Skip to content

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCK5, TELNET and Postgres)

License

ducnp/Chameleon

 
 

Repository files navigation

Generic badge Generic badge

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCK5, TELNET and Postgres)

Grafana Interface

NMAP Scan

Credentials Monitoring

General Features

  • Modular approach (honeypots run as scripts or imported as objects)
  • Most honeypots serve as servers (Only a few that emulate the application layer protocols)
  • Settings servers with username, password and banner (Default username and password are test)
  • ICMP, DNS TCP and UDP payloads are parsed and check against common patterns
  • Visualized Grafana interfaces for monitoring the results (Filter by IP)
  • Unstructured and structured logs are parsed and inserted into Postgres
  • All honeypots contain clients for testing the servers
  • All ports are opened and monitored by default
  • Easy automation and can be deployed on AWS ec2
  • & More features to Explore

Install and run

On ubuntu 18 or 19 System (Auto-configure dev)

git clone https://github.com/qeeqbox/chameleon.git
cd chameleon
chmod +x ./run.sh
./run.sh auto_dev

Wait for a few seconds until honeypot shows the IP address

...
honeypot_1  | Your IP: 172.19.0.3
honeypot_1  | Your MAC: 09:45:aa:23:10:03
...

You can interact with the honeypot from your local system

ping 172.19.0.3
or run any network tool against it
nmap 172.19.0.3

To mointor the logs

open localhost:3000 (username is changeme457f6460cb287 and passowrd is changemed23b8cc6a20e0)

On ubuntu 18 or 19 System (Auto-configure test)

git clone https://github.com/qeeqbox/chameleon.git
cd chameleon
chmod +x ./run.sh
./run.sh auto_test

To mointor the logs

open localhost:3000 (username and passowrd: admin)

Or, import your desired server as object (SSH Server)

copy ssh_server.py to your folder
# ip= String E.g. 0.0.0.0
# port= Int E.g. 22
# username= String E.g. Test
# password= String E.g. Test
# mocking= Boolean or String E.g OpenSSH 7.0
# logs= String E.g db, terminal or all

from ssh_server import QSSHServer
qsshserver = QSSHServer()
qsshserver.run_server()
ssh test@127.0.0.1
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]

Requirements (Servers only)

apt-get update -y && apt-get install -y iptables-persistent tcpdump nmap iputils-ping python python-pip python-psycopg2 lsof psmisc dnsutils
pip install scapy netifaces pyftpdlib sqlalchemy pyyaml paramiko==2.7.1 impacket twisted rdpy==1.3.2 psutil requests
pip install -U requests[socks]
pip install -Iv rsa==4.0

Current Servers/Emulators

  • DNS (Server using Twisted)
  • HTTP Proxy (Server using Twisted)
  • HTTP (Server using Twisted)
  • HTTPS (Server using Twisted)
  • SSH (Server using Twisted)
  • POP3 (Server using Twisted)
  • IMAP (Server using Twisted)
  • STMP (Server using smtpd)
  • RDP (Server using Twisted)
  • VNC (Emulator using Twisted)
  • SMB (Server using impacket)
  • SOCK5 (Server using Twisted)
  • TELNET (Server using Twisted)
  • Postgres (Emulator using Twisted)
  • Mysql (Coming..)
  • Elasticsearch (Coming..)
  • Redis (Coming..)
  • Oracle (Coming..)
  • ldap (maybe)

Changes

  • 2020.V.01.03 switched ftp servers to twisted
  • 2020.V.01.02 switched http and https servers to twisted
  • 2020.V.01.02 Fixed changing ip in grafana interface

Roadmap

  • Refactoring logging
  • Fixing logger
  • Code Cleanup
  • Switching some servers to twisted
  • Adding graceful connection close (error response)
  • Implementing the rest of servers
  • Adding some detection logic to the sinffer
  • Adding a control panel

Resources

  • Twisted documentation
  • Impacket documentation
  • Grafana documentation
  • Expert Twisted
  • robertheaton
  • Please let me know if i missed a resource or dependency

Other Licenses

By using this framework, you are accepting the license terms of each package listed below:

Disclaimer\Notes

  • Almost all servers and emulators are stripped-down - You can adjust that as needed based on the client
  • If you are interested in adopting some features in your project - please mention this source somewhere in your project

About

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCK5, TELNET and Postgres)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.0%
  • HTML 2.2%
  • Shell 2.0%
  • Dockerfile 0.8%