基于OpenAI API 的 LLM 驱动的蜜罐

% git clone [email protected]:0x4D31/galah.git% cd galah% go mod download% go build  % ./galah -i en0 -v ██████   █████  ██       █████  ██   ██ ██       ██   ██ ██      ██   ██ ██   ██ ██   ███ ███████ ██      ███████ ███████ ██    ██ ██   ██ ██      ██   ██ ██   ██  ██████  ██   ██ ███████ ██   ██ ██   ██   llm-based web honeypot // version 1.0       author: Adel "0x4D31" Karimi2024/01/01 04:29:10 Starting HTTP server on port 80802024/01/01 04:29:10 Starting HTTP server on port 88882024/01/01 04:29:10 Starting HTTPS server on port 8443 with TLS profile: profile1_selfsigned2024/01/01 04:29:10 Starting HTTPS server on port 443 with TLS profile: profile1_selfsigned2024/01/01 04:35:57 Received a request for "/.git/config" from [::1]:654342024/01/01 04:35:57 Request cache miss for "/.git/config": Not found in cache2024/01/01 04:35:59 Generated HTTP response: {"Headers": {"Content-Type": "text/plain", "Server": "Apache/2.4.41 (Ubuntu)", "Status": "403 Forbidden"}, "Body": "ForbiddennYou don't have permission to access this resource."}2024/01/01 04:35:59 Sending the crafted response to [::1]:65434^C2024/01/01 04:39:27 Received shutdown signal. Shutting down servers...2024/01/01 04:39:27 All servers shut down gracefully.

% curl http://localhost:8080/login.php<!DOCTYPE html><html><head><title>Login Page</title></head><body><form action='/submit.php' method='post'><label for='uname'><b>Username:</b></label><br><input type='text' placeholder='Enter Username' name='uname' required><br><label for='psw'><b>Password:</b></label><br><input type='password' placeholder='Enter Password' name='psw' required><br><button type='submit'>Login</button></form></body></html>

{"timestamp":"2024-01-01T05:38:08.854878","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"51978","sensorName":"home-sensor","port":"8080","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/login.php","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Content-Type":"text/html","Server":"Apache/2.4.38"},"body":"u003c!DOCTYPE htmlu003eu003chtmlu003eu003cheadu003eu003ctitleu003eLogin Pageu003c/titleu003eu003c/headu003eu003cbodyu003eu003cform action='/submit.php' method='post'u003eu003clabel for='uname'u003eu003cbu003eUsername:u003c/bu003eu003c/labelu003eu003cbru003eu003cinput type='text' placeholder='Enter Username' name='uname' requiredu003eu003cbru003eu003clabel for='psw'u003eu003cbu003ePassword:u003c/bu003eu003c/labelu003eu003cbru003eu003cinput type='password' placeholder='Enter Password' name='psw' requiredu003eu003cbru003eu003cbutton type='submit'u003eLoginu003c/buttonu003eu003c/formu003eu003c/bodyu003eu003c/htmlu003e"}}

% curl http://localhost:8080/.aws/credentials[default]aws_access_key_id = AKIAIOSFODNN7EXAMPLEaws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYregion = us-west-2

{"timestamp":"2024-01-01T05:40:34.167361","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"65311","sensorName":"home-sensor","port":"8080","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/.aws/credentials","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Connection":"close","Content-Encoding":"gzip","Content-Length":"126","Content-Type":"text/plain","Server":"Apache/2.4.51 (Unix)"},"body":"[default]naws_access_key_id = AKIAIOSFODNN7EXAMPLEnaws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYnregion = us-west-2"}}

% curl http://localhost:8888/are-you-a-honeypotNo, I am a server.`

{"timestamp":"2024-01-01T05:50:43.792479","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"61982","sensorName":"home-sensor","port":"8888","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/are-you-a-honeypot","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Connection":"close","Content-Length":"20","Content-Type":"text/plain","Server":"Apache/2.4.41 (Ubuntu)"},"body":"No, I am a server."}}

% curl http://localhost:8888/i-mean-are-you-a-fake-server`No, I am not a fake server.

{"timestamp":"2024-01-01T05:51:40.812831","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"62205","sensorName":"home-sensor","port":"8888","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/i-mean-are-you-a-fake-server","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Connection":"close","Content-Type":"text/plain","Server":"LocalHost/1.0"},"body":"No, I am not a fake server."}}