{"id":13794774,"url":"https://github.com/paralax/burningdogs","last_synced_at":"2025-05-12T21:32:22.098Z","repository":{"id":73808754,"uuid":"65549336","full_name":"paralax/BurningDogs","owner":"paralax","description":"Honeypot log processor to create OTX Pulse entries","archived":false,"fork":false,"pushed_at":"2024-01-01T23:31:38.000Z","size":28395,"stargazers_count":29,"open_issues_count":9,"forks_count":3,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-07-17T10:57:30.983Z","etag":null,"topics":["fsharp","honeypot","honeypot-logs"],"latest_commit_sha":null,"homepage":null,"language":"F#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paralax.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-08-12T11:46:21.000Z","updated_at":"2022-07-28T08:55:58.000Z","dependencies_parsed_at":"2024-01-17T23:17:53.742Z","dependency_job_id":null,"html_url":"https://github.com/paralax/BurningDogs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paralax%2FBurningDogs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paralax%2FBurningDogs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paralax%2FBurningDogs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paralax%2FBurningDogs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paralax","download_url":"https://codeload.github.com/paralax/BurningDogs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":213864403,"owners_count":15649317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fsharp","honeypot","honeypot-logs"],"created_at":"2024-08-03T23:00:47.659Z","updated_at":"2024-08-03T23:04:01.552Z","avatar_url":"https://github.com/paralax.png","language":"F#","funding_links":[],"categories":["\u003ca id=\"a53d22b9c5d09dc894413453f4755658\"\u003e\u003c/a\u003e未分类"],"sub_categories":[],"readme":"# BurningDogs\n\nTool to create OTX Pulse entries from honeypot logs\n\n## Supported honeypots\n\nBurningDogs reads honeypot logs and determines attacking client IPs, malicious URLs, and hashes of downloaded files, and then uploads that to [AlienVault OTX](https://otx.alienvault.com/browse/pulses/).   \n\n### SSH honeypots\n\nBurningDogs supports Kippo and Cowrie logfiles to detect malicious client IPs, downloaded files, and malicious URLs. \n\n### Apache \n\nBurningDogs uses the \"wwwids\" logfile analyzer to detect signs of web application abuse attempts. This is based in part on the principles in the SANS paper [Detecting Attacks on Web Applications from Log Files](https://www.sans.org/reading-room/whitepapers/logging/detecting-attacks-web-applications-log-files-2074). \n\n### phpMySqlAdmin\n\nBurningDogs uses a custom PHP scipt (see the [ShoppingLeague repository](https://github.com/paralax/ShoppingLeague)) to detect abuse attempts of phpMySqlAdmin. Client IPs, URLs, and files are characterized. \n\n### Wordpot\n\nBurningDogs uses a custom set of PHP scripts (see the [ShoppingLeague repository](https://github.com/paralax/ShoppingLeague)) to detect abuse attempts of Wordpress installations, including brute force intrusions and DDoS attempts via `xmlrpc.php` script abuse.\n\n### Redispot\n\nBurningDogs uses the Redis honeypot from [NoSQLpot](https://github.com/torque59/nosqlpot) to detect brute force authentication abuse attempts. Client IPs and URLs are characterized.\n\n### VncLowPot\n\nBurningDogs uses the VNC honeypot from [vnclowpot](https://github.com/magisterquis/vnclowpot) to detect brute force authentication attempts.\n\n### Pghoney\n\nBurningDocs uses the PostgreSQL honeypot from [pghoney](https://github.com/betheroot/pghoney) to detect brute force authentication attempts. \n\n# Dependencies\n\nYou'll need to [sign up at OTX](https://otx.alienvault.com/api/) to get an API key to upload pulses.\n\nBurningDogs depends on FAKE to build and NewtonSoft.Json for serialization. Use Paket to manage those via the `paket.dependencies` file.\n\n# Building\n\nBurningDogs uses FAKE to manage the build, simply issue a `fake` once dependencies are downloaded. \n\n# Running\n\nI run BurningDogs via `cron` every night near midnight. \n\n# Modifying\n\nUse the `application.config` file to manage paths, and you may have to edit code to address some of my local specifics (e.g. log file format).   \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparalax%2Fburningdogs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fparalax%2Fburningdogs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparalax%2Fburningdogs/lists"}