Skip to main content

Multi-head SSH honeypot system

Project description

https://travis-ci.org/morian/blacknet.svg?branch=master https://coveralls.io/repos/github/morian/blacknet/badge.svg?branch=master https://img.shields.io/badge/license-MIT-blue.svg

What

Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.

You can use it to gather all SSH attempts performed on multiple IPv4 address you own on the internet and draw and export statistics out of it. A dedicated web interface allows live tracking of what happens on your honeypots, which IP addresses are targeting you and from where.

Requirements

Installation

Blacknet is provided in two main parts, a SSH Server and a Main Server. The Main Server (blacknet-main-server) is where the database is located. The SSH Server (blacknet-ssh-server) is just a honeypot instance communicating with the main server. Please read –help from both commands and read blacknet.cfg.example carefully.

You need to generate SSL certificates in order to make blacknet work correctly over network stacks (please see next section).

  • Installation using pip: $ pip install blacknet

  • Take a copy of blacknet.cfg.example and make your own configuration in /etc/blacknet/ or ${HOME}/.blacknet/

  • Run blacknet-install.sql in your MySQL database.

  • You can update (and fill) the database with geolocation updates using the command blacknet-geo-updater.

  • You can also scrub your data to generate reports or perform metadata checks using blacknet-db-scrubber (please consult –help for details)

  • Command blacknet-db-scrubber might be best run in a crontab (with –quiet)

  • You might want to filter out some specific users for some or all honeypots. Please see blacklist.cfg.example and put it in an appropriate directory.

Create your SSL certificates

Please use EasyRSA or equivalent to generate your own PKI and deliver certificates between your server and your honeypots.

# First clone the easyrsa repository
cd /tmp/
git clone https://github.com/OpenVPN/easy-rsa.git

# Then create a new Authority
cd /tmp/easy-rsa/easyrsa3
./easyrsa init-pki

# When asked provide a Common Name for your CA (eg: Blacknet CA)
./easyrsa build-ca nopass

# Generate and sign a certificate for main server (here called maestro)
./easyrsa gen-req maestro nopass
./easyrsa sign server maestro

# Same for client
./easyrsa gen-req honeypot_00 nopass
./easyrsa sign client honeypot_00

PEM file format used by Blacknet starts with the private key and then concatenates with the certificate (example bellow).

cat pki/private/maestro.key pki/issued/maestro.crt > maestro.pem

History

The initial project featured a modified VirtualBox environment as a high interaction honeypot, gathering commands and events such as password changes. We then moved to supporting Kippo, a medium interaction SSH honeypot written in Python. Today’s version uses a lightweight paramiko server as a low-interaction honeypot since there are no more plans (and no more time) to handle commands and events automatically (there are many security concerns around doing high interaction automatically). The underlying MySQL schemes still refers to commands or events but they are mostly kept for backward compatibility reasons.

Integration with Cowrie should not be hard to extend Blacknet features and make it highly interactive again.

This project was initially conducted during our engineering studies in 2010. It was rewritten in 2017 to lower maintenance and installation efforts and to fit with modern python programming standards.

Credits

  • Romain Bezut (2010, 2017)

  • Vivien Bernet-Rollande (2010)

Thanks

  • We would like to thank the UTC (Université de Technologie de Compiègne). Our school brought us support and have made this project possible during class. Special thanks go to our teacher who supervised this project.

  • We would like to thank all our friends who helped finding issues and review this project in its early versions.

  • The hackers and bots who contributed in spite of themselves to this project.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

blacknet-2.0.3.tar.gz (29.7 kB view details)

Uploaded Source

Built Distribution

blacknet-2.0.3-py2.py3-none-any.whl (31.2 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file blacknet-2.0.3.tar.gz.

File metadata

  • Download URL: blacknet-2.0.3.tar.gz
  • Upload date:
  • Size: 29.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for blacknet-2.0.3.tar.gz
Algorithm Hash digest
SHA256 679ec4e489eddf0c6dba3112f9c61921a970e3204721a16cf042bcf0c10317b4
MD5 e5a059ef4c4f2be8446376840e70c53c
BLAKE2b-256 917f78b00878680d9e1b0ae08fd0ea2b85049975da0201ca314be2178162af9b

See more details on using hashes here.

File details

Details for the file blacknet-2.0.3-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for blacknet-2.0.3-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 f875a819059a8fe5a3a5c20c3f7fe2633217eb04ca36820bef604f36585fa1b5
MD5 e87f1bcf2e98519f2af41d679e163efe
BLAKE2b-256 b78c46dfee4abc6178c4c37bd2d6bbccb91a3359656ecf534216ceb1f46b7c65

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page