k8s 中文文档


  FaPro

Free,Cross-platform,Single-file mass network protocol server simulator

中文Readme


Description


FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.

The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol.

Demo Site

Features


Supported Running Modes:

Local Machine
Virtual Network

Supported Protocols:

DNS
DCE/RPC
EIP
Elasticsearch
FTP
HTTP
IEC 104
Memcached
Modbus
MQTT
MySQL
RDP
Redis
S7
SMB
SMTP
SNMP
SSH
Telnet
VNC
IMAP
POP3
NTP
RTSP
PORTMAP
PostgreSQL
SIP
SSDP
BACnet
Oracle TNS
AMQP
NFS
COAP
WEMO
DHT
Ethereum
SOCKS5
EOS.IO
ONVIF
NetBIOS
WebLogic
ICAP
MSSQL
LDAP
IKE
Fox
DNP3
OMRON
GE-SRTP
MongoDB
Java-RMI
PCWorx
Cassandra
RedLion-Crimson3
PPTP

Use TcpForward to forward network traffic

Support tcp syn logging

Support icmp ping logging

Support udp packet logging

Support ja3 SSL Fingerprint

Support IP Limiter

Protocol simulation demos


Rdp


Support credssp ntlmv2 nla authentication.

Support to configure the image displayed when user login. RDP demo

SSH


Support user login.

Support fake terminal commands, such as id, uid, whoami, etc.

Account format: username:password:home:uid SSH demo

IMAP & SMTP


Support user login and interaction.

IMAP & SMTP demo

Mysql


Support sql statement query interaction

Mysql demo

FTP


Support user login and interaction.

Ftp demo

Oracle and BACnet


Currently only support nmap fingerprint spoofing

tns and BACnet demo

Telnet


Support login and interaction.

Telnet demo

Redis


Support login and  interaction

Redis demo

Elasticsearch


Support basic info

Elasticsearch demo

AMQP


Support login and interaction

AMQP demo

COAP


Currently only support nmap fingerprint spoofing

COAP demo

HTTP


Support website clone, You need to install the chrome browser and chrome driver to work.

Quick Start


Generate Config


The configuration of all protocols and parameters is generated by genConfig subcommand.

Use 172.16.0.0/16 subnet to generate the configuration file:

  1. ``` shell
  2. fapro genConfig -n 172.16.0.0/16 > fapro.json
  3. ```

Or use local address instead of the virtual network:

  1. ``` shell
  2. fapro genConfig > fapro.json
  3. ```

Only generate ssh protocol configuration:

  1. ``` shell
  2. ./fapro genConfig -p ssh
  3. ```

Run the protocol simulator


Run FaPro in verbose mode and start the web service on port 8080:

  1. ``` shell
  2. fapro run -v -l :8080
  3. ```

Tcp syn logging


For windows users, please install winpcap or npcap.

Log analysis


Use ELK to analyze protocol logs: FaPro Kibana

Configuration


This section contains the sample configuration used by FaPro.

  1. ``` json
  2. {
  3.      "version": "0.65",
  4.      "network": "127.0.0.1/32",
  5.      "network_build": "localhost",
  6.      "storage": null,
  7.      "geo_db": "/tmp/geoip_city.mmdb",
  8.      "hostname": "fapro1",
  9.      "use_logq": true,
  10.      "cert_name": "unknown",
  11.      "syn_dev": "any",
  12.      "udp_dev": "any",
  13.      "icmp_dev": "any",
  14.      "limiter": {
  15.          "period": 10,
  16.          "count": 3,
  17.          "block_period": 20
  18.      },
  19.      "exclusions": [],
  20.      "hosts": [
  21.          {
  22.              "ip": "127.0.0.1",
  23.              "handlers": [
  24.                  {
  25.                      "handler": "dcerpc",
  26.                      "port": 135,
  27.                      "params": {
  28.                          "accounts": [
  29.                              "administrator:123456",
  30.                          ],
  31.                          "domain_name": "DESKTOP-Q1Test"
  32.                      }
  33.                  }
  34.              ]
  35.          }
  36.      ]
  37. }

  39. ```

version: Configuration version.
network: The subnet used by the virtual network or the address bound to the local machine(Local mode).
network_build: Network mode(supported value: localhost, all, userdef)
localhost: Local mode, all services are listening on the local machine
all: Create all hosts in the subnet(i.e., Can ping all the host in the subnet)
userdef: Create only the hosts specified in the hosts configuration.

storage: Specify the storage used for log collection, support sqlite, mysql, elasticsearch. e.g.
sqlite3:logs.db
mysql://user:password@tcp(127.0.0.1:3306)/logs
es://http://username:password@127.0.0.1:9200 (currently only supports Elasticsearch 7.x)

geo_db: MaxMind geoip2 database file path, used to generate ip geographic location information. if you use Elasticsearch storage, never need this field, it will be automatically generated using the geoip processor of Elasticsearch.
hostname: Specify the host field in the log.
use_logq: Use local disk message queue to save logs, and then send it to remote mysql or Elasticsearch to prevent remote log loss.
cert_name: Common name of the generated certificate.
syn_dev: Specify the network interface used to capture tcp syn packets. If it is empty, the tcp syn packet will not be recorded. On windows, the device name is like "\Device\NPF_{xxxx-xxxx}".
udp_dev: Same as syn_dev, but for udp packet.
icmp_dev: Same as syn_dev, but for icmp ping packet.
limiter: IP limiter configuration, in the specified time period (period) access more than times (count), then block specified time (block_period).
period: Time period for ip limiter (in minutes)
count: The maximum number of times the IP can be accessed within the specified time period
block_period: The ban time after exceeding the IP access limit (in minutes)

exclusions: Exclude remote ips from logs.
hosts: Each item is a host configuration.
handlers: Service configuration, the service configured on the host, each item is a service configuration.
handler: Service name (i.e., protocol name)
params: Set the parameters supported by the service.

Example


Create a virtual network, The subnet is 172.16.0.0/24, include 2 hosts,

172.16.0.3 run dns, ssh service,

and 172.16.0.5 run rpc, rdp service,

protocol access logs are saved to elasticsearch, exclude the access log of 127.0.0.1 and 8.8.8.8.

  1. ``` json
  2. {
  3.     "version": "0.65",
  4.     "network": "172.16.0.0/24",
  5.     "network_build": "userdef",
  6.     "storage": "es://http://127.0.0.1:9200",
  7.     "use_logq": true,
  8.     "cert_name": "unknown",
  9.     "syn_dev": "any",
  10.     "udp_dev": "any",
  11.     "icmp_dev": "any",
  12.     "limiter": {
  13.          "period": 10,
  14.          "count": 3,
  15.          "block_period": 20
  16.      },
  17.     "exclusions": ["127.0.0.1", "8.8.8.8"],
  18.     "geo_db": ,
  19.     "hosts": [
  20.         {
  21.             "ip": "172.16.0.3",
  22.             "handlers": [
  23.                {
  24.                     "handler": "dns",
  25.                     "port": 53,
  26.                     "params": {
  27.                         "accounts": [
  28.                             "admin:123456"
  29.                         ],
  30.                         "appname": "domain"
  31.                     }
  32.                 },
  33.                 {
  34.                     "handler": "ssh",
  35.                     "port": 22,
  36.                     "params": {
  37.                         "accounts": [
  38.                             "root:5555555:/root:0"
  39.                         ],
  40.                         "prompt": "<%= main %>nbsp;",
  41.                         "server_version": "SSH-2.0-OpenSSH_7.4"
  42.                     }
  43.                 }
  44.             ]
  45.         },
  46.         {
  47.             "ip": "172.16.0.5",
  48.             "handlers": [
  49.                 {
  50.                     "handler": "dcerpc",
  51.                     "port": 135,
  52.                     "params": {
  53.                         "accounts": [
  54.                             "administrator:123456"
  55.                         ],
  56.                         "domain_name": "DESKTOP-Q1Test"
  57.                     }
  58.                 },
  59.                 {
  60.                     "handler": "rdp",
  61.                     "port": 3389,
  62.                     "params": {
  63.                         "accounts": [  
  64.                             "administrator:123456"
  65.                         ],
  66.                         "auth": false,
  67.                         "domain_name": "DESKTOP-Q1Test",
  68.                         "image": "rdp.jpg",
  69.                         "sec_layer": "auto"
  70.                     }
  71.                 }
  72.             ]
  73.         }
  74.     ]
  75. }

  77. ```

Automatically generate service configuration


Use the ipclone.pyscript in Scripts, You can clone the ip service configuration from fofa to quickly generate the service configuration of the real machine.

fofa_clone

Learn more


How to build a network scanning analysis platform - Part I
How to build a network scanning analysis platform - Part II
How to use FaPro to simulate multiple devices in network
Discord

FAQ


We have collected some frequently asked questions. Before reporting an issue, please search if the FAQ has the answer to your problem.

Contributing


Issues are welcome.