{"id":13548216,"url":"https://github.com/qeeqbox/chameleon","last_synced_at":"2025-07-06T02:34:50.691Z","repository":{"id":38233073,"uuid":"272537063","full_name":"qeeqbox/chameleon","owner":"qeeqbox","description":"19 Customizable honeypots for monitoring network traffic, bots activities and username\\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap) ","archived":false,"fork":false,"pushed_at":"2023-08-08T22:27:44.000Z","size":1921,"stargazers_count":670,"open_issues_count":8,"forks_count":116,"subscribers_count":36,"default_branch":"master","last_synced_at":"2025-01-16T05:55:49.426Z","etag":null,"topics":["chameleon","credentials","emulator","grafana-interface","honeypot","honeypots","low-interaction","monitoring","network","proxy","scan","threat-hunting"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-06-15T20:27:45.000Z","updated_at":"2025-01-14T14:43:03.000Z","dependencies_parsed_at":"2024-01-16T17:52:44.856Z","dependency_job_id":"fc654df9-3393-42fa-9351-7afde5a55a49","html_url":"https://github.com/qeeqbox/chameleon","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fchameleon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fchameleon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fchameleon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fchameleon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/chameleon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242075451,"owners_count":20068225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chameleon","credentials","emulator","grafana-interface","honeypot","honeypots","low-interaction","monitoring","network","proxy","scan","threat-hunting"],"created_at":"2024-08-01T12:01:07.303Z","updated_at":"2025-03-05T17:45:31.078Z","avatar_url":"https://github.com/qeeqbox.png","language":"Dockerfile","funding_links":[],"categories":["Dockerfile"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/chameleon/master/readme/chameleonlogo.png\"\u003e\u003c/p\u003e\n\n19 Customizable honeypots for monitoring network traffic, bots activities, and username\\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)\n\nIf you want to implement the honeypots in your project, check [QeeqBox honeypots](https://github.com/qeeqbox/honeypots)\n\n`Chameleon is considered very effective. This is an active defense tool. The system simulates open, unprotected ports and takes on attempts to find vulnerabilities` - by Dean Chester, Chief Editor of cooltechzone\n\n`Pon un Honeypot en tu vida` by [Héctor Herrero, bujarra](https://www.bujarra.com/pon-un-honeypot-en-tu-vida/)\n\n## Grafana Interface\n\u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/chameleon/master/readme/intro.gif\" style=\"max-width:768px\"/\u003e\n\n#### NMAP Scan\n\u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/chameleon/master/readme/nmap_scan.png\" style=\"max-width:768px\"/\u003e\n\n#### Credentials Monitoring\n\u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/chameleon/master/readme/creds_monitoring.png\" style=\"max-width:768px\"/\u003e\n\n## General Features\n- Modular approach (honeypots run as scripts or imported as objects)\n- Most honeypots serve as servers (Only a few that emulate the application layer protocols)\n- Settings servers with username, password, and banner (Default username and password are test)\n- ICMP, DNS TCP, and UDP payloads are parsed and checked against common patterns\n- Visualized Grafana interfaces for monitoring the results (Filter by IP - default is all)\n- Unstructured and structured logs are parsed and inserted into Postgres\n- All honeypots contain clients for testing the servers\n- All ports are opened and monitored by default\n- Easy automation and can be deployed on AWS ec2\n- \u0026 More features to Explore\n\n## Install and run\n#### On ubuntu 18 or 19 System (test)\n```bash\ngit clone https://github.com/qeeqbox/chameleon.git\ncd chameleon\nsudo chmod +x ./run.sh\nsudo ./run.sh test\n```\nThe Grafana interface http://localhost:3000 will open automatically after the initialization process (username is admin and password is admin). If you don't see the Chameleon dashboard, click on the search icon in the left bar and add it.\n\n#### On ubuntu 18 or 19 System (Deploy)\n```bash\ngit clone https://github.com/qeeqbox/chameleon.git\ncd chameleon\nsudo chmod +x ./run.sh\nsudo ./run.sh deploy\n```\n\nThe Grafana interface http://localhost:3000 will open automatically after the initialization process (username is changeme457f6460cb287 and password is changemed23b8cc6a20e0). If you don't see the Chameleon dashboard, click on the search icon in the left bar and add it.\n\nWait for a few seconds until honeypot shows the IP address\n```bash\n...\nhoneypot_1  | Your IP: 172.19.0.3\nhoneypot_1  | Your MAC: 09:45:aa:23:10:03\n...\n```\nYou can interact with the honeypot from your local system\n```bash\nping 172.19.0.3\nor run any network tool against it\nnmap 172.19.0.3\n```\n\n#### Nested - Docker\n```sh\nsudo docker run -it --privileged -v /var/run/docker.sock:/var/run/docker.sock ubuntu:latest\ngit clone https://github.com/qeeqbox/chameleon.git\ncd chameleon\nsudo chmod +x ./run.sh\nsudo ./run.sh test\n```\n\n#### Or, import your desired non-blocking server as an object (SSH Server)\nYou can do that by using this package [honeypots](https://github.com/qeeqbox/honeypots)\n\n## If you don't see Chameleon dashboard, click on the search icon in the left bar and add it \n\u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/chameleon/master/readme/find.png\" style=\"max-width:768px\"/\u003e\n\n#### Raspberry Pi 3B+ [(setup zram first to avoid lockups)](https://github.com/qeeqbox/chameleon/pull/1)\n\n## Requirements (Servers only)\n```bash\napt-get update -y \u0026\u0026 apt-get install -y iptables-persistent tcpdump nmap iputils-ping python python-pip python-psycopg2 lsof psmisc dnsutils\npip install scapy==2.4.4 netifaces==0.10.9 pyftpdlib==1.5.6 sqlalchemy==1.3.23 pyyaml==5.4.1 paramiko==2.7.1 impacket==0.9.22 twisted==20.3.0 psutil==5.8.0 requests==2.25.1 redis==3.5.3 mysql-connector-python==8.0.23 pygments==2.5.2\npip install -U requests[socks]\npip install -Iv rsa==4.0\npip install rdpy==1.3.2\n```\n\n## Current Servers/Emulators\n- DNS (Server using Twisted)\n- HTTP Proxy (Server using Twisted)\n- HTTP (Server using Twisted)\n- HTTPS (Server using Twisted)\n- SSH (Server using socket)\n- POP3 (Server using Twisted)\n- IMAP (Server using Twisted)\n- STMP (Server using smtpd)\n- RDP (Server using Twisted)\n- SMB (Server using impacket)\n- SOCK5 (Server using socketserver)\n- TELNET (Server using Twisted)\n- VNC (Emulator using Twisted)\n- Postgres (Emulator using Twisted)\n- Redis (Emulator using Twisted)\n- Mysql (Emulator using Twisted)\n- Elasticsearch (Emulator using http.server)\n- Mssql (Emulator using Twisted)\n- Oracle (Coming..)\n- ldap (maybe)\n\n## Changes\n- 2020.V.01.05 added mysql\n- 2020.V.01.04 added redis\n- 2020.V.01.03 switched ftp servers to twisted\n- 2020.V.01.02 switched http and https servers to twisted\n- 2020.V.01.02 Fixed changing ip in grafana interface\n\n## Resources\n`Twisted, documentation, Impacket, documentation, Grafana, documentation, Expert, Twisted, robertheaton`\n\n## Other Licenses\nBy using this framework, you are accepting the license terms of all these packages: `grafana, tcpdump, nmap, psycopg, dnsutils, scapy, netifaces, pyftpdlib, sqlalchemy, pyyaml, paramiko, impacket, rdpy, psutil, requests, FreeRDP, SMBClient, tigervnc`\n\n## Disclaimer\\Notes\n- Do not deploy without proper configuration\n- Setup some security group rules and remove default credentials\n- Almost all servers and emulators are stripped-down - You can adjust that as needed\n- Please let me know if I missed a resource or dependency\n\n## Other Projects\n[![](https://github.com/qeeqbox/.github/blob/main/data/social-analyzer.png)](https://github.com/qeeqbox/social-analyzer) [![](https://github.com/qeeqbox/.github/blob/main/data/analyzer.png)](https://github.com/qeeqbox/analyzer) [![](https://github.com/qeeqbox/.github/blob/main/data/honeypots.png)](https://github.com/qeeqbox/honeypots) [![](https://github.com/qeeqbox/.github/blob/main/data/osint.png)](https://github.com/qeeqbox/osint) [![](https://github.com/qeeqbox/.github/blob/main/data/url-sandbox.png)](https://github.com/qeeqbox/url-sandbox) [![](https://github.com/qeeqbox/.github/blob/main/data/mitre-visualizer.png)](https://github.com/qeeqbox/mitre-visualizer) [![](https://github.com/qeeqbox/.github/blob/main/data/woodpecker.png)](https://github.com/qeeqbox/woodpecker) [![](https://github.com/qeeqbox/.github/blob/main/data/docker-images.png)](https://github.com/qeeqbox/docker-images) [![](https://github.com/qeeqbox/.github/blob/main/data/seahorse.png)](https://github.com/qeeqbox/seahorse) [![](https://github.com/qeeqbox/.github/blob/main/data/rhino.png)](https://github.com/qeeqbox/rhino) [![](https://github.com/qeeqbox/.github/blob/main/data/raven.png)](https://github.com/qeeqbox/raven) [![](https://github.com/qeeqbox/.github/blob/main/data/image-analyzer.png)](https://github.com/qeeqbox/image-analyzer)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fchameleon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Fchameleon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fchameleon/lists"}