honeypots 0.30

19 honeypots in one package package for monitoring network traffic, bots activities, and username password credentials

19 different honeypots in a single PyPI package for monitoring network traffic, bots activities, and username password credentials. All honeypots are non-blocking and can be used as objects or called directly with the in-built auto-configure scripts.

The current available honeypots are: dns ftp httpproxy http https imap mysql pop3 postgres redis smb smtp socks5 ssh telnet vnc mssql elastic ldap

honeypots output can be logged to a database, file, terminal or syslog

Install

pip3 install honeypots

Usage Example - Auto configure

Use a honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots --setup ssh

Usage Example - Auto configure with specific ports

Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port

python3 -m honeypots --setup imap:143,mysql:3306,redis:6379

Usage Example - Auto configure with logs location

Use a honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots --setup ssh --config config.json

{
    "logs":"file,terminal",
    "logs_location":"/temp/honeypots_logs/"
}

Usage Example - Custom configure

Use a honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots --setup ssh --config config.json

{
    "logs":"file,terminal",
    "logs_location":"/temp/honeypots_logs/"
    "honeypots": {
        "ftp": {
            "port": 21,
            "ip": "0.0.0.0",
            "username": "test",
            "password": "test"
            }
        }
}

Usage Example - Import as object and auto test

#ip= String E.g. 0.0.0.0
#port= Int E.g. 9999
#username= String E.g. Test
#password= String E.g. Test
#mocking= Boolean or String E.g OpenSSH 7.0
#logs= String E.g db, terminal or all
#always remember to add process=true to run_server() for non-blocking

from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
qsshserver.test_server(port=9999)
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]
qsshserver.kill_server()

Usage Example - Import as object and test with external ssh command

from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)

ssh test@127.0.0.1

Honeypot answer

INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]

Close the honeypot

qsshserver.kill_server()

Current Servers/Emulators

• QDNSServer <- DNS (Server using Twisted)

• QFTPServer <- FTP (Server using Twisted)

• QHTTPProxyServer <- HTTP Proxy (Server using Twisted)

• QHTTPServer <- HTTP (Server using Twisted)

• QHTTPSServer <- HTTPS (Server using Twisted)

• QIMAPServer <- IMAP (Server using Twisted)

• QMysqlServer <- Mysql (Emulator using Twisted)

• QPOP3Server <- POP3 (Server using Twisted)

• QPostgresServer <- Postgres (Emulator using Twisted)

• QRedisServer <- Redis (Emulator using Twisted)

• QSMBServer <- SMB (Server using impacket)

• QSMTPServer <- STMP (Server using smtpd)

• QSOCKS5Server <- SOCK5 (Server using socketserver)

• QSSHServer <- SSH (Server using socket)

• QTelnetServer <- TELNET (Server using Twisted)

• QVNCServer <- VNC (Emulator using Twisted)

• QMSSQLServer <- MSSQL (Emulator using Twisted)

• QElasticServer <- Elastic (Emulator using http.server)

• QLDAPServer <- ldap (Emulator using Twisted)

acknowledgement

• By using this framework, you are accepting the license terms of all these packages: pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server

• Let me know if I missed a reference or resource!

Notes

• Almost all servers and emulators are stripped-down - You can adjust that as needed

Other projects