Skip to content
/ honeypot Public
forked from theplue/honeypot

Python honeypot framework with plugin API

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ckaz18/honeypot

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

334 Commits

Visual Tool

Visual Tool

 
 

httpServer

httpServer

 
 

plugins

plugins

 
 

scripts

scripts

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

GeoLiteCity.dat

GeoLiteCity.dat

 
 

HoneypotBase.py

HoneypotBase.py

 
 

LICENSE

LICENSE

 
 

PluginManager.py

PluginManager.py

 
 

README.md

README.md

 
 

__init__.py

__init__.py

 
 

base.py

base.py

 
 

honeypot.ini

honeypot.ini

 
 

r_honey_script.sh

r_honey_script.sh

 
 

start.sh

start.sh

 
 

Repository files navigation

Honeypot

Python honeypot framework with plugin API

Installing honeypot

Starting honeypot

Authbind must be installed to allow plugins to bind to well-known ports without running as root. To set up authbind, create the file /etc/authbind/byuid/, where is the uid of the user that will run the honeypot (can be obtained with id -u , substituting the actual user name). The file should contain the line 0.0.0.0/32:1,1023 to allow binding to any well-known port (anything in the range 1-1023, inclusive). Start the honeypot by running ./start.sh, which will use authbind.

Writing a plugin

Several items are needed in order for a new plugin to run, persist to db, and show results in visual tool. Extend Template from plugin_template.py to inherit some of the needed attributes and functionality.

To run, plugin must have the following:

  • class named Plugin
  • get_port() inside Plugin class (returns port number)
  • run(socket, address, session), inside Plugin class, where session can be used to write to db

To write to db and use visual tool, Plugin class must have the following:

  • get_display() (returns name of the plugin that you will be displayed in the visual tool)

  • get_description() (returns description of plugin)

  • get_orm() (returns ORM)

  • get_value() (returns name of plugin)

  • nested class that defines a table, which must:

    • extend Base from base.py
    • define table name
    • define primary key
    • include ip_address column
    • include time column
    • include feature column (point on the map)
    • ex:

    class Http(Base): __tablename__ = "http" id = Column(Integer, primary_key=True) ip_address= Column(String, nullable=False) command = Column(String) path = Column(String) version = Column(String) headers = Column(String) time = Column(DateTime) feature = Column(String)

Configuring your honeypot You can edit honeypot.ini to configure your honeypot. honeypot.ini has several sections that correlate with specific files in the program. The section titles are surrounded with brackets. [honeypot] specifies paths of the database, plugins directory, log file, and also a list ports that the user wants to listen on. [https] specifies names of certificate and private key files for ssl connection. If an item is not specified in its section, data specified in [default] will be used.

Project Plan

Research Doc

Download Debian Package

SQLAlchemy Session Docs

About

Python honeypot framework with plugin API

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 48.2%
  • JavaScript 47.1%
  • HTML 4.0%
  • Shell 0.7%