The script is designed to capture login attempts for exact credentaisl used + reporting the IP addresses to AbuseIPDB.
I am currently using this myself, AbuseipDB Results .
-
Python 3.x
-
Paramiko library
-
Requests library
-
Curl
-
iptables ==> Linux Only, Will need to find a Windows Alternative
-
Clone the repository:
git clone https://github.com/Birdo1221/SSH-HoneyPot.git cd ssh-honeypot -
Install the required Python packages:
pip install paramiko requests
-
Replace the placeholder in the script with your Abuse-IPDB API key:
ABUSE_IPDB_API_KEY = 'Replace with Abuse-IPDB API Token'
-
You don’t need to manually remove any ports from the list; the script will simply skip any that are already in use. However, to run the server on the ports below 1024, you will need to have sudo / administrative privileges.
PORTS = [2222, 2200, 22222, 50000, 3389, 1337, 10001, 222, 2022, 2181, 23, 2000, 830, 2002, 5353, 8081, 6000, 5900]
Im currently using these ports due to them being the most commonly used port for ssh on shodan / zoomeye.
Run: Python3 ssh-honeypot-All.py
File: ssh_login_attempts.log
You can change the name of the log file to whatever.