honeypots
1.0.0
一个PYPI包中的30个低级别的蜜饯,用于监视网络流量,机器人活动和用户名密码凭据。
蜜罐反应,非阻滞,可以用作对象,也可以与内置的自动配置脚本直接调用!此外,它们易于设置和自定义;旋转一个蜜罐需要1-2秒。您可以使用相同类型的多个实例旋转。为了简化集成,可以将输出记录到Postgres数据库,文件[s],终端或系统日志。
This honeypots package is the only package that contains all the following: dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, SMTP,SNMP,Socks5,SSH,Telnet,VNC。
Honeypots在令人敬畏的Telekom安全T-Pot项目中!
capture_commands添加到选项中,以捕获有关威胁源的更多信息(是否支持该表) pip3 install honeypots
Qeeqbox/honeypots customizable honeypots for monitoring network traffic, bots activities, and username p assword credentials
Arguments:
--setup target honeypot E.g. ssh or you can have multiple E.g ssh,http,https
--list list all available honeypots
--kill kill all honeypots
--verbose Print error msgs
Honeypots options:
--ip Override the IP
--port Override the Port (Do not use on multiple ! )
--username Override the username
--password Override the password
--config Use a config file for honeypots settings
--options Extra options (capture_commands for capturing all threat actor data)
General options:
--termination-strategy {input,signal} Determines the strategy to terminate by
--test Test a honeypot
--auto Setup the honeypot with random port蜜罐或多个用逗号或all隔开的蜜罐
sudo -E python3 -m honeypots --setup ssh --options capture_commands
蜜罐或多个用逗号或all隔开的蜜罐
python3 -m honeypots --setup ssh --auto
用作蜜罐:端口或多个蜜罐作为蜜罐:端口,蜜罐:端口
sudo -E python3 -m honeypots --setup imap:143,mysql:3306,redis:6379
蜜罐或dict中的多个蜜罐
sudo -E python3 -m honeypots --setup ftp --config config.json{
"logs" : " file,terminal,json " ,
"logs_location" : " /var/log/honeypots/ " ,
"syslog_address" : " " ,
"syslog_facility" : 0 ,
"postgres" : " " ,
"sqlite_file" : " " ,
"db_options" : [],
"sniffer_filter" : " " ,
"sniffer_interface" : " " ,
"honeypots" : {
"ftp" : {
"port" : 21 ,
"ip" : " 0.0.0.0 " ,
"username" : " ftp " ,
"password" : " anonymous " ,
"log_file_name" : " ftp.log " ,
"max_bytes" : 10000 ,
"backup_count" : 10 ,
"options" :[ " capture_commands " ]
}
}
}{
"logs" : " syslog " ,
"logs_location" : " " ,
"syslog_address" : " udp://localhost:514 " ,
"syslog_facility" : 3 ,
"postgres" : " " ,
"sqlite_file" : " " ,
"db_options" : [],
"sniffer_filter" : " " ,
"sniffer_interface" : " " ,
"honeypots" : {
"ftp" : {
"port" : 21 ,
"ip" : " 0.0.0.0 " ,
"username" : " test " ,
"password" : " test " ,
"options" :[ " capture_commands " ]
}
}
}
{
"logs" : " db_postgres " ,
"logs_location" : " " ,
"syslog_address" : " " ,
"syslog_facility" : 0 ,
"postgres" : " //username:[email protected]:9999/honeypots " ,
"sqlite_file" : " " ,
"db_options" :[ " drop " ],
"sniffer_filter" : " " ,
"sniffer_interface" : " " ,
"honeypots" : {
"ftp" : {
"port" : 21 ,
"username" : " test " ,
"password" : " test "
}
}
}{
"logs" : " db_postgres " ,
"logs_location" : " " ,
"syslog_address" : " " ,
"syslog_facility" : 0 ,
"postgres" : " " ,
"sqlite_file" : " /home/test.db " ,
"db_options" :[ " drop " ],
"sniffer_sniffer_filter" : " " ,
"sniffer_interface" : " " ,
"honeypots" : {
"ftp" : {
"port" : 21 ,
"username" : " test " ,
"password" : " test " ,
"options" :[ " capture_commands " ]
}
}
}[
{
"id" : 1 ,
"date" : " 2021-11-18 06:06:42.304338+00 " ,
"data" : {
"server" : " ftp_server " ,
"action" : " process " ,
"status" : " success " ,
"ip" : " 0.0.0.0 " ,
"port" : " 21 " ,
"username" : " test " ,
"password" : " test "
}
}
] from honeypots import QSSHServer
qsshserver = QSSHServer ( port = 9999 )
qsshserver . run_server ( process = True )
qsshserver . test_server ( port = 9999 )
INFO : chameleonlogger :[ 'servers' , { 'status' : 'success' , 'username' : 'test' , 'src_ip' : '127.0.0.1' , 'server' : 'ssh_server' , 'action' : 'login' , 'password' : 'test' , 'src_port' : 38696 }]
qsshserver . kill_server () #you need higher user permissions for bindingclosing some ports
from honeypots import QSSHServer
qsshserver = QSSHServer ( port = 9999 )
qsshserver . run_server ( process = True ) INFO : chameleonlogger :[ 'servers' , { 'status' : 'success' , 'username' : 'test' , 'src_ip' : '127.0.0.1' , 'server' : 'ssh_server' , 'action' : 'login' , 'password' : 'test' , 'src_port' : 38696 }]
qsshserver . kill_server () ' error ' : ' Information about current error '
' server ' : ' Server name '
' timestamp ' : ' Time in ISO '
' action ' : ' Query, login, etc.. '
' data ' : ' More info about the action '
' status ' : ' The return status of the action (success or fail) '
' dest_ip ' : ' Server address '
' dest_port ' : ' Server port '
' src_ip ' : ' Attacker address '
' src_port ' : ' Attacker port '
' username ' : ' Attacker username '
' password ' : ' Attacker password ' config.json中为此服务器设置此服务器的"template" (应该是绝对路径)来提供自定义模板(绝对路径)pipenv twisted psutil dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server
