This project was initially started as a part of Digital Security's internship "Summer of Hack 2020".
TukTuk is an open source tool that designed to make pentester's life easier by catching and logging different types of requests. TukTuk is written in Go, but has a little part of python code.
Also if you wondering why project naming is so strange - TukTuk stands for Knock-Knock in Russian.
- Golang >= 1.14.2
- PostgreSQL >= 12.1
- DNS domain
- If you want SMB protocol to work you will need to install impacket fork.
You can do this with pip
pip3 install git+https://github.com/ArturSS7/impacket.git@master
In order to set up DNS do the following:
- Make A record ns.example.com which points your ip
- Make NS record e.example.com with contents of ns.example.com
- Make A record on example.com which points your ip
- Make MX record on example.com
Example shows how to setup TukTuk for *.h.example.com if your VPS' IP is 1.3.3.7. Main DNS is Cloudflare in our case, but you can use what you want
Just run two scripts:
- install.sh
- db_init.sh
After doing the project will be moved to $GOPATH/src/TukTuk You can run it with ./TukTuk
The example configuration file is located in config/Config.json.example
.
There you can configure your domain settings, credentials and alerts
Move the file to Config.json
if you are going to run the project.
Please change default credentials.
Create a bot and get a token is here.
You can get Chatid
using this bot @m4n_idbot
.
Set Telegram token in the TelegramBot
field.
In the Chatid
field, set your chat id.
The default length of the alert is "short" (protocol name + source ip + link to the admin panel), "long alert" - all information about the message)
- Go to
Server settings
->Webhooks
->Create Webhook
. - Setup name, avatar and the channel, where it will be posted. Copy Webhook URL. Do not share! Very dangerous!
- Click Save and then the Done button.
Set Discord Webhook URL in the Webhook
field.
Go to Quickstart Go
to get the Config.json
file then put it at the emailalert/Config.json
path and run tuktuk. After starting, follow the generated link and give permission to send emails. Enter the received token into the console. Restart the server.
Yes, it's not convenient. In the future we will bring the configuration to the admin panel.
You will have to get a wildcard certificate for your domain.
You can do this with cert-bot.
A good article which will help you is here.
First start the app and then start the bot.
During setting up certificates cert-bot will ask you to add TXT challenge to you domain. Add the TXT challenge in the Config.json
file and continue.
After getting certificate put its path to the config file.
- HTTP
- HTTPS
- DNS
- FTP
- LDAP
- SMTP (part of the code taken from go-smtp)
- SMB (used impacket's SMB realisation)
- Plain TCP
TukTuk is designed not only to log requests, but to alert in case of it. Current alert options are:
- Telegram
- Discord Webhook
- GMail
Additional alert types can be added by writing a module. Feel free to make a pull request!
TukTuk is featuring a little web interface where user can manage some of the settings or look for logged request.