Galah:一款功能强大的LLM驱动型OpenAI Web蜜罐系统

2024-02-04 13:08:11 浏览数 (3)

关于Galah

Galah是一款功能强大的Web蜜罐,该工具由LLM大语言模型驱动,基于OpenAI API实现其功能。

很多传统的蜜罐系统会模拟一种包含了大量网络应用程序的网络系统,但这种方法非常繁琐,而且有其固有的局限性。Galah则不同,Galah使用了完全不同的技术路线,利用了LLM大语言模型作为驱动引擎,外加OpenAI的加成,支持处理传入的HTTP请求,并能够动态实时构建真实的响应数据,以对抗威胁行为者。

工具要求

Go v1.20

工具下载

由于该工具基于Go语言开发,因此我们首先需要在本地设备上安装并配置好Go v1.20 环境。

接下来,复制链接【https://platform.openai.com/api-keys】创建你的OpenAI API密钥。如果你想要使用HTTPS的话,别忘了生成TLS证书。

配置完成之后,广大研究人员可以直接使用下列命令将该项目源码克隆至本地:

代码语言:javascript复制
git clone git@github.com:0x4D31/galah.git

然后使用下列命令切换到项目目录中,并安装该工具所需的全部依赖组件:

代码语言:javascript复制
cd galah

go mod download

go build  

./galah -i en0 -v

响应案例

样例1

代码语言:javascript复制
% curl http://localhost:8080/login.php

<!DOCTYPE html><html><head><title>Login Page</title></head><body><form action='/submit.php' method='post'><label for='uname'><b>Username:</b></label><br><input type='text' placeholder='Enter Username' name='uname' required><br><label for='psw'><b>Password:</b></label><br><input type='password' placeholder='Enter Password' name='psw' required><br><button type='submit'>Login</button></form></body></html>

JSON日志记录:

代码语言:javascript复制
{"timestamp":"2024-01-01T05:38:08.854878","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"51978","sensorName":"home-sensor","port":"8080","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/login.php","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Content-Type":"text/html","Server":"Apache/2.4.38"},"body":"u003c!DOCTYPE htmlu003eu003chtmlu003eu003cheadu003eu003ctitleu003eLogin Pageu003c/titleu003eu003c/headu003eu003cbodyu003eu003cform action='/submit.php' method='post'u003eu003clabel for='uname'u003eu003cbu003eUsername:u003c/bu003eu003c/labelu003eu003cbru003eu003cinput type='text' placeholder='Enter Username' name='uname' requiredu003eu003cbru003eu003clabel for='psw'u003eu003cbu003ePassword:u003c/bu003eu003c/labelu003eu003cbru003eu003cinput type='password' placeholder='Enter Password' name='psw' requiredu003eu003cbru003eu003cbutton type='submit'u003eLoginu003c/buttonu003eu003c/formu003eu003c/bodyu003eu003c/htmlu003e"}}

样例2

代码语言:javascript复制
% curl http://localhost:8080/.aws/credentials

[default]

aws_access_key_id = AKIAIOSFODNN7EXAMPLE

aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

region = us-west-2

JSON日志记录:

代码语言:javascript复制
{"timestamp":"2024-01-01T05:40:34.167361","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"65311","sensorName":"home-sensor","port":"8080","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/.aws/credentials","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Connection":"close","Content-Encoding":"gzip","Content-Length":"126","Content-Type":"text/plain","Server":"Apache/2.4.51 (Unix)"},"body":"[default]naws_access_key_id = AKIAIOSFODNN7EXAMPLEnaws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYnregion = us-west-2"}}

样例3

代码语言:javascript复制
% curl http://localhost:8888/are-you-a-honeypot

No, I am a server.`

JSON日志记录:

代码语言:javascript复制
{"timestamp":"2024-01-01T05:50:43.792479","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"61982","sensorName":"home-sensor","port":"8888","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/are-you-a-honeypot","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Connection":"close","Content-Length":"20","Content-Type":"text/plain","Server":"Apache/2.4.41 (Ubuntu)"},"body":"No, I am a server."}}

样例4

代码语言:javascript复制
% curl http://localhost:8888/i-mean-are-you-a-fake-server`

No, I am not a fake server.

JSON日志记录:

代码语言:javascript复制
{"timestamp":"2024-01-01T05:51:40.812831","srcIP":"::1","srcHost":"localhost","tags":null,"srcPort":"62205","sensorName":"home-sensor","port":"8888","httpRequest":{"method":"GET","protocolVersion":"HTTP/1.1","request":"/i-mean-are-you-a-fake-server","userAgent":"curl/7.71.1","headers":"User-Agent: [curl/7.71.1], Accept: [*/*]","headersSorted":"Accept,User-Agent","headersSortedSha256":"cf69e186169279bd51769f29d122b07f1f9b7e51bf119c340b66fbd2a1128bc9","body":"","bodySha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},"httpResponse":{"headers":{"Connection":"close","Content-Type":"text/plain","Server":"LocalHost/1.0"},"body":"No, I am not a fake server."}}

工具运行截图

许可证协议

本项目的开发与发布遵循Apache-2.0开源许可证协议。

项目地址

Galah:

https://github.com/0x4D31/galah

0 人点赞