Add per-service customization, stealth hardening, and BYOS support

- HTTP: configurable server_header, response_code, fake_app presets (apache/nginx/wordpress/phpmyadmin/iis), extra_headers, custom_body, static files directory mount - SSH/Cowrie: configurable kernel_version, hardware_platform, ssh_banner, and users/passwords via COWRIE_USERDB_ENTRIES; switched to build mode so cowrie.cfg.j2 persona fields and userdb.txt generation work - SMTP: configurable banner and MTA hostname - MySQL: configurable version string in protocol greeting - Redis: configurable redis_version and os string in INFO response - BYOS: [custom-*] INI sections define bring-your-own Docker services - Stealth: rename all *_honeypot.py → server.py; replace HONEYPOT_NAME env var with NODE_NAME across all 22+ service templates and plugins; strip "honeypot" from all in-container file content - Config: DeckyConfig.service_config dict; INI [decky-N.svc] subsections; composer passes service_cfg to compose_fragment - 350 tests passing (100%) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-04 04:08:27 -03:00
parent 07c06e3c0a
commit cf1e00af28
102 changed files with 974 additions and 309 deletions
--- a/templates/ftp/server.py
+++ b/templates/ftp/server.py
@@ -0,0 +1,82 @@
+#!/usr/bin/env python3
+"""
+FTP server using Twisted's FTP server infrastructure.
+Accepts any credentials, logs all commands and file requests,
+forwards events as JSON to LOG_TARGET if set.
+"""
+
+import json
+import os
+import socket
+import sys
+from datetime import datetime, timezone
+
+from twisted.internet import defer, protocol, reactor
+from twisted.protocols.ftp import FTP, FTPFactory
+from twisted.python import log as twisted_log
+
+NODE_NAME = os.environ.get("NODE_NAME", "ftpserver")
+LOG_TARGET = os.environ.get("LOG_TARGET", "")
+
+
+def _forward(event: dict) -> None:
+    if not LOG_TARGET:
+        return
+    try:
+        host, port = LOG_TARGET.rsplit(":", 1)
+        with socket.create_connection((host, int(port)), timeout=3) as s:
+            s.sendall((json.dumps(event) + "\n").encode())
+    except Exception:
+        pass
+
+
+def _log(event_type: str, **kwargs) -> None:
+    event = {
+        "ts": datetime.now(timezone.utc).isoformat(),
+        "service": "ftp",
+        "host": NODE_NAME,
+        "event": event_type,
+        **kwargs,
+    }
+    print(json.dumps(event), flush=True)
+    _forward(event)
+
+
+class ServerFTP(FTP):
+    def connectionMade(self):
+        peer = self.transport.getPeer()
+        _log("connection", src_ip=peer.host, src_port=peer.port)
+        super().connectionMade()
+
+    def ftp_USER(self, username):
+        self._server_user = username
+        _log("user", username=username)
+        return super().ftp_USER(username)
+
+    def ftp_PASS(self, password):
+        _log("auth_attempt", username=getattr(self, "_server_user", "?"), password=password)
+        # Accept everything — we're a server
+        self.state = self.AUTHED
+        self._user = getattr(self, "_server_user", "anonymous")
+        return defer.succeed((230, "Login successful."))
+
+    def ftp_RETR(self, path):
+        _log("download_attempt", path=path)
+        self.sendLine(b"550 File unavailable.")
+        return defer.succeed(None)
+
+    def connectionLost(self, reason):
+        peer = self.transport.getPeer()
+        _log("disconnect", src_ip=peer.host, src_port=peer.port)
+        super().connectionLost(reason)
+
+
+class ServerFTPFactory(FTPFactory):
+    protocol = ServerFTP
+
+
+if __name__ == "__main__":
+    twisted_log.startLogging(sys.stdout)
+    _log("startup", msg=f"FTP server starting as {NODE_NAME} on port 21")
+    reactor.listenTCP(21, ServerFTPFactory())
+    reactor.run()