{"id":13482048,"url":"https://github.com/dutchcoders/troje","last_synced_at":"2025-08-27T13:10:08.622Z","repository":{"id":19618898,"uuid":"22870436","full_name":"dutchcoders/troje","owner":"dutchcoders","description":"Troje is a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.","archived":false,"fork":false,"pushed_at":"2014-08-12T12:00:21.000Z","size":148,"stargazers_count":44,"open_issues_count":0,"forks_count":9,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-05-01T01:01:56.172Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dutchcoders.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-08-12T08:35:14.000Z","updated_at":"2025-04-22T08:27:47.000Z","dependencies_parsed_at":"2022-08-23T20:40:35.714Z","dependency_job_id":null,"html_url":"https://github.com/dutchcoders/troje","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dutchcoders/troje","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchcoders%2Ftroje","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchcoders%2Ftroje/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchcoders%2Ftroje/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchcoders%2Ftroje/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dutchcoders","download_url":"https://codeload.github.com/dutchcoders/troje/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchcoders%2Ftroje/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272335003,"owners_count":24916350,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-27T02:00:09.397Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:00:58.489Z","updated_at":"2025-08-27T13:10:08.581Z","avatar_url":"https://github.com/dutchcoders.png","language":"Go","readme":"# TROJE\n\nTroje is a honeypot that creates a real environment within a physical of virtual machine using lxc containers. These containers will be created on the first connection with the desired service. For example ssh service. At the first connection the 'attacker' will get its own attack vector, where Troje will pass all traffic between the service and their own attack vector. All traffic within the lxc container will be monitored, also the changes to the drives are being recorded.\n\nWARNING: this is a proof of concept and hasn't been tested accordingly. \n\nThis version is a proof of concept. With the proof of concept I want to test the following:\n\n- an individual lxc container can be used per remote address\n- the lxc container is safe enough and can be constrained for attacks to operate safely\n- all actions can be monitored (traffic, filesystem, ssh) \n- the honeypot is realistic\n\n## Quick start\n\n### Install (ubuntu):\n\n```\napt-get install golang lxc aufs-tools\n\ngo get http://github.com/lxc/go-lxc\ngo get http://code.google.com/p/gopacket\n```\n\n### Create base container:\n\n```\nlxc-create -t download -n troje_base -- --dist ubuntu --release trusty --arch amd64\n```\n\n### Start Troje:\n\n```\nGOPATH=`pwd` go run ./bin/main.go -b troje_base\n```\n\nNow Troje is up and running and you can connect using SSH to Troje. When you connect, the troje_base container will be cloned and all current and following connections from the remote address will be directed to the cloned container.\n\n## Contributing\n\nContributions are welcome.\n\n## Example\n\n```\nroot@packer-vmware-iso:/vagrant# go run ./main.go -b u1\n2014/08/12 11:40:55 Troje started.\n2014/08/12 11:40:57 Received new connection from 172.16.84.1:53483\n2014/08/12 11:40:57 Creating new container for ip 172.16.84.1:53483\n2014/08/12 11:40:57 Cloning new container 3IeAsSTV\n2014/08/12 11:40:57 Starting new container 3IeAsSTV\n2014/08/12 11:40:57 Waiting for container to settle 3IeAsSTV\n2014/08/12 11:40:57 Waiting for ip to settle 3IeAsSTV (getting IP address on the interface of the container failed)\n2014/08/12 11:40:58 Waiting for ip to settle 3IeAsSTV (getting IP address on the interface of the container failed)\n2014/08/12 11:40:59 Waiting for ip to settle 3IeAsSTV (getting IP address on the interface of the container failed)\n2014/08/12 11:41:00 Waiting for ip to settle 3IeAsSTV (getting IP address on the interface of the container failed)\n2014/08/12 11:41:01 Container 3IeAsSTV got ip 10.0.3.84\n2014/08/12 11:41:01 Forwarding connections\n\n\u003c\u003c\u003c TRAFFIC BETWEEN CONTAINER AND REMOTE HOST \u003e\u003e\u003e\n\n2014/08/12 11:41:01 ^C2014/08/12 11:41:03 interrupt\n2014/08/12 11:41:03 Troje stopping. Cleaning up.\n2014/08/12 11:41:03 Destroying container 3IeAsSTV\n2014/08/12 11:41:04 2014/08/12 11:41:04 Connection closed.\n2014/08/12 11:41:04 Waiting for container to shutdown 3IeAsSTV\n2014/08/12 11:41:04 Troje stopped.\n```\n\n## Todo: \n\n- create hot spare containers\n- serialize data\n- reporting of traffic (pcap)\n- reporting of delta (/var/lib/lxc/gvgVHiMV/delta0/)\n- how to monitor the commands? using ssh and created username / password?\n- custom ssl certicate? for intercepting https traffic?\n- how to compare the differences? Use overlayfs?\n- when to clean up and create report?\n- listen on multiple ip adresses, with different containers\n- configure custom forwarding\n- use pipes / multithreading / locks \n- code improvements\n- start container prevent goroutine to return\n- should we use ephemeral storage?\n- Go-ify source\n\n## Creators \n\n**Remco Verhoef**\n- \u003chttps://twitter.com/remco_verhoef\u003e\n\n## Copyright and license\n\nCode and documentation copyright 2011-2014 Remco Verhoef. Code released under [the MIT license](LICENSE). \n\n","funding_links":[],"categories":["Honeypots","\u003ca id=\"a53d22b9c5d09dc894413453f4755658\"\u003e\u003c/a\u003e未分类"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdutchcoders%2Ftroje","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdutchcoders%2Ftroje","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdutchcoders%2Ftroje/lists"}