Skip to main content

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)

Project description

https://raw.githubusercontent.com/qeeqbox/honeypots/main/readme/honeypots.png

30 different honeypots in a single PyPI package for monitoring network traffic, bots activities, and username password credentials.

Why honeypots package is very powerful?

The honeypots respond back, non-blocking, can be used as objects, or called directly with the in-built auto-configure scripts! Also, they are easy to setup and customize, it takes 1-2 seconds to spin a honeypot up. You can spin up multiple instances with the same type. The output can be logged to a Postgres database, file[s], terminal or syslog for easy integration.

This honeypots package is the only package that contains all the following: dhcp, dns, elastic, ftp, http_proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc.

Honeypots now is in the awesome telekom security T-Pot project!

Install

pip3 install honeypots

honeypots -h

Qeeqbox/honeypots customizable honeypots for monitoring network traffic, bots activities, and username\password credentials

Arguments:
  --setup               target honeypot E.g. ssh or you can have multiple E.g ssh,http,https
  --list                list all available honeypots
  --kill                kill all honeypots
  --verbose             Print error msgs

Honeypots options:
  --ip                  Override the IP
  --port                Override the Port (Do not use on multiple!)
  --username            Override the username
  --password            Override the password
  --config              Use a config file for honeypots settings
  --options             Extra options (capture_commands for capturing all threat actor data)

General options:
  --termination-strategy {input,signal} Determines the strategy to terminate by
  --test                Test a honeypot
  --auto                Setup the honeypot with random port

Usage Example - Auto configuration with default ports

Use a honeypot, or multiple honeypots separated by comma or word all

sudo -E python3 -m honeypots --setup ssh

Usage Example - Auto configuration with random port (No need for higher privileges)

Use a honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots --setup ssh --auto

Usage Example - Auto configure with specific ports

Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port

python3 -m honeypots --setup imap:143,mysql:3306,redis:6379

Usage Example - Custom configure with logs location

Use a honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots --setup ssh --config config.json

config.json (Output to folder and terminal)

{
  "logs": "file,terminal,json",
  "logs_location": "/var/log/honeypots/",
  "syslog_address": "",
  "syslog_facility": 0,
  "postgres": "",
  "sqlite_file":"",
  "db_options": [],
  "sniffer_filter": "",
  "sniffer_interface": "",
  "honeypots": {
    "ftp": {
      "port": 21,
      "ip": "0.0.0.0",
      "username": "ftp",
      "password": "anonymous",
      "log_file_name": "ftp.log",
      "max_bytes": 10000,
      "backup_count": 10
    }
  }
}

config.json (Output to syslog)

{
  "logs": "syslog",
  "logs_location": "",
  "syslog_address": "udp://localhost:514",
  "syslog_facility": 3,
  "postgres": "",
  "sqlite_file":"",
  "db_options": [],
  "sniffer_filter": "",
  "sniffer_interface": "",
  "honeypots": {
    "ftp": {
      "port": 21,
      "ip": "0.0.0.0",
      "username": "test",
      "password": "test"
    }
  }
}

config.json (Output to Postgres db)

{
    "logs": "db_postgres",
    "logs_location": "",
    "syslog_address":"",
    "syslog_facility":0,
    "postgres":"//username:password@172.19.0.2:9999/honeypots",
    "sqlite_file":"",
    "db_options":["drop"],
    "sniffer_filter": "",
    "sniffer_interface": "",
    "honeypots": {
        "ftp": {
            "port": 21,
            "username": "test",
            "password": "test"
        }
    }
}

config.json (Output to Sqlite db)

{
    "logs": "db_postgres",
    "logs_location": "",
    "syslog_address":"",
    "syslog_facility":0,
    "postgres":"",
    "sqlite_file":"/home/test.db",
    "db_options":["drop"],
    "sniffer_sniffer_filter": "",
    "sniffer_interface": "",
    "honeypots": {
        "ftp": {
            "port": 21,
            "username": "test",
            "password": "test"
        }
    }
}

db structure

[
  {
    "id": 1,
    "date": "2021-11-18 06:06:42.304338+00",
    "data": {
      "server": "'ftp_server'",
      "action": "'process'",
      "status": "'success'",
      "ip": "'0.0.0.0'",
      "port": "21",
      "username": "'test'",
      "password": "'test'"
    }
  }
]

Usage Example - Import as object and auto test

#ip= String E.g. 0.0.0.0
#port= Int E.g. 9999
#username= String E.g. Test
#password= String E.g. Test
#options= Boolean or String E.g OpenSSH 7.0
#logs= String E.g db, terminal or all
#always remember to add process=true to run_server() for non-blocking

from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
qsshserver.test_server(port=9999)
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]
qsshserver.kill_server()

Usage Example - Import as object and test with external ssh command

from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
ssh test@127.0.0.1

Honeypot answer

INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]

Close the honeypot

qsshserver.kill_server()

Current Servers/Emulators

  • QDNSServer
    • Server: DNS

    • Port: 53

    • Lib: Twisted

    • Logs: ip, port

  • QFTPServer
    • Server: FTP

    • Port: 21

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QHTTPProxyServer
    • Server: HTTP Proxy

    • Port: 8080

    • Lib: Twisted

    • Logs: ip, port and data

  • QHTTPServer
    • Server: HTTP

    • Port: 80

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QHTTPSServer
    • Server: HTTPS

    • Port: 443

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QIMAPServer
    • Server: IMAP

    • Port: 143

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QMysqlServer
    • Emulator: Mysql

    • Port: 3306

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QPOP3Server
    • Server: POP3

    • Port: 110

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QPostgresServer
    • Emulator: Postgres

    • Port: 5432

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QRedisServer
    • Emulator: Redis

    • Port: 6379

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QSMBServer
    • Server: Redis

    • Port: 445

    • Lib: impacket

    • Logs: ip, port and username

  • QSMTPServer
    • Server: SMTP

    • Port: 25

    • Lib: smtpd

    • Logs: ip, port, username and password

  • QSOCKS5Server
    • Server: SOCK5

    • Port: 1080

    • Lib: socketserver

    • Logs: ip, port, username and password

  • QSSHServer
    • Server: SSH

    • Port: 22

    • Lib: paramiko

    • Logs: ip, port, username and password

  • QTelnetServer
    • Server: Telnet

    • Port: 23

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QVNCServer
    • Emulator: VNC

    • Port: 5900

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QMSSQLServer
    • Emulator: MSSQL

    • Port: 1433

    • Lib: Twisted

    • Logs: ip, port, username and password or hash

  • QElasticServer
    • Emulator: Elastic

    • Port: 9200

    • Lib: http.server

    • Logs: ip, port and data

  • QLDAPServer
    • Emulator: LDAP

    • Port: 389

    • Lib: Twisted

    • Logs: ip, port, username and password

  • QNTPServer
    • Emulator: NTP

    • Port: 123

    • Lib: Twisted

    • Logs: ip, port and data

  • QMemcacheServer
    • Emulator: Memcache

    • Port: 11211

    • Lib: Twisted

    • Logs: ip, port and data

  • QOracleServer
    • Emulator: Oracle

    • Port: 1521

    • Lib: Twisted

    • Logs: ip, port and connet data

  • QSNMPServer
    • Emulator: SNMP

    • Port: 161

    • Lib: Twisted

    • Logs: ip, port and data

acknowledgement

  • By using this framework, you are accepting the license terms of all these packages: pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server

  • Let me know if I missed a reference or resource!

Notes

  • Almost all servers and emulators are stripped-down - You can adjust that as needed

Other projects

https://raw.githubusercontent.com/qeeqbox/.github/main/data//social-analyzer.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//analyzer.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//chameleon.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//osint.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//url-sandbox.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//mitre-visualizer.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//woodpecker.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//docker-images.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//seahorse.png https://raw.githubusercontent.com/qeeqbox/.github/main/data//rhino.png

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

honeypots-0.66.tar.gz (70.4 kB view details)

Uploaded Source

Built Distribution

honeypots-0.66-py3-none-any.whl (84.4 kB view details)

Uploaded Python 3

File details

Details for the file honeypots-0.66.tar.gz.

File metadata

  • Download URL: honeypots-0.66.tar.gz
  • Upload date:
  • Size: 70.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.11.6

File hashes

Hashes for honeypots-0.66.tar.gz
Algorithm Hash digest
SHA256 ddc00303ab607b3702ee7573d1d9c4ff9e60b7ed4a0f927a64828b11cb2d3ba9
MD5 87732378224132fc962d1b64887a6159
BLAKE2b-256 af09cfb1a54ce43a3bd5ac1540c5a6985108eec30222cd1308bcc9352c1f00f8

See more details on using hashes here.

File details

Details for the file honeypots-0.66-py3-none-any.whl.

File metadata

  • Download URL: honeypots-0.66-py3-none-any.whl
  • Upload date:
  • Size: 84.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.11.6

File hashes

Hashes for honeypots-0.66-py3-none-any.whl
Algorithm Hash digest
SHA256 b8f363a0b34faced041f269273ed3ecbe2cc930eca162a748d33b157fea57d06
MD5 03281713f0a1685dfe18906d49c343e7
BLAKE2b-256 bbf5f52678143697f127d3b557d894da59d3bfd9aa77f5bd0abca2a5e6efb7ad

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page