Abhinav Saxena wrote this post as a project summary of his GSoC2018 experience.

What did we achieve?

The following features and changes were implemented:

• Migration of the codebase from Python 2.7 to Python 3.5 (issue #358, code: #374)
• Implementation of FTP (RFC 959) and TFTP (RFC 1350) protocol stacks based on gevent (issue #352, code: ftp and tftp)
• Implementation of an abstract filesystem that proxies and wraps an actual file system by providing os.* wrappers (code: #375 and #382)
• Wrote 123 unit tests and refactored all existing 44 unit tests, increasing coverage from 44% to 72% at the time of this writing  (code: #374, #375 and #382)
• Bug fixes and refactoring of the existing BACnet and IPMI protocol stacks (issue #341, code #382)
• Bug fixes in auxiliary Docker files (issue: #378, code: #380 and  #392)
• Refactoring of an existing telnet library to be compatible to the Conpot codebase (issue #285, code: mushorg/telnetsrvlib)
• Wrote an internal interface implementation that introduces a decorator, allowing protocol servers to interact more deeply with each other.  (issue #259, code #375)
• Helping users with issues and pull request reviews: link

All commits can be seen here and here.

What is dpkt?

dpkt is a Python library that helps with “fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols”. It supports a lot of protocols (currently about 63) and has been increasingly used in a lot of network security projects. It is 44x faster than Scapy2, and 5x faster than Impacket3. With Scapy no longer in development, dpkt is the only network creation/parsing library for Python that is active.

Quechua beta version

Hello World!

All GSoC 2012 students, including those working for HoneyNet, started their projects a long time ago. Since “Midterm evaluation” has passed too, I would like to share some experience and code with you. Please keep in mind this is still a beta version and some things may change during the second part of coding period, however comments and tips will be helpful, as always :-)

Visualization is a niche area especially at the security analysis. As mentioned in a well-known sentence; “A picture is worth a thousand words”. The importance and the power of the visualization in the security area stands out with the ability to define multi-dimensional data with a single shape. When addressing the creating a mesh tiled 3D view on an Earth map, i was reading about the geoweb application development. A geoweb application consists of some components.

As the plan is to embedd python as scripting language into the honeypot, I ran a benchmark on a testsuite. The ’testsuite’ is a c core which accepts connections, and allows python to deal with the input. The protocol used for benchmarking is http, the service serves a non static html page.

I tested

• • 2.6.2_(release26-maint,_Apr_19_2009,_02:15:38)
• • 3.0.1+_(r301:69556,_Apr_15_2009,_17:22:45)_
• • 3.1a1+_(py3k,_Mar_30_2009,_02:02:26)_

To benchmark, I ran the apache benchmark tool ab

ab -n 100000 -c 15 http://localhost:8080/bar