/honeypot

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Honeypot

This project aims to create a honeypot, which, when activated within a LAN network, is able to determine which services are active on the machine on which it is running and replace them, with those implemented by it. Important is the network configuration of the machine that activates the hypo, as if the hypothecot were to be punctured, the attacker would have free access to the network.

File architecture

  • lib => core module that implaments the main features of the honeypot.
    • server
      • server.py => implements the basic server instance.
    • utils
      • utils.py => general purpose tools.
    • loggers => type of logging system that can be used
  • log => log files generated by the services activated by the honeypot.
  • machine_services
    • log.services => .services file generated by nmap scan.
  • service-cfg
    • config-test.json => .json configuration file for the services that will be activated by the honeypot.
  • trap-services => fake active services. Since we intend to implement the http and ftp service for the moment, in this folder there will be the modules that implement these services. For example a fake apache server, or a fake server for uploading files.
  • manager.py => manage different services.
  • monitor.py => activate a simple interface to communicate with service instances. It is the only one who communicates with the manager module.
  • start.py => Entry point of entire software. Parse command line arguments and run the honeypot.

Command line arguments

To start the program, you must have maximum privileges and you must necessarily pass them from the command line, the name of the file that contains the list of active services and the one that contains the configuration with which the services will be started.

    sudo python3 start.py log.services config-test.json

In this way, the first parameter passed concerns the .services file, generated after the system scan and saved in the /machine-services directory. You need to follow this convention if you want the file to load correctly. If the file is not present this will generate an error, to avoid this error it is possible to pass the 'createnow' command after the file name, in this way before starting the services, a system scan will be performed in search of the active services and the .services file will be created.

    sudo python3 start.py log.services createnow config-test.json

Obviously also in this case if the file is already present and the 'createnow' option is passed, an error will be generated. The second parameter passed represents the configuration file necessary for starting the various services. Also in this case, by convention, this .json file will be saved in the directory / services-cfg.

Service Configuration file

The configuration file of the services activated by the honeypot, which is the one found in the / services-cfg path, contains several sections:

  • active => This field is used for communication between monitors and managers, ie the monitor will write in the list those that are the services active on the machine, so that the services manager knows which services to activate.
  • loggers => The various types of loggin systems to use. For example Elastich Search, local file log.. Currently the log will be visible only from the monitor using a special command, which will take care of reading the log files of the single instance of the service you choose to view in real time.
  • servers => In this field, on the other hand, the various services that will be executed by the ipod are saved.

Active Service log file

As for the structure of the .services file this is defined as follow:

  • Service-Name || State || Port-Number The default scan will currently only cover the identification of active services on known ports. So for example a .services log file should be:

http || open || 80 ftp || open || 22 https || closed || 8443