Add cleartext-protocol simulator

Author: tg

README.md

@@ -141,6 +141,7 @@ The modules packaged with the utility are listed in the table below.
 | Module        | Description                                                                      |
 | ------------- | -------------------------------------------------------------------------------- |
 | `c2`          | Generates both DNS and IP traffic to a random list of known C2 destinations      |
+| `cleartext`   | Generates random cleartext traffic to an Internet service operated by AlphaSOC   |
 | `dga`         | Simulates DGA traffic using random labels and top-level domains                  |
 | `imposter`    | Generates DNS traffic to a list of imposter domains                              |
 | `irc`         | Connects to a random list of public IRC servers                                  |

cmd/run/run.go

@@ -342,6 +342,15 @@ var allModules = []Module{
 		Timeout:    3 * time.Second,
 		HostMsg:    "Simulating Telegram Bot API traffic to %s",
 	},
+	Module{
+		Module:     simulator.NewCleartextProtocolSimulator(),
+		Name:       "cleartext",
+		Pipeline:   PipelineIP,
+		NumOfHosts: 5,
+		HeaderMsg:  "Preparing to simulate cleartext protocol traffic",
+		Timeout:    3 * time.Second,
+		HostMsg:    "Sending random data to %s",
+	},
 }
 
 type Simulation struct {

simulator/cleartext-protocol.go

@@ -0,0 +1,88 @@
+package simulator
+
+import (
+	"context"
+	"math/rand"
+	"net"
+	"time"
+)
+
+// generateRandomData genereates n random bytes.
+// TODO: this method should be moved to utils along with all the other use cases of generating random data
+func generateRandomData(n int) []byte {
+	src := rand.NewSource(time.Now().Unix())
+	r := rand.New(src)
+	buffer := make([]byte, n)
+	_, _ = r.Read(buffer)
+	return buffer
+}
+
+// CleartextProtocolSimulator simulates cleartext protocol traffic
+type CleartextProtocolSimulator struct {
+	bind BindAddr
+	data []byte
+}
+
+// NewCleartextProtocolSimulator creates new instance of CleartextProtocolSimulator
+func NewCleartextProtocolSimulator() *CleartextProtocolSimulator {
+	return &CleartextProtocolSimulator{}
+}
+
+func (cps *CleartextProtocolSimulator) Init(bind BindAddr) error {
+	cps.bind = bind
+
+	// random bytes are generated in Init because it's not necessary
+	// to generate them everytime Simulate method is run
+	data := generateRandomData(1000)
+
+	cps.data = data
+
+	return nil
+}
+
+func (CleartextProtocolSimulator) Cleanup() {
+
+}
+
+// Simulate cleartext protocol traffic
+func (cps *CleartextProtocolSimulator) Simulate(ctx context.Context, dst string) error {
+	d := &net.Dialer{LocalAddr: &net.TCPAddr{IP: cps.bind.Addr}}
+	conn, err := d.DialContext(ctx, "tcp", dst)
+
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	if _, err = conn.Write(cps.data); err != nil {
+		return err
+	}
+
+	if _, err = conn.Read(nil); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Hosts returns IP:port pairs used to connect to AlphaSOC sandbox
+func (cps *CleartextProtocolSimulator) Hosts(scope string, size int) ([]string, error) {
+	var hosts []string
+
+	ports := []string{"21", "23", "110", "143", "873"}
+
+	ips, err := net.LookupIP("cleartext.sandbox-services.alphasoc.xyz")
+
+	if err != nil {
+		return nil, err
+	}
+
+	// take the first IP address returned by LookupIP
+	targetIP := ips[0].String()
+
+	for i := 0; i < len(ports) && i < size; i++ {
+		hosts = append(hosts, net.JoinHostPort(targetIP, ports[i]))
+	}
+
+	return hosts, nil
+}