DocRock3r/Bjorn
1
0
Fork 0
mirror of https://github.com/infinition/Bjorn.git synced 2025-12-06 06:11:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
Preparing README for pre release of the "alpha"
This version will come without OS, only python files.
For the impatients, i'm planning a realease in the coming week (or my best before the end of july).
Please be aware that this version will certainly be full of bugs as i'm alone on this huge project and discovering the joy of dev life ;)
Enjoy the reading before next updates !
Best regards,
Fabien
This commit is contained in:
infinition
2024-07-02 21:00:40 +02:00
committed by GitHub
parent 0abebbac4f
commit 10ffdfa103
1 changed files with 644 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

661
README.md
View File

@@ -1,23 +1,650 @@
I am pleased to introduce you to Bjorn, a CyberViking that, once connected to the network (WiFi, Ethernet, Bluetooth, or USB), will discover targets present on the network, find open ports, exposed services, and potential vulnerabilities… # Bjorn
With the help of Q-learning, he will learn to improve by performing scans or executing simple brute force or dictionary attacks (ssh, Telnet, SQL, etc.). ![image](https://github.com/infinition/Bjorn/assets/37984399/537b2070-d673-4adb-8680-4492ef83679c)
He will gain experience by discovering as many networks and hosts as possible, passwords, or exposed services.
He will have a memory of the networks to which he has already connected.
See you soon for future updates!
Features ## Introduction
Network Discovery: Automatically scans for devices and open ports on the network.
Vulnerability Detection: Identifies exposed services and potential vulnerabilities.
Q-learning: Utilizes Q-learning to improve scanning and attack techniques over time.
Brute Force and Dictionary Attacks: Performs simple brute force and dictionary attacks on common services (SSH, Telnet, SQL, etc.).
Experience Gaining: Gains experience by discovering new networks, hosts, passwords, and exposed services.
Network Memory: Remembers networks it has connected to previously for enhanced efficiency.
Prerequisites Bjorn is a sophisticated network scanning, vulnerability assessment, and offensive security tool designed to run on a Raspberry Pi equipped with a 2.13-inch e-Paper HAT. This document provides a detailed explanation of the project:
A Raspberry Pi Zero
A Waveshare screen (2.13 inches V4 model in this example)
A microSD card with Raspberry Pi OS Lite installed
![image](https://github.com/infinition/Bjorn/assets/37984399/cd6e8b22-4f2f-4ee3-9957-2536f076aed5) ## Features
- Network scanning
- Vulnerability assessment
- System attacks
- Credential brute forcing
- File stealing
## Design
- Portable, self-contained device
- Easily deployable for penetration testing and security assessments
## User Interface
- The e-Paper HAT provides a visual interface for monitoring the scanning process, displaying results, and interacting with Bjorn
## Educational Aspects
- Bjorn is designed as an educational tool to learn and understand cybersecurity and penetration testing techniques
- The primary goal is to provide a practical means for students and professionals to familiarize themselves with network security practices and vulnerability assessment tools
## Disclaimer
- This project is strictly for educational purposes
- The authors and contributors disclaim any responsibility for misuse of Bjorn
- Unauthorized use of this tool for malicious activities is prohibited and may be prosecuted by law
## Extensibility
- The main purpose of Bjorn is to gain new actions over time, so the actions are not limited to the ones listed above
- The actions are designed to be modular and can be easily extended or modified to add new functionality
- From capturing pcap files to cracking hashes, man-in-the-middle attacks, and more, the possibilities are endless
- It's up to the user to develop new actions and add them to the project
## Development Status
- **Project Status:** Ongoing development
- **Current Version:** Not yet packaged with the Raspberry Pi OS or associated services
- **Reason:** The project is still in an early stage, requiring further development and debugging
- **Current Launch Method:** Bjorn is currently launched manually
![Bjorn](https://github.com/infinition/Bjorn/assets/37984399/bcad830d-77d6-4f3e-833d-473eadd33921)
# Detailed Project Description for Bjorn
## Tree Structure
The project is organized as follows:
```
Bjorn_0107v6/
Bjorn.py
comment.py
display.py
init_shared.py
logger.py
orchestrator.py
requirements.txt
shared.py
utils.py
webapp.py
__init__.py
actions/
ftp_connector.py
nmap_vuln_scanner.py
scanning.py
smb_connector.py
ssh_connector.py
steal_files_ftp.py
steal_files_smb.py
steal_files_ssh.py
steal_files_telnet.py
telnet_connector.py
__init__.py
config/
data/
input/
dictionary/
passwords.txt
users.txt
scripts/
logs/
output/
crackedpwd/
data_stolen/
scan_results/
vulnerabilities/
zombies/
resources/
__init__.py
fonts/
images/
waveshare_epd/
epd2in13_V2.py
epdconfig.py
__init__.py
web/
config.html
index.html
```
## Core Files
### Bjorn.py
The main entry point for the application. It initializes and runs the main components, including the network scanner, orchestrator, display, and web server.
### comment.py
Handles generating random comments displayed on the e-Paper HAT based on different themes and statuses.
### display.py
Manages the e-Paper HAT display, updating the screen with current information such as network status, vulnerabilities, and various statistics.
### logger.py
Defines a custom logger with specific formatting and handlers for console and file logging. It also includes a custom log level for success messages.
### orchestrator.py
Heuristic engine that orchestrates the different actions such as network scanning, vulnerability scanning, attacks and file stealing. It loads and executes actions based on the configuration and set the status of the actions and also the bjorn status.
### shared.py
Defines the SharedData class that holds configuration settings, paths, and methods for updating and managing shared data across different modules.
### init_shared.py
Initializes shared data that is used across different modules. It loads the configuration and sets up necessary paths and variables.
### utils.py
Contains utility functions used throughout the project.
### webapp.py
Sets up and runs a web server to provide a web interface for monitoring and interacting with Bjorn.
## Actions
### actions/ftp_connector.py
Performs brute-force attacks on FTP servers to crack credentials. It saves the cracked passwords to a file.
### actions/nmap_vuln_scanner.py
Performs vulnerability scanning using Nmap. It parses the results and updates the vulnerability summary for each host.
### actions/scanning.py
Conducts network scanning to identify live hosts and open ports. It updates the network knowledge base (netkb) and generates scan results.
### actions/smb_connector.py
Handles connections and interactions with SMB servers.
### actions/ssh_connector.py
Performs brute-force attacks on SSH servers to crack credentials. It saves the cracked passwords to a file.
### actions/telnet_connector.py
Performs brute-force attacks on Telnet servers to crack credentials. It saves the cracked passwords to a file.
### actions/steal_files_ftp.py
Steals files from FTP servers based on the configuration criteria.
### actions/steal_files_smb.py
Steals files from SMB servers based on the configuration criteria.
### actions/steal_files_ssh.py
Steals files from SSH servers based on the configuration criteria.
### actions/steal_files_telnet.py
Steals files from Telnet servers based on the configuration criteria.
### The main purpose of Bjorn is to gain new actions over time, so the actions are not limited to the ones listed above. The actions are designed to be modular and can be easily extended or modified to add new functionality. From capturing pcap files to cracking hashes, man in the middle attacks, and more, the possibilities are endless. It's up to the user to develop new actions and add them to the project.
## Configurations
### config/
This directory contains configuration files such as `shared_config.json` and `actions.json` that define settings and actions to be performed by Bjorn.
## Data
### data/
This directory contains subdirectories for input dictionaries, logs, and output data including cracked passwords, stolen data, scan results, vulnerabilities, and zombie clients.
### scan_result preview example:
![Scan result](https://github.com/infinition/Bjorn/assets/37984399/eb4a313a-f90c-4c43-b699-3678271886dc)
### data/netkb.csv
At the root of the data directory, there is netkb.csv, which is the network knowledge base that stores information about all known hosts and their open ports, permformed actions, and their status. This file is used to keep track of the network state and the actions performed on each host even on previous network.
### Netkb preview example:
![netkb1](https://github.com/infinition/Bjorn/assets/37984399/f641a565-2765-4280-a7d7-5b25c30dcea5)
![netkb2](https://github.com/infinition/Bjorn/assets/37984399/f08114a2-d7d1-4f50-b1c4-a9939ba66056)
### data/livestatus.csv
Contains the livestatus informations used to display the informations on the e-Paper HAT, such as all known hosts, open ports, all hosts currently alive...
#### data/input/
Contains dictionaries of usernames and passwords used for brute-force attacks and scripts used in the project.
#### data/logs/
Stores log files generated by the application.
#### data/output/
Stores output data including cracked passwords, stolen data, scan results, vulnerabilities, and zombie clients files.
### resources/
Contains resources such as fonts and images used by the application.
### tests/
Contains test scripts, at the moment it's an exemple of how could be implemented the a new action file. (attack)
### web/
Contains HTML files for the web interface.
## Behavior of Bjorn
Once launched, Bjorn performs the following steps:
1. **Initialization**: Loads configuration, initializes shared data, and sets up necessary components such as the e-Paper HAT display.
2. **Network Scanning**: Scans the network to identify live hosts and open ports. Updates the network knowledge base (netkb) with the results.
3. **Orchestration**: Orchestrates different actions based on the configuration and network knowledge base. This includes performing vulnerability scanning, attacks, and file stealing.
3. **Vulnerability Scanning**: Performs vulnerability scans on identified hosts and updates the vulnerability summary.
4. **Bruteforce, File Stealing and other Attacks**: Starts brute-force attacks, steals files based on the configuration criteria.
5. **Display Updates**: Continuously updates the e-Paper HAT display with current information such as network status, vulnerabilities, and various statistics. Bjorn also displays random comments based on different themes and statuses.
6. **Web Server**: Provides a web interface for monitoring and interacting with Bjorn.
## Important Files
### requirements.txt
Lists the Python packages required to run the project.
### Shared Configuration JSON (`shared_config.json`)
Defines various settings for Bjorn, including boolean settings, time intervals, text settings, and network settings.
### Actions Configuration JSON (`actions.json`)
Lists the actions to be performed by Bjorn, including the modules and classes to be used.
## Conclusion
Bjorn is a powerful tool designed to perform comprehensive network scanning, vulnerability assessment, and data exfiltration. Its modular design and extensive configuration options allow for flexible and targeted operations. By combining different actions and orchestrating them intelligently, Bjorn can provide valuable insights into network security and help identify and mitigate potential risks.
The e-Paper HAT display and web interface make it easy to monitor and interact with Bjorn, providing real-time updates and status information. With its extensible architecture and customizable actions, Bjorn can be adapted to suit a wide range of security testing and monitoring needs.
# Installing Bjorn on Raspberry Pi OS with a 2.13inch e-Paper HAT ###
Assuming that you have already installed Raspberry Pi OS on your Raspberry Pi with `bjorn` as the hostname & user and that you have connected the 2.13inch e-Paper HAT to the GPIO pins of your Raspberry Pi:
### Activate SPI & I2C ###
```bash
sudo raspi-config
```
- Enable SPI & I2C
### Install the required packages, libraries & update the system ###
```bash
sudo apt-get update && sudo apt-get upgrade
sudo apt install -y python3-pip wget git libopenjp2-7 nmap libopenblas-dev bluez-tools bluez dhcpcd5 bridge-utils
```
### Update nmap db ###
```bash
sudo nmap --script-updatedb
```
### Unlock the limits of the system ###
```bash
sudo vi /etc/security/limits.conf
```
Add the following lines:
```
* soft nofile 4096
* hard nofile 4096
```
### Reboot ###
```bash
sudo reboot
```
### Download the Bjorn repository & install the required packages ###
```bash
cd ~
sudo git clone https://github.com/infinition/Bjorn/
cd Bjorn
sudo pip install -r requirements.txt --break-system-packages
#I am using --break-system-packages because i'm not using any venv yet.
```
For the moment, the project is hardcoded to use the 2.13inch V2 e-Paper HAT. If you have another version, it might not work with V2. You need to modify the code in `shared.py` & `display.py` to import the correct version (v3, v4...). Get the file from [Waveshare e-Paper](https://github.com/waveshareteam/e-Paper) and replace the existing one in the `resources/waveshare_epd` folder.
### Launch Bjorn ###
```bash
sudo python3 Bjorn.py
```
### To get a fresh new start with Bjorn, go to the Bjorn root folder and run this : ###
```bash
sudo rm -rf config/*.json && sudo rm -rf data/*.csv && sudo rm -rf data/*.log && sudo rm -rf data/output/data_stolen/* && sudo rm -rf data/output/crackedpwd/* && sudo rm -rf config/* && sudo rm -rf data/output/scan_results/* && sudo rm -rf __pycache__ && sudo rm -rf config/__pycache__ && sudo rm -rf data/__pycache__ && sudo rm -rf actions/__pycache__ && sudo rm -rf resources/__pycache__ && sudo rm -rf web/__pycache__ && sudo rm -rf *.log && sudo rm -rf resources/waveshare_epd/__pycache__ && sudo rm -rf data/logs/* && sudo rm -rf data/output/vulnerabilities/* && sudo rm -rf data/logs/*
```
### Everything will be recreated automatically at the next launch : ###
#### IMPORTANT ####
For now, as I am still working on the project, I have not yet created a service for Bjorn, so we need to keep the terminal open to keep Bjorn running. I need to debug and see logs to improve the code. Currently, I'm struggling with the following issues:
- When Bjorn is running for a long time:
- OSError: [Errno 24] Too many open files (despite increasing the system limits)
- Creating a PAN0 Bluetooth network to share the Raspberry Pi connection with another device:
- The discoverable option doesn't persist after a reboot; I need to make it permanent.
- Bluetooth appears, but when trying to connect (iPhone, Android, MacBook), it fails, saying the device needs to be removed and reconnected (without success).
### If you still want to create a service to launch Bjorn at startup, along with a service for Bluetooth sharing and another for USB, heres how to do it: ###
------------------------------------------------------------------------------------------------
### BJORN SERVICE ###
##### Create a systemd service for Bjorn #####
```bash
sudo vi /etc/systemd/system/bjorn.service
```
##### Paste the following content:
```ini
[Unit]
Description=Bjorn Service
After=network.target
[Service]
ExecStart=/usr/bin/python3 /home/bjorn/Bjorn/Bjorn.py
WorkingDirectory=/home/bjorn/Bjorn
StandardOutput=inherit
StandardError=inherit
Restart=always
User=root
[Install]
WantedBy=multi-user.target
```
##### Make the file executable:
```bash
sudo chmod +x /home/bjorn/Bjorn/Bjorn.py
```
##### Enable and start the service:
```bash
sudo systemctl daemon-reload
sudo systemctl enable bjorn.service
sudo systemctl start bjorn.service
sudo systemctl stop bjorn.service
sudo systemctl status bjorn.service
```
##### If the service does not start correctly, you can check the logs for more details with the following command:
```bash
sudo journalctl -u bjorn.service
```
------------------------------------------------------------------------------------------------
### Bluetooth PAN0 to share the Raspberry Pi connection with another device by assigning a static IP address ###
```bash
sudo apt-get install bluez-tools
```
Create the file `/etc/systemd/network/pan0.netdev`:
```bash
sudo vi /etc/systemd/network/pan0.netdev
```
Add the following content:
```ini
[NetDev]
Name=pan0
Kind=bridge
```
Create the file `/etc/systemd/network/pan0.network`:
```bash
sudo vi /etc/systemd/network/pan0.network
```
Add the following content:
```ini
[Match]
Name=pan0
[Network]
Address=172.20.1.1/24
DHCPServer=yes
```
Create the file `/etc/systemd/system/bt-pan.service`:
```bash
sudo vi /etc/systemd/system/bt-pan.service
```
Add the following content:
```ini
[Unit]
Description=Bluetooth PAN Service
After=network.target
[Service]
ExecStartPre=-/usr/bin/ip link delete pan0 type bridge
ExecStartPre=/usr/bin/ip link add name pan0 type bridge
ExecStart=/usr/bin/bt-network -s nap pan0
ExecStartPost=/usr/bin/ip link set pan0 up
ExecStartPost=-/usr/sbin/ip addr add 172.20.1.1/24 dev pan0
ExecStartPost=/usr/local/bin/set_bluetooth_discoverable.sh
ExecStartPost=/usr/bin/bt-adapter --set Discoverable 1
Type=simple
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
```
Modify the Bluetooth configuration:
```bash
sudo vi /etc/bluetooth/main.conf
```
Add the following line:
```ini
[General]
DisablePlugins = sap
```
Create the file `/usr/local/bin/set_bluetooth_discoverable.sh`:
```bash
sudo vi /usr/local/bin/set_bluetooth_discoverable.sh
```
Add the following content:
```bash
#!/bin/bash
/usr/bin/bt-adapter --set Discoverable 1
```
Make the script executable:
```bash
sudo chmod +x /usr/local/bin/set_bluetooth_discoverable.sh
```
Create the file `/etc/systemd/system/bt-discoverable.service`:
```bash
sudo vi /etc/systemd/system/bt-discoverable.service
```
Add the following content:
```ini
[Unit]
Description=Make Bluetooth Discoverable
After=bluetooth.target
[Service]
ExecStart=/usr/local/bin/set_bluetooth_discoverable.sh
Type=oneshot
[Install]
WantedBy=multi-user.target
```
Reload the systemd configuration:
```bash
sudo systemctl daemon-reload
sudo systemctl restart bluetooth
sudo systemctl status bluetooth
```
Enable and start the services:
```bash
sudo systemctl enable systemd-networkd
sudo systemctl enable bt-pan
sudo systemctl enable bt-discoverable
sudo systemctl start systemd-networkd
sudo systemctl start bt-pan
sudo systemctl start bt-discoverable
```
Check the status of the services:
```bash
sudo systemctl status bt-pan
sudo systemctl status bt-discoverable
```
Check the pan0 interface:
```bash
ip addr show pan0
```
Check the status of the service:
```bash
sudo journalctl -xeu bt-pan.service
```
Check the neighbors (devices connected via Bluetooth):
```bash
sudo ip neigh show dev pan0
```
------------------------------------------------------------------------------------------------
### USB Gadget (RNDIS) : Raspberry Pi Zero W (Raspberry Pi OS) to Windows PC ###
Modify the file `/boot/firmware/cmdline.txt`:
```bash
sudo vi /boot/firmware/cmdline.txt
```
Add the following line right after `rootwait`:
```bash
modules-load=dwc2,g_ether
```
Modify the file `/boot/firmware/config.txt`:
```bash
sudo vi /boot/firmware/config.txt
```
Add the following line at the end of the file:
```bash
dtoverlay=dwc2
```
Create a script to configure the USB gadget:
```bash
sudo vi /usr/local/bin/usb-gadget.sh
```
Add the following content:
```bash
#!/bin/bash
set -e
modprobe libcomposite
cd /sys/kernel/config/usb_gadget/
mkdir -p g1
cd g1
echo 0x1d6b > idVendor
echo 0x0104 > idProduct
echo 0x0100 > bcdDevice
echo 0x0200 > bcdUSB
mkdir -p strings/0x409
echo "fedcba9876543210" > strings/0x409/serialnumber
echo "Raspberry Pi" > strings/0x409/manufacturer
echo "Pi Zero USB" > strings/0x409/product
mkdir -p configs/c.1/strings/0x409
echo "Config 1: ECM network" > configs/c.1/strings/0x409/configuration
echo 250 > configs/c.1/MaxPower
mkdir -p functions/ecm.usb0
# Check for existing symlink and remove if necessary
if [ -L configs/c.1/ecm.usb0 ]; then
rm configs/c.1/ecm.usb0
fi
ln -s functions/ecm.usb0 configs/c.1/
# Ensure the device is not busy before listing available USB device controllers
max_retries=
10
retry_count=0
while ! ls /sys/class/udc > UDC 2>/dev/null; do
if [ $retry_count -ge $max_retries ]; then
echo "Error: Device or resource busy after $max_retries attempts."
exit 1
fi
retry_count=$((retry_count + 1))
sleep 1
done
# Check if the usb0 interface is already configured
if ! ip addr show usb0 | grep -q "172.20.2.1"; then
ifconfig usb0 172.20.2.1 netmask 255.255.255.0
else
echo "Interface usb0 already configured."
fi
```
Make the script executable:
```bash
sudo chmod +x /usr/local/bin/usb-gadget.sh
```
Create a systemd service to run the script at startup:
```bash
sudo vi /etc/systemd/system/usb-gadget.service
```
Add the following content:
```ini
[Unit]
Description=USB Gadget Service
After=network.target
[Service]
ExecStartPre=/sbin/modprobe libcomposite
ExecStart=/usr/local/bin/usb-gadget.sh
Type=simple
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
```
Configure usb0:
```bash
sudo vi /etc/network/interfaces
```
Add the following content:
```ini
allow-hotplug usb0
iface usb0 inet static
address 172.20.2.1
netmask 255.255.255.0
```
Reload the services:
```bash
sudo systemctl daemon-reload
sudo systemctl enable systemd-networkd
sudo systemctl enable usb-gadget
sudo systemctl start systemd-networkd
sudo systemctl start usb-gadget
```
### Windows PC Configuration ###
Set the static IP address:
- IP Address: 172.20.2.2
- Subnet Mask: 255.255.255.0
- Default Gateway: 172.20.2.1
- DNS Servers: 8.8.8.8, 8.8.4.4