Fapro – Free, Cross-platform, Single-file mass network protocol server simulator
FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.
The goal is to support as many
SSH
Support user login.
Support fake terminal commands, such as id, uid, whoami, etc.
Account format: username:password:home:uid
IMAP & SMTP
Support user login and interaction.
Mysql
Support sql statement query interaction
HTTP
Support website clone, You need to install the chrome browser and
Configuration
This section contains the sample configuration used by FaPro.
{
"version": "0.38",
"network": "127.0.0.1/32",
"network_build": "localhost",
"storage": null,
"geo_db": "/tmp/geoip_city.mmdb",
"hostname": "fapro1",
"use_logq": true,
"cert_name": "unknown",
"syn_dev": "any",
"exclusions": [],
"hosts": [
{
"ip": "127.0.0.1",
"handlers": [
{
"handler": "dcerpc",
"port": 135,
"params": {
"accounts": [
"administrator:123456",
],
"domain_name": "DESKTOP-Q1Test"
}
}
]
}
]
}
- version: Configuration version.
- network: The subnet used by the virtual network or the address bound to the local machine(Local mode).
- network_build: Network mode(supported value: localhost, all, userdef)
- localhost: Local mode, all services are listening on the local machine
- all: Create all hosts in the subnet(i.e., Can ping all the host in the subnet)
- userdef: Create only the hosts specified in the hosts configuration.
- storage: Specify the storage used for log collection, support sqlite, mysql, elasticsearch. e.g.
- sqlite3:logs.db
- mysql://user:password@tcp(127.0.0.1:3306)/logs
- es://http://127.0.0.1:9200 (currently only supports Elasticsearch 7.x)
- geo_db: MaxMind geoip2 database file path, used to generate ip geographic location information. if you use Elasticsearch storage, never need this field, it will be automatically generated using the geoip processor of Elasticsearch.
- hostname: Specify the host field in the log.
- use_logq: Use local disk message queue to save logs, and then send it to remote mysql or Elasticsearch to prevent remote log loss.
- cert_name: Common name of the generated certificate.
- syn_dev: Specify the network interface used to capture tcp syn packets. If it is empty, the tcp syn packet will not be recorded. On windows, the device name is like “DeviceNPF_{xxxx-xxxx}”.
- exclusions: Exclude remote ips from logs.
- hosts: Each item is a host configuration.
- handlers: Service configuration, the service configured on the host, each item is a service configuration.
- handler: Service name (i.e., protocol name)
- params: Set the parameters supported by the service.
Example
Create a virtual network, The subnet is 172.16.0.0/24, include 2 hosts,
172.16.0.3 run dns, ssh service,
and 172.16.0.5 run rpc, rdp service,
protocol access logs are saved to elasticsearch, exclude the access log of 127.0.0.1.
{
"version": "0.38",
"network": "172.16.0.0/24",
"network_build": "userdef",
"storage": "es://http://127.0.0.1:9200",
"use_logq": true,
"cert_name": "unknown",
"syn_dev": "any",
"geo_db": "",
"exclusions": ["127.0.0.1"],
"hosts": [
{
"ip": "172.16.0.3",
"handlers": [
{
"handler": "dns",
"port": 53,
"params": {
"accounts": [
"admin:123456"
],
"appname": "domain"
}
},
{
"handler": "ssh",
"port": 22,
"params": {
"accounts": [
"root:5555555:/root:0"
],
"prompt": "$ ",
"server_version": "SSH-2.0-OpenSSH_7.4"
}
}
]
},
{
"ip": "172.16.0.5",
"handlers": [
{
"handler": "dcerpc",
"port": 135,
"params": {
"accounts": [
"administrator:123456"
],
"domain_name": "DESKTOP-Q1Test"
}
},
{
"handler": "rdp",
"port": 3389,
"params": {
"accounts": [
"administrator:123456"
],
"auth": false,
"domain_name": "DESKTOP-Q1Test",
"image": "rdp.jpg",
"sec_layer": "auto"
}
}
]
}
]
}
FAQ
We have collected some frequently asked questions. Before reporting an issue, please search if the FAQ has the answer to your problem.
Contributing
- Issues are welcome.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.