feat: support service banner for TCP

protocols/helpers/helpers.go

@@ -36,3 +36,8 @@ func StorePayload(data []byte) (string, error) {
 	}
 	return sha256Hash, nil
 }
+
+func HashData(data []byte) string {
+	hash := sha256.Sum256(data)
+	return hex.EncodeToString(hash[:])
+}

protocols/protocols.go

@@ -3,8 +3,10 @@ package protocols
 import (
 	"bytes"
 	"context"
+	"errors"
 	"net"
 	"strings"
+	"time"
 
 	"github.com/mushorg/glutton/connection"
 	"github.com/mushorg/glutton/producer"
@@ -66,7 +68,17 @@ func MapTCPProtocolHandlers(log interfaces.Logger, h interfaces.Honeypot) map[st
 		return tcp.HandleADB(ctx, conn, md, log, h)
 	}
 	protocolHandlers["tcp"] = func(ctx context.Context, conn net.Conn, md connection.Metadata) error {
+		conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
 		snip, bufConn, err := Peek(conn, 4)
+		var netErr net.Error
+		if errors.As(err, &netErr) && netErr.Timeout() {
+			if err := tcp.SendBanner(md.TargetPort, conn, md, log, h); err != nil {
+				log.Error("Failed to send service banner", producer.ErrAttr(err))
+			}
+			conn.SetReadDeadline(time.Time{})
+			return tcp.HandleTCP(ctx, conn, md, log, h)
+		}
+		conn.SetReadDeadline(time.Time{})
 		if err != nil {
 			if err := conn.Close(); err != nil {
 				log.Error("failed to close connection", producer.ErrAttr(err))

protocols/tcp/banners.go

@@ -0,0 +1,38 @@
+package tcp
+
+import (
+	"embed"
+	"fmt"
+	"io"
+	"log/slog"
+	"net"
+
+	"github.com/mushorg/glutton/connection"
+	"github.com/mushorg/glutton/producer"
+	"github.com/mushorg/glutton/protocols/interfaces"
+)
+
+//go:embed banners/*
+var bannerFiles embed.FS
+
+// SendBanner retrieves and sends service banner for the specified port.
+func SendBanner(port uint16, conn net.Conn, md connection.Metadata, logger interfaces.Logger, h interfaces.Honeypot) error {
+	bannerPath := fmt.Sprintf("banners/%d_tcp", port)
+	banner, err := bannerFiles.Open(bannerPath)
+	if err != nil {
+		return fmt.Errorf("failed to get banner: %w", err)
+	}
+	defer banner.Close()
+
+	bannerData, err := io.ReadAll(banner)
+	if err != nil {
+		return fmt.Errorf("failed to read banner content: %w", err)
+	}
+	if _, err := conn.Write(bannerData); err != nil {
+		return fmt.Errorf("failed to write banner: %w", err)
+	}
+	if err = h.ProduceTCP("banner", conn, md, bannerData, nil); err != nil {
+		logger.Error("Failed to produce message", producer.ErrAttr(err), slog.String("handler", "banner"))
+	}
+	return nil
+}

protocols/tcp/banners/110_tcp

@@ -0,0 +1 @@
++OK 

protocols/tcp/banners/21000_tcp

@@ -0,0 +1,4 @@
+Microsoft Windows XP [Version 5.1.2600]
+(C) Copyright 1985-2001 Microsoft Corp.
+
+C:\WINDOWS\system32> 

protocols/tcp/banners/21_tcp

@@ -0,0 +1 @@
+220 Welcome to localhost

protocols/tcp/banners/25_tcp

@@ -0,0 +1 @@
+250 localhost ESMTP Postfix

protocols/tcp/banners/4444_tcp

@@ -0,0 +1,4 @@
+Microsoft Windows XP [Version 5.1.2600]
+(C) Copyright 1985-2001 Microsoft Corp.
+
+C:\WINDOWS\system32> 

protocols/tcp/banners/5060_tcp

@@ -0,0 +1,26 @@
+SIP/2.0 200 OK
+Via: SIP/2.0/TCP 127.0.0.1:5060;branch=1234567890
+From: sip:[email protected];tag=bad-012345
+To: <sip:[email protected];user=phone>;tag=bad-012345
+Call-ID: 1348979872-797979222304855
+Cseq: 15 INVITE
+Contact: sip:[email protected]
+Content-Length: 401
+Content-Type: application/sdp
+
+v=0
+Anonymous 1234567890 9876543210 IN IP4 127.0.0.1
+s=SIGMA is the best
+s=gotcha
+c=IN IP4 127.0.0.1
+t=0 0
+m=audio 36952 RTP/AVP 107 119 100 106 6 0 97 105 98 8 18 3 5 101
+a=rtpmap:107 BV32/16000
+a=rtpmap:119 BV32-FEC/16000
+a=rtpmap:100 SPEEX/16000
+a=rtpmap:106 SPEEX-FEC/16000
+a=rtpmap:97 SPEEX/8000
+a=rtpmap:105 SPEEX-FEC/8000
+a=rtpmap:98 iLBC/8000
+a=rtpmap:101 telephone-event/8000
+a=fmtp:101 0-11

protocols/tcp/banners/5900_tcp

@@ -0,0 +1 @@
+RFB 003.008

protocols/tcp/banners/80_tcp

@@ -0,0 +1,15 @@
+HTTP/1.1 200 OK
+Connection: close
+Date: Sun, 27 Nov 2005 13:07:34 GMT
+Server: Microsoft-IIS/6.0
+X-Powered-By: ASP.NET
+X-AspNet-Version: 2.0.50727
+Accept-Ranges: bytes
+Content-Length: 30
+Cache-Control: private
+Content-Type: text/html; charset=utf-8
+
+<HTML>
+<BODY>
+</BODY>
+</HTML>

protocols/tcp/banners/README.md

@@ -0,0 +1 @@
+Service banners are sourced from: https://github.com/armedpot/honeytrap/tree/master/etc/responses.

protocols/tcp/responses/110_tcp

@@ -0,0 +1 @@
++OK 

protocols/tcp/responses/21000_tcp

@@ -0,0 +1,4 @@
+Microsoft Windows XP [Version 5.1.2600]
+(C) Copyright 1985-2001 Microsoft Corp.
+
+C:\WINDOWS\system32> 

protocols/tcp/responses/21_tcp

@@ -0,0 +1 @@
+220 Welcome to localhost

protocols/tcp/responses/25_tcp

@@ -0,0 +1 @@
+250 localhost ESMTP Postfix

protocols/tcp/responses/4444_tcp

@@ -0,0 +1,4 @@
+Microsoft Windows XP [Version 5.1.2600]
+(C) Copyright 1985-2001 Microsoft Corp.
+
+C:\WINDOWS\system32> 

protocols/tcp/responses/5060_tcp

@@ -0,0 +1,26 @@
+SIP/2.0 200 OK
+Via: SIP/2.0/TCP 127.0.0.1:5060;branch=1234567890
+From: sip:[email protected];tag=bad-012345
+To: <sip:[email protected];user=phone>;tag=bad-012345
+Call-ID: 1348979872-797979222304855
+Cseq: 15 INVITE
+Contact: sip:[email protected]
+Content-Length: 401
+Content-Type: application/sdp
+
+v=0
+Anonymous 1234567890 9876543210 IN IP4 127.0.0.1
+s=SIGMA is the best
+s=gotcha
+c=IN IP4 127.0.0.1
+t=0 0
+m=audio 36952 RTP/AVP 107 119 100 106 6 0 97 105 98 8 18 3 5 101
+a=rtpmap:107 BV32/16000
+a=rtpmap:119 BV32-FEC/16000
+a=rtpmap:100 SPEEX/16000
+a=rtpmap:106 SPEEX-FEC/16000
+a=rtpmap:97 SPEEX/8000
+a=rtpmap:105 SPEEX-FEC/8000
+a=rtpmap:98 iLBC/8000
+a=rtpmap:101 telephone-event/8000
+a=fmtp:101 0-11

protocols/tcp/responses/5900_tcp

@@ -0,0 +1 @@
+RFB 003.008

protocols/tcp/responses/80_tcp

@@ -0,0 +1,15 @@
+HTTP/1.1 200 OK
+Connection: close
+Date: Sun, 27 Nov 2005 13:07:34 GMT
+Server: Microsoft-IIS/6.0
+X-Powered-By: ASP.NET
+X-AspNet-Version: 2.0.50727
+Accept-Ranges: bytes
+Content-Length: 30
+Cache-Control: private
+Content-Type: text/html; charset=utf-8
+
+<HTML>
+<BODY>
+</BODY>
+</HTML>