23 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, and oracle)
Project description
23 different honeypots in a single PyPI package for monitoring network traffic, bots activities, and username password credentials. All honeypots are non-blocking and can be used as objects or called directly with the in-built auto-configure scripts. Also, they are easy to setup and customize, it takes 1-2 seconds to spin a honeypot up. The output can be logged to a postgres database, file[s], terminal or syslog for easy integration.
This honeypots package is the only package that contains all the following: dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, and oracle.
Honeypots now is in the awesome telekom security T-Pot project!
Install
pip3 install honeypotsUsage Example - Auto configure
Use a honeypot, or multiple honeypots separated by comma or word all
python3 -m honeypots --setup sshUsage Example - Local ports needs higher privileges (use sudo -E)
Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port
python3 -m honeypots --setup ssh:22Usage Example - Auto configure with specific ports
Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port
python3 -m honeypots --setup imap:143,mysql:3306,redis:6379Usage Example - Auto configure with logs location
Use a honeypot, or multiple honeypots separated by comma or word all
python3 -m honeypots --setup ssh --config config.json{
"logs":"file,terminal",
"logs_location":"/temp/honeypots_logs/"
}Usage Example - Custom configure
Use a honeypot, or multiple honeypots separated by comma or word all
python3 -m honeypots --setup ssh --config config.jsonconfig.json (Output to folder and terminal)
{
"logs":"file,terminal",
"logs_location":"/temp/honeypots_logs/"
"honeypots": {
"ftp": {
"port": 21,
"ip": "0.0.0.0",
"username": "test",
"password": "test"
}
}
}config.json (Output to syslog)
{
"logs":"syslog",
"logs_location":"",
"syslog_address": "udp://localhost:514",
"syslog_facility": 3,
"honeypots": {
"ftp": {
"port": 21,
"ip": "0.0.0.0",
"username": "test",
"password": "test"
}
}
}config.json (Output to db)
{
"logs": "db",
"logs_location": "",
"syslog_address":"",
"syslog_facility":0,
"postgres":"//username:password@172.19.0.2:9999/honeypots",
"db_options":["drop"],
"filter": "",
"interface": "",
"honeypots": {
"ftp": {
"port": 21,
"username": "test",
"password": "test"
}
}
}db structure
[
{
"id": 1,
"date": "2021-11-18 06:06:42.304338+00",
"data": {
"server": "'ftp_server'",
"action": "'process'",
"status": "'success'",
"ip": "'0.0.0.0'",
"port": "21",
"username": "'test'",
"password": "'test'"
}
}
]Usage Example - Import as object and auto test
#ip= String E.g. 0.0.0.0
#port= Int E.g. 9999
#username= String E.g. Test
#password= String E.g. Test
#options= Boolean or String E.g OpenSSH 7.0
#logs= String E.g db, terminal or all
#always remember to add process=true to run_server() for non-blocking
from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
qsshserver.test_server(port=9999)
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]
qsshserver.kill_server()Usage Example - Import as object and test with external ssh command
from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)ssh test@127.0.0.1Honeypot answer
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]Close the honeypot
qsshserver.kill_server()Current Servers/Emulators
- QDNSServer
Server: DNS
Port: 53
Lib: Twisted
Logs: ip, port
- QFTPServer
Server: FTP
Port: 21
Lib: Twisted
Logs: ip, port, username and password
- QHTTPProxyServer
Server: HTTP Proxy
Port: 8080
Lib: Twisted
Logs: ip, port and data
- QHTTPServer
Server: HTTP
Port: 80
Lib: Twisted
Logs: ip, port, username and password
- QHTTPSServer
Server: HTTPS
Port: 443
Lib: Twisted
Logs: ip, port, username and password
- QIMAPServer
Server: IMAP
Port: 143
Lib: Twisted
Logs: ip, port, username and password
- QMysqlServer
Emulator: Mysql
Port: 3306
Lib: Twisted
Logs: ip, port, username and password
- QPOP3Server
Server: POP3
Port: 110
Lib: Twisted
Logs: ip, port, username and password
- QPostgresServer
Emulator: Postgres
Port: 5432
Lib: Twisted
Logs: ip, port, username and password
- QRedisServer
Emulator: Redis
Port: 6379
Lib: Twisted
Logs: ip, port, username and password
- QSMBServer
Server: Redis
Port: 445
Lib: impacket
Logs: ip, port and username
- QSMTPServer
Server: SMTP
Port: 25
Lib: smtpd
Logs: ip, port, username and password
- QSOCKS5Server
Server: SOCK5
Port: 1080
Lib: socketserver
Logs: ip, port, username and password
- QSSHServer
Server: SSH
Port: 22
Lib: paramiko
Logs: ip, port, username and password
- QTelnetServer
Server: Telnet
Port: 23
Lib: Twisted
Logs: ip, port, username and password
- QVNCServer
Emulator: VNC
Port: 5900
Lib: Twisted
Logs: ip, port, username and password
- QMSSQLServer
Emulator: MSSQL
Port: 1433
Lib: Twisted
Logs: ip, port, username and password or hash
- QElasticServer
Emulator: Elastic
Port: 9200
Lib: http.server
Logs: ip, port and data
- QLDAPServer
Emulator: LDAP
Port: 389
Lib: Twisted
Logs: ip, port, username and password
- QNTPServer
Emulator: NTP
Port: 123
Lib: Twisted
Logs: ip, port and data
- QMemcacheServer
Emulator: Memcache
Port: 11211
Lib: Twisted
Logs: ip, port and data
- QOracleServer
Emulator: Oracle
Port: 1521
Lib: Twisted
Logs: ip, port and connet data
- QSNMPServer
Emulator: SNMP
Port: 161
Lib: Twisted
Logs: ip, port and data
acknowledgement
By using this framework, you are accepting the license terms of all these packages: pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server
Let me know if I missed a reference or resource!
Some Articles
Notes
Almost all servers and emulators are stripped-down - You can adjust that as needed
Other projects
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file honeypots-0.49.tar.gz.
File metadata
- Download URL: honeypots-0.49.tar.gz
- Upload date:
- Size: 40.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.27.1 setuptools/45.2.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1d9feccf16a1f590c9a27d0ddf2f303d83348e58abf7a8a51d8a40c103a6b78f
|
|
| MD5 |
8a822fed9b8155acf581f84927e89f01
|
|
| BLAKE2b-256 |
be16193c9a6e27550441c2583c251d852231d22a184ff7ab6fb45e8458b3b48a
|
File details
Details for the file honeypots-0.49-py3-none-any.whl.
File metadata
- Download URL: honeypots-0.49-py3-none-any.whl
- Upload date:
- Size: 85.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.4.2 requests/2.27.1 setuptools/45.2.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b849fe51114e20ffe7b0fed5b7c61b21888c1e540ec4bb5dda5724f7801fddc7
|
|
| MD5 |
eb6771cfafb572886496e9ce1d27ac22
|
|
| BLAKE2b-256 |
a79ea7b68ef8591255d1f62dc366c29619e4456e9e306815da75ad5cb121b5e9
|
