2024-10-04 18:27:17 +00:00
[![Rust ](https://github.com/vxfemboy/ghostport/actions/workflows/rust.yml/badge.svg )](https://github.com/vxfemboy/ghostport/actions/workflows/rust.yml)
2024-05-06 21:09:06 +00:00
# Ghostport
2024-10-04 17:53:24 +00:00
Ghostport is a sophisticated port spoofing tool designed to confuse and mislead port scanners. It's a Rust implementation inspired by the concept of portspoof, offering enhanced performance and flexibility.
2024-10-04 18:27:17 +00:00
![Ghostport Demo ](/contrib/ghostport_demo.gif )
2024-10-04 17:53:24 +00:00
## Features
- **Dynamic Port Emulation**: Responds to port scans with a variety of convincing service signatures.
- **Customizable Signatures**: Easily add or modify service signatures through a simple text file.
- **High Performance**: Built with Rust and Tokio for efficient, asynchronous handling of connections.
- **Flexible Logging**: Offers debug, verbose, and quiet logging modes for different use cases.
- **Easy to Use**: Simple command-line interface with sensible defaults.
2024-05-06 21:09:06 +00:00
## Installation
```bash
2024-10-04 20:51:24 +00:00
git clone https://github.com/vxfemboy/ghostport.git
2024-10-04 17:53:24 +00:00
cd ghostport
cargo build --release
```
## Usage
Basic usage:
```bash
./target/release/ghostport -s signatures.txt
2024-05-06 21:09:06 +00:00
```
or you can run with cargo
```bash
2024-10-04 20:51:24 +00:00
git clone https://github.com/vxfemboy/ghostport.git
2024-05-06 21:09:06 +00:00
cd ghostport
cargo run -- -s signatures.txt
```
2024-10-04 17:53:24 +00:00
This will start Ghostport on the default address (127.0.0.1:8888) using the signatures from `signatures.txt` .
2024-05-06 21:09:06 +00:00
2024-10-04 17:53:24 +00:00
### Command-line Options
2024-05-06 21:09:06 +00:00
2024-10-04 17:53:24 +00:00
- `-s, --signatures <FILE>` : Path to the signatures file (default: "signatures")
- `-l, --listen <ADDRESS>` : Address to listen on (default: "127.0.0.1:8888")
- `-d, --debug` : Enable debug logging
- `-v, --verbose` : Enable verbose logging
- `-q, --quiet` : Enable quiet logging
- `-V, --version` : Print version information
### Examples
Run with custom address and verbose logging:
2024-05-06 21:09:06 +00:00
```bash
2024-10-04 18:27:17 +00:00
./target/release/ghostport -s signatures.txt -l 0.0.0.0:8888 -d
2024-05-06 21:09:06 +00:00
```
2024-10-04 17:53:24 +00:00
Run with debug logging:
2024-05-06 21:09:06 +00:00
```bash
2024-10-04 18:27:17 +00:00
./target/release/ghostport -s signatures.txt -l 0.0.0.0:8888 -d
2024-05-06 21:09:06 +00:00
```
2024-10-04 17:53:24 +00:00
## Signature File Format
The signature file should contain one signature per line. Signatures can be raw text or regex patterns. For example:
2024-05-06 21:09:06 +00:00
```
2024-10-04 17:53:24 +00:00
HTTP/1.1 200 OK\r\nServer: Apache/2.4.41 (Unix)\r\n
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
220 (vsFTPd 3.0.3)
2024-05-06 21:09:06 +00:00
```
2024-10-04 17:53:24 +00:00
for more examples, see the [signatures ](signatures.txt ) file.
## Routing Traffic to Ghostport
2024-05-06 21:09:06 +00:00
2024-10-04 17:53:24 +00:00
To redirect all incoming TCP traffic to Ghostport, you can use iptables. This will allow Ghostport to respond to connections on any port, effectively spoofing all services:
2024-05-06 21:09:06 +00:00
```bash
2024-10-04 17:53:24 +00:00
INTERFACE="eth0" # change to your network interface
2024-05-06 21:09:06 +00:00
iptables -t nat -A PREROUTING -i $INTERFACE -p tcp -m tcp -m multiport --dports 1:65535 -j REDIRECT --to-ports 8888
2024-10-04 17:53:24 +00:00
2024-05-06 21:09:06 +00:00
```
2024-10-04 17:53:24 +00:00
This command will redirect all TCP traffic on ports 1-65535 to port 8888, where Ghostport is listening. Make sure to replace "eth0" with your actual network interface.
> [!NOTE]
> This requires root privileges and will affect all incoming TCP connections on the specified interface. Use with caution, especially on production systems.
To remove this rule:
```bash
iptables -t nat -D PREROUTING -i $INTERFACE -p tcp -m tcp -m multiport --dports 1:65535 -j REDIRECT --to-ports 8888
```
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
2024-05-06 21:09:06 +00:00
2024-10-04 17:53:24 +00:00
## License
2024-05-06 21:09:06 +00:00
2024-10-04 17:53:24 +00:00
This project is licensed under the GNU License - see the [LICENSE ](LICENSE ) file for details.
2024-05-06 21:09:06 +00:00
2024-10-04 17:53:24 +00:00
## Acknowledgments
2024-05-06 21:09:06 +00:00
2024-10-04 17:53:24 +00:00
- Inspired by the original [portspoof project ](https://github.com/drk1wi/portspoof )
- Built with Rust and Tokio