ArturSS7/ TukTuk
About the developer
191 Stars 
26 Forks 
GNU General Public License v3.0 
201 Commits 
2 Opened issues 
Description
Tool for catching and logging different types of requests.
Services available
Contributors list
TukTuk
This project was initially started as a part of Digital Security's internship "Summer of Hack 2020".
TukTuk is an open source tool that designed to make pentester's life easier by catching and logging different types of requests. TukTuk is written in Go, but has a little part of python code.
Also if you wondering why project naming is so strange - TukTuk stands for Knock-Knock in Russian.
How to install
Requirements
- Golang >= 1.14.2
- PostgreSQL >= 12.1
- DNS domain
- If you want SMB protocol to work you will need to install impacket fork.
You can do this with pip
pip3 install git+https://github.com/ArturSS7/[email protected]
Setting up DNS
In order to set up DNS do the following: - Make A record ns.example.com which points your ip - Make NS record e.example.com with contents of ns.example.com - Make A record on example.com which points your ip - Make MX record on example.com
Example shows how to setup TukTuk for *.h.example.com if your VPS' IP is 1.3.3.7. Main DNS is Cloudflare in our case, but you can use what you want
Building project and setting up database
Just run two scripts: - install.sh - db_init.sh
After doing the project will be moved to $GOPATH/src/TukTuk You can run it with ./TukTuk
Configuring
The example configuration file is located in
config/Config.json.example. There you can configure your domain settings, credentials and alerts Move the file to
Config.jsonif you are going to run the project. Please change default credentials.
Configuring alerts
Telegram configuring
Create a bot and get a token is here. You can get
Chatidusing this bot
@m4n_idbot. Set Telegram token in the
TelegramBotfield. In the
Chatidfield, set your chat id. The default length of the alert is "short" (protocol name + source ip + link to the admin panel), "long alert" - all information about the message)
Discord Webhook configuring
- Go to
Server settings
->Webhooks
->Create Webhook
. - Setup name, avatar and the channel, where it will be posted. Copy Webhook URL. Do not share! Very dangerous!
- Click Save and then the Done button.
Set Discord Webhook URL in the
Webhookfield.
Quickstart Gmail API configuring
Go to Quickstart Go to get the
Config.jsonfile then put it at the
emailalert/Config.jsonpath and run tuktuk. After starting, follow the generated link and give permission to send emails. Enter the received token into the console. Restart the server. Yes, it's not convenient. In the future we will bring the configuration to the admin panel.
Getting HTTPS certificate
You will have to get a wildcard certificate for your domain. You can do this with cert-bot. A good article which will help you is here. First start the app and then start the bot. During setting up certificates cert-bot will ask you to add TXT challenge to you domain. Add the TXT challenge in the
Config.jsonfile and continue. After getting certificate put its path to the config file.
Supported protocols:
- HTTP
- HTTPS
- DNS
- FTP
- LDAP
- SMTP (part of the code taken from go-smtp)
- SMB (used impacket's SMB realisation)
- Plain TCP
Alerting
TukTuk is designed not only to log requests, but to alert in case of it. Current alert options are: - Telegram - Discord Webhook - GMail
Additional alert types can be added by writing a module. Feel free to make a pull request!
Web interface
TukTuk is featuring a little web interface where user can manage some of the settings or look for logged request.
