*Update* Alright I removed the threading which was killing pretty much everything I replaced it with the select function, which is MUCH kinder on CPU and my happiness in general.

 

I missed a weekly blog post last week because I started a new project. That project is of course WharfWhacker, which is a python port knocker module. What I decided to turn WharfWhacker into is in the following feature list.

  • Protects a list of ports from access
  • Variable number of ports to knock on
  • Prevent replay attacks
  • Time based ports
  • Portable
  • Doesn’t piss me off

Let’t go through my list of features here, starting with “Doesn’t piss me off” by that I don’t mean that other port knockers piss me off (Moxie’s KnockKnock for example is awesome!). I mean that my code isn’t so bad that it makes me want to cry, and editing it is so difficult that I want to scream. 

For the longest time I have been fascinated by two-factor tokens, how cool are they, you know what I am talking about, don’t lie. Because of this I decided to incorporate something like that into WharfWhacker, it comes along in the ports rotating every 60 seconds, not just the initial port which everyone shares, but the ones that are generated for new connections.

That leads me into preventing replay attacks.  By using the ip-address of the connector in the port generation algorithms, WharfWhacker generates separate ports, and orders, for each of the knocks that need to happen for a connection to open up.

Portability is something that should be a prime goal in everything in my mind.  I hate nothing more than having to install 12 different packages, and 3 different libraries just to get some small nifty project working.  The reason behind this is that half the time it doesn’t work, or they installed it differently than you did, or just their OS does not work the same as yours.  Initially WharfWhacker was using Scapy, I pulled that out simply because I wanted to increase portability, and reduce the number of package installs needed to get it running.

By adding in a variable number of ports for the knock sequence, as well as a password it gives all sorts of security customization that helps mask the port sequence needed to open access.  Sure if you know the password, and the number of knocks anyone can access your server, but that isn’t what you should hand out unless you want someone to have access.

So with that I present WharfWhacker
http://github.com/integgroll/Wharf-Whacker

Or if you want to use git like you should use the following:
git://github.com/integgroll/Wharf-Whacker.git

From there you need to change the wharf.py to have the correct server ip address in it, and then change the password, please change the password, after that just run it as root. (I know, I know, but please feel free to check the source in wharfwhacker.py if you don’t trust me) From there you are set and good to go.  To open ports for the server you need to change the target_ip_address to the target server, the local_ip_address to the ip you want allowed, and the secured ports, as well as the password, and then run whacker.py

Since WharfWhacker is still in it’s early stages please let me know of any issues you have with it, or any suggestions that you have as well, I like to know what I did “wrong”.