Free,Cross-platform,Single-file mass network protocol server simulator

Related tags

Networkingmysqlredissshrtspsimulationftpsambantprdpprotocolsportmap
Overview

FaPro

Free,Cross-platform,Single-file mass network protocol server simulator

platform latest release version discord

中文Readme

Description

FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.

The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol.

Demo Site

Features

  • Supported Running Modes:
    • Local Machine
    • Virtual Network
  • Supported Protocols:
    • DNS
    • DCE/RPC
    • EIP
    • Elasticsearch
    • FTP
    • HTTP
    • IEC 104
    • Memcached
    • Modbus
    • MQTT
    • MySQL
    • RDP
    • Redis
    • S7
    • SMB
    • SMTP
    • SNMP
    • SSH
    • Telnet
    • VNC
    • IMAP
    • POP3
    • NTP
    • RTSP
    • PORTMAP
  • Use TcpForward to forward network traffic
  • Support tcp syn logging
  • Support icmp ping logging
  • Support udp packet logging

Protocol simulation demos

Rdp

Support credssp ntlmv2 nla authentication.

Support to configure the image displayed when user login. RDP demo

SSH

Support user login.

Support fake terminal commands, such as id, uid, whoami, etc.

Account format: username:password:home:uid SSH demo

IMAP & SMTP

Support user login and interaction.

IMAP & SMTP demo

Mysql

Support sql statement query interaction

Mysql demo

HTTP

Support website clone, You need to install the chrome browser and chrome driver to work.

Quick Start

Generate Config

The configuration of all protocols and parameters is generated by genConfig subcommand.

Use 172.16.0.0/16 subnet to generate the configuration file:

fapro genConfig -n 172.16.0.0/16 > fapro.json

Or use local address instead of the virtual network:

fapro genConfig > fapro.json

Run the protocol simulator

Run FaPro in verbose mode and start the web service on port 8080:

fapro run -v -l :8080

Tcp syn logging

For windows users, please install winpcap or npcap.

Log analysis

Use ELK to analyze protocol logs: FaPro Kibana

Configuration

This section contains the sample configuration used by FaPro.

{
     "version": "0.40",
     "network": "127.0.0.1/32",
     "network_build": "localhost",
     "storage": null,
     "geo_db": "/tmp/geoip_city.mmdb",
     "hostname": "fapro1",
     "use_logq": true,
     "cert_name": "unknown",
     "syn_dev": "any",
     "udp_dev": "any",
     "icmp_dev": "any",
     "exclusions": [],
     "hosts": [
         {
             "ip": "127.0.0.1",
             "handlers": [
                 {
                     "handler": "dcerpc",
                     "port": 135,
                     "params": {
                         "accounts": [
                             "administrator:123456",
                         ],
                         "domain_name": "DESKTOP-Q1Test"
                     }
                 }
             ]
         }
     ]
}
  • version: Configuration version.
  • network: The subnet used by the virtual network or the address bound to the local machine(Local mode).
  • network_build: Network mode(supported value: localhost, all, userdef)
    • localhost: Local mode, all services are listening on the local machine
    • all: Create all hosts in the subnet(i.e., Can ping all the host in the subnet)
    • userdef: Create only the hosts specified in the hosts configuration.
  • storage: Specify the storage used for log collection, support sqlite, mysql, elasticsearch. e.g.
  • geo_db: MaxMind geoip2 database file path, used to generate ip geographic location information. if you use Elasticsearch storage, never need this field, it will be automatically generated using the geoip processor of Elasticsearch.
  • hostname: Specify the host field in the log.
  • use_logq: Use local disk message queue to save logs, and then send it to remote mysql or Elasticsearch to prevent remote log loss.
  • cert_name: Common name of the generated certificate.
  • syn_dev: Specify the network interface used to capture tcp syn packets. If it is empty, the tcp syn packet will not be recorded. On windows, the device name is like "\Device\NPF_{xxxx-xxxx}".
  • udp_dev: Same as syn_dev, but for udp packet.
  • icmp_dev: Same as syn_dev, but for icmp ping packet.
  • exclusions: Exclude remote ips from logs.
  • hosts: Each item is a host configuration.
  • handlers: Service configuration, the service configured on the host, each item is a service configuration.
  • handler: Service name (i.e., protocol name)
  • params: Set the parameters supported by the service.

Example

Create a virtual network, The subnet is 172.16.0.0/24, include 2 hosts,

172.16.0.3 run dns, ssh service,

and 172.16.0.5 run rpc, rdp service,

protocol access logs are saved to elasticsearch, exclude the access log of 127.0.0.1 and 8.8.8.8.

{
    "version": "0.40",
    "network": "172.16.0.0/24",
    "network_build": "userdef",
    "storage": "es://http://127.0.0.1:9200",
    "use_logq": true,
    "cert_name": "unknown",
    "syn_dev": "any",
    "udp_dev": "any",
    "icmp_dev": "any",
    "exclusions": ["127.0.0.1", "8.8.8.8"],
    "geo_db": "",
    "hosts": [
        {
            "ip": "172.16.0.3",
            "handlers": [
               {
                    "handler": "dns",
                    "port": 53,
                    "params": {
                        "accounts": [
                            "admin:123456"
                        ],
                        "appname": "domain"
                    }
                },
                {
                    "handler": "ssh",
                    "port": 22,
                    "params": {
                        "accounts": [
                            "root:5555555:/root:0"
                        ],
                        "prompt": "$ ",
                        "server_version": "SSH-2.0-OpenSSH_7.4"
                    }
                }
            ]
        },
        {
            "ip": "172.16.0.5",
            "handlers": [
                {
                    "handler": "dcerpc",
                    "port": 135,
                    "params": {
                        "accounts": [
                            "administrator:123456"
                        ],
                        "domain_name": "DESKTOP-Q1Test"
                    }
                },
                {
                    "handler": "rdp",
                    "port": 3389,
                    "params": {
                        "accounts": [  
                            "administrator:123456"
                        ],
                        "auth": false,
                        "domain_name": "DESKTOP-Q1Test",
                        "image": "rdp.jpg",
                        "sec_layer": "auto"
                    }
                }
            ]
        }
    ]
}

Automatically generate service configuration

Use the ipclone.py script in Scripts, You can clone the ip service configuration from fofa to quickly generate the service configuration of the real machine.

Learn more

FAQ

We have collected some frequently asked questions. Before reporting an issue, please search if the FAQ has the answer to your problem.

Contributing

  • Issues are welcome.
Comments
  • use_logq bug

    use_logq bug 

    "version": "0.63",
"hostname": "",
"network": "127.0.0.1/32",
"network_build": "localhost",
"geo_db": "./Country.mmdb",
"exclusions": null,
"storage": "mysql://root:[email protected](192.168.170.33:3306)/logs",
"use_logq": true,
"syn_dev": "",
"icmp_dev": "",
"udp_dev": "",
"cert_name": "",

    使用mysql存储日志数据,并开启 "use_logq": true时,一旦请求端口服务,向队列写数据,就会出现下列报错,并关闭所有服务。若"use_logq": false时,则无问题。

    INFO[0000] ip exclusions: [] use disk queue: true INFO[0000] [LogQueue] use disk queue:-log-queue INFO[0000] [LogQueue] runner exit. panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x961097]

    goroutine 20 [running]: github.com/sirupsen/logrus.(*Entry).Bytes(...) pkg/mod/github.com/sirupsen/[email protected]/entry.go:91 github.com/sirupsen/logrus.(*Entry).String(0x2b552a0) pkg/mod/github.com/sirupsen/[email protected]/entry.go:97 +0x17 git.gobies.org/goby/fapro/gobygreatnetwork.(*SQLHook).Fire(0xc0003d4db0, 0xc000193ab0) /fapro/gobygreatnetwork/storage.go:62 +0x91 git.gobies.org/goby/fapro/pkg/logger.(*QueueWriterHook).safeFire(0xc000786db0, 0x73a7c18b1cf46ba2) /fapro/pkg/logger/queueWriter.go:39 +0xef git.gobies.org/goby/fapro/pkg/logger.(*QueueWriterHook).logWriterRunner(0xc000786db0) /fapro/pkg/logger/queueWriter.go:86 +0x2c5 created by git.gobies.org/goby/fapro/pkg/logger.NewQueueWriterHook /fapro/pkg/logger/queueWriter.go:102 +0x17d

    请问如何解决?

    bug 
    opened by nicetomeetnode 3
  • windows 11 无法在web页面关闭下列服务

    windows 11 无法在web页面关闭下列服务

    windows 11 无法在web页面关闭下列服务

    127.0.0.1:53 | dns | UDPListen |   127.0.0.1:123 | ntp | UDPListen |   127.0.0.1:161 | snmp | UDPListen |   127.0.0.1:1234 | udp_echo | UDPListen |   127.0.0.1:5060 | sip | UDPListen |  

    终端程序报错刷屏 time="2021-11-05T14:13:08+08:00" level=error msg="udp_echo read data error:read udp 127.0.0.1:1234: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="udp_echo read data error:read udp 127.0.0.1:1234: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="ntp read data error:read udp 127.0.0.1:123: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n" time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n"

    bug 
    opened by badboycxcc 3
  • 报错信息:panic: ioctl: SIOCADDRT: network is unreachable

    报错信息:panic: ioctl: SIOCADDRT: network is unreachable

    环境: CentOS 7 Linux bogon 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux ssh.json:

    {
	"version": "0.36",
	"network": "192.168.1.0/24",
	"network_build": "all",
	"storage": null,
	"hosts": [
		{
			"ip": "192.168.1.103",
			"handlers": [
				{
					"handler": "ssh",
					"port": 62222,
					"params": {
						"accounts": ["root:123456:/root:0"],
						"prompt": "$ ",
						"server_version": "SSH-2.0-OpenSSH_7.4"
					}
				}
			]
		}
	]
}

    ./fapro run --config=ssh -v 回显如下:

    panic: ioctl: SIOCADDRT: network is unreachable

goroutine 1 [running]:
main.(*runCommand).Execute(0xc000966cc0, 0xc0006caf30, 0x0, 0x3, 0x1b7ea01, 0x7f9f891f8098)
        D:/code/netstackserver/main.go:194 +0xe74
main.main.func1(0x7f9f891f8098, 0xc000966cc0, 0xc0006caf30, 0x0, 0x3, 0x1, 0x0)
        D:/code/netstackserver/main.go:297 +0x7e
github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc000451a40, 0xc00004c0d0, 0x3, 0x3, 0xd, 0x0, 0x0, 0x1db0960, 0xc0006cad20)
        C:/Users/chenpanfeng/go/pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x85d
github.com/jessevdk/go-flags.(*Parser).Parse(...)
        C:/Users/chenpanfeng/go/pkg/mod/github.com/jessevdk/[email protected]/parser.go:191
main.main()
        D:/code/netstackserver/main.go:300 +0x369

    尝试更改 network 项为特定ip地址、带掩码ip地址等,依然报错如上 只有在该项设置为 127.0.0.1 时可以正常执行 fapro run,但是此时无法从内网中其他机器访问 请问如何配置 json 文件才能在内网其他机器中访问到伪造的服务?

    opened by hare001 3
  • how can i config fapro.json to run fapro in the same subnet with my host

    how can i config fapro.json to run fapro in the same subnet with my host

    1 Excuse me, i want to run fapro in the same subnet with my host in vmware so other machines in same network can access to fake services of fapro. Is there anyway

    opened by UIT19522051 2
  • 最新版windows11运行报错

    最新版windows11运行报错

    fapro.exe run -v -l :8080 panic: Fatal error config file: While parsing config: invalid character 'ÿ' looking for beginning of value

    goroutine 1 [running]: main.(*runCommand).Execute(0xc0001d3d80, {0x2749d80, 0x2539201, 0xc0001d3d80}) /fapro/main.go:193 +0x11b6 main.main.func1({0x15de17e1cc0, 0xc0001d3d80}, {0xc000709740, 0x1, 0x0}) /fapro/main.go:375 +0x66 github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc0003d7730, {0xc00005c090, 0x7, 0x7}) pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x87c github.com/jessevdk/go-flags.(*Parser).Parse(...) pkg/mod/github.com/jessevdk/go-[email protected]/parser.go:191 main.main() /fapro/main.go:378 +0x294

    ============================ 配置使用默认生成。

    duplicate 
    opened by badboycxcc 2
  • 开启vnc服务后内存占用过高

    开启vnc服务后内存占用过高

    我在阿里云上部署了一个2G内存的节点,并开启了vnc服务。今天早上大概9点开始,它接收到了大量的vnc连接请求,直到中午1点左右宕机,内存占用从460M匀速上升到了1.8G。我查看日志时,message中是有close conn的,但是内存似乎一直没有被释放? 是我的配置有什么问题吗?配置文件只使用了默认的参数:

    {
  "handler": "vnc",
  "port": 5900,
  "params": {
    "challenge": "0123456789abcdef",
    "password": "1234561"
  }
},
    bug 
    opened by zhy27 2
  • panic: no active connection found: no Elasticsearch node available

    panic: no active connection found: no Elasticsearch node available

    报错:panic: no active connection found: no Elasticsearch node available

    • ELK_VERSION=7.16.2
    • docker

    参考以下资料,添加了如下一堆还是没修改成功 https://stackoverflow.com/questions/61455272/cannot-connect-to-elastic-search-no-active-connection-found-no-elasticsearch https://www.cnblogs.com/xiaoff/p/9913544.html https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html

    cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.host: 0.0.0.0
network.publish_host: 0.0.0.0
transport.host: 0.0.0.0
http.publish_port: 9200
    documentation faq 
    opened by b1ank1108 1
  • [win10]cannot startup fapro

    [win10]cannot startup fapro

    $ ./fapro genConfig -p ssh { "version": "0.58", "hostname": "", "network": "127.0.0.1/32", "network_build": "localhost", "geo_db": "", "exclusions": null, "storage": null, "use_logq": false, "syn_dev": "", "icmp_dev": "", "udp_dev": "", "cert_name": "", "hosts": [ { "ip": "127.0.0.1", "handlers": [ { "handler": "ssh", "port": 22, "params": { "accounts": [ "root:123456:/root:0" ], "prompt": "$ ", "server_version": "SSH-2.0-OpenSSH_7.4" } } ] } ], "templates": null }

    $ ./fapro run -v -l :8080 time="2022-02-24T11:40:16+08:00" level=info msg="ip exclusions: []" use disk queue: false time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] NamespaceRuntimeInit: Failed to create private namespace: 拒绝访问。 (Code 0x00000005)\n" time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunOpenAdapter: Failed to take WireGuard pool mutex\n" time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunCreateAdapter: Creating adapter\n" time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunCreateAdapter: Failed to create new device information element: 拒绝访问。 (Code 0x00000005)\n" panic: tun device from name error: Error creating interface: Access is denied.

    goroutine 1 [running]: main.(*runCommand).Execute(0xc00068b680, {0x1b8bd00, 0x195c601, 0xc00068b680}) /fapro/main.go:381 +0x14e6 main.main.func1({0x250c46e8030, 0xc00068b680}, {0xc000575d40, 0x1, 0x1b52500}) /fapro/main.go:523 +0x66 github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc0000f9880, {0xc0000cc010, 0x7, 0x7}) pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x87c github.com/jessevdk/go-flags.(*Parser).Parse(...) pkg/mod/github.com/jessevdk/go-[email protected]/parser.go:191 main.main() /fapro/main.go:526 +0x27e

    opened by mfwildfire 1
  • 能否实现类似inetsim的功能?

    能否实现类似inetsim的功能?

    一些提议

    看到这个项目时,就觉得它可以替代inetsim作为样本分析时的嗅探机工具(易上手) 那么是否考虑实现对应功能(暂时想到)

    • 可以监听0.0.0.0
    • DNS支持重定向(将受害机释放样本时的外链请求均重定向至嗅探机)

    使用时的小问题

    使用fapro genConfig -n (0.0.0.0/0|本机网段(例如192.168.1.0/24)) > fapro.json时运行fapro会报错提示already exist subnet 不过通过web端的协议配置里配置本机ip可以正常使用且能被同网段机器访问

    enhancement faq 
    opened by ZoomGod 1
  • fapro as honeypot!?

    fapro as honeypot!?

    at first, thanks you for contributing this tool.

    can we use it as a honeypot via some changes on source code?

    you as owner of tool, have you any idea for converting this tool to a honeypot tool?

    tnx a lot.

    opened by alimp5 1
  • 能否考虑给elasticsearch增加设置账号、密码的功能。

    能否考虑给elasticsearch增加设置账号、密码的功能。

    工具很好用。 希望给elasticsearch增加设置账号、密码的功能。

    现在es的配置信息如下,不支持account参数

      {
                    "handler": "elasticsearch",
                    "port": 9200
                },
    feature 
    opened by hi-unc1e 1
  • Modules suggestion

    Modules suggestion

    https://www.criminalip.io/ - Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated

    opened by parkjunmin 0
Releases(v0.64)
Owner
FOFA Pro
FOFA Pro 的开源项目
FOFA Pro
GitHub Repository
Modern Denial-of-service ToolKit for python

💣 Impulse Modern Denial-of-service ToolKit 💻 Main window 📡 Methods: Method Target Description SMS PHONE Sends a massive amount of SMS messages and

1 Nov 29, 2021
Impacket is a collection of Python classes for working with network protocols.

What is Impacket? Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmat

SecureAuth Corporation 10.4k Jan 09, 2023
Readable, simple and fast asynchronous non-blocking network apps

Fast and readable async non-blocking network apps Netius is a Python network library that can be used for the rapid creation of asynchronous non-block

Hive Solutions 120 Nov 20, 2022
This application aims to read all wifi passwords and visualizes the complexity in graph formation by taking into account several criteria and help you generate new random passwords.

This application aims to read all wifi passwords and visualizes the complexity in graph formation by taking into account several criteria and help you generate new random passwords.

Njomza Rexhepi 0 May 29, 2022
Publish GPU miner info to MQTT

Miner2MQTT Доступ к вашему GPU майнеру через MQTT. Изменения 1.0 EXE файл для Windows 1.1 Управление вентиляторами видеокарт (Linux) Упраление power l

Dmitry Bukhvalov 5 Aug 21, 2022
Roadster - Distance to Closest Road Feature Server

Roadster: Distance to Closest Road Feature Server Milliarium Aerum, the zero of

Textualization Software Ltd. 4 May 23, 2022
Simple reverse backdoor utility, that uses sockets to communicate.

reverse_backdoor Simple reverse backdoor utility, that uses sockets to communicate. How to use Run rev_bd_listener.py using command below: $ python3 r

1 Dec 10, 2021
This is a simple python script to collect sub-domains from hackertarget API

Domain-Scraper 🌐 This is a simple python script to collect sub-domains from hackertarget API Note : This is tool is limited to 20 Queries / day with

CHINO TECH TOOLS 4 Sep 09, 2021
A simple multi-threaded time server and client in python.

time-server-client A simple multi-threaded time server and client in Python. This uses the latest match/case command found in Python 3.10 so requires

Zeeshan Mulk 1 Jan 29, 2022
A simple Tor switcher script switches tor nodes in interval of time

Tor_Switcher A simple Tor switcher script switches tor nodes in interval of time This script will switch tor nodes in every interval of time that you

d4rk sh4d0w 2 Nov 15, 2021
Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)

http-protocol-exfil Use the HTTP protocol version to send a file bit by bit ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1). It uses GET requests so the Blu

Ricardo Ruiz 23 Apr 30, 2022
QUIC and HTTP/3 implementation in Python

aioquic What is aioquic? aioquic is a library for the QUIC network protocol in Python. It features a minimal TLS 1.3 implementation, a QUIC stack and

1.2k Dec 29, 2022
Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI.

Overview docs tests package Remote vanilla PDB (over TCP sockets) done right: no extras, proper handling around connection failures and CI. Based on p

Ionel Cristian Mărieș 227 Dec 27, 2022
Very simple FTP client, sync folder to FTP server, use python, opensource

ftp-sync-python Opensource, A way to safe your data, avoid lost data by Virus, Randsomware Some functions: Upload a folder automatically to FTP server

4 Sep 13, 2022
Simple python script for automated network scans with random name generator(useful for CTF boxes).

📄 Automated NMAP script Description Simple python script for automated network scans with random name generator(useful for CTF boxes). Requirements 1

Dhmos Funk 2 Oct 29, 2021
A p2p chat app for zephyr

A p2p chat app for zephyr

L3gacy B3ta 4 Jun 02, 2021
Multipurpose Growtopia Server tools, can be used for newbie to learn things.

Multipurpose Growtopia Server tools, can be used for newbie to learn things.

FelixF 3 Dec 01, 2021
Fmog: Fortinet Mass Object Generator. This script will take a list of IP addresses and create address objects with the same name

Fmog: Fortinet Mass Object Generator This script will take a list of IP addresses and create address objects with the same name. It will also add them

2 Oct 26, 2021
Script and library to wait for a DNS authority server to get its configuration.

DNSWait dnswait is a small script to wait for the "propagation" of a namserver configuration. Installing It's as easy as: python -m pip install dnswai

Julien Palard 14 Jan 17, 2022
Ov3 - Easy common OpenVPN3 operations

ov3 Easy common OpenVPN3 operations Install ov3 requires Python3 and OpenVPN3 to

Yunus Bora Erciyas 6 Apr 25, 2022