Honeytoken transmission, reception and analysis.
Project description
Beeswarm
Note: This project is not ready for production deployments!
Beeswarm is a honeypot project which provides easy configuration, deployment and managment of honeypots. Beeswarm operates by deploying fake end-user systems (clients) and services (honeypots). Beeswarm uses these systems to provides IoC (Indication of Compromise) by observing the difference between expected and actual traffic. An IoC could be a certificate mismatch or the unexpected reuse of credentials (honeytokens).
Installation
Beeswarm is packaged as a regular python module, and follows normal installation methodology:
$>python setup.py install
Developers are encouraged to use the develop feature from distribute:
$>python setup.py develop
Starting the server
Starting the server
$> mkdir server_workdir
$> beeswarm --se
*** Please answer a few configuration options ***
2014-05-03 23:25:29,516 (root) Beeswarm server has been configured using default ssl parameters and network configuration, this could be used to fingerprint the beeswarm server. If you want to customize these options please use the --customize options on first startup.
2014-05-03 23:25:29,516 (beeswarm.shared.helpers) Creating SSL Certificate and Key.
* Communication between drones (honeypots and clients) and server *
* Please make sure that drones can always contact the Beeswarm server using the information that you are about to enter. *
IP or hostname of server: 192.168.1.147
2014-05-03 23:25:46,024 (beeswarm.server.webapp.auth) Created default admin account for the beeswarm server.
****************************************************************************
Default password for the admin account is: wpwaitacsxhqqo
****************************************************************************
2014-05-03 23:25:46,027 (beeswarm.server.server) Starting server listening on port 5000
2014-05-03 23:29:54,077 (beeswarm.server.server) Server started and privileges dropped.
After that, browse to https://localhost:5000 to access the administrative interface.
The grand scheme
The following deployment diagram shows the BeeSwarm concept when fully operational:
+- - - - - - - - - - - - - L O G D A T A- - - - - - - - - - - - - >>>+-----------------+
| | Beeswarm server |
+-----------------+
| (bait sessions) ^ ^
+------+--------+ Traffic | |
|Beeswarm Client|+------------------------------------------------+ | |
+---------------+ ^ | | |
(Static IP) | | L O G | |
|Intercept creds. | D A T A |
| | |
| v | |
+-------+------+ Reuse credentials +-----------------+ | |
| Evil dudes |+------------------------>|Beeswarm Honeypot|+-+ | |
+-------+------+ +-----------------+
| (Static ip) |
|Operates exit node ^
|(and intercepting creds) | |
| |
v | |
+---------------+ +-------------+ |
|Beeswarm client|+-->|TOR Exit Node|+-----------------------------+ |
+-----+---------+ +-------------+ Traffic
| (bait sessions) |
| |
+- - - - - - - - - - - - - L O G D A T A- - - - - - - - - - - - - - - - - - - -
Lead developer
Lead developer and administrator for this project is Johnny Vestergaard.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.