HonSSH is a high-interaction Honey Pot solution.
HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.
Features
- Captures all connection attempts to a text file, database or email alerts.
- When an attacker sends a password guess, HonSSH can automatically replace their attempt with the correct password (spoof_login option). This allows them to login with any password but confuses them when they try to sudo with the same password.
- All interaction is captured into a TTY log (thanks to Kippo) that can be replayed using the playlog utility included from Kippo.
- A text based summary of an attackers session is captured in a text file.
- Sessions can be viewed or hijacked in real time (again thanks to Kippo) using the management telnet interface.
- Downloads a copy of all files transferred through wget or scp.
- Can use docker to spin up new honeypots and reuse them on ip basis.
- Saves all modifications made to the docker container by using filesystem watcher.
- Advanced networking feature to spoof attackers IP addresses between HonSSH and the honeypot.
- Application hooks to integrate your own output scripts.
Setup and Configuration
- Using a single machine : static honeypot
- Using Docker : docker honeypot
Useful links
Inspiration and Usage
KippoKippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. https://github.com/desaster/kippo
This project was inspired by Kippo and has made use of it's logging and interaction mechanisms.
BifroztAn awesome project using Honssh by Are Hansen - http://sourceforge.net/projects/bifrozt/
- An all-in-one Honeypot Ubuntu Server ISO.
- Uses iptables to provide some cool firewall mitigation rules.