This project was a university course project, it was about Attacking Behavior Co-Relation Using Honeypot.
This project uses WetFTP as a high interaction honeypot and converts the logs generated by the tool into a graph using neo4j database.
- Collecting logs
- Convert the logs into a json format that can be imported to neo4j using (apoc.import.json) procedure call
- View the graph in neo4j with two different type of graphs (Timeline, Overview)
- Having python3 -_-.
- Install the latest Neo4j database version.
- Install the latest APOC plugins (So you can call the apoc.import.json procedure).
- Additional:
pip3 install py2neo
, then modify bolt port and username/password of neo4j database if you wish to run the neo4j cypher queries within the python script. - Run:
python3 main.py -h
- Example:
python3 main.py --logpath cmd.log --mode timeline --jsonoutput timeline.json --neo4j --neo4juri bolt://localhost:11003 --neo4juser neo4j --neo4jpasswd neo4j --label Node
- Understand Neo4j structure more and more (lol).
- Develop the log2json convertor.
- Create my own honeypots for multiple services such as HTTP/SSH/SMB/...
- Use Provenance so we can correlate the attacker behaviour more using framework such as
- Convert this project to a framework with real time monitoring.
if you noticed any mistake or have any suggestion reached me at my Twitter/LinkedIn account: