/snare

Super Next generation Advanced Reactive honEypot

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

SNARE

Documentation Status Build Status

Super Next generation Advanced Reactive honEypot

About

SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet.

Documentation

The documentation can be found here.

Basic Concepts

  • Surface first. Focus on the attack surface generation.
  • Sensors and masters. Lightweight collectors (SNARE) and central decision maker (tanner).

Getting started

  • You need Python3. We tested primarily with >=3.5
  • This was tested with a recent Ubuntu based Linux.

Steps to setup

  1. Get SNARE: git clone https://github.com/mushorg/snare.git and cd snare
  2. Install requirements: sudo pip3 install -r requirements.txt
  3. Setup snare: sudo python3 setup.py install
  4. Clone a page: sudo clone --target http://example.com
  5. Run SNARE: sudo snare --port 8080 --page-dir example.com
  6. Test: Visit http://localhost:8080/index.html
  7. (Optionally) Have your own tanner service running.

[Note : Cloner clones the whole website, to restrict to a desired depth of cloning add --max-depth parameter]

You obviously want to bind to 0.0.0.0 and port 80 when running in production.

Sample Output

    # sudo snare --port 8080 --page-dir example.com

       _____ _   _____    ____  ______
      / ___// | / /   |  / __ \/ ____/
      \__ \/  |/ / /| | / /_/ / __/
     ___/ / /|  / ___ |/ _, _/ /___
    /____/_/ |_/_/  |_/_/ |_/_____/


    privileges dropped, running as "nobody:nogroup"
    serving with uuid 9c10172f-7ce2-4fb4-b1c6-abc70141db56
    Debug logs will be stored in /opt/snare/snare.log
    Error logs will be stored in /opt/snare/snare.err
    ======== Running on http://127.0.0.1:8080 ========
    (Press CTRL+C to quit)
    you are running the latest version