x20\x20\x20\n\x20\x20\x20\x20\x +SF:20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20 +SF:\x20Error\x20code:\x20400
\n\x20 +SF:\x20\x20\x20\x20\x20\x20\x20Message:\x20Bad\x20request\x20version\x2 +SF:0\('RTSP/1\.0'\)\.
\n\x20\x20\x20\x20\x20\x20\x20\x20Error\x20cod +SF:e\x20explanation:\x20400\x20-\x20Bad\x20request\x20syntax\x20or\x20unsu +SF:pported\x20method\.
\n\x20\x20\x20\x20\n\n"); +MAC Address: 5A:84:B9:11:A3:E8 (Unknown) +Device type: general purpose +Running: Linux 5.X +OS CPE: cpe:/o:linux:linux_kernel:5 +OS details: Linux 5.3 - 5.4 +Network Distance: 1 hop +Service Info: Hosts: omega-decky, omega-decky + +Host script results: +| smb2-security-mode: +| 2.0.2: +|_ Message signing enabled but not required +|_clock-skew: mean: -77664d04h15m02s, deviation: 109833d17h34m55s, median: -155328d08h30m05s +| smb2-time: +| date: 2026-04-11T08:30:06 +|_ start_date: 2026-04-11T08:30:06 +| smb-security-mode: +| account_used: guest +| authentication_level: user +| challenge_response: supported +|_ message_signing: disabled (dangerous, but default) +|_ms-sql-info: ERROR: Script execution failed (use -d to debug) + +TRACEROUTE +HOP RTT ADDRESS +1 0.03 ms 192.168.1.200 + +Nmap scan report for 192.168.1.201 +Host is up (0.000037s latency). +Not shown: 65534 closed tcp ports (reset) +PORT STATE SERVICE VERSION +25/tcp open smtp Postfix smtpd +|_smtp-commands: relay-decky, PIPELINING, SIZE 10240000, VRFY, ETRN, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN +MAC Address: 0E:84:8E:09:6A:47 (Unknown) +No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). +TCP/IP fingerprint: +OS:SCAN(V=7.92%E=4%D=4/11%OT=25%CT=1%CU=38325%PV=Y%DS=1%DC=D%G=Y%M=0E848E%T +OS:M=69DA07BC%P=x86_64-redhat-linux-gnu)SEQ(SP=101%GCD=1%ISR=10F%TI=Z%CI=Z% +OS:TS=A)SEQ(SP=101%GCD=1%ISR=10F%TI=Z%CI=Z%II=I%TS=A)OPS(O1=M5B4ST11NWA%O2= +OS:M5B4ST11NWA%O3=M5B4NNT11NWA%O4=M5B4ST11NWA%O5=M5B4ST11NWA%O6=M5B4ST11)WI +OS:N(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FA +OS:F0%O=M5B4NNSNWA%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3 +OS:(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S= +OS:Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R= +OS:Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%R +OS:IPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) + +Network Distance: 1 hop +Service Info: Host: relay-decky + +TRACEROUTE +HOP RTT ADDRESS +1 0.04 ms 192.168.1.201 + +OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Apr 11 04:35:08 2026 -- 2 IP addresses (2 hosts up) scanned in 836.75 seconds diff --git a/templates/conpot/decnet_logging.py b/templates/conpot/decnet_logging.py new file mode 100644 index 0000000..5a09505 --- /dev/null +++ b/templates/conpot/decnet_logging.py @@ -0,0 +1,89 @@ +#!/usr/bin/env python3 +""" +Shared RFC 5424 syslog helper for DECNET service templates. + +Services call syslog_line() to format an RFC 5424 message, then +write_syslog_file() to emit it to stdout — Docker captures it, and the +host-side collector streams it into the log file. + +RFC 5424 structure: +