19 different honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. All honeypots are non-blocking and can be used as objects or called directly with the in-built auto-configure scripts.
The current available honeypots are: dns ftp httpproxy http https imap mysql pop3 postgres redis smb smtp socks5 ssh telnet vnc mssql elastic ldap.
honeypots output can be logged to a database, file, terminal or syslog
pip3 install honeypots
honeypot, or multiple honeypots separated by comma or word all
python3 -m honeypots --setup ssh
Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port
python3 -m honeypots --setup imap:143,mysql:3306,redis:6379
honeypot, or multiple honeypots separated by comma or word all
python3 -m honeypots --setup ssh --config config.json
#config.json
{
"logs":"file,terminal",
"logs_location":"/temp/honeypots_logs/"
}
honeypot, or multiple honeypots in a dict
python3 -m honeypots --setup ftp --config config.json
#config.json
{
"logs":"file,terminal",
"logs_location":"/temp/honeypots_logs/",
"honeypots": {
"ftp": {
"port": 21,
"ip": "0.0.0.0",
"username": "test",
"password": "test"
}
}
}
#you need higher user permissions for binding\closing some ports
ip= String E.g. 0.0.0.0
port= Int E.g. 9999
username= String E.g. Test
password= String E.g. Test
mocking= Boolean or String E.g OpenSSH 7.0
logs= String E.g db, terminal or all
always remember to add process=true to run_server() for non-blocking
from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
qsshserver.test_server(port=9999)
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]
qsshserver.kill_server()
#you need higher user permissions for binding\closing some ports
from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
ssh test@127.0.0.1
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]
qsshserver.kill_server()
- QDNSServer <- DNS (Server using Twisted)
- QFTPServer <- FTP (Server using Twisted)
- QHTTPProxyServer <- HTTP Proxy (Server using Twisted)
- QHTTPServer <- HTTP (Server using Twisted)
- QHTTPSServer <- HTTPS (Server using Twisted)
- QIMAPServer <- IMAP (Server using Twisted)
- QMysqlServer <- Mysql (Emulator using Twisted)
- QPOP3Server <- POP3 (Server using Twisted)
- QPostgresServer <- Postgres (Emulator using Twisted)
- QRedisServer <- Redis (Emulator using Twisted)
- QSMBServer <- SMB (Server using impacket)
- QSMTPServer <- STMP (Server using smtpd)
- QSOCKS5Server <- SOCK5 (Server using socketserver)
- QSSHServer <- SSH (Server using socket)
- QTelnetServer <- TELNET (Server using Twisted)
- QVNCServer <- VNC (Emulator using Twisted)
- QMSSQLServer <- MSSQL (Emulator using Twisted)
- QElasticServer <- Elastic (Emulator using http.server)
- QLDAPServer <- ldap (Emulator using Twisted)
- By using this framework, you are accepting the license terms of all these packages:
pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server
- Let me know if I missed a reference or resource!
- Almost all servers and emulators are stripped-down - You can adjust that as needed