Skip to main content

Multi-head SSH honeypot system

Project description

https://travis-ci.org/morian/blacknet.svg?branch=master https://coveralls.io/repos/github/morian/blacknet/badge.svg?branch=master https://img.shields.io/badge/license-MIT-blue.svg

What

Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.

You can use it to gather all SSH attempts performed on multiple IPv4 address you own on the internet and draw and export statistics out of it. A dedicated web interface allows live tracking of what happens on your honeypots, which IP addresses are targeting you and from where.

Requirements

Installation

Blacknet provides two components, a SSH Server (sensor) and a master server. The master server (blacknet-master) is where the database is located. The SSH server (blacknet-sensor) is just a honeypot instance communicating with the master server. Please read –help from both commands and read blacknet.cfg.example carefully.

You need to generate SSL certificates in order to make blacknet work correctly over network stacks (please see next section).

  • Installation using pip: $ pip install blacknet

  • Take a copy of blacknet.cfg.example and make your own configuration in /etc/blacknet/ or ${HOME}/.blacknet/

  • Run blacknet-install.sql in your MySQL database.

  • You can update (and fill) the database with geolocation updates using the command blacknet-updater.

  • You can also scrub your data to generate reports or perform metadata checks using blacknet-scrubber (please consult –help for details)

  • Command blacknet-scrubber might be best run in a crontab (with –quiet)

  • You might want to filter out some specific users for some or all honeypots. Please see blacklist.cfg.example and put it in an appropriate directory.

Create your SSL certificates

Please use EasyRSA or equivalent to generate your own PKI and deliver certificates between your server and your honeypots.

# First clone the easyrsa repository
cd /tmp/
git clone https://github.com/OpenVPN/easy-rsa.git

# Then create a new Authority
cd /tmp/easy-rsa/easyrsa3
./easyrsa init-pki

# When asked provide a Common Name for your CA (eg: Blacknet CA)
./easyrsa build-ca nopass

# Generate and sign a certificate for master server (here called maestro)
./easyrsa gen-req maestro nopass
./easyrsa sign server maestro

# Same for sensors
./easyrsa gen-req honeypot_00 nopass
./easyrsa sign client honeypot_00

PEM file format used by Blacknet starts with the private key and then concatenates with the certificate (example bellow).

cat pki/private/maestro.key pki/issued/maestro.crt > maestro.pem

History

The initial project featured a modified VirtualBox environment as a high interaction honeypot, gathering commands and events such as password changes. We then moved to supporting Kippo, a medium interaction SSH honeypot written in Python. Today’s version uses a lightweight paramiko server as a low-interaction honeypot since there are no more plans (and no more time) to handle commands and events automatically (there are many security concerns around doing high interaction automatically). The underlying MySQL schemes still refers to commands or events but they are mostly kept for backward compatibility reasons.

Integration with Cowrie should not be hard to extend Blacknet features and make it highly interactive again.

This project was initially conducted during our engineering studies in 2010. It was rewritten in 2017 to lower maintenance and installation efforts and to fit with modern python programming standards.

Credits

  • Romain Bezut (2010, 2017)

  • Vivien Bernet-Rollande (2010)

Thanks

  • We would like to thank the UTC (Université de Technologie de Compiègne). Our school brought us support and have made this project possible during class. Special thanks go to our teacher who supervised this project.

  • We would like to thank all our friends who helped finding issues and review this project in its early versions.

  • The hackers and bots who contributed in spite of themselves to this project.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

blacknet-2.0.5.tar.gz (30.9 kB view details)

Uploaded Source

Built Distribution

blacknet-2.0.5-py2.py3-none-any.whl (39.6 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file blacknet-2.0.5.tar.gz.

File metadata

  • Download URL: blacknet-2.0.5.tar.gz
  • Upload date:
  • Size: 30.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for blacknet-2.0.5.tar.gz
Algorithm Hash digest
SHA256 53cc9edb919ea008b65f192f1fa768a44aecebd52f4b2e3cd071548ba3ab37cb
MD5 f7a260e6325e79b6944513c932a98fc1
BLAKE2b-256 2e2648d421d7daa37d5f526737c5cc1bab0bfbc1db771bded783b680a11c6ca7

See more details on using hashes here.

File details

Details for the file blacknet-2.0.5-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for blacknet-2.0.5-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 65fcc7e088910f6dffbc598a103e03f42feed7a733c02222c5fca09600692cf9
MD5 cdfcc7268172f30e6729d1f4decc5c3f
BLAKE2b-256 685fd96ed34331c9cd201b47f53f4241e6ad0dc48a7a2a29a8cf596edfdb4465

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page