cymmetria / honeycomb Goto Github PK
View Code? Open in Web Editor NEWAn extensible honeypot framework
License: MIT License
An extensible honeypot framework
License: MIT License
Note two things:
Honeycomb is capitalized. This persists throughout the page (http://honeycomb.cymmetria.com/en/master/cli.html#honeycomb-integration)
The default home path contains /docs/ for whatever reason (/home/docs/.config/honeycomb). This is obviously not the case, even in my system, but rather "docs" should be replaced by my username.
service test
invokes the test command then search the current DEBUG_LOG
for alerts
if the log has existing alerts from previous runs it will always return true
need to figure out how to run the test in an isolated manner to be accurate
docker hub uses Docker Version: 17.06.1-ce
which doesn't support --chown
(https://github.com/Cymmetria/honeycomb/blob/master/Dockerfile#L19)
Add docker build to github or change Dockerfile
Click supports auto complete pretty much out of the box http://click.pocoo.org/6/bashcomplete/
https://github.com/click-contrib/click-completion - also looks interesting
If user doesn't have it installed we should offer to generate and install it
Check current version against pypi on startup and offer to upgrade if new version is available
Consider storing last check timestamp in HC_HOME
and check once a day/week
"parameters": [
{
"type": "text",
"value": "username",
"label": "Authentication username",
"required": true
},
{
"type": "text",
"value": "password",
"label": "Authentication password",
"required": true
},
{
"type": "file",
"value": "dit",
"label": "DIT file (database for the LDAP server)"
}
This works on Mazerunner, but HC reports this as:
"Error: [-] Parameters: 'file' is not a valid type"
Pushed a fix in click-contrib/sphinx-click#23 but waiting for pypi to include 1.2.0, will pin to github master if not fixed.
It's only possible to install/uninstall a plugin, need to provide versioning mechanism and add upgrade command
When you type honeycomb integration configure syslog, you get the text:
"Error: [-] Parameters: 'to_phone' is missing (use --args to see all parameters)"
But the option name is actually --show_args.
Should fix either the option name or the help text.
We should add the video from the defcon demo labs
The data that we send to the integrations (from the events) is missing the ip of the target machine (the ip that was attacked).
This is very important when we have multiple honeypots with multiple ips sending alerts to a single integration. It's impossible to know the machine that was targeted.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.