{"id":13481898,"url":"https://github.com/huuck/ADBHoney","last_synced_at":"2025-03-27T12:31:44.412Z","repository":{"id":52171427,"uuid":"157766841","full_name":"huuck/ADBHoney","owner":"huuck","description":"Low interaction honeypot designed for Android Debug Bridge over TCP/IP","archived":false,"fork":false,"pushed_at":"2022-09-28T15:06:36.000Z","size":96,"stargazers_count":159,"open_issues_count":4,"forks_count":33,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-04-25T10:02:40.972Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/huuck.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-15T20:12:14.000Z","updated_at":"2024-04-23T19:59:37.000Z","dependencies_parsed_at":"2022-08-23T21:30:46.654Z","dependency_job_id":null,"html_url":"https://github.com/huuck/ADBHoney","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huuck%2FADBHoney","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huuck%2FADBHoney/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huuck%2FADBHoney/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/huuck%2FADBHoney/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/huuck","download_url":"https://codeload.github.com/huuck/ADBHoney/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245845061,"owners_count":20681825,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:00:57.267Z","updated_at":"2025-03-27T12:31:44.143Z","avatar_url":"https://github.com/huuck.png","language":"Python","funding_links":[],"categories":["Honeypots"],"sub_categories":[],"readme":"# ADBHoney\nLow interaction honeypot designed for Android Debug Bridge over TCP/IP\n\n## What's this?\nThe Android Debug Bridge (ADB) is a protocol designed to keep track of both emulated and real phones/TVs/DVRs connected to a given host. It implements various commands designed to assist the developer (`adb shell`, `adb push`, and so on) in both debugging and pushing content to the device. This is usually done via an attached USB cable, with ample mechanisms of authentication and protection. Turns out though that by a simple adb command (`adb tcpip \u003cport\u003e`) sent to an already established connection (through USB for example), you can force your device to expose its ADB services over port 5555, after which you can use a simple `adb connect \u003cip\u003e:\u003cport\u003e` to connect to your device via TCP. However, unlike the USB protocol, the TCP one does not have any kind of authentication and leaves the device prone to all kinds of attacks. Two of them are as follows:\n\n`adb shell \u003cshell command\u003e` - allows a developer to run all kinds of commands on the connected device such as ls, wget and many others.\n\n`adb push \u003clocal file\u003e \u003cremote destination\u003e` - allows a developer to upload binaries from his own machine to the connected Android device.\n\nCoupled together, these two API calls can allow complete control over the device (legitimate or not) as long as the port is exposed over the Internet.\n  \nThe purpose of this project is to provide a low interaction honeypot designed to catch whatever malware is being pushed by attackers to unsuspecting victims which have port 5555 exposed.\n\n## What works?\nRight now you can `adb connect`, `adb push` and `adb shell` into it. All of the data is redirected to stdout and files will be saved to disk. CPU/memory usage should be fairly low, any anormalities should be reported so they can be investigated.\n\nResponses to shell commands can easily be added by editing the `responses.py` file, currently only the `adb shell ls` will return a unique response. All other commands will respond with `command not found`\n\n## What doesn't work?\nMore advanced commands (like native directory listing and having an interactive shell) won't work. The main reason is that I haven't found any kind of malware to take advantage of mechanisms like this. I've also had to reverse engineer the protocol flow by hand, so please also provide a **.pcap** when logging an issue so I can look into it (or VERY exact steps for reproduction). Any improvements will be more than welcome.\n\n# OK OK, how do I get it started?\nJust start the script in python:\n\n`nohup python3 run.py \u0026`\n\nJust like that, shouldn't have any more complex dependencies.\n\n**The config file `adbhoney.cfg` must be in the same directory as run.py or at `/etc/adbhoney.cfg`**\n\nOr give the docker container a try, easiest with docker-compose:\n\n`docker-compose up --build -d` \n\nor without docker compose\n\n`docker build -t adbhoney:latest .`\n\n`docker run --name adbhoney --rm -p 5555:5555 -v $(pwd)/adbhoney.cfg:/etc/adbhoney.cfg adbhoney:latest`\n\nYou will probably want to save uploads and logs to the host machine, so add these volumes to the run command above `-v $(pwd)/dl:/ADBHoney/dl -v $(pwd)/logs:/ADBHoney/logs`\n\n## Credits\nHat tip to [sporsh](https://github.com/sporsh) for his [awesome work](https://github.com/sporsh/twisted-adb/blob/master/adb/protocol.py) on providing the community with some wrappers for ADB messages.\n\n#### follow me on twitter [@hookgab](https://twitter.com/hookgab) for the latest updates\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhuuck%2FADBHoney","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhuuck%2FADBHoney","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhuuck%2FADBHoney/lists"}