{"id":13775763,"url":"https://github.com/cisco-talos/decept","last_synced_at":"2025-04-09T08:11:44.675Z","repository":{"id":20390813,"uuid":"82953176","full_name":"Cisco-Talos/Decept","owner":"Cisco-Talos","description":"Decept Network Protocol Proxy","archived":false,"fork":false,"pushed_at":"2023-01-20T19:51:10.000Z","size":192,"stargazers_count":276,"open_issues_count":2,"forks_count":56,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-02T06:08:07.379Z","etag":null,"topics":["filter","network-proxy","traffic"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cisco-Talos.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-23T17:30:12.000Z","updated_at":"2025-03-19T23:50:00.000Z","dependencies_parsed_at":"2023-02-12T04:45:57.244Z","dependency_job_id":null,"html_url":"https://github.com/Cisco-Talos/Decept","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FDecept","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FDecept/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FDecept/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FDecept/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cisco-Talos","download_url":"https://codeload.github.com/Cisco-Talos/Decept/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247999864,"owners_count":21031046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["filter","network-proxy","traffic"],"created_at":"2024-08-03T17:01:48.816Z","updated_at":"2025-04-09T08:11:44.654Z","avatar_url":"https://github.com/Cisco-Talos.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"d03d494700077f6a65092985c06bf8e8\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"0ff94312f3ab4898f5996725133ea9d1\"\u003e\u003c/a\u003e未分类"],"readme":"# Decept Proxy\n\nYay, another network proxy. What makes this any different from any others?\n\n* Created with portability in mind, it only uses as standard python libraries,\nso you can drop it on a box and not worry, as long as python 2 is there.\n\n* Supports SSL endpoirnts, IPV6, Unix Sockets, Abstract Namespace sockets,\nL3 protocols/captures and also L2 bridging and passive modes.\n\n* Any traffic that passes through Decept.py can be dumped into a .fuzzer file\nformat that is suitable for fuzzing with the Mutiny Fuzzing Framework.\n\n* SSH proxying/sniffing/filtering with lil_sshniffer.py and lil_netkit.py \n\n* HTTP/HTTPS multiplexing. Examine hosts.conf for more information.\n\n* Based off of the tcp proxy.py from Black Hat Python by Justin Seitz\n\n```\n[\u003c_\u003c] Decept proxy/sniffer [\u003e_\u003e]\n\n\nusage: decept.py \u003clocal_host\u003e \u003clocal_port\u003e \u003cremote_host\u003e \u003cremote_port\u003e [OPTIONS]\n\noptional arguments:\n -h, --help show this help message and exit\n --quiet Don't show hexdumps\n --recv_first Receive stuff first?\n --timeout TIMEOUT Timeout for outbound socket\n --loglast LOGLAST Log the last packet (unimplimented)\n --fuzzer FUZZFILE *.fuzzer output for mutiny (extensions required)\n --dumpraw DUMPDIR Directory to dump raw packet files into\n (fmt = %d-%s % (pkt_num,[inbound|outbound]))\n --max-packet-len LEN Max amount of data per packet when sending data\n --dont_kill For when you don't want the connection to die if\n neither side sends packets for TIMEOUT seconds.\n Use with --expect if you still need the session\n to end though.\n --expect RESPCOUNT Useful with --dont_kill. Wait for RESPCOUNT\n responses from the remote server, and then kill\n the connection. Good for fuzzing campaigns.\n\n -l, {ssl,udp,tcp}|[L3 Proto] Local endpoint type\n -r, {ssl,udp,tcp}|[L3 Proto] Remote endpoint type\n\n --rbind_addr IPADDR IP address to use for remote side. Make sure that\n you have the IP somewhere on an interface though.\n --rbind_port PORT PORT to bind to for remote side.\n\nSSL Options:\n --lcert SSL_PEM_CERT Cert to use for accepting local SSL\n (Optionally cert and key in one file)\n --lkey SSL_PEM_KEY Private key for local cert\n --rcert SSL_PEM_CERT Cert to use for connecting to remote SSL\n (Optionally cert and key in one file)\n --rkey SSL_PEM_KEY Private key for remote cert\n --rverify HOSTNAME Verify remote side as host HOSTNAME before\n connecting.\n\nHook Files:\n Optional function definitions for processing data between inbound\n and outbound endpoints. Can pass data between the hooks/proxy with\n the userdata parameters. Look at `hooks` folder for some examples/\n prebuilt useful things.\n\n --hookfile \u003cfile\u003e | Functions imported from file:\n string outbound_hook(outbound,userdata=[]):\n string inbound_hook(outbound,userdata=[]):\n\nTap Mode (--tap):\n Decept will replicate any inbound/outbound traffic over localhost now\n also, such that you can view traffic that has been decrypted or processed\n by the inbound/outbound hooks in something more legit than the hexdump\n function. (e.g. tcpdump/wireshark/tshark/etc)\n\nHost Config File:\n Optionally, instead of specifying a remote host, if you specify a valid\n filename, you can multiplex HTTP/HTTPS connections to different URLs.\n Please examine the example \"hosts.conf\" for more information.\n\n------------------------------------------------------------------------\n\nL2 usage: decept.py \u003clocal_int\u003e \u003clocal_mac\u003e \u003cremote_int\u003e \u003cremote_mac\u003e\n\nL2 options:\n --l2_filter MACADDR Ignore inbound traffic except from MACADDR\n --l2_MTU MTU Set Maximum Transmision Unit for socket\n --l2_forward Bridge the local interface and remote interface\n\n --pcap PCAPDIR Directory to store pcaps\n --pps Create a new pcap for each session\n --snaplen SNAPLEN Length of packet truncation\n --pcap_interface IFACE Specify which interface the packets will be\n coming in on. \"eth0\" by default.\n\nL4 Usage: decept.py 127.0.0.1 9999 10.0.0.1 8080\nL3 Usage: decept.py 127.0.0.1 0 10.0.0.1 0 -l icmp -r icmp\nL2 Usage: decept.py lo 00:00:00:00:00:00 eth0 ff:aa:cc:ee:dd:00\nUnix: decept.py localsocketname 0 remotesocketname 0\nAbstract: decept.py \\\\x00localsocketname 0 \\\\x00remotesocketname 0\n\nArp Poisoning options:\n --poison \u003cconfig-file\u003e Contains \"mac1|mac2|ip1|ip2\" to poison.\n --poison_int \u003cinterface\u003e Interface on which to poison (eth0 default)\n\n```\n\n# lil_sshniffer.py\n\nMain lil_sshniffer uses:\n\n1. SSH MITM: With the '--sniff' flag, lil_sshniffer will accept an SSH connection\non the Localhost/local port specified and then try to connect to the given RHOST/RPORT with the\ncredentials provided. All traffic is logged and can be filtered/acted upon before traversing all\nthe way through with the '--filter' flag (lil_netkit.py for more info). \n\n2. Fuzzing an SSH wrapped service: Without the '-s' flag, lil_sshniffer will take a connection\nand wrap in in whatever type of SSH connection you want. (--subsystem/--pty/--interactive/\n--pty) \n\n```\n[^.^] lil_sshniffer.py [^.^] ~For all your sshniffing needs~\n\nusage: lil_sshniffer.py rhost\n [-h] [--lhost LHOST] [--lport LPORT] [--rport RPORT]\n [-d] [-l] [-P] [-s] [-k SPOOF_KEY] [-r] [-a AUTH_KEY]\n [-u USERNAME] [-p PASSWORD] [-t TIMEOUT]\n [--subsystem SUBSYSTEM | --execute EXECUTE | --interactive]\n [-f] [-?] [-j]\n\npositional arguments:\n rhost Remote address to connect to\n\noptional arguments:\n -h, --help show this help message and exit\n --lhost LHOST Local address to bind to\n --lport LPORT Local port to bind to\n --rport RPORT Remote port to connect to\n -d, --debug Extra output\n -l, --logging Enable/disable logging\n -P, --pty Allocate a pty also\n -s, --sniff Create an inbound and outbound SSH Server\n -k SPOOF_KEY, --spoof_key SPOOF_KEY\n RSA key to use for spoofing\n -r, --retry Do the retry hack \u003e_\u003c\n -a AUTH_KEY, --auth_key AUTH_KEY\n Key for authenticating outbound\n -u USERNAME, --username USERNAME\n Username for outbound connection (leave blank for\n prompt)\n -p PASSWORD, --password PASSWORD\n Password for outbound connection (leave blank for\n prompt)\n -t TIMEOUT, --timeout TIMEOUT\n Timeout for sockets\n --subsystem SUBSYSTEM, -S SUBSYSTEM\n Execute the given subsystem (scp/sftp/ssh/netconf/etc)\n --execute EXECUTE, -e EXECUTE\n Execute a single command\n --interactive, -i Requests a shell w/pty (default)\n -f, --filtering Filter input and output w/lil_netkit\n -?, --cisco For when you're filtering on a connection with a Cisco\n CLI device\n -j, --hijack Hijack ssh session after target quits\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisco-talos%2Fdecept","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcisco-talos%2Fdecept","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisco-talos%2Fdecept/lists"}