Skip to main content

Honeytoken transmission, reception and analysis.

Project description

Beeswarm Build Status coverage Code Health

Note: This project is not ready for production deployments!

Beeswarm is a honeypot project which provides easy configuration, deployment and managment of honeypots. Beeswarm operates by deploying fake end-user systems (clients) and services (honeypots). Beeswarm uses these systems to provides IoC (Indication of Compromise) by observing the difference between expected and actual traffic. An IoC could be a certificate mismatch or the unexpected reuse of credentials (honeytokens).

Installation

Beeswarm is packaged as a regular python module, and follows normal installation methodology:

$>python setup.py install

Developers are encouraged to use the develop feature from distribute:

$>python setup.py develop

Starting the server

Starting the server

$> mkdir server_workdir
    $> beeswarm --se
    *** Please answer a few configuration options ***
    2014-05-03 23:25:29,516 (root) Beeswarm server has been configured using default ssl parameters and network configuration, this could be used to fingerprint the beeswarm server. If you want to customize these options please use the --customize options on first startup.
    2014-05-03 23:25:29,516 (beeswarm.shared.helpers) Creating SSL Certificate and Key.

    * Communication between drones (honeypots and clients) and server *
    * Please make sure that drones can always contact the Beeswarm server using the information that you are about to enter. *
    IP or hostname of server: 192.168.1.147
    2014-05-03 23:25:46,024 (beeswarm.server.webapp.auth) Created default admin account for the beeswarm server.
    ****************************************************************************
    Default password for the admin account is: wpwaitacsxhqqo
    ****************************************************************************
    2014-05-03 23:25:46,027 (beeswarm.server.server) Starting server listening on port 5000
    2014-05-03 23:29:54,077 (beeswarm.server.server) Server started and privileges dropped.

After that, browse to https://localhost:5000 to access the administrative interface.

The grand scheme

The following deployment diagram shows the BeeSwarm concept when fully operational:

       +- - - - - - - - - - - - - L O G  D A T A- - - - - - - - - - - - - >>>+-----------------+
       |                                                                     | Beeswarm server |
                                                                             +-----------------+
       |                      (bait sessions)                                      ^   ^
+------+--------+                   Traffic                                        |   |
|Beeswarm Client|+------------------------------------------------+                |   |
+---------------+         ^                                       |                |   |
  (Static IP)             |                                       |       L O G    |   |
                          |Intercept creds.                       |       D A T A      |
                          |                                       |                |
                          |                                       v                |   |
                  +-------+------+     Reuse credentials    +-----------------+    |   |
                  |  Evil dudes  |+------------------------>|Beeswarm Honeypot|+-+ |   |
                  +-------+------+                          +-----------------+
                          |                                  (Static ip)               |
                          |Operates exit node                     ^
                          |(and intercepting creds)               |                    |
                          |                                       |
                          v                                       |                    |
+---------------+    +-------------+                              |
|Beeswarm client|+-->|TOR Exit Node|+-----------------------------+                    |
+-----+---------+    +-------------+               Traffic
        |                                    (bait sessions)                           |

        |                                                                              |
        +- - - - - - - - - - - - - L O G  D A T A- - - - - - - - - - - - - - - - - - - -

Lead developer

Lead developer and administrator for this project is Johnny Vestergaard.

Project details


Release history Release notifications

History Node

0.7.18

History Node

0.7.17

History Node

0.7.14

History Node

0.7.13

History Node

0.7.12

History Node

0.7.11

History Node

0.7.10

History Node

0.7.9

History Node

0.7.8

History Node

0.7.7

History Node

0.7.6

History Node

0.7.5

History Node

0.7.4

History Node

0.7.3

History Node

0.7.2

History Node

0.7.1

History Node

0.7.0

History Node

0.6.0

History Node

0.5.3

History Node

0.5.2

History Node

0.5.0

History Node

0.4.18

History Node

0.4.17

History Node

0.4.15

History Node

0.4.14

History Node

0.4.13

History Node

0.4.12

History Node

0.4.11

History Node

0.4.10

History Node

0.4.8

History Node

0.4.7

History Node

0.4.6

History Node

0.4.4

History Node

0.4.3

This version
History Node

0.4.2

History Node

0.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
Beeswarm-0.4.2.tar.gz (3.0 MB) Copy SHA256 hash SHA256 Source None Aug 24, 2014

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page