diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..1065bbb --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,15 @@ +# These are supported funding model platforms + +#github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +#patreon: # Replace with a single Patreon username +#open_collective: # Replace with a single Open Collective username +#ko_fi: # Replace with a single Ko-fi username +#tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +#community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +#liberapay: # Replace with a single Liberapay username +#issuehunt: # Replace with a single IssueHunt username +#lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry +#polar: # Replace with a single Polar username +#buy_me_a_coffee: # Replace with a single Buy Me a Coffee username +#thanks_dev: # Replace with a single thanks.dev username +#custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..de3dec8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,34 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "" +labels: "" +assignees: "" +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: + +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Hardware (please complete the following information):** + +- Device: [e.g. iPhone6] +- OS: [e.g. iOS] +- Browser [e.g. chrome, safari] +- Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..8060bb0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,11 @@ +--- +# .github/ISSUE_TEMPLATE/config.yml + +blank_issues_enabled: false +contact_links: + - name: Bjorn Community Support + url: https://github.com/infinition/bjorn/discussions + about: Please ask and answer questions here. + - name: Bjorn Security Reports + url: https://infinition.github.io/bjorn/SECURITY + about: Please report security vulnerabilities here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..2bc5d5f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,19 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: "" +labels: "" +assignees: "" +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b138697 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# .github/dependabot.yml + +version: 2 +updates: + - package-ecosystem: "pip" + directory: "." + schedule: + interval: "weekly" + commit-message: + prefix: "fix(deps)" + open-pull-requests-limit: 5 + target-branch: "dev" \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..aefeb55 --- /dev/null +++ b/.gitignore @@ -0,0 +1,137 @@ +# Node.js / npm +node_modules/ +npm-debug.log* +yarn-debug.log* +yarn-error.log* +.pnpm-debug.log* +package-lock.json* + +# TypeScript / TSX +dist/ +*.tsbuildinfo + +# Poetry +poetry.lock + +# Environment variables +.env +.env.*.local + +# Logs +logs +*.log +pnpm-debug.log* +lerna-debug.log* + +# Dependency directories +jspm_packages/ + +# Optional npm cache directory +.npm + +# Output of 'npm pack' +*.tgz + +# Lockfiles +yarn.lock +.pnpm-lock.yaml + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Optional REPL history +.node_repl_history + +# Coverage directory used by tools like +instanbul/ +istanbul/jest +jest/ +coverage/ + +# Output of 'tsc' command +out/ +build/ +tmp/ +temp/ + +# Python +__pycache__/ +*.py[cod] +*.so +*.egg +*.egg-info/ +pip-wheel-metadata/ +*.pyo +*.pyd +*.whl +*.pytest_cache/ +.tox/ +env/ +venv +venv/ +ENV/ +env.bak/ +.venv/ + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# Coverage reports +htmlcov/ +.coverage +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover + +# Jupyter Notebook +.ipynb_checkpoints + +# Django stuff: +staticfiles/ +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# VS Code settings +.vscode/ +.idea/ + +# macOS files +.DS_Store +.AppleDouble +.LSOverride + +# Windows files +Thumbs.db +ehthumbs.db +Desktop.ini +$RECYCLE.BIN/ + +# Linux system files +*.swp +*~ + +# IDE specific +*.iml +*.suo +*.ntvs* +*.njsproj +*.sln +*.sw? + +scripts +*/certs/ diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 0000000..337f65b --- /dev/null +++ b/.pylintrc @@ -0,0 +1,652 @@ +[MAIN] + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Clear in-memory caches upon conclusion of linting. Useful if running pylint +# in a server-like mode. +clear-cache-post-run=no + +# Load and enable all available extensions. Use --list-extensions to see a list +# all available extensions. +#enable-all-extensions= + +# In error mode, messages with a category besides ERROR or FATAL are +# suppressed, and no reports are done by default. Error mode is compatible with +# disabling specific errors. +#errors-only= + +# Always return a 0 (non-error) status code, even if lint errors are found. +# This is primarily useful in continuous integration scripts. +#exit-zero= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. +extension-pkg-allow-list= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. (This is an alternative name to extension-pkg-allow-list +# for backward compatibility.) +extension-pkg-whitelist= + +# Return non-zero exit code if any of these messages/categories are detected, +# even if score is above --fail-under value. Syntax same as enable. Messages +# specified are enabled, while categories only check already-enabled messages. +fail-on= + +# Specify a score threshold under which the program will exit with error. +fail-under=8 + +# Interpret the stdin as a python script, whose filename needs to be passed as +# the module_or_package argument. +#from-stdin= + +# Files or directories to be skipped. They should be base names, not paths. +ignore=venv,node_modules,scripts + +# Add files or directories matching the regular expressions patterns to the +# ignore-list. The regex matches against paths and can be in Posix or Windows +# format. Because '\\' represents the directory delimiter on Windows systems, +# it can't be used as an escape character. +ignore-paths= + +# Files or directories matching the regular expression patterns are skipped. +# The regex matches against base names, not paths. The default value ignores +# Emacs file locks +ignore-patterns=^\.# + +# List of module names for which member attributes should not be checked and +# will not be imported (useful for modules/projects where namespaces are +# manipulated during runtime and thus existing member attributes cannot be +# deduced by static analysis). It supports qualified module names, as well as +# Unix pattern matching. +ignored-modules= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use, and will cap the count on Windows to +# avoid hangs. +jobs=1 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# List of plugins (as comma separated values of python module names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Resolve imports to .pyi stubs if available. May reduce no-member messages and +# increase not-an-iterable messages. +prefer-stubs=no + +# Minimum Python version to use for version dependent checks. Will default to +# the version used to run pylint. +py-version=3.12 + +# Discover python modules and packages in the file system subtree. +recursive=no + +# Add paths to the list of the source roots. Supports globbing patterns. The +# source root is an absolute path or a path relative to the current working +# directory used to determine a package namespace for modules located under the +# source root. +source-roots= + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# In verbose mode, extra non-checker-related info will be displayed. +#verbose= + + +[BASIC] + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style. If left empty, argument names will be checked with the set +# naming style. +#argument-rgx= + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. If left empty, attribute names will be checked with the set naming +# style. +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma. +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +bad-names-rgxs= + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. If left empty, class attribute names will be checked +# with the set naming style. +#class-attribute-rgx= + +# Naming style matching correct class constant names. +class-const-naming-style=UPPER_CASE + +# Regular expression matching correct class constant names. Overrides class- +# const-naming-style. If left empty, class constant names will be checked with +# the set naming style. +#class-const-rgx= + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming- +# style. If left empty, class names will be checked with the set naming style. +#class-rgx= + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style. If left empty, constant names will be checked with the set naming +# style. +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style. If left empty, function names will be checked with the set +# naming style. +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma. +good-names=i, + j, + k, + ex, + Run, + _ + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +good-names-rgxs= + +# Include a hint for the correct naming format with invalid-name. +include-naming-hint=no + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. If left empty, inline iteration names will be checked +# with the set naming style. +#inlinevar-rgx= + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style. If left empty, method names will be checked with the set naming style. +#method-rgx= + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style. If left empty, module names will be checked with the set naming style. +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +# These decorators are taken in consideration only for invalid-name. +property-classes=abc.abstractproperty + +# Regular expression matching correct type alias names. If left empty, type +# alias names will be checked with the set naming style. +#typealias-rgx= + +# Regular expression matching correct type variable names. If left empty, type +# variable names will be checked with the set naming style. +#typevar-rgx= + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style. If left empty, variable names will be checked with the set +# naming style. +variable-rgx=[a-z_][a-z0-9_]{2,30}$ + + +[CLASSES] + +# Warn about protected attribute access inside special methods +check-protected-access-in-special-methods=no + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp, + asyncSetUp, + __post_init__ + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict,_fields,_replace,_source,_make,os._exit + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + + +[DESIGN] + +# List of regular expressions of class ancestor names to ignore when counting +# public methods (see R0903) +exclude-too-few-public-methods= + +# List of qualified class names to ignore when counting class parents (see +# R0901) +ignored-parents= + +# Maximum number of arguments for function / method. +max-args=5 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=5 + +# Maximum number of branch for function / method body. +max-branches=12 + +# Maximum number of locals for function / method body. +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of positional arguments for function / method. +max-positional-arguments=5 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body. +max-returns=6 + +# Maximum number of statements in function / method body. +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when caught. +overgeneral-exceptions=builtins.BaseException,builtins.Exception + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module. +max-module-lines=2500 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow explicit reexports by alias from a package __init__. +allow-reexport-from-package=no + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules= + +# Output a graph (.gv or any supported image format) of external dependencies +# to the given file (report RP0402 must not be disabled). +ext-import-graph= + +# Output a graph (.gv or any supported image format) of all (i.e. internal and +# external) dependencies to the given file (report RP0402 must not be +# disabled). +import-graph= + +# Output a graph (.gv or any supported image format) of internal dependencies +# to the given file (report RP0402 must not be disabled). +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[LOGGING] + +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style=new + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules=logging + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE, +# UNDEFINED. +confidence=HIGH, + CONTROL_FLOW, + INFERENCE, + INFERENCE_FAILURE, + UNDEFINED + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once). You can also use "--disable=all" to +# disable everything first and then re-enable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable=missing-module-docstring, + invalid-name, + too-few-public-methods, + E1101, + C0115, + duplicate-code, + raise-missing-from, + wrong-import-order, + ungrouped-imports, + reimported, + too-many-locals, + missing-timeout, + broad-exception-caught, + broad-exception-raised, + line-too-long + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +#enable= + + +[METHOD_ARGS] + +# List of qualified names (i.e., library.method) which require a timeout +# parameter e.g. 'requests.api.get,requests.api.post' +timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.api.options,requests.api.patch,requests.api.post,requests.api.put,requests.api.request + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + +# Regular expression of note tags to take in consideration. +notes-rgx= + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit,argparse.parse_error + +# Let 'consider-using-join' be raised when the separator to join on would be +# non-empty (resulting in expected fixes of the type: ``"- " + " - +# ".join(items)``) +suggest-join-with-non-empty-separator=yes + + +[REPORTS] + +# Python expression which should return a score less than or equal to 10. You +# have access to the variables 'fatal', 'error', 'warning', 'refactor', +# 'convention', and 'info' which contain the number of messages in each +# category, as well as 'statement' which is the total number of statements +# analyzed. This score is used by the global evaluation report (RP0004). +evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +msg-template= + +# Set the output format. Available formats are: text, parseable, colorized, +# json2 (improved json format), json (old json format) and msvs (visual +# studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +#output-format= + +# Tells whether to display a full report or only the messages. +reports=no + +# Activate the evaluation score. +score=yes + + +[SIMILARITIES] + +# Comments are removed from the similarity computation +ignore-comments=yes + +# Docstrings are removed from the similarity computation +ignore-docstrings=yes + +# Imports are removed from the similarity computation +ignore-imports=yes + +# Signatures are removed from the similarity computation +ignore-signatures=yes + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=4 + +# Spelling dictionary name. No available dictionaries : You need to install +# both the python package and the system dependency for enchant to work. +spelling-dict= + +# List of comma separated words that should be considered directives if they +# appear at the beginning of a comment and should not be checked. +spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy: + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains the private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to the private dictionary (see the +# --spelling-private-dict-file option) instead of raising a message. +spelling-store-unknown-words=no + + +[STRING] + +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +check-quote-consistency=no + +# This flag controls whether the implicit-str-concat should generate a warning +# on implicit string concatenation in sequences defined over several lines. +check-str-concat-over-line-jumps=no + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of symbolic message names to ignore for Mixin members. +ignored-checks-for-mixins=no-member, + not-async-context-manager, + not-context-manager, + attribute-defined-outside-init + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +# Regex pattern to define which classes are considered mixins. +mixin-class-rgx=.*[Mm]ixin + +# List of decorators that change the signature of a decorated function. +signature-mutators= + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of names allowed to shadow builtins +allowed-redefined-builtins= + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expected to +# not be used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..423404f --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,40 @@ +# ๐Ÿ“ Code of Conduct + +Take Note About This... **Take Note...** + +## ๐Ÿค Our Commitment + +We are committed to fostering an open and welcoming environment for all contributors. As such, everyone who participates in **Bjorn** is expected to adhere to the following code of conduct. + +## ๐ŸŒŸ Expected Behavior + +- **Respect:** Be respectful of differing viewpoints and experiences. +- **Constructive Feedback:** Provide constructive feedback and be open to receiving it. +- **Empathy and Kindness:** Show empathy and kindness towards other contributors. +- **Respect for Maintainers:** Respect the decisions of the maintainers. +- **Positive Intent:** Assume positive intent in interactions with others. + +## ๐Ÿšซ Unacceptable Behavior + +- **Harassment or Discrimination:** Harassment or discrimination in any form. +- **Inappropriate Language or Imagery:** Use of inappropriate language or imagery. +- **Personal Attacks:** Personal attacks or insults. +- **Public or Private Harassment:** Public or private harassment. + +## ๐Ÿ“ข Reporting Misconduct + +If you encounter any behavior that violates this code of conduct, please report it by contacting [email@dominio.com](mailto:email@dominio.com). All complaints will be reviewed and handled appropriately. + +## โš–๏ธ Enforcement + +Instances of unacceptable behavior may be addressed by the project maintainers, who are responsible for clarifying and enforcing this code of conduct. Violations may result in temporary or permanent bans from the project and related spaces. + +## ๐Ÿ™ Acknowledgments + +This code of conduct is adapted from the [Contributor Covenant, version 2.0](https://www.contributor-covenant.org/version/2/0/code_of_conduct.html). + +--- + +## ๐Ÿ“œ License + +2024 - Bjorn is distributed under the MIT License. For more details, please refer to the [LICENSE](LICENSE) file included in this repository. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..3b83ed5 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,51 @@ +# ๐Ÿค Contributing to Bjorn + +We welcome contributions to Bjorn! To make sure the process goes smoothly, please follow these guidelines: + +## ๐Ÿ“‹ Code of Conduct + +Please note that all participants in our project are expected to follow our [Code of Conduct](#-code-of-conduct). Make sure to review it before contributing. + +## ๐Ÿ›  How to Contribute + +1. **Fork the repository**: + Fork the project to your GitHub account using the GitHub interface. + +2. **Create a new branch**: + Use a descriptive branch name for your feature or bugfix: + + git checkout -b feature/your-feature-name + +3. **Make your changes**: + Implement your feature or fix the bug in your branch. Make sure to include tests where applicable and follow coding standards. + +4. **Test your changes**: + Run the test suite to ensure your changes donโ€™t break any functionality: + + - ... +5. **Commit your changes**: + Use meaningful commit messages that explain what you have done: + + git commit -m "Add feature/fix: Description of changes" + +6. **Push your changes**: + Push your changes to your fork: + + git push origin feature/your-feature-name + +7. **Submit a Pull Request**: + Create a pull request on the main repository, detailing the changes youโ€™ve made. Link any issues your changes resolve and provide context. + +## ๐Ÿ“‘ Guidelines for Contributions + +- **Lint your code** before submitting a pull request. We use [ESLint](https://eslint.org/) for frontend and [pylint](https://www.pylint.org/) for backend linting. +- Ensure **test coverage** for your code. Uncovered code may delay the approval process. +- Write clear, concise **commit messages**. + +Thank you for helping improve! + +--- + +## ๐Ÿ“œ License + +2024 - Bjorn is distributed under the MIT License. For more details, please refer to the [LICENSE](LICENSE) file included in this repository. diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md new file mode 100644 index 0000000..72b2279 --- /dev/null +++ b/DEVELOPMENT.md @@ -0,0 +1,373 @@ +# ๐Ÿ–ฒ๏ธ Bjorn Development + +

+ thumbnail_IMG_0546 +

+ +## ๐Ÿ“š Table of Contents + +- [Design](#-design) +- [Educational Aspects](#-educational-aspects) +- [Disclaimer](#-disclaimer) +- [Extensibility](#-extensibility) +- [Development Status](#-development-status) + - [Project Structure](#-project-structure) + - [Core Files](#-core-files) + - [Actions](#-actions) + - [Data Structure](#-data-structure) +- [Detailed Project Description](#-detailed-project-description) + - [Behaviour of Bjorn](#-behavior-of-bjorn) +- [Running Bjorn](#-running-bjorn) + - [Manual Start](#-manual-start) + - [Service Control](#-service-control) + - [Fresh Start](#-fresh-start) +- [Important Configuration Files](#-important-configuration-files) + - [Shared Configuration](#-shared-configuration-shared_configjson) + - [Actions Configuration](#-actions-configuration-actionsjson) +- [E-Paper Display Support](#-e-paper-display-support) + - [Ghosting Removed](#-ghosting-removed) +- [Development Guidelines](#-development-guidelines) + - [Adding New Actions](#-adding-new-actions) + - [Testing](#-testing) +- [Web Interface](#-web-interface) +- [Project Roadmap](#-project-roadmap) + - [Current Focus](#-future-plans) + - [Future Plans](#-future-plans) +- [License](#-license) + +## ๐ŸŽจ Design + +- **Portability**: Self-contained and portable device, ideal for penetration testing. +- **Modularity**: Extensible architecture allowing addition of new actions. +- **Visual Interface**: The e-Paper HAT provides a visual interface for monitoring the ongoing actions, displaying results or stats, and interacting with Bjorn . + +## ๐Ÿ“” Educational Aspects + +- **Learning Tool**: Designed as an educational tool to understand cybersecurity concepts and penetration testing techniques. +- **Practical Experience**: Provides a practical means for students and professionals to familiarize themselves with network security practices and vulnerability assessment tools. + +## โœ’๏ธ Disclaimer + +- **Ethical Use**: This project is strictly for educational purposes. +- **Responsibility**: The author and contributors disclaim any responsibility for misuse of Bjorn. +- **Legal Compliance**: Unauthorized use of this tool for malicious activities is prohibited and may be prosecuted by law. + +## ๐Ÿงฉ Extensibility + +- **Evolution**: The main purpose of Bjorn is to gain new actions and extend his arsenal over time. +- **Modularity**: Actions are designed to be modular and can be easily extended or modified to add new functionality. +- **Possibilities**: From capturing pcap files to cracking hashes, man-in-the-middle attacks, and moreโ€”the possibilities are endless. +- **Contribution**: It's up to the user to develop new actions and add them to the project. + +## ๐Ÿ”ฆ Development Status + +- **Project Status**: Ongoing development. +- **Current Version**: Scripted auto-installer, or manual installation. Not yet packaged with Raspberry Pi OS. +- **Reason**: The project is still in an early stage, requiring further development and debugging. + +### ๐Ÿ—‚๏ธ Project Structure + +``` +Bjorn/ +โ”œโ”€โ”€ Bjorn.py +โ”œโ”€โ”€ comment.py +โ”œโ”€โ”€ display.py +โ”œโ”€โ”€ epd_helper.py +โ”œโ”€โ”€ init_shared.py +โ”œโ”€โ”€ kill_port_8000.sh +โ”œโ”€โ”€ logger.py +โ”œโ”€โ”€ orchestrator.py +โ”œโ”€โ”€ requirements.txt +โ”œโ”€โ”€ shared.py +โ”œโ”€โ”€ utils.py +โ”œโ”€โ”€ webapp.py +โ”œโ”€โ”€ __init__.py +โ”œโ”€โ”€ actions/ +โ”‚ โ”œโ”€โ”€ ftp_connector.py +โ”‚ โ”œโ”€โ”€ ssh_connector.py +โ”‚ โ”œโ”€โ”€ smb_connector.py +โ”‚ โ”œโ”€โ”€ rdp_connector.py +โ”‚ โ”œโ”€โ”€ telnet_connector.py +โ”‚ โ”œโ”€โ”€ sql_connector.py +โ”‚ โ”œโ”€โ”€ steal_files_ftp.py +โ”‚ โ”œโ”€โ”€ steal_files_ssh.py +โ”‚ โ”œโ”€โ”€ steal_files_smb.py +โ”‚ โ”œโ”€โ”€ steal_files_rdp.py +โ”‚ โ”œโ”€โ”€ steal_files_telnet.py +โ”‚ โ”œโ”€โ”€ steal_data_sql.py +โ”‚ โ”œโ”€โ”€ nmap_vuln_scanner.py +โ”‚ โ”œโ”€โ”€ scanning.py +โ”‚ โ””โ”€โ”€ __init__.py +โ”œโ”€โ”€ backup/ +โ”‚ โ”œโ”€โ”€ backups/ +โ”‚ โ””โ”€โ”€ uploads/ +โ”œโ”€โ”€ config/ +โ”œโ”€โ”€ data/ +โ”‚ โ”œโ”€โ”€ input/ +โ”‚ โ”‚ โ””โ”€โ”€ dictionary/ +โ”‚ โ”œโ”€โ”€ logs/ +โ”‚ โ””โ”€โ”€ output/ +โ”‚ โ”œโ”€โ”€ crackedpwd/ +โ”‚ โ”œโ”€โ”€ data_stolen/ +โ”‚ โ”œโ”€โ”€ scan_results/ +โ”‚ โ”œโ”€โ”€ vulnerabilities/ +โ”‚ โ””โ”€โ”€ zombies/ +โ””โ”€โ”€ resources/ + โ””โ”€โ”€ waveshare_epd/ +``` + +### โš“ Core Files + +#### Bjorn.py + +The main entry point for the application. It initializes and runs the main components, including the network scanner, orchestrator, display, and web server. + +#### comment.py + +Handles generating all the Bjorn comments displayed on the e-Paper HAT based on different themes/actions and statuses. + +#### display.py + +Manages the e-Paper HAT display, updating the screen with Bjorn character, the dialog/comments, and the current information such as network status, vulnerabilities, and various statistics. + +#### epd_helper.py + +Handles the low-level interactions with the e-Paper display hardware. + +#### logger.py + +Defines a custom logger with specific formatting and handlers for console and file logging. It also includes a custom log level for success messages. + +#### orchestrator.py + +Bjornโ€™s AI, a heuristic engine that orchestrates the different actions such as network scanning, vulnerability scanning, attacks, and file stealing. It loads and executes actions based on the configuration and sets the status of the actions and Bjorn. + +#### shared.py + +Defines the `SharedData` class that holds configuration settings, paths, and methods for updating and managing shared data across different modules. + +#### init_shared.py + +Initializes shared data that is used across different modules. It loads the configuration and sets up necessary paths and variables. + +#### utils.py + +Contains utility functions used throughout the project. + +#### webapp.py + +Sets up and runs a web server to provide a web interface for changing settings, monitoring and interacting with Bjorn. + +### โ–ถ๏ธ Actions + +#### actions/scanning.py + +Conducts network scanning to identify live hosts and open ports. It updates the network knowledge base (`netkb`) and generates scan results. + +#### actions/nmap_vuln_scanner.py + +Performs vulnerability scanning using Nmap. It parses the results and updates the vulnerability summary for each host. + +#### Protocol Connectors + +- **ftp_connector.py**: Brute-force attacks on FTP services. +- **ssh_connector.py**: Brute-force attacks on SSH services. +- **smb_connector.py**: Brute-force attacks on SMB services. +- **rdp_connector.py**: Brute-force attacks on RDP services. +- **telnet_connector.py**: Brute-force attacks on Telnet services. +- **sql_connector.py**: Brute-force attacks on SQL services. + +#### File Stealing Modules + +- **steal_files_ftp.py**: Steals files from FTP servers. +- **steal_files_smb.py**: Steals files from SMB shares. +- **steal_files_ssh.py**: Steals files from SSH servers. +- **steal_files_telnet.py**: Steals files from Telnet servers. +- **steal_data_sql.py**: Extracts data from SQL databases. + +### ๐Ÿ“‡ Data Structure + +#### Network Knowledge Base (netkb.csv) + +Located at `data/netkb.csv`. Stores information about: + +- Known hosts and their status. (Alive or offline) +- Open ports and vulnerabilities. +- Action execution history. (Success or failed) + +**Preview Example:** + +![netkb1](https://github.com/infinition/Bjorn/assets/37984399/f641a565-2765-4280-a7d7-5b25c30dcea5) +![netkb2](https://github.com/infinition/Bjorn/assets/37984399/f08114a2-d7d1-4f50-b1c4-a9939ba66056) + +#### Scan Results + +Located in `data/output/scan_results/`. +This file is generated everytime the network is scanned. It is used to consolidate the data and update netkb. + +**Example:** + +![Scan result](https://github.com/infinition/Bjorn/assets/37984399/eb4a313a-f90c-4c43-b699-3678271886dc) + +#### Live Status (livestatus.csv) + +Contains real-time information displayed on the e-Paper HAT: + +- Total number of known hosts. +- Currently alive hosts. +- Open ports count. +- Other runtime statistics. + +## ๐Ÿ“– Detailed Project Description + +### ๐Ÿ‘€ Behavior of Bjorn + +Once launched, Bjorn performs the following steps: + +1. **Initialization**: Loads configuration, initializes shared data, and sets up necessary components such as the e-Paper HAT display. +2. **Network Scanning**: Scans the network to identify live hosts and open ports. Updates the network knowledge base (`netkb`) with the results. +3. **Orchestration**: Orchestrates different actions based on the configuration and network knowledge base. This includes performing vulnerability scanning, attacks, and file stealing. +4. **Vulnerability Scanning**: Performs vulnerability scans on identified hosts and updates the vulnerability summary. +5. **Brute-Force Attacks and File Stealing**: Starts brute-force attacks and steals files based on the configuration criteria. +6. **Display Updates**: Continuously updates the e-Paper HAT display with current information such as network status, vulnerabilities, and various statistics. Bjorn also displays random comments based on different themes and statuses. +7. **Web Server**: Provides a web interface for monitoring and interacting with Bjorn. + +## โ–ถ๏ธ Running Bjorn + +### ๐Ÿ“— Manual Start + +To manually start Bjorn (without the service, ensure the service is stopped ยซย sudo systemctl stop bjorn.serviceย ยป): + +```bash +cd /home/bjorn/Bjorn + +# Run Bjorn +sudo python Bjorn.py +``` + +### ๐Ÿ•น๏ธ Service Control + +Control the Bjorn service: + +```bash +# Start Bjorn +sudo systemctl start bjorn.service + +# Stop Bjorn +sudo systemctl stop bjorn.service + +# Check status +sudo systemctl status bjorn.service + +# View logs +sudo journalctl -u bjorn.service +``` + +### ๐Ÿช„ Fresh Start + +To reset Bjorn to a clean state: + +```bash +sudo rm -rf /home/bjorn/Bjorn/config/*.json \ + /home/bjorn/Bjorn/data/*.csv \ + /home/bjorn/Bjorn/data/*.log \ + /home/bjorn/Bjorn/data/output/data_stolen/* \ + /home/bjorn/Bjorn/data/output/crackedpwd/* \ + /home/bjorn/Bjorn/config/* \ + /home/bjorn/Bjorn/data/output/scan_results/* \ + /home/bjorn/Bjorn/__pycache__ \ + /home/bjorn/Bjorn/config/__pycache__ \ + /home/bjorn/Bjorn/data/__pycache__ \ + /home/bjorn/Bjorn/actions/__pycache__ \ + /home/bjorn/Bjorn/resources/__pycache__ \ + /home/bjorn/Bjorn/web/__pycache__ \ + /home/bjorn/Bjorn/*.log \ + /home/bjorn/Bjorn/resources/waveshare_epd/__pycache__ \ + /home/bjorn/Bjorn/data/logs/* \ + /home/bjorn/Bjorn/data/output/vulnerabilities/* \ + /home/bjorn/Bjorn/data/logs/* + +``` + +Everything will be recreated automatically at the next launch of Bjorn. + +## โ‡๏ธ Important Configuration Files + +### ๐Ÿ”— Shared Configuration (`shared_config.json`) + +Defines various settings for Bjorn, including: + +- Boolean settings (`manual_mode`, `websrv`, `debug_mode`, etc.). +- Time intervals and delays. +- Network settings. +- Port lists and blacklists. +These settings are accessible on the webpage. + +### ๐Ÿ› ๏ธ Actions Configuration (`actions.json`) + +Lists the actions to be performed by Bjorn, including (dynamically generated with the content of the folder): + +- Module and class definitions. +- Port assignments. +- Parent-child relationships. +- Action status definitions. + +## ๐Ÿ“Ÿ E-Paper Display Support + +Currently, hardcoded for the 2.13-inch V2 & V4 e-Paper HAT. +My program automatically detect the screen model and adapt the python expressions into my code. + +For other versions: +- As I don't have the v1 and v3 to validate my algorithm, I just hope it will work properly. + +### ๐Ÿพ Ghosting Removed! +In my journey to make Bjorn work with the different screen versions, I struggled, hacking several parameters and found out that it was possible to remove the ghosting of screens! I let you see this, I think this method will be very useful for all other projects with the e-paper screen! + +## โœ๏ธ Development Guidelines + +### โž• Adding New Actions + +1. Create a new action file in `actions/`. +2. Implement required methods: + - `__init__(self, shared_data)` + - `execute(self, ip, port, row, status_key)` +3. Add the action to `actions.json`. +4. Follow existing action patterns. + +### ๐Ÿงช Testing + +1. Create a test environment. +2. Use an isolated network. +3. Follow ethical guidelines. +4. Document test cases. + +## ๐Ÿ’ป Web Interface + +- **Access**: `http://[device-ip]:8000` +- **Features**: + - Real-time monitoring with a console. + - Configuration management. + - Viewing results. (Credentials and files) + - System control. + +## ๐Ÿงญ Project Roadmap + +### ๐Ÿช› Current Focus + +- Stability improvements. +- Bug fixes. +- Service reliability. +- Documentation updates. + +### ๐Ÿงท Future Plans + +- Additional attack modules. +- Enhanced reporting. +- Improved user interface. +- Extended protocol support. + +--- + +## ๐Ÿ“œ License + +2024 - Bjorn is distributed under the MIT License. For more details, please refer to the [LICENSE](LICENSE) file included in this repository. diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..d9c3953 --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,453 @@ +## ๐Ÿ”ง Installation and Configuration + +

+ thumbnail_IMG_0546 +

+ +## ๐Ÿ“š Table of Contents + +- [Prerequisites](#-prerequisites) +- [Quick Install](#-quick-install) +- [Manual Install](#-manual-install) +- [License](#-license) + +Use Raspberry Pi Imager to install your OS +https://www.raspberrypi.com/software/ + +### ๐Ÿ“Œ Prerequisites + +![image](https://github.com/user-attachments/assets/e775f454-1771-4d6c-bff5-b262b3d98452) + +- Raspberry Pi OS installed. + - Stable: + - System: 32-bit + - Kernel version: 6.6 + - Debian version: 12 (bookworm) '2024-10-22-raspios-bookworm-armhf-lite' +- Username and hostname set to `bjorn`. +- 2.13-inch e-Paper HAT connected to GPIO pins. + +At the moment the paper screen v2 & v4 have been tested and implemented. +I juste hope the V1 & V3 will work the same. + +### โšก Quick Install + +The fastest way to install Bjorn is using the automatic installation script : + +```bash +# Download and run the installer +wget https://raw.githubusercontent.com/infinition/Bjorn/refs/heads/main/install_bjorn.sh +sudo chmod +x install_bjorn.sh +sudo ./install_bjorn.sh +# Choose the choice 1 for automatic installation. It may take a while as a lot of packages and modules will be installed. You must reboot at the end. +``` + +### ๐Ÿงฐ Manual Install + +#### Step 1: Activate SPI & I2C + +```bash +sudo raspi-config +``` + +- Navigate to **"Interface Options"**. +- Enable **SPI**. +- Enable **I2C**. + +#### Step 2: System Dependencies + +```bash +# Update system +sudo apt-get update && sudo apt-get upgrade -y + +# Install required packages + + sudo apt install -y \ + libjpeg-dev \ + zlib1g-dev \ + libpng-dev \ + python3-dev \ + libffi-dev \ + libssl-dev \ + libgpiod-dev \ + libi2c-dev \ + libatlas-base-dev \ + build-essential \ + python3-pip \ + wget \ + lsof \ + git \ + libopenjp2-7 \ + nmap \ + libopenblas-dev \ + bluez-tools \ + bluez \ + dhcpcd5 \ + bridge-utils \ + python3-pil + + +# Update Nmap scripts database + +sudo nmap --script-updatedb + +``` + +#### Step 3: Bjorn Installation + +```bash +# Clone the Bjorn repository +cd /home/bjorn +git clone https://github.com/infinition/Bjorn.git +cd Bjorn + +# Install Python dependencies within the virtual environment +sudo pip install -r requirements.txt --break-system-packages +# As i did not succeed "for now" to get a stable installation with a virtual environment, i installed the dependencies system wide (with --break-system-packages), it did not cause any issue so far. You can try to install them in a virtual environment if you want. +``` + +##### 3.1: Configure E-Paper Display Type +Choose your e-Paper HAT version by modifying the configuration file: + +1. Open the configuration file: +```bash +sudo vi /home/bjorn/Bjorn/config/shared_config.json +``` +Press i to enter insert mode +Locate the line containing "epd_type": +Change the value according to your screen model: + +- For 2.13 V1: "epd_type": "epd2in13", +- For 2.13 V2: "epd_type": "epd2in13_V2", +- For 2.13 V3: "epd_type": "epd2in13_V3", +- For 2.13 V4: "epd_type": "epd2in13_V4", + +Press Esc to exit insert mode +Type :wq and press Enter to save and quit + +#### Step 4: Configure File Descriptor Limits + +To prevent `OSError: [Errno 24] Too many open files`, it's essential to increase the file descriptor limits. + +##### 4.1: Modify File Descriptor Limits for All Users + +Edit `/etc/security/limits.conf`: + +```bash +sudo vi /etc/security/limits.conf +``` + +Add the following lines: + +``` +* soft nofile 65535 +* hard nofile 65535 +root soft nofile 65535 +root hard nofile 65535 +``` + +##### 4.2: Configure Systemd Limits + +Edit `/etc/systemd/system.conf`: + +```bash +sudo vi /etc/systemd/system.conf +``` + +Uncomment and modify: + +``` +DefaultLimitNOFILE=65535 +``` + +Edit `/etc/systemd/user.conf`: + +```bash +sudo vi /etc/systemd/user.conf +``` + +Uncomment and modify: + +``` +DefaultLimitNOFILE=65535 +``` + +##### 4.3: Create or Modify `/etc/security/limits.d/90-nofile.conf` + +```bash +sudo vi /etc/security/limits.d/90-nofile.conf +``` + +Add: + +``` +root soft nofile 65535 +root hard nofile 65535 +``` + +##### 4.4: Adjust the System-wide File Descriptor Limit + +Edit `/etc/sysctl.conf`: + +```bash +sudo vi /etc/sysctl.conf +``` + +Add: + +``` +fs.file-max = 2097152 +``` + +Apply the changes: + +```bash +sudo sysctl -p +``` + +#### Step 5: Reload Systemd and Apply Changes + +Reload systemd to apply the new file descriptor limits: + +```bash +sudo systemctl daemon-reload +``` + +#### Step 6: Modify PAM Configuration Files + +PAM (Pluggable Authentication Modules) manages how limits are enforced for user sessions. To ensure that the new file descriptor limits are respected, update the following configuration files. + +##### Step 6.1: Edit `/etc/pam.d/common-session` and `/etc/pam.d/common-session-noninteractive` + +```bash +sudo vi /etc/pam.d/common-session +sudo vi /etc/pam.d/common-session-noninteractive +``` + +Add this line at the end of both files: + +``` +session required pam_limits.so +``` + +This ensures that the limits set in `/etc/security/limits.conf` are enforced for all user sessions. + +#### Step 7: Configure Services + +##### 7.1: Bjorn Service + +Create the service file: + +```bash +sudo vi /etc/systemd/system/bjorn.service +``` + +Add the following content: + +```ini +[Unit] +Description=Bjorn Service +DefaultDependencies=no +Before=basic.target +After=local-fs.target + +[Service] +ExecStartPre=/home/bjorn/Bjorn/kill_port_8000.sh +ExecStart=/usr/bin/python3 /home/bjorn/Bjorn/Bjorn.py +WorkingDirectory=/home/bjorn/Bjorn +StandardOutput=inherit +StandardError=inherit +Restart=always +User=root + +# Check open files and restart if it reached the limit (ulimit -n buffer of 1000) +ExecStartPost=/bin/bash -c 'FILE_LIMIT=$(ulimit -n); THRESHOLD=$(( FILE_LIMIT - 1000 )); while :; do TOTAL_OPEN_FILES=$(lsof | wc -l); if [ "$TOTAL_OPEN_FILES" -ge "$THRESHOLD" ]; then echo "File descriptor threshold reached: $TOTAL_OPEN_FILES (threshold: $THRESHOLD). Restarting service."; systemctl restart bjorn.service; exit 0; fi; sleep 10; done &' + +[Install] +WantedBy=multi-user.target +``` + + + +##### 7.2: Port 8000 Killer Script + +Create the script to free up port 8000: + +```bash +vi /home/bjorn/Bjorn/kill_port_8000.sh +``` + +Add: + +```bash +#!/bin/bash +PORT=8000 +PIDS=$(lsof -t -i:$PORT) + +if [ -n "$PIDS" ]; then + echo "Killing PIDs using port $PORT: $PIDS" + kill -9 $PIDS +fi +``` + +Make the script executable: + +```bash +chmod +x /home/bjorn/Bjorn/kill_port_8000.sh +``` + + +##### 7.3: USB Gadget Configuration + +Modify `/boot/firmware/cmdline.txt`: + +```bash +sudo vi /boot/firmware/cmdline.txt +``` + +Add the following right after `rootwait`: + +``` +modules-load=dwc2,g_ether +``` + +Modify `/boot/firmware/config.txt`: + +```bash +sudo vi /boot/firmware/config.txt +``` + +Add at the end of the file: + +``` +dtoverlay=dwc2 +``` + +Create the USB gadget script: + +```bash +sudo vi /usr/local/bin/usb-gadget.sh +``` + +Add the following content: + +```bash +#!/bin/bash +set -e + +modprobe libcomposite +cd /sys/kernel/config/usb_gadget/ +mkdir -p g1 +cd g1 + +echo 0x1d6b > idVendor +echo 0x0104 > idProduct +echo 0x0100 > bcdDevice +echo 0x0200 > bcdUSB + +mkdir -p strings/0x409 +echo "fedcba9876543210" > strings/0x409/serialnumber +echo "Raspberry Pi" > strings/0x409/manufacturer +echo "Pi Zero USB" > strings/0x409/product + +mkdir -p configs/c.1/strings/0x409 +echo "Config 1: ECM network" > configs/c.1/strings/0x409/configuration +echo 250 > configs/c.1/MaxPower + +mkdir -p functions/ecm.usb0 + +# Check for existing symlink and remove if necessary +if [ -L configs/c.1/ecm.usb0 ]; then + rm configs/c.1/ecm.usb0 +fi +ln -s functions/ecm.usb0 configs/c.1/ + +# Ensure the device is not busy before listing available USB device controllers +max_retries=10 +retry_count=0 + +while ! ls /sys/class/udc > UDC 2>/dev/null; do + if [ $retry_count -ge $max_retries ]; then + echo "Error: Device or resource busy after $max_retries attempts." + exit 1 + fi + retry_count=$((retry_count + 1)) + sleep 1 +done + +# Check if the usb0 interface is already configured +if ! ip addr show usb0 | grep -q "172.20.2.1"; then + ifconfig usb0 172.20.2.1 netmask 255.255.255.0 +else + echo "Interface usb0 already configured." +fi +``` + +Make the script executable: + +```bash +sudo chmod +x /usr/local/bin/usb-gadget.sh +``` + +Create the systemd service: + +```bash +sudo vi /etc/systemd/system/usb-gadget.service +``` + +Add: + +```ini +[Unit] +Description=USB Gadget Service +After=network.target + +[Service] +ExecStartPre=/sbin/modprobe libcomposite +ExecStart=/usr/local/bin/usb-gadget.sh +Type=simple +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +``` + +Configure `usb0`: + +```bash +sudo vi /etc/network/interfaces +``` + +Add: + +```bash +allow-hotplug usb0 +iface usb0 inet static + address 172.20.2.1 + netmask 255.255.255.0 +``` + +Reload the services: + +```bash +sudo systemctl daemon-reload +sudo systemctl enable systemd-networkd +sudo systemctl enable usb-gadget +sudo systemctl start systemd-networkd +sudo systemctl start usb-gadget +``` + +You must reboot to be able to use it as a USB gadget (with ip) +###### Windows PC Configuration + +Set the static IP address on your Windows PC: + +- **IP Address**: `172.20.2.2` +- **Subnet Mask**: `255.255.255.0` +- **Default Gateway**: `172.20.2.1` +- **DNS Servers**: `8.8.8.8`, `8.8.4.4` + +--- + +## ๐Ÿ“œ License + +2024 - Bjorn is distributed under the MIT License. For more details, please refer to the [LICENSE](LICENSE) file included in this repository. diff --git a/README.md b/README.md index 65a829f..5d8fcef 100644 --- a/README.md +++ b/README.md @@ -1,75 +1,37 @@ -# Bjorn +# thumbnail_IMG_0546 Bjorn + +[![Reddit](https://img.shields.io/badge/Reddit-Bjorn__CyberViking-orange?style=for-the-badge&logo=reddit)](https://www.reddit.com/r/Bjorn_CyberViking) +[![Discord](https://img.shields.io/badge/Discord-Join%20Us-7289DA?style=for-the-badge&logo=discord)](https://discord.com/invite/B3ZH9taVfT) +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

thumbnail_IMG_0546 bjorn_epd-removebg-preview

-## Join Our Community +Bjorn is aย ยซย Tamagotchi likeย ยป sophisticated, autonomous network scanning, vulnerability assessment, and offensive security tool designed to run on a Raspberry Pi equipped with a 2.13-inch e-Paper HAT. This document provides a detailed explanation of the project. -[![Reddit](https://img.shields.io/badge/Reddit-Bjorn__CyberViking-orange?style=for-the-badge&logo=reddit)](https://www.reddit.com/r/Bjorn_CyberViking) -[![Discord](https://img.shields.io/badge/Discord-Join%20Us-7289DA?style=for-the-badge&logo=discord)](https://discord.com/invite/B3ZH9taVfT) +## ๐Ÿ“š Table of Contents -## Table of Contents - -- [Introduction](#introduction) -- [Features](#features) -- [Design](#design) -- [Educational Aspects](#educational-aspects) -- [Disclaimer](#disclaimer) -- [Extensibility](#extensibility) -- [Development Status](#development-status) -- [Detailed Project Description](#detailed-project-description) - - [Project Structure](#project-structure) - - [Core Files](#core-files) - - [Actions](#actions) - - [Data Structure](#data-structure) - - [Behavior of Bjorn](#behavior-of-bjorn) -- [Installation and Configuration](#installation-and-configuration) - - [Prerequisites](#prerequisites) - - [Quick Installation](#quick-installation) - - [Manual Installation](#manual-installation) - - [Step 1: Activate SPI & I2C](#step-1-activate-spi--i2c) - - [Step 2: System Dependencies](#step-2-system-dependencies) - - [Step 3: Bjorn Installation](#step-3-bjorn-installation) - - [Step 4: Configure File Descriptor Limits](#step-4-configure-file-descriptor-limits) - - [Step 5: Reload Systemd and Apply Changes](#step-5-reload-systemd-and-apply-changes) - - [Step 6: Modify PAM Configuration Files](#step-6-modify-pam-configuration-files) - - [Step 7: Configure Services](#step-7-configure-services) -- [Running Bjorn](#running-bjorn) - - [Manual Start](#manual-start) - - [Service Control](#service-control) - - [Fresh Start](#fresh-start) -- [Important Configuration Files](#important-configuration-files) - - [Shared Configuration (`shared_config.json`)](#shared-configuration-shared_configjson) - - [Actions Configuration (`actions.json`)](#actions-configuration-actionsjson) -- [Known Issues and Troubleshooting](#known-issues-and-troubleshooting) - - [Current Development Issues](#current-development-issues) - - [Troubleshooting Steps](#troubleshooting-steps) -- [E-Paper Display Support](#e-paper-display-support) -- [Development Guidelines](#development-guidelines) - - [Adding New Actions](#adding-new-actions) - - [Testing](#testing) -- [Web Interface](#web-interface) -- [Project Roadmap](#project-roadmap) - - [Current Focus](#current-focus) - - [Future Plans](#future-plans) -- [Contributing](#contributing) -- [Support and Contact](#support-and-contact) -- [Conclusion](#conclusion) -- [License](#license) -- [Contact](#contact) +- [Introduction](#-introduction) +- [Features](#-features) +- [Getting Started](#-getting-started) + - [Prerequisites](#-prerequisites) + - [Installation](#-Installation) +- [Quick Start](#-quick-start) +- [Usage Example](#-usage-example) +- [Contributing](#-contributing) +- [License](#-license) +- [Contact](#-contact) ---- +## ๐Ÿ“„ Introduction -[โ†–๏ธ](#table-of-contents) -## Introduction +Bjorn is a powerful tool designed to perform comprehensive network scanning, vulnerability assessment, and data ex-filtration. Its modular design and extensive configuration options allow for flexible and targeted operations. By combining different actions and orchestrating them intelligently, Bjorn can provide valuable insights into network security and help identify and mitigate potential risks. -Bjorn is aย ยซย Tamagotchi likeย ยป sophisticated, autonomous network scanning, vulnerability assessment, and offensive security tool designed to run on a Raspberry Pi equipped with a 2.13-inch e-Paper HAT. This document provides a detailed explanation of the project. +The e-Paper HAT display and web interface make it easy to monitor and interact with Bjorn, providing real-time updates and status information. With its extensible architecture and customizable actions, Bjorn can be adapted to suit a wide range of security testing and monitoring needs. -[โ†–๏ธ](#table-of-contents) -## Features +## ๐ŸŒŸ Features - **Network Scanning**: Identifies live hosts and open ports on the network. - **Vulnerability Assessment**: Performs vulnerability scans using Nmap and other tools. @@ -77,230 +39,11 @@ Bjorn is aย ยซย Tamagotchi likeย ยป sophisticated, autonomous network scanning, - **File Stealing**: Extracts data from vulnerable services. - **User Interface**: Real-time display on the e-Paper HAT and web interface for monitoring and interaction. -[โ†–๏ธ](#table-of-contents) -## Design - -- **Portability**: Self-contained and portable device, ideal for penetration testing. -- **Modularity**: Extensible architecture allowing addition of new actions. -- **Visual Interface**: The e-Paper HAT provides a visual interface for monitoring the ongoing actions, displaying results or stats, and interacting with Bjorn . - -[โ†–๏ธ](#table-of-contents) -## Educational Aspects - -- **Learning Tool**: Designed as an educational tool to understand cybersecurity concepts and penetration testing techniques. -- **Practical Experience**: Provides a practical means for students and professionals to familiarize themselves with network security practices and vulnerability assessment tools. - -[โ†–๏ธ](#table-of-contents) -## Disclaimer - -- **Ethical Use**: This project is strictly for educational purposes. -- **Responsibility**: The author and contributors disclaim any responsibility for misuse of Bjorn. -- **Legal Compliance**: Unauthorized use of this tool for malicious activities is prohibited and may be prosecuted by law. - -[โ†–๏ธ](#table-of-contents) -## Extensibility - -- **Evolution**: The main purpose of Bjorn is to gain new actions and extend his arsenal over time. -- **Modularity**: Actions are designed to be modular and can be easily extended or modified to add new functionality. -- **Possibilities**: From capturing pcap files to cracking hashes, man-in-the-middle attacks, and moreโ€”the possibilities are endless. -- **Contribution**: It's up to the user to develop new actions and add them to the project. - -[โ†–๏ธ](#table-of-contents) -## Development Status - -- **Project Status**: Ongoing development. -- **Current Version**: Scripted auto-installer, or manual installation. Not yet packaged with Raspberry Pi OS. -- **Reason**: The project is still in an early stage, requiring further development and debugging. - - ![Bjorn Display](https://github.com/infinition/Bjorn/assets/37984399/bcad830d-77d6-4f3e-833d-473eadd33921) ---- - -[โ†–๏ธ](#table-of-contents) -## Detailed Project Description - -[โ†–๏ธ](#table-of-contents) -### Project Structure - -``` -Bjorn/ -โ”œโ”€โ”€ Bjorn.py -โ”œโ”€โ”€ comment.py -โ”œโ”€โ”€ display.py -โ”œโ”€โ”€ epd_helper.py -โ”œโ”€โ”€ init_shared.py -โ”œโ”€โ”€ kill_port_8000.sh -โ”œโ”€โ”€ logger.py -โ”œโ”€โ”€ orchestrator.py -โ”œโ”€โ”€ requirements.txt -โ”œโ”€โ”€ shared.py -โ”œโ”€โ”€ utils.py -โ”œโ”€โ”€ webapp.py -โ”œโ”€โ”€ __init__.py -โ”œโ”€โ”€ actions/ -โ”‚ โ”œโ”€โ”€ ftp_connector.py -โ”‚ โ”œโ”€โ”€ ssh_connector.py -โ”‚ โ”œโ”€โ”€ smb_connector.py -โ”‚ โ”œโ”€โ”€ rdp_connector.py -โ”‚ โ”œโ”€โ”€ telnet_connector.py -โ”‚ โ”œโ”€โ”€ sql_connector.py -โ”‚ โ”œโ”€โ”€ steal_files_ftp.py -โ”‚ โ”œโ”€โ”€ steal_files_ssh.py -โ”‚ โ”œโ”€โ”€ steal_files_smb.py -โ”‚ โ”œโ”€โ”€ steal_files_rdp.py -โ”‚ โ”œโ”€โ”€ steal_files_telnet.py -โ”‚ โ”œโ”€โ”€ steal_data_sql.py -โ”‚ โ”œโ”€โ”€ nmap_vuln_scanner.py -โ”‚ โ”œโ”€โ”€ scanning.py -โ”‚ โ””โ”€โ”€ __init__.py -โ”œโ”€โ”€ backup/ -โ”‚ โ”œโ”€โ”€ backups/ -โ”‚ โ””โ”€โ”€ uploads/ -โ”œโ”€โ”€ config/ -โ”œโ”€โ”€ data/ -โ”‚ โ”œโ”€โ”€ input/ -โ”‚ โ”‚ โ””โ”€โ”€ dictionary/ -โ”‚ โ”œโ”€โ”€ logs/ -โ”‚ โ””โ”€โ”€ output/ -โ”‚ โ”œโ”€โ”€ crackedpwd/ -โ”‚ โ”œโ”€โ”€ data_stolen/ -โ”‚ โ”œโ”€โ”€ scan_results/ -โ”‚ โ”œโ”€โ”€ vulnerabilities/ -โ”‚ โ””โ”€โ”€ zombies/ -โ””โ”€โ”€ resources/ - โ””โ”€โ”€ waveshare_epd/ -``` - -[โ†–๏ธ](#table-of-contents) -### Core Files - -#### Bjorn.py - -The main entry point for the application. It initializes and runs the main components, including the network scanner, orchestrator, display, and web server. - -#### comment.py - -Handles generating all the Bjorn comments displayed on the e-Paper HAT based on different themes/actions and statuses. - -#### display.py - -Manages the e-Paper HAT display, updating the screen with Bjorn character, the dialog/comments, and the current information such as network status, vulnerabilities, and various statistics. - -#### epd_helper.py - -Handles the low-level interactions with the e-Paper display hardware. - -#### logger.py - -Defines a custom logger with specific formatting and handlers for console and file logging. It also includes a custom log level for success messages. - -#### orchestrator.py - -Bjornโ€™s AI, an heuristic engine that orchestrates the different actions such as network scanning, vulnerability scanning, attacks, and file stealing. It loads and executes actions based on the configuration and sets the status of the actions and Bjorn. - -#### shared.py - -Defines the `SharedData` class that holds configuration settings, paths, and methods for updating and managing shared data across different modules. - -#### init_shared.py - -Initializes shared data that is used across different modules. It loads the configuration and sets up necessary paths and variables. +## ๐Ÿš€ Getting Started -#### utils.py - -Contains utility functions used throughout the project. - -#### webapp.py - -Sets up and runs a web server to provide a web interface for changing settings, monitoring and interacting with Bjorn. - -[โ†–๏ธ](#table-of-contents) -### Actions - -#### actions/scanning.py - -Conducts network scanning to identify live hosts and open ports. It updates the network knowledge base (`netkb`) and generates scan results. - -#### actions/nmap_vuln_scanner.py - -Performs vulnerability scanning using Nmap. It parses the results and updates the vulnerability summary for each host. - -#### Protocol Connectors - -- **ftp_connector.py**: Brute-force attacks on FTP services. -- **ssh_connector.py**: Brute-force attacks on SSH services. -- **smb_connector.py**: Brute-force attacks on SMB services. -- **rdp_connector.py**: Brute-force attacks on RDP services. -- **telnet_connector.py**: Brute-force attacks on Telnet services. -- **sql_connector.py**: Brute-force attacks on SQL services. - -#### File Stealing Modules - -- **steal_files_ftp.py**: Steals files from FTP servers. -- **steal_files_smb.py**: Steals files from SMB shares. -- **steal_files_ssh.py**: Steals files from SSH servers. -- **steal_files_telnet.py**: Steals files from Telnet servers. -- **steal_data_sql.py**: Extracts data from SQL databases. - -[โ†–๏ธ](#table-of-contents) -### Data Structure - -#### Network Knowledge Base (netkb.csv) - -Located at `data/netkb.csv`. Stores information about: - -- Known hosts and their status. (Alive or offline) -- Open ports and vulnerabilities. -- Action execution history. (Success or failed) - -**Preview Example:** - -![netkb1](https://github.com/infinition/Bjorn/assets/37984399/f641a565-2765-4280-a7d7-5b25c30dcea5) -![netkb2](https://github.com/infinition/Bjorn/assets/37984399/f08114a2-d7d1-4f50-b1c4-a9939ba66056) - -#### Scan Results - -Located in `data/output/scan_results/`. -This file is generated everytime the network is scanned. It is used to consolidate the data and update netkb. - -**Example:** - -![Scan result](https://github.com/infinition/Bjorn/assets/37984399/eb4a313a-f90c-4c43-b699-3678271886dc) - -#### Live Status (livestatus.csv) - -Contains real-time information displayed on the e-Paper HAT: - -- Total number of known hosts. -- Currently alive hosts. -- Open ports count. -- Other runtime statistics. - -[โ†–๏ธ](#table-of-contents) -### Behavior of Bjorn - -Once launched, Bjorn performs the following steps: - -1. **Initialization**: Loads configuration, initializes shared data, and sets up necessary components such as the e-Paper HAT display. -2. **Network Scanning**: Scans the network to identify live hosts and open ports. Updates the network knowledge base (`netkb`) with the results. -3. **Orchestration**: Orchestrates different actions based on the configuration and network knowledge base. This includes performing vulnerability scanning, attacks, and file stealing. -4. **Vulnerability Scanning**: Performs vulnerability scans on identified hosts and updates the vulnerability summary. -5. **Brute-Force Attacks and File Stealing**: Starts brute-force attacks and steals files based on the configuration criteria. -6. **Display Updates**: Continuously updates the e-Paper HAT display with current information such as network status, vulnerabilities, and various statistics. Bjorn also displays random comments based on different themes and statuses. -7. **Web Server**: Provides a web interface for monitoring and interacting with Bjorn. - ---- - - - - -[โ†–๏ธ](#table-of-contents) -## Installation and Configuration -Use Raspberry Pi Imager to install your OS -https://www.raspberrypi.com/software/ - -### Prerequisites +### ๐Ÿ“Œ Prerequisites ![image](https://github.com/user-attachments/assets/e775f454-1771-4d6c-bff5-b262b3d98452) @@ -315,651 +58,38 @@ https://www.raspberrypi.com/software/ At the moment the paper screen v2 & v4 have been tested and implemented. I juste hope the V1 & V3 will work the same. -### Need help ? You struggle to find Bjorn's IP after the installation ? -Use my Bjorn Detector & SSH Launcher : - -https://github.com/infinition/Bjorn_Detector - -![ezgif-1-a310f5fe8f](https://github.com/user-attachments/assets/182f82f0-5c3a-48a9-a75e-37b9cfa2263a) - -[โ†–๏ธ](#table-of-contents) -### Quick Installation +### ๐Ÿ”จ Installation The fastest way to install Bjorn is using the automatic installation script : ```bash # Download and run the installer wget https://raw.githubusercontent.com/infinition/Bjorn/refs/heads/main/install_bjorn.sh -sudo chmod +x install_bjorn.sh -sudo ./install_bjorn.sh +sudo chmod +x install_bjorn.sh && sudo ./install_bjorn.sh # Choose the choice 1 for automatic installation. It may take a while as a lot of packages and modules will be installed. You must reboot at the end. ``` -[โ†–๏ธ](#table-of-contents) -### Manual Installation - - - -#### Step 1: Activate SPI & I2C - -```bash -sudo raspi-config -``` - -- Navigate to **"Interface Options"**. -- Enable **SPI**. -- Enable **I2C**. - -#### Step 2: System Dependencies - -```bash -# Update system -sudo apt-get update && sudo apt-get upgrade -y - -# Install required packages - - sudo apt install -y \ - libjpeg-dev \ - zlib1g-dev \ - libpng-dev \ - python3-dev \ - libffi-dev \ - libssl-dev \ - libgpiod-dev \ - libi2c-dev \ - libatlas-base-dev \ - build-essential \ - python3-pip \ - wget \ - lsof \ - git \ - libopenjp2-7 \ - nmap \ - libopenblas-dev \ - bluez-tools \ - bluez \ - dhcpcd5 \ - bridge-utils \ - python3-pil - - -# Update Nmap scripts database - -sudo nmap --script-updatedb - -``` - -#### Step 3: Bjorn Installation - -```bash -# Clone the Bjorn repository -cd /home/bjorn -git clone https://github.com/infinition/Bjorn.git -cd Bjorn - -# Install Python dependencies within the virtual environment -sudo pip install -r requirements.txt --break-system-packages -# As i did not succeed "for now" to get a stable installation with a virtual environment, i installed the dependencies system wide (with --break-system-packages), it did not cause any issue so far. You can try to install them in a virtual environment if you want. -``` - -##### 3.1: Configure E-Paper Display Type -Choose your e-Paper HAT version by modifying the configuration file: - -1. Open the configuration file: -```bash -sudo vi /home/bjorn/Bjorn/config/shared_config.json -``` -Press i to enter insert mode -Locate the line containing "epd_type": -Change the value according to your screen model: - -- For 2.13 V1: "epd_type": "epd2in13", -- For 2.13 V2: "epd_type": "epd2in13_V2", -- For 2.13 V3: "epd_type": "epd2in13_V3", -- For 2.13 V4: "epd_type": "epd2in13_V4", - -Press Esc to exit insert mode -Type :wq and press Enter to save and quit - -#### Step 4: Configure File Descriptor Limits - -To prevent `OSError: [Errno 24] Too many open files`, it's essential to increase the file descriptor limits. - -##### 4.1: Modify File Descriptor Limits for All Users - -Edit `/etc/security/limits.conf`: - -```bash -sudo vi /etc/security/limits.conf -``` - -Add the following lines: - -``` -* soft nofile 65535 -* hard nofile 65535 -root soft nofile 65535 -root hard nofile 65535 -``` - -##### 4.2: Configure Systemd Limits - -Edit `/etc/systemd/system.conf`: - -```bash -sudo vi /etc/systemd/system.conf -``` - -Uncomment and modify: - -``` -DefaultLimitNOFILE=65535 -``` - -Edit `/etc/systemd/user.conf`: - -```bash -sudo vi /etc/systemd/user.conf -``` - -Uncomment and modify: - -``` -DefaultLimitNOFILE=65535 -``` - -##### 4.3: Create or Modify `/etc/security/limits.d/90-nofile.conf` - -```bash -sudo vi /etc/security/limits.d/90-nofile.conf -``` - -Add: - -``` -root soft nofile 65535 -root hard nofile 65535 -``` - -##### 4.4: Adjust the System-wide File Descriptor Limit - -Edit `/etc/sysctl.conf`: - -```bash -sudo vi /etc/sysctl.conf -``` - -Add: - -``` -fs.file-max = 2097152 -``` - -Apply the changes: - -```bash -sudo sysctl -p -``` - -#### Step 5: Reload Systemd and Apply Changes - -Reload systemd to apply the new file descriptor limits: - -```bash -sudo systemctl daemon-reload -``` - -#### Step 6: Modify PAM Configuration Files - -PAM (Pluggable Authentication Modules) manages how limits are enforced for user sessions. To ensure that the new file descriptor limits are respected, update the following configuration files. - -##### Step 6.1: Edit `/etc/pam.d/common-session` and `/etc/pam.d/common-session-noninteractive` - -```bash -sudo vi /etc/pam.d/common-session -sudo vi /etc/pam.d/common-session-noninteractive -``` - -Add this line at the end of both files: - -``` -session required pam_limits.so -``` - -This ensures that the limits set in `/etc/security/limits.conf` are enforced for all user sessions. - -#### Step 7: Configure Services - -##### 7.1: Bjorn Service - -Create the service file: - -```bash -sudo vi /etc/systemd/system/bjorn.service -``` - -Add the following content: - -```ini -[Unit] -Description=Bjorn Service -DefaultDependencies=no -Before=basic.target -After=local-fs.target - -[Service] -ExecStartPre=/home/bjorn/Bjorn/kill_port_8000.sh -ExecStart=/usr/bin/python3 /home/bjorn/Bjorn/Bjorn.py -WorkingDirectory=/home/bjorn/Bjorn -StandardOutput=inherit -StandardError=inherit -Restart=always -User=root - -# Check open files and restart if it reached the limit (ulimit -n buffer of 1000) -ExecStartPost=/bin/bash -c 'FILE_LIMIT=$(ulimit -n); THRESHOLD=$(( FILE_LIMIT - 1000 )); while :; do TOTAL_OPEN_FILES=$(lsof | wc -l); if [ "$TOTAL_OPEN_FILES" -ge "$THRESHOLD" ]; then echo "File descriptor threshold reached: $TOTAL_OPEN_FILES (threshold: $THRESHOLD). Restarting service."; systemctl restart bjorn.service; exit 0; fi; sleep 10; done &' - -[Install] -WantedBy=multi-user.target -``` - - - -##### 7.2: Port 8000 Killer Script - -Create the script to free up port 8000: - -```bash -vi /home/bjorn/Bjorn/kill_port_8000.sh -``` - -Add: - -```bash -#!/bin/bash -PORT=8000 -PIDS=$(lsof -t -i:$PORT) - -if [ -n "$PIDS" ]; then - echo "Killing PIDs using port $PORT: $PIDS" - kill -9 $PIDS -fi -``` - -Make the script executable: - -```bash -chmod +x /home/bjorn/Bjorn/kill_port_8000.sh -``` - - -##### 7.3: USB Gadget Configuration - -Modify `/boot/firmware/cmdline.txt`: - -```bash -sudo vi /boot/firmware/cmdline.txt -``` - -Add the following right after `rootwait`: - -``` -modules-load=dwc2,g_ether -``` - -Modify `/boot/firmware/config.txt`: - -```bash -sudo vi /boot/firmware/config.txt -``` - -Add at the end of the file: - -``` -dtoverlay=dwc2 -``` - -Create the USB gadget script: - -```bash -sudo vi /usr/local/bin/usb-gadget.sh -``` - -Add the following content: - -```bash -#!/bin/bash -set -e - -modprobe libcomposite -cd /sys/kernel/config/usb_gadget/ -mkdir -p g1 -cd g1 - -echo 0x1d6b > idVendor -echo 0x0104 > idProduct -echo 0x0100 > bcdDevice -echo 0x0200 > bcdUSB - -mkdir -p strings/0x409 -echo "fedcba9876543210" > strings/0x409/serialnumber -echo "Raspberry Pi" > strings/0x409/manufacturer -echo "Pi Zero USB" > strings/0x409/product - -mkdir -p configs/c.1/strings/0x409 -echo "Config 1: ECM network" > configs/c.1/strings/0x409/configuration -echo 250 > configs/c.1/MaxPower - -mkdir -p functions/ecm.usb0 - -# Check for existing symlink and remove if necessary -if [ -L configs/c.1/ecm.usb0 ]; then - rm configs/c.1/ecm.usb0 -fi -ln -s functions/ecm.usb0 configs/c.1/ - -# Ensure the device is not busy before listing available USB device controllers -max_retries=10 -retry_count=0 - -while ! ls /sys/class/udc > UDC 2>/dev/null; do - if [ $retry_count -ge $max_retries ]; then - echo "Error: Device or resource busy after $max_retries attempts." - exit 1 - fi - retry_count=$((retry_count + 1)) - sleep 1 -done - -# Check if the usb0 interface is already configured -if ! ip addr show usb0 | grep -q "172.20.2.1"; then - ifconfig usb0 172.20.2.1 netmask 255.255.255.0 -else - echo "Interface usb0 already configured." -fi -``` - -Make the script executable: - -```bash -sudo chmod +x /usr/local/bin/usb-gadget.sh -``` - -Create the systemd service: - -```bash -sudo vi /etc/systemd/system/usb-gadget.service -``` - -Add: - -```ini -[Unit] -Description=USB Gadget Service -After=network.target - -[Service] -ExecStartPre=/sbin/modprobe libcomposite -ExecStart=/usr/local/bin/usb-gadget.sh -Type=simple -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target -``` - -Configure `usb0`: - -```bash -sudo vi /etc/network/interfaces -``` - -Add: - -```ini -allow-hotplug usb0 -iface usb0 inet static - address 172.20.2.1 - netmask 255.255.255.0 -``` - -Reload the services: - -```bash -sudo systemctl daemon-reload -sudo systemctl enable systemd-networkd -sudo systemctl enable usb-gadget -sudo systemctl start systemd-networkd -sudo systemctl start usb-gadget -``` - -You must reboot to be able to use it as a USB gadget (with ip) -###### Windows PC Configuration - -Set the static IP address on your Windows PC: - -- **IP Address**: `172.20.2.2` -- **Subnet Mask**: `255.255.255.0` -- **Default Gateway**: `172.20.2.1` -- **DNS Servers**: `8.8.8.8`, `8.8.4.4` - ---- - -[โ†–๏ธ](#table-of-contents) -## Running Bjorn - -### Manual Start - -To manually start Bjorn (without the service, ensure the service is stopped ยซย sudo systemctl stop bjorn.serviceย ยป): - -```bash -cd /home/bjorn/Bjorn - -# Run Bjorn -sudo python Bjorn.py -``` - - -### Service Control - -Control the Bjorn service: - -```bash -# Start Bjorn -sudo systemctl start bjorn.service - -# Stop Bjorn -sudo systemctl stop bjorn.service - -# Check status -sudo systemctl status bjorn.service - -# View logs -sudo journalctl -u bjorn.service -``` - -### Fresh Start - -To reset Bjorn to a clean state: - -```bash -sudo rm -rf /home/bjorn/Bjorn/config/*.json \ - /home/bjorn/Bjorn/data/*.csv \ - /home/bjorn/Bjorn/data/*.log \ - /home/bjorn/Bjorn/data/output/data_stolen/* \ - /home/bjorn/Bjorn/data/output/crackedpwd/* \ - /home/bjorn/Bjorn/config/* \ - /home/bjorn/Bjorn/data/output/scan_results/* \ - /home/bjorn/Bjorn/__pycache__ \ - /home/bjorn/Bjorn/config/__pycache__ \ - /home/bjorn/Bjorn/data/__pycache__ \ - /home/bjorn/Bjorn/actions/__pycache__ \ - /home/bjorn/Bjorn/resources/__pycache__ \ - /home/bjorn/Bjorn/web/__pycache__ \ - /home/bjorn/Bjorn/*.log \ - /home/bjorn/Bjorn/resources/waveshare_epd/__pycache__ \ - /home/bjorn/Bjorn/data/logs/* \ - /home/bjorn/Bjorn/data/output/vulnerabilities/* \ - /home/bjorn/Bjorn/data/logs/* - -``` - -Everything will be recreated automatically at the next launch of Bjorn. - ---- - -[โ†–๏ธ](#table-of-contents) -## Important Configuration Files - -### Shared Configuration (`shared_config.json`) - -Defines various settings for Bjorn, including: - -- Boolean settings (`manual_mode`, `websrv`, `debug_mode`, etc.). -- Time intervals and delays. -- Network settings. -- Port lists and blacklists. -These settings are accessible on the webpage. - -### Actions Configuration (`actions.json`) - -Lists the actions to be performed by Bjorn, including (dynamically generated with the content of the folder): - -- Module and class definitions. -- Port assignments. -- Parent-child relationships. -- Action status definitions. - ---- - -[โ†–๏ธ](#table-of-contents) -## Known Issues and Troubleshooting - -### Current Development Issues - -#### 1. Long Runtime Issue - -- **Problem**: `OSError: [Errno 24] Too many open files` -- **Status**: Partially resolved with system limits configuration. -- **Workaround**: Implemented file descriptor limits increase. -- **Monitoring**: Check open files with `lsof -p $(pgrep -f Bjorn.py) | wc -l` -- At the moment the logs show periodically this information as (FD : XXX) - -### Troubleshooting Steps - -#### 1. Service Issues - -```bash -# Check service status -sudo systemctl status bjorn.service - -# View detailed logs -sudo journalctl -u bjorn.service -f - -# Check port 8000 usage -sudo lsof -i :8000 -``` - -#### 2. Display Issues - -```bash -# Verify SPI devices -ls /dev/spi* - -# Check user permissions -sudo usermod -a -G spi,gpio bjorn -``` - -#### 3. Network Issues - -```bash -# Check network interfaces -ip addr show - -# Test USB gadget interface -ip link show usb0 -``` - -#### 4. Permission Issues - -```bash -# Fix ownership -sudo chown -R bjorn:bjorn /home/bjorn/Bjorn - -# Fix permissions -sudo chmod -R 755 /home/bjorn/Bjorn -``` - ---- - -[โ†–๏ธ](#table-of-contents) -## E-Paper Display Support +For **detailed information** about installation process go to [Install Guide](INSTALL.md) -Currently hardcoded for the 2.13-inch V2 & V4 e-Paper HAT. -My program automatically detect the screen model and adapt the python expressions into my code. - -For other versions: -- As i dont have the v1 and v3 to validate my algorithm, i just hope it will work properly. - -### Ghosting removed ! ๐Ÿพ -In my journey to make Bjorn work with the different screen versions, I struggled, hacking several parameters and found out that it was possible to remove the ghosting of screens! I let you see this, I think this method will be very useful for all other projects with the e-paper screen! - ---- - -[โ†–๏ธ](#table-of-contents) -## Development Guidelines - -### Adding New Actions - -1. Create a new action file in `actions/`. -2. Implement required methods: - - `__init__(self, shared_data)` - - `execute(self, ip, port, row, status_key)` -3. Add the action to `actions.json`. -4. Follow existing action patterns. - -### Testing - -1. Create a test environment. -2. Use an isolated network. -3. Follow ethical guidelines. -4. Document test cases. - ---- +## โšก Quick Start -[โ†–๏ธ](#table-of-contents) -## Web Interface +**Need help ? You struggle to find Bjorn's IP after the installation ?** +Use my Bjorn Detector & SSH Launcher : -- **Access**: `http://[device-ip]:8000` -- **Features**: - - Real-time monitoring with a console. - - Configuration management. - - Viewing results. (Credentials and files) - - System control. +https://github.com/infinition/Bjorn_Detector ---- +![ezgif-1-a310f5fe8f](https://github.com/user-attachments/assets/182f82f0-5c3a-48a9-a75e-37b9cfa2263a) -[โ†–๏ธ](#table-of-contents) -## Project Roadmap +**Hmm, You still need help ?** +For **detailed information** about **troubleshooting** go to [Troubleshooting](TROUBLESHOOTING.md) -### Current Focus +**Quick Installation**: you can use the fastest way to install Bjorn [Getting Started](#-getting-started) -- Stability improvements. -- Bug fixes. -- Service reliability. -- Documentation updates. +## ๐Ÿ’ก Usage Example -### Future Plans +... -- Additional attack modules. -- Enhanced reporting. -- Improved user interface. -- Extended protocol support. - ---- - -[โ†–๏ธ](#table-of-contents) -## Contributing +## ๐Ÿค Contributing The project welcomes contributions in: @@ -968,10 +98,9 @@ The project welcomes contributions in: - Documentation. - Feature improvements. ---- +For **detailed information** about contributing process go to [Contributing Docs](CONTRIBUTING.md), [Code Of Conduct](CODE_OF_CONDUCT.md) and [Development Guide](DEVELOPMENT.md). -[โ†–๏ธ](#table-of-contents) -## Support and Contact +## ๐Ÿ“ซ Contact - **Report Issues**: Via GitHub. - **Guidelines**: @@ -979,30 +108,11 @@ The project welcomes contributions in: - Document reproduction steps. - Provide logs and context. ---- - -[โ†–๏ธ](#table-of-contents) -## Conclusion - -Bjorn is a powerful tool designed to perform comprehensive network scanning, vulnerability assessment, and data exfiltration. Its modular design and extensive configuration options allow for flexible and targeted operations. By combining different actions and orchestrating them intelligently, Bjorn can provide valuable insights into network security and help identify and mitigate potential risks. - -The e-Paper HAT display and web interface make it easy to monitor and interact with Bjorn, providing real-time updates and status information. With its extensible architecture and customizable actions, Bjorn can be adapted to suit a wide range of security testing and monitoring needs. - -[โ†–๏ธ](#table-of-contents) -## License - -Bjorn is distributed under the MIT License. See the `LICENSE` file for more information. - ---- - -[โ†–๏ธ](#table-of-contents) -## Contact - -- **Author**: infinition +- **Author**: __infinition__ - **GitHub**: [infinition/Bjorn](https://github.com/infinition/Bjorn) --- -**Note**: This document is subject to change as the project evolves. Please refer to the GitHub repository for the most recent updates. +## ๐Ÿ“œ License ---- +2024 - Bjorn is distributed under the MIT License. For more details, please refer to the [LICENSE](LICENSE) file included in this repository. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..848063e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,48 @@ +# ๐Ÿ”’ Security Policy + +Security Policy for **Bjorn** repository includes all required compliance matrix and artifact mapping. + +## ๐Ÿงฎ Supported Versions + +We provide security updates for the following versions of our project: + +| Version | Status | Secure | +| ------- |-------------| ------ | +| 1.0.0 | Development | No | + +## ๐Ÿ›ก๏ธ Security Practices + +- We follow best practices for secure coding and infrastructure management. +- Regular security audits and code reviews are conducted to identify and mitigate potential risks. +- Dependencies are monitored and updated to address known vulnerabilities. + +## ๐Ÿ“ฒ Security Updates + +- Security updates are released as soon as possible after a vulnerability is confirmed. +- Users are encouraged to update to the latest version to benefit from security fixes. + +## ๐Ÿšจ Reporting a Vulnerability + +If you discover a security vulnerability within this project, please follow these steps: + +1. **Do not create a public issue.** Instead, contact us directly to responsibly disclose the vulnerability. + +2. **Email** [email@dominio.com](mailto:email@dominio.com) with the following information: + + - A description of the vulnerability. + - Steps to reproduce the issue. + - Any potential impact or severity. + +3. **Wait for a response.** We will acknowledge your report and work with you to address the issue promptly. + +## ๐Ÿ›ฐ๏ธ Additional Resources + +- [OWASP Security Guidelines](https://owasp.org/) + +Thank you for helping us keep this project secure! + +--- + +## ๐Ÿ“œ License + +2024 - Bjorn is distributed under the MIT License. For more details, please refer to the [LICENSE](LICENSE) file included in this repository. diff --git a/TROUBLESHOOTING.md b/TROUBLESHOOTING.md new file mode 100644 index 0000000..a8a3560 --- /dev/null +++ b/TROUBLESHOOTING.md @@ -0,0 +1,72 @@ +# ๐Ÿ› Known Issues and Troubleshooting + +

+ thumbnail_IMG_0546 +

+ +## ๐Ÿ“š Table of Contents + +- [Current Development Issues](#-current-development-issues) +- [Troubleshooting Steps](#-troubleshooting-steps) +- [License](#-license) + +## ๐Ÿชฒ Current Development Issues + +### Long Runtime Issue + +- **Problem**: `OSError: [Errno 24] Too many open files` +- **Status**: Partially resolved with system limits configuration. +- **Workaround**: Implemented file descriptor limits increase. +- **Monitoring**: Check open files with `lsof -p $(pgrep -f Bjorn.py) | wc -l` +- At the moment the logs show periodically this information as (FD : XXX) + +## ๐Ÿ› ๏ธ Troubleshooting Steps + +### Service Issues + +```bash +# Check service status +sudo systemctl status bjorn.service + +# View detailed logs +sudo journalctl -u bjorn.service -f + +# Check port 8000 usage +sudo lsof -i :8000 +``` + +### Display Issues + +```bash +# Verify SPI devices +ls /dev/spi* + +# Check user permissions +sudo usermod -a -G spi,gpio bjorn +``` + +### Network Issues + +```bash +# Check network interfaces +ip addr show + +# Test USB gadget interface +ip link show usb0 +``` + +### Permission Issues + +```bash +# Fix ownership +sudo chown -R bjorn:bjorn /home/bjorn/Bjorn + +# Fix permissions +sudo chmod -R 755 /home/bjorn/Bjorn +``` + +--- + +## ๐Ÿ“œ License + +2024 - Bjorn is distributed under the MIT License. For more details, please refer to the [LICENSE](LICENSE) file included in this repository.