Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/skeeto/endlessh

SSH tarpit that slowly sends an endless banner
https://github.com/skeeto/endlessh

Last synced: 5 days ago
JSON representation

SSH tarpit that slowly sends an endless banner

Host: GitHub
URL: https://github.com/skeeto/endlessh
Owner: skeeto
License: unlicense
Created: 2019-02-03T03:40:32.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2024-06-03T13:22:10.000Z (5 months ago)
Last Synced: 2024-10-16T02:42:16.395Z (19 days ago)
Language: C
Homepage:
Size: 77.1 KB
Stars: 7,251
Watchers: 87
Forks: 280
Open Issues: 45
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-cybersecurity-blueteam - Endlessh - SSH tarpit that slowly sends an endless banner. (Honeypots / Tarpits)
my-awesome-starred - skeeto/endlessh - SSH tarpit that slowly sends an endless banner (C)
awesome-repositories - skeeto/endlessh - SSH tarpit that slowly sends an endless banner (C)
stars - skeeto/endlessh - SSH tarpit that slowly sends an endless banner (C)
awesome-systools - Endlessh
awesome-hacking-lists - skeeto/endlessh - SSH tarpit that slowly sends an endless banner (C)
awesome-cybersecurity-blueteam-cn - Endlessh - 一种SSH tarpit，可以缓慢地发送无休止的SSH banner (蜜罐 / Tarpits)

README

        # Endlessh: an SSH tarpit

Endlessh is an SSH tarpit [that *very* slowly sends an endless, random

SSH banner][np]. It keeps SSH clients locked up for hours or even days

at a time. The purpose is to put your real SSH server on another port

and then let the script kiddies get stuck in this tarpit instead of

bothering a real server.

Since the tarpit is in the banner before any cryptographic exchange

occurs, this program doesn't depend on any cryptographic libraries. It's

a simple, single-threaded, standalone C program. It uses `poll()` to

trap multiple clients at a time.

## Usage

Usage information is printed with `-h`.

```

Usage: endlessh [-vhs] [-d MS] [-f CONFIG] [-l LEN] [-m LIMIT] [-p PORT]

  -4        Bind to IPv4 only

  -6        Bind to IPv6 only

  -d INT    Message millisecond delay [10000]

  -f        Set and load config file [/etc/endlessh/config]

  -h        Print this help message and exit

  -l INT    Maximum banner line length (3-255) [32]

  -m INT    Maximum number of clients [4096]

  -p INT    Listening port [2222]

  -s        Print diagnostics to syslog instead of standard output

  -v        Print diagnostics (repeatable)

```

Argument order matters. The configuration file is loaded when the `-f`

argument is processed, so only the options that follow will override the

configuration file.

By default no log messages are produced. The first `-v` enables basic

logging and a second `-v` enables debugging logging (noisy). All log

messages are sent to standard output by default. `-s` causes them to be

sent to syslog.

    endlessh -v >endlessh.log 2>endlessh.err

A SIGTERM signal will gracefully shut down the daemon, allowing it to

write a complete, consistent log.

A SIGHUP signal requests a reload of the configuration file (`-f`).

A SIGUSR1 signal will print connections stats to the log.

## Sample Configuration File

The configuration file has similar syntax to OpenSSH.

```

# The port on which to listen for new SSH connections.

Port 2222

# The endless banner is sent one line at a time. This is the delay

# in milliseconds between individual lines.

Delay 10000

# The length of each line is randomized. This controls the maximum

# length of each line. Shorter lines may keep clients on for longer if

# they give up after a certain number of bytes.

MaxLineLength 32

# Maximum number of connections to accept at a time. Connections beyond

# this are not immediately rejected, but will wait in the queue.

MaxClients 4096

# Set the detail level for the log.

#   0 = Quiet

#   1 = Standard, useful log messages

#   2 = Very noisy debugging information

LogLevel 0

# Set the family of the listening socket

#   0 = Use IPv4 Mapped IPv6 (Both v4 and v6, default)

#   4 = Use IPv4 only

#   6 = Use IPv6 only

BindFamily 0

```

## Build issues

Some more esoteric systems require extra configuration when building.

### RHEL 6 / CentOS 6

This system uses a version of glibc older than 2.17 (December 2012), and

`clock_gettime(2)` is still in librt. For these systems you will need to

link against librt:

    make LDLIBS=-lrt

### Solaris / illumos

These systems don't include all the necessary functionality in libc and

the linker requires some extra libraries:

    make CC=gcc LDLIBS='-lnsl -lrt -lsocket'

If you're not using GCC or Clang, also override `CFLAGS` and `LDFLAGS`

to remove GCC-specific options. For example, on Solaris:

    make CFLAGS=-fast LDFLAGS= LDLIBS='-lnsl -lrt -lsocket'

The feature test macros on these systems isn't reliable, so you may also

need to use `-D__EXTENSIONS__` in `CFLAGS`.

### OpenBSD

The man page needs to go into a different path for OpenBSD's `man` command:

```

diff --git a/Makefile b/Makefile

index 119347a..dedf69d 100644

--- a/Makefile

+++ b/Makefile

@@ -14,8 +14,8 @@ endlessh: endlessh.c

 install: endlessh

        install -d $(DESTDIR)$(PREFIX)/bin

        install -m 755 endlessh $(DESTDIR)$(PREFIX)/bin/

-       install -d $(DESTDIR)$(PREFIX)/share/man/man1

-       install -m 644 endlessh.1 $(DESTDIR)$(PREFIX)/share/man/man1/

+       install -d $(DESTDIR)$(PREFIX)/man/man1

+       install -m 644 endlessh.1 $(DESTDIR)$(PREFIX)/man/man1/

 clean:

        rm -rf endlessh

```

[np]: https://nullprogram.com/blog/2019/03/22/