This tool creates an honeypot server running an ssh service, which detects a brute force attack, communicates with the attacker’s ssh client and provides it with a shell access to a file system with the ability to execute a few basic commands.
python3 honeypot.py -p [port]
- -p: The port to which the ssh server will be binded to.
-
Detect a brute force attack: The honeypot detects brute force attacks against a specific user. After the fifth attempt, the honeypot grants access to a shell.
-
SSH functionality: Once the attacker has been granted access and a connection has been established, the honeypot communicates to the client like a normal ssh server.
For instance, on a successful attempt by an attacker for the username john, should be able to see a shell prompt on the client side which resembles the following:john@server:/$Just like within a normal shell, the client has the ability to type in commands which are sent over to your honeypot server when they hit carriage return. In addition, the server is also be able to keep track of time of an open connection. If the client remains idle for 60 seconds, it should terminate the connection.
-
Basic file system: A fake file system is created along with the emulation of a few basic commands. The following commands are available:
- ls : lists all files in the current directory.
- echo "XXXX" > destionation.txt : creates a simple text file with the user-supplied name and content.
- cat text.txt : prints the content of a file.
- cp source.txt destination.txt : creates destination.txt and copies the content of source.txt
All information and software available on this repository are for educational purposes only. Usage of tools from this repository for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws.