Free,Cross-platform,Single-file mass network protocol server simulator

Related tags

Networkingmysqlredissshrtspsimulationftpsambantprdpprotocolsportmap
Overview

FaPro

Free,Cross-platform,Single-file mass network protocol server simulator

platform latest release version discord

中文Readme

Description

FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.

The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol.

Demo Site

Features

  • Supported Running Modes:
    • Local Machine
    • Virtual Network
  • Supported Protocols:
    • DNS
    • DCE/RPC
    • EIP
    • Elasticsearch
    • FTP
    • HTTP
    • IEC 104
    • Memcached
    • Modbus
    • MQTT
    • MySQL
    • RDP
    • Redis
    • S7
    • SMB
    • SMTP
    • SNMP
    • SSH
    • Telnet
    • VNC
    • IMAP
    • POP3
    • NTP
    • RTSP
    • PORTMAP
  • Use TcpForward to forward network traffic
  • Support tcp syn logging
  • Support icmp ping logging
  • Support udp packet logging

Protocol simulation demos

Rdp

Support credssp ntlmv2 nla authentication.

Support to configure the image displayed when user login. RDP demo

SSH

Support user login.

Support fake terminal commands, such as id, uid, whoami, etc.

Account format: username:password:home:uid SSH demo

IMAP & SMTP

Support user login and interaction.

IMAP & SMTP demo

Mysql

Support sql statement query interaction

Mysql demo

HTTP

Support website clone, You need to install the chrome browser and chrome driver to work.

Quick Start

Generate Config

The configuration of all protocols and parameters is generated by genConfig subcommand.

Use 172.16.0.0/16 subnet to generate the configuration file:

fapro genConfig -n 172.16.0.0/16 > fapro.json

Or use local address instead of the virtual network:

fapro genConfig > fapro.json

Run the protocol simulator

Run FaPro in verbose mode and start the web service on port 8080:

fapro run -v -l :8080

Tcp syn logging

For windows users, please install winpcap or npcap.

Log analysis

Use ELK to analyze protocol logs: FaPro Kibana

Configuration

This section contains the sample configuration used by FaPro.

{
     "version": "0.40",
     "network": "127.0.0.1/32",
     "network_build": "localhost",
     "storage": null,
     "geo_db": "/tmp/geoip_city.mmdb",
     "hostname": "fapro1",
     "use_logq": true,
     "cert_name": "unknown",
     "syn_dev": "any",
     "udp_dev": "any",
     "icmp_dev": "any",
     "exclusions": [],
     "hosts": [
         {
             "ip": "127.0.0.1",
             "handlers": [
                 {
                     "handler": "dcerpc",
                     "port": 135,
                     "params": {
                         "accounts": [
                             "administrator:123456",
                         ],
                         "domain_name": "DESKTOP-Q1Test"
                     }
                 }
             ]
         }
     ]
}
  • version: Configuration version.
  • network: The subnet used by the virtual network or the address bound to the local machine(Local mode).
  • network_build: Network mode(supported value: localhost, all, userdef)
    • localhost: Local mode, all services are listening on the local machine
    • all: Create all hosts in the subnet(i.e., Can ping all the host in the subnet)
    • userdef: Create only the hosts specified in the hosts configuration.
  • storage: Specify the storage used for log collection, support sqlite, mysql, elasticsearch. e.g.
  • geo_db: MaxMind geoip2 database file path, used to generate ip geographic location information. if you use Elasticsearch storage, never need this field, it will be automatically generated using the geoip processor of Elasticsearch.
  • hostname: Specify the host field in the log.
  • use_logq: Use local disk message queue to save logs, and then send it to remote mysql or Elasticsearch to prevent remote log loss.
  • cert_name: Common name of the generated certificate.
  • syn_dev: Specify the network interface used to capture tcp syn packets. If it is empty, the tcp syn packet will not be recorded. On windows, the device name is like "\Device\NPF_{xxxx-xxxx}".
  • udp_dev: Same as syn_dev, but for udp packet.
  • icmp_dev: Same as syn_dev, but for icmp ping packet.
  • exclusions: Exclude remote ips from logs.
  • hosts: Each item is a host configuration.
  • handlers: Service configuration, the service configured on the host, each item is a service configuration.
  • handler: Service name (i.e., protocol name)
  • params: Set the parameters supported by the service.

Example

Create a virtual network, The subnet is 172.16.0.0/24, include 2 hosts,

172.16.0.3 run dns, ssh service,

and 172.16.0.5 run rpc, rdp service,

protocol access logs are saved to elasticsearch, exclude the access log of 127.0.0.1 and 8.8.8.8.

{
    "version": "0.40",
    "network": "172.16.0.0/24",
    "network_build": "userdef",
    "storage": "es://http://127.0.0.1:9200",
    "use_logq": true,
    "cert_name": "unknown",
    "syn_dev": "any",
    "udp_dev": "any",
    "icmp_dev": "any",
    "exclusions": ["127.0.0.1", "8.8.8.8"],
    "geo_db": "",
    "hosts": [
        {
            "ip": "172.16.0.3",
            "handlers": [
               {
                    "handler": "dns",
                    "port": 53,
                    "params": {
                        "accounts": [
                            "admin:123456"
                        ],
                        "appname": "domain"
                    }
                },
                {
                    "handler": "ssh",
                    "port": 22,
                    "params": {
                        "accounts": [
                            "root:5555555:/root:0"
                        ],
                        "prompt": "$ ",
                        "server_version": "SSH-2.0-OpenSSH_7.4"
                    }
                }
            ]
        },
        {
            "ip": "172.16.0.5",
            "handlers": [
                {
                    "handler": "dcerpc",
                    "port": 135,
                    "params": {
                        "accounts": [
                            "administrator:123456"
                        ],
                        "domain_name": "DESKTOP-Q1Test"
                    }
                },
                {
                    "handler": "rdp",
                    "port": 3389,
                    "params": {
                        "accounts": [  
                            "administrator:123456"
                        ],
                        "auth": false,
                        "domain_name": "DESKTOP-Q1Test",
                        "image": "rdp.jpg",
                        "sec_layer": "auto"
                    }
                }
            ]
        }
    ]
}

Automatically generate service configuration

Use the ipclone.py script in Scripts, You can clone the ip service configuration from fofa to quickly generate the service configuration of the real machine.

Learn more

FAQ

We have collected some frequently asked questions. Before reporting an issue, please search if the FAQ has the answer to your problem.

Contributing

  • Issues are welcome.
Comments
  • use_logq bug

    use_logq bug 

    "version": "0.63",
"hostname": "",
"network": "127.0.0.1/32",
"network_build": "localhost",
"geo_db": "./Country.mmdb",
"exclusions": null,
"storage": "mysql://root:[email protected](192.168.170.33:3306)/logs",
"use_logq": true,
"syn_dev": "",
"icmp_dev": "",
"udp_dev": "",
"cert_name": "",

    使用mysql存储日志数据,并开启 "use_logq": true时,一旦请求端口服务,向队列写数据,就会出现下列报错,并关闭所有服务。若"use_logq": false时,则无问题。

    INFO[0000] ip exclusions: [] use disk queue: true INFO[0000] [LogQueue] use disk queue:-log-queue INFO[0000] [LogQueue] runner exit. panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x961097]

    goroutine 20 [running]: github.com/sirupsen/logrus.(*Entry).Bytes(...) pkg/mod/github.com/sirupsen/[email protected]/entry.go:91 github.com/sirupsen/logrus.(*Entry).String(0x2b552a0) pkg/mod/github.com/sirupsen/[email protected]/entry.go:97 +0x17 git.gobies.org/goby/fapro/gobygreatnetwork.(*SQLHook).Fire(0xc0003d4db0, 0xc000193ab0) /fapro/gobygreatnetwork/storage.go:62 +0x91 git.gobies.org/goby/fapro/pkg/logger.(*QueueWriterHook).safeFire(0xc000786db0, 0x73a7c18b1cf46ba2) /fapro/pkg/logger/queueWriter.go:39 +0xef git.gobies.org/goby/fapro/pkg/logger.(*QueueWriterHook).logWriterRunner(0xc000786db0) /fapro/pkg/logger/queueWriter.go:86 +0x2c5 created by git.gobies.org/goby/fapro/pkg/logger.NewQueueWriterHook /fapro/pkg/logger/queueWriter.go:102 +0x17d

    请问如何解决?

    bug 
    opened by nicetomeetnode 3
  • windows 11 无法在web页面关闭下列服务

    windows 11 无法在web页面关闭下列服务

    windows 11 无法在web页面关闭下列服务

    127.0.0.1:53 | dns | UDPListen |   127.0.0.1:123 | ntp | UDPListen |   127.0.0.1:161 | snmp | UDPListen |   127.0.0.1:1234 | udp_echo | UDPListen |   127.0.0.1:5060 | sip | UDPListen |  

    终端程序报错刷屏 time="2021-11-05T14:13:08+08:00" level=error msg="udp_echo read data error:read udp 127.0.0.1:1234: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="udp_echo read data error:read udp 127.0.0.1:1234: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="ntp read data error:read udp 127.0.0.1:123: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n"

    bug 
    opened by badboycxcc 3
  • 报错信息:panic: ioctl: SIOCADDRT: network is unreachable

    报错信息:panic: ioctl: SIOCADDRT: network is unreachable

    环境: CentOS 7 Linux bogon 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux ssh.json:

    {
	"version": "0.36",
	"network": "192.168.1.0/24",
	"network_build": "all",
	"storage": null,
	"hosts": [
		{
			"ip": "192.168.1.103",
			"handlers": [
				{
					"handler": "ssh",
					"port": 62222,
					"params": {
						"accounts": ["root:123456:/root:0"],
						"prompt": "$ ",
						"server_version": "SSH-2.0-OpenSSH_7.4"
					}
				}
			]
		}
	]
}

    ./fapro run --config=ssh -v 回显如下:

    panic: ioctl: SIOCADDRT: network is unreachable

goroutine 1 [running]:
main.(*runCommand).Execute(0xc000966cc0, 0xc0006caf30, 0x0, 0x3, 0x1b7ea01, 0x7f9f891f8098)
        D:/code/netstackserver/main.go:194 +0xe74
main.main.func1(0x7f9f891f8098, 0xc000966cc0, 0xc0006caf30, 0x0, 0x3, 0x1, 0x0)
        D:/code/netstackserver/main.go:297 +0x7e
github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc000451a40, 0xc00004c0d0, 0x3, 0x3, 0xd, 0x0, 0x0, 0x1db0960, 0xc0006cad20)
        C:/Users/chenpanfeng/go/pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x85d
github.com/jessevdk/go-flags.(*Parser).Parse(...)
        C:/Users/chenpanfeng/go/pkg/mod/github.com/jessevdk/[email protected]/parser.go:191
main.main()
        D:/code/netstackserver/main.go:300 +0x369

    尝试更改 network 项为特定ip地址、带掩码ip地址等,依然报错如上 只有在该项设置为 127.0.0.1 时可以正常执行 fapro run,但是此时无法从内网中其他机器访问 请问如何配置 json 文件才能在内网其他机器中访问到伪造的服务?

    opened by hare001 3
  • how can i config fapro.json to run fapro in the same subnet with my host

    how can i config fapro.json to run fapro in the same subnet with my host

    1 Excuse me, i want to run fapro in the same subnet with my host in vmware so other machines in same network can access to fake services of fapro. Is there anyway

    opened by UIT19522051 2
  • 最新版windows11运行报错

    最新版windows11运行报错

    fapro.exe run -v -l :8080 panic: Fatal error config file: While parsing config: invalid character 'ÿ' looking for beginning of value

    goroutine 1 [running]: main.(*runCommand).Execute(0xc0001d3d80, {0x2749d80, 0x2539201, 0xc0001d3d80}) /fapro/main.go:193 +0x11b6 main.main.func1({0x15de17e1cc0, 0xc0001d3d80}, {0xc000709740, 0x1, 0x0}) /fapro/main.go:375 +0x66 github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc0003d7730, {0xc00005c090, 0x7, 0x7}) pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x87c github.com/jessevdk/go-flags.(*Parser).Parse(...) pkg/mod/github.com/jessevdk/go-[email protected]/parser.go:191 main.main() /fapro/main.go:378 +0x294

    ============================ 配置使用默认生成。

    duplicate 
    opened by badboycxcc 2
  • 开启vnc服务后内存占用过高

    开启vnc服务后内存占用过高

    我在阿里云上部署了一个2G内存的节点,并开启了vnc服务。今天早上大概9点开始,它接收到了大量的vnc连接请求,直到中午1点左右宕机,内存占用从460M匀速上升到了1.8G。我查看日志时,message中是有close conn的,但是内存似乎一直没有被释放? 是我的配置有什么问题吗?配置文件只使用了默认的参数:

    {
  "handler": "vnc",
  "port": 5900,
  "params": {
    "challenge": "0123456789abcdef",
    "password": "1234561"
  }
},
    bug 
    opened by zhy27 2
  • panic: no active connection found: no Elasticsearch node available

    panic: no active connection found: no Elasticsearch node available

    报错:panic: no active connection found: no Elasticsearch node available

    • ELK_VERSION=7.16.2
    • docker

    参考以下资料,添加了如下一堆还是没修改成功 https://stackoverflow.com/questions/61455272/cannot-connect-to-elastic-search-no-active-connection-found-no-elasticsearch https://www.cnblogs.com/xiaoff/p/9913544.html https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html

    cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.host: 0.0.0.0
network.publish_host: 0.0.0.0
transport.host: 0.0.0.0
http.publish_port: 9200
    documentation faq 
    opened by b1ank1108 1
  • [win10]cannot startup fapro

    [win10]cannot startup fapro

    $ ./fapro genConfig -p ssh { "version": "0.58", "hostname": "", "network": "127.0.0.1/32", "network_build": "localhost", "geo_db": "", "exclusions": null, "storage": null, "use_logq": false, "syn_dev": "", "icmp_dev": "", "udp_dev": "", "cert_name": "", "hosts": [ { "ip": "127.0.0.1", "handlers": [ { "handler": "ssh", "port": 22, "params": { "accounts": [ "root:123456:/root:0" ], "prompt": "$ ", "server_version": "SSH-2.0-OpenSSH_7.4" } } ] } ], "templates": null }

    $ ./fapro run -v -l :8080 time="2022-02-24T11:40:16+08:00" level=info msg="ip exclusions: []" use disk queue: false time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] NamespaceRuntimeInit: Failed to create private namespace: 拒绝访问。 (Code 0x00000005)\n" time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunOpenAdapter: Failed to take WireGuard pool mutex\n" time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunCreateAdapter: Creating adapter\n" time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunCreateAdapter: Failed to create new device information element: 拒绝访问。 (Code 0x00000005)\n" panic: tun device from name error: Error creating interface: Access is denied.

    goroutine 1 [running]: main.(*runCommand).Execute(0xc00068b680, {0x1b8bd00, 0x195c601, 0xc00068b680}) /fapro/main.go:381 +0x14e6 main.main.func1({0x250c46e8030, 0xc00068b680}, {0xc000575d40, 0x1, 0x1b52500}) /fapro/main.go:523 +0x66 github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc0000f9880, {0xc0000cc010, 0x7, 0x7}) pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x87c github.com/jessevdk/go-flags.(*Parser).Parse(...) pkg/mod/github.com/jessevdk/go-[email protected]/parser.go:191 main.main() /fapro/main.go:526 +0x27e

    opened by mfwildfire 1
  • 能否实现类似inetsim的功能?

    能否实现类似inetsim的功能?

    一些提议

    看到这个项目时,就觉得它可以替代inetsim作为样本分析时的嗅探机工具(易上手) 那么是否考虑实现对应功能(暂时想到)

    • 可以监听0.0.0.0
    • DNS支持重定向(将受害机释放样本时的外链请求均重定向至嗅探机)

    使用时的小问题

    使用fapro genConfig -n (0.0.0.0/0|本机网段(例如192.168.1.0/24)) > fapro.json时运行fapro会报错提示already exist subnet 不过通过web端的协议配置里配置本机ip可以正常使用且能被同网段机器访问

    enhancement faq 
    opened by ZoomGod 1
  • fapro as honeypot!?

    fapro as honeypot!?

    at first, thanks you for contributing this tool.

    can we use it as a honeypot via some changes on source code?

    you as owner of tool, have you any idea for converting this tool to a honeypot tool?

    tnx a lot.

    opened by alimp5 1
  • 能否考虑给elasticsearch增加设置账号、密码的功能。

    能否考虑给elasticsearch增加设置账号、密码的功能。

    工具很好用。 希望给elasticsearch增加设置账号、密码的功能。

    现在es的配置信息如下,不支持account参数

      {
                    "handler": "elasticsearch",
                    "port": 9200
                },
    feature 
    opened by hi-unc1e 1
  • Modules suggestion

    Modules suggestion

    https://www.criminalip.io/ - Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated

    opened by parkjunmin 0
Releases(v0.64)
Owner
FOFA Pro
FOFA Pro 的开源项目
FOFA Pro
GitHub Repository
Learn how modern web applications and microservice architecture work as you complete a creative assignment

Micro-service Создание микросервиса Цель работы Познакомиться с механизмом работы современных веб-приложений и микросервисной архитектуры в процессе в

Григорий Верховский 1 Dec 19, 2021
Keep your application settings in sync (OS X/Linux)

Mackup Keep your application settings in sync. Table of content Quickstart Usage What does it do Bullsh*t, what does it really do to my files Supporte

Laurent Raufaste 12.8k Jan 08, 2023
Apple Store Stock Notifier monitors the availability of selected Apple devices in selected Apple stores, and sends you a notification when devices are available!

Apple Store Stock Notifier This software will immediately send you a notification via Telegram when one of your coveted Apple Devices is available in

Floris-Jan Willemsen 25 Dec 05, 2022
HTTP proxy pool server primarily meant for evading IP whitelists

proxy-forwarder HTTP proxy pool server primarily meant for evading IP whitelists. Setup Create a file named proxies.txt and fill it with your HTTP pro

h0nda 2 Feb 19, 2022
Anonymously Reverse shell over Tor Network using Hidden Services without portfortwarding

Anonymously Reverse shell over Tor Network using Hidden Services without portfortwarding Tor ağı ile Dark Web servislerini kullanarak anonim biçimde p

249 Dec 29, 2022
An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputatio

CRED 225 Dec 31, 2022
This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all the available IP addresses with their MAC addresses on your current Network.

This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all t

Abhinandan Khurana 1 Feb 09, 2022
Timeouts for popular Python packages

Python Timeouts An unresponsive service can be worse than a down one. It can tie up your entire system if not handled properly. All network requests s

Andrew Kane 11 Nov 22, 2022
Load balancing DICOM router

dicom-loadbalancer Load balancing DICOM router (WORK IN PROGRESS) The DICOM loadbalancer provides functionality for acting as any number of DICOM SCPs

Søren Boll Overgaard 1 Jan 15, 2022
Interact remotely with the computer using Python and MQTT protocol 💻

Comandos_Remotos Interagir remotamento com o computador através do Python e protocolo MQTT. 💻 Status: em desenvolvimento 🚦 Objetivo: Interagir com o

Guilherme_Donizetti 6 May 10, 2022
WebRTC and ORTC implementation for Python using asyncio

aiortc What is aiortc? aiortc is a library for Web Real-Time Communication (WebRTC) and Object Real-Time Communication (ORTC) in Python. It is built o

3.2k Jan 07, 2023
Using AWS's API Gateway + Lambda + Python to run a simple websocket application. For learning/testing

Using AWS's API Gateway + Lambda + Python to run a simple websocket application. For learning/testing. The AWS Resources seemed overly complex and were missing some critical gotchas in setting up a s

Seth Miller 15 Dec 23, 2022
tradingview socket api for fetching real time prices.

tradingView-API tradingview socket api for fetching real time prices. How to run git clone https://github.com/mohamadkhalaj/tradingView-API.git cd tra

MohammadKhalaj 35 Dec 31, 2022
A simple DHCP server and client simulation with python

About The Project This is a simple DHCP server and client simulation. I implemented it for computer network course spring 2021 The client can request

shakiba 3 Feb 08, 2022
Huawei firewall automatically updates Chinese ip to target IP group.

Huawei firewall automatically updates Chinese ip to target IP group.

Lundaa 0 Jan 11, 2022
RabbitMQ asynchronous connector library for Python with built in RPC support

About RabbitMQ connector library for Python that is fully integrated with the aio-pika framework. Introduction BunnyStorm is here to simplify working

22 Sep 11, 2022
PoC code for stealing the WiFi password of a network with a Lovebox IOT device connected

LoveBoxer PoC code for stealing the WiFi password of a network with a Lovebox IOT device connected. This PoC was is what I used in this blogpost Usage

Graham Helton 10 May 24, 2022
euserv auto-renew script - A Python script which can help you renew your free EUserv IPv6 VPS.

eu_ex eu_ex means EUserv_extend. A Python script which can help you renew your free EUserv IPv6 VPS. This Script can check the VPS amount in your acco

A beam of light 92 Jan 25, 2022
Decentra Network is an open source blockchain that combines speed, security and decentralization.

Decentra Network is an open source blockchain that combines speed, security and decentralization. Decentra Network has very high speeds, scalability, asymptotic security and complete decentralization

Decentra Network 74 Nov 22, 2022
A python 3 library which helps in using nmap port scanner.

A python 3 library which helps in using nmap port scanner. This is done by converting each nmap command into a callable python3 method or function. System administrators can now automatic nmap scans

Nmmapper 179 Dec 19, 2022