Giter VIP home page Giter VIP logo

honeypot's Introduction

Honeypot

Python honeypot framework with plugin API

Installing honeypot

Starting honeypot

Authbind must be installed to allow plugins to bind to well-known ports without running as root. To set up authbind, create the file /etc/authbind/byuid/, where is the uid of the user that will run the honeypot (can be obtained with id -u , substituting the actual user name). The file should contain the line 0.0.0.0/32:1,1023 to allow binding to any well-known port (anything in the range 1-1023, inclusive). Start the honeypot by running ./start.sh, which will use authbind.

Writing a plugin

Several items are needed in order for a new plugin to run, persist to db, and show results in visual tool. Extend Template from plugin_template.py to inherit some of the needed attributes and functionality.

To run, plugin must have the following:

  • class named Plugin
  • get_port() inside Plugin class (returns port number)
  • run(socket, address, session), inside Plugin class, where session can be used to write to db

To write to db and use visual tool, Plugin class must have the following:

  • get_display() (returns name of the plugin that you will be displayed in the visual tool)

  • get_description() (returns description of plugin)

  • get_orm() (returns ORM)

  • get_value() (returns name of plugin)

  • nested class that defines a table, which must:

    • extend Base from base.py
    • define table name
    • define primary key
    • include ip_address column
    • include time column
    • include feature column (point on the map)
    • ex:

    class Http(Base): __tablename__ = "http" id = Column(Integer, primary_key=True) ip_address= Column(String, nullable=False) command = Column(String) path = Column(String) version = Column(String) headers = Column(String) time = Column(DateTime) feature = Column(String)

Configuring your honeypot You can edit honeypot.ini to configure your honeypot. honeypot.ini has several sections that correlate with specific files in the program. The section titles are surrounded with brackets. [honeypot] specifies paths of the database, plugins directory, log file, and also a list ports that the user wants to listen on. [https] specifies names of certificate and private key files for ssl connection. If an item is not specified in its section, data specified in [default] will be used.

Project Plan

Research Doc

Download Debian Package

SQLAlchemy Session Docs

honeypot's People

Contributors

coyle5280 avatar laurenmalone avatar ckaz18 avatar gdejohn avatar theplue avatar gitter-badger avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.