Skip to content

Latest commit

 

History

History
406 lines (334 loc) · 11.5 KB

README.rst

File metadata and controls

406 lines (334 loc) · 11.5 KB
Raw

https://raw.githubusercontent.com/qeeqbox/honeypots/main/readme/honeypots.png

30 different honeypots in a single PyPI package for monitoring network traffic, bots activities, and username password credentials.

Why honeypots package is very powerful?

The honeypots respond back, non-blocking, can be used as objects, or called directly with the in-built auto-configure scripts! Also, they are easy to setup and customize, it takes 1-2 seconds to spin a honeypot up. You can spin up multiple instances with the same type. The output can be logged to a Postgres database, file[s], terminal or syslog for easy integration.

This honeypots package is the only package that contains all the following: dhcp, dns, elastic, ftp, http_proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc.

Honeypots now is in the awesome telekom security T-Pot project!

Install

pip3 install honeypots

honeypots -h

Qeeqbox/honeypots customizable honeypots for monitoring network traffic, bots activities, and username\password credentials

Arguments:
  --setup               target honeypot E.g. ssh or you can have multiple E.g ssh,http,https
  --list                list all available honeypots
  --kill                kill all honeypots
  --verbose             Print error msgs

Honeypots options:
  --ip                  Override the IP
  --port                Override the Port (Do not use on multiple!)
  --username            Override the username
  --password            Override the password
  --config              Use a config file for honeypots settings
  --options             Extra options (capture_commands for capturing all threat actor data)

General options:
  --termination-strategy {input,signal} Determines the strategy to terminate by
  --test                Test a honeypot
  --auto                Setup the honeypot with random port

Usage Example - Auto configuration with default ports

Use a honeypot, or multiple honeypots separated by comma or word all

sudo -E python3 -m honeypots --setup ssh

Usage Example - Auto configuration with random port (No need for higher privileges)

Use a honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots --setup ssh --auto

Usage Example - Auto configure with specific ports

Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port

python3 -m honeypots --setup imap:143,mysql:3306,redis:6379

Usage Example - Custom configure with logs location

Use a honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots --setup ssh --config config.json

config.json (Output to folder and terminal)

{
  "logs": "file,terminal,json",
  "logs_location": "/var/log/honeypots/",
  "syslog_address": "",
  "syslog_facility": 0,
  "postgres": "",
  "sqlite_file":"",
  "db_options": [],
  "sniffer_filter": "",
  "sniffer_interface": "",
  "honeypots": {
    "ftp": {
      "port": 21,
      "ip": "0.0.0.0",
      "username": "ftp",
      "password": "anonymous",
      "log_file_name": "ftp.log",
      "max_bytes": 10000,
      "backup_count": 10
    }
  }
}

config.json (Output to syslog)

{
  "logs": "syslog",
  "logs_location": "",
  "syslog_address": "udp://localhost:514",
  "syslog_facility": 3,
  "postgres": "",
  "sqlite_file":"",
  "db_options": [],
  "sniffer_filter": "",
  "sniffer_interface": "",
  "honeypots": {
    "ftp": {
      "port": 21,
      "ip": "0.0.0.0",
      "username": "test",
      "password": "test"
    }
  }
}

config.json (Output to Postgres db)

{
    "logs": "db_postgres",
    "logs_location": "",
    "syslog_address":"",
    "syslog_facility":0,
    "postgres":"//username:[email protected]:9999/honeypots",
    "sqlite_file":"",
    "db_options":["drop"],
    "sniffer_filter": "",
    "sniffer_interface": "",
    "honeypots": {
        "ftp": {
            "port": 21,
            "username": "test",
            "password": "test"
        }
    }
}

config.json (Output to Sqlite db)

{
    "logs": "db_postgres",
    "logs_location": "",
    "syslog_address":"",
    "syslog_facility":0,
    "postgres":"",
    "sqlite_file":"/home/test.db",
    "db_options":["drop"],
    "sniffer_sniffer_filter": "",
    "sniffer_interface": "",
    "honeypots": {
        "ftp": {
            "port": 21,
            "username": "test",
            "password": "test"
        }
    }
}

db structure

[
  {
    "id": 1,
    "date": "2021-11-18 06:06:42.304338+00",
    "data": {
      "server": "'ftp_server'",
      "action": "'process'",
      "status": "'success'",
      "ip": "'0.0.0.0'",
      "port": "21",
      "username": "'test'",
      "password": "'test'"
    }
  }
]

Usage Example - Import as object and auto test

#ip= String E.g. 0.0.0.0
#port= Int E.g. 9999
#username= String E.g. Test
#password= String E.g. Test
#options= Boolean or String E.g OpenSSH 7.0
#logs= String E.g db, terminal or all
#always remember to add process=true to run_server() for non-blocking

from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
qsshserver.test_server(port=9999)
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]
qsshserver.kill_server()

Usage Example - Import as object and test with external ssh command

from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
ssh [email protected]

Honeypot answer

INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]

Close the honeypot

qsshserver.kill_server()

Current Servers/Emulators

  • QDNSServer
    • Server: DNS
    • Port: 53
    • Lib: Twisted
    • Logs: ip, port
  • QFTPServer
    • Server: FTP
    • Port: 21
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QHTTPProxyServer
    • Server: HTTP Proxy
    • Port: 8080
    • Lib: Twisted
    • Logs: ip, port and data
  • QHTTPServer
    • Server: HTTP
    • Port: 80
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QHTTPSServer
    • Server: HTTPS
    • Port: 443
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QIMAPServer
    • Server: IMAP
    • Port: 143
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QMysqlServer
    • Emulator: Mysql
    • Port: 3306
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QPOP3Server
    • Server: POP3
    • Port: 110
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QPostgresServer
    • Emulator: Postgres
    • Port: 5432
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QRedisServer
    • Emulator: Redis
    • Port: 6379
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QSMBServer
    • Server: Redis
    • Port: 445
    • Lib: impacket
    • Logs: ip, port and username
  • QSMTPServer
    • Server: SMTP
    • Port: 25
    • Lib: smtpd
    • Logs: ip, port, username and password
  • QSOCKS5Server
    • Server: SOCK5
    • Port: 1080
    • Lib: socketserver
    • Logs: ip, port, username and password
  • QSSHServer
    • Server: SSH
    • Port: 22
    • Lib: paramiko
    • Logs: ip, port, username and password
  • QTelnetServer
    • Server: Telnet
    • Port: 23
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QVNCServer
    • Emulator: VNC
    • Port: 5900
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QMSSQLServer
    • Emulator: MSSQL
    • Port: 1433
    • Lib: Twisted
    • Logs: ip, port, username and password or hash
  • QElasticServer
    • Emulator: Elastic
    • Port: 9200
    • Lib: http.server
    • Logs: ip, port and data
  • QLDAPServer
    • Emulator: LDAP
    • Port: 389
    • Lib: Twisted
    • Logs: ip, port, username and password
  • QNTPServer
    • Emulator: NTP
    • Port: 123
    • Lib: Twisted
    • Logs: ip, port and data
  • QMemcacheServer
    • Emulator: Memcache
    • Port: 11211
    • Lib: Twisted
    • Logs: ip, port and data
  • QOracleServer
    • Emulator: Oracle
    • Port: 1521
    • Lib: Twisted
    • Logs: ip, port and connet data
  • QSNMPServer
    • Emulator: SNMP
    • Port: 161
    • Lib: Twisted
    • Logs: ip, port and data

acknowledgement

  • By using this framework, you are accepting the license terms of all these packages: pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server
  • Let me know if I missed a reference or resource!

Notes

  • Almost all servers and emulators are stripped-down - You can adjust that as needed

Other projects

https://raw.githubusercontent.com/qeeqbox/.github/main/data//social-analyzer.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//analyzer.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//chameleon.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//osint.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//url-sandbox.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//mitre-visualizer.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//woodpecker.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//docker-images.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//seahorse.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//rhino.png