{"id":13530707,"url":"https://github.com/qeeqbox/honeypots","last_synced_at":"2025-05-14T10:12:27.955Z","repository":{"id":44901039,"uuid":"330509372","full_name":"qeeqbox/honeypots","owner":"qeeqbox","description":"30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)","archived":false,"fork":false,"pushed_at":"2025-01-31T17:53:31.000Z","size":1310,"stargazers_count":771,"open_issues_count":10,"forks_count":119,"subscribers_count":24,"default_branch":"main","last_synced_at":"2025-04-13T03:59:20.512Z","etag":null,"topics":["credentials","emulator","honeypot","honeypots","malware-analysis","monitoring-tool","network-analysis","pypi","pypi-package","python","twisted"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["qeeqbox"]}},"created_at":"2021-01-17T23:41:42.000Z","updated_at":"2025-04-09T05:22:45.000Z","dependencies_parsed_at":"2024-04-14T11:41:12.638Z","dependency_job_id":"f67a8a61-9692-4ac7-bd5b-464a7e10926b","html_url":"https://github.com/qeeqbox/honeypots","commit_stats":{"total_commits":493,"total_committers":8,"mean_commits":61.625,"dds":0.5801217038539555,"last_synced_commit":"82ca6837662d436cebdbcbde8dbb82a97ec9dce5"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fhoneypots","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fhoneypots/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fhoneypots/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fhoneypots/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/honeypots/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248661706,"owners_count":21141450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["credentials","emulator","honeypot","honeypots","malware-analysis","monitoring-tool","network-analysis","pypi","pypi-package","python","twisted"],"created_at":"2024-08-01T07:00:53.845Z","updated_at":"2025-04-13T03:59:27.869Z","avatar_url":"https://github.com/qeeqbox.png","language":"Python","funding_links":["https://github.com/sponsors/qeeqbox"],"categories":["Python","Honeypots"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/honeypots/main/readme/honeypots.png\"\u003e\u003c/p\u003e\n\n30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \\ password credentials. \n\n## Why honeypots package is very powerful?\nThe honeypots respond back, non-blocking, can be used as objects, or called directly with the in-built auto-configure scripts! Also, they are easy to set up and customize; it takes 1-2 seconds to spin a honeypot up. You can spin up multiple instances with the same type. For easy integration, the output can be logged to a Postgres database, file[s], terminal, or Syslog.\n\nThis honeypots package is the only package that contains all the following: dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc.\n\nHoneypots is in the awesome [telekom security T-Pot project!](https://github.com/telekom-security/tpotce)\n\n## New\n- Add `capture_commands` to options for capturing more information about the threat source (Look at the table if it's supported or not)\n\n## Easy!\n\u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/honeypots/main/readme/intro.gif\" style=\"max-width:768px\"/\u003e\n\n## Install\n```\npip3 install honeypots\n```\n\n## honeypots -h\n```sh\nQeeqbox/honeypots customizable honeypots for monitoring network traffic, bots activities, and username\\password credentials\n\nArguments:\n  --setup               target honeypot E.g. ssh or you can have multiple E.g ssh,http,https\n  --list                list all available honeypots\n  --kill                kill all honeypots\n  --verbose             Print error msgs\n\nHoneypots options:\n  --ip                  Override the IP\n  --port                Override the Port (Do not use on multiple!)\n  --username            Override the username\n  --password            Override the password\n  --config              Use a config file for honeypots settings\n  --options             Extra options (capture_commands for capturing all threat actor data)\n\nGeneral options:\n  --termination-strategy {input,signal} Determines the strategy to terminate by\n  --test                Test a honeypot\n  --auto                Setup the honeypot with random port\n```\n\n## Usage Example - Auto configuration with default ports\n\nhoneypot, or multiple honeypots separated by comma or word `all`\n\n```\nsudo -E python3 -m honeypots --setup ssh --options capture_commands\n```\n\n## Usage Example - Auto configuration with random port (No need for higher privileges)\n\nhoneypot, or multiple honeypots separated by comma or word `all`\n\n```\npython3 -m honeypots --setup ssh --auto\n```\n\n## Usage Example - Auto configure with specific ports (You might need for higher privileges)\n\nUse as honeypot:port or multiple honeypots as honeypot:port,honeypot:port\n\n```\nsudo -E python3 -m honeypots --setup imap:143,mysql:3306,redis:6379\n```\n\n## Usage Example - Custom configure with logs location\n\nhoneypot, or multiple honeypots in a dict\n\n```bash\nsudo -E python3 -m honeypots --setup ftp --config config.json\n```\n\n#### config.json (Output to folder and terminal)\n```json\n{\n  \"logs\": \"file,terminal,json\",\n  \"logs_location\": \"/var/log/honeypots/\",\n  \"syslog_address\": \"\",\n  \"syslog_facility\": 0,\n  \"postgres\": \"\",\n  \"sqlite_file\":\"\",\n  \"db_options\": [],\n  \"sniffer_filter\": \"\",\n  \"sniffer_interface\": \"\",\n  \"honeypots\": {\n    \"ftp\": {\n      \"port\": 21,\n      \"ip\": \"0.0.0.0\",\n      \"username\": \"ftp\",\n      \"password\": \"anonymous\",\n      \"log_file_name\": \"ftp.log\",\n      \"max_bytes\": 10000,\n      \"backup_count\": 10,\n      \"options\":[\"capture_commands\"]\n    }\n  }\n}\n```\n\n#### config.json (Output to syslog)\n```json\n{\n  \"logs\": \"syslog\",\n  \"logs_location\": \"\",\n  \"syslog_address\": \"udp://localhost:514\",\n  \"syslog_facility\": 3,\n  \"postgres\": \"\",\n  \"sqlite_file\":\"\",\n  \"db_options\": [],\n  \"sniffer_filter\": \"\",\n  \"sniffer_interface\": \"\",\n  \"honeypots\": {\n    \"ftp\": {\n      \"port\": 21,\n      \"ip\": \"0.0.0.0\",\n      \"username\": \"test\",\n      \"password\": \"test\",\n      \"options\":[\"capture_commands\"]\n    }\n  }\n}\n\n```\n\n#### config.json (Output to Postgres db)\n```json\n{\n    \"logs\": \"db_postgres\",\n    \"logs_location\": \"\",\n    \"syslog_address\":\"\",\n    \"syslog_facility\":0,\n    \"postgres\":{\n        \"username\":\"postgres\",\n        \"password\":\"test\",\n        \"hostname\":\"192.168.2.20\",\n        \"port\":\"5432\",\n        \"db\":\"honeypots\"\n    },\n    \"sqlite_file\":\"\",\n    \"db_options\":[\"drop\"],\n    \"sniffer_filter\": \"\",\n    \"sniffer_interface\": \"\",\n    \"honeypots\": {\n        \"ftp\": {\n            \"port\": 21,\n            \"username\": \"test\",\n            \"password\": \"test\"\n        }\n    }\n}\n```\n\n#### config.json (Output to sqlite db)\n```json\n{\n    \"logs\": \"db_sqlite\",\n    \"logs_location\": \"\",\n    \"syslog_address\":\"\",\n    \"syslog_facility\":0,\n    \"postgres\":\"\",\n    \"sqlite_file\":\"/home/test.db\",\n    \"db_options\":[\"drop\"],\n    \"sniffer_sniffer_filter\": \"\",\n    \"sniffer_interface\": \"\",\n    \"honeypots\": {\n        \"ftp\": {\n            \"port\": 21,\n            \"username\": \"test\",\n            \"password\": \"test\",\n            \"options\":[\"capture_commands\"]\n        }\n    }\n}\n```\n\n## db structure\n```json\n[\n  {\n    \"id\": 1,\n    \"date\": \"2021-11-18 06:06:42.304338+00\",\n    \"data\": {\n      \"server\": \"ftp_server\",\n      \"action\": \"process\",\n      \"status\": \"success\",\n      \"ip\": \"0.0.0.0\",\n      \"port\": \"21\",\n      \"username\": \"test\",\n      \"password\": \"test\"\n    }\n  }\n]\n```\n\n## Usage Example - Import as object and auto test\n```python\nfrom honeypots import QSSHServer\nqsshserver = QSSHServer(port=9999)\nqsshserver.run_server(process=True)\nqsshserver.test_server(port=9999)\nINFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]\nqsshserver.kill_server()\n```\n\n## Usage Example - Import as object and test with external ssh command\n```python\n#you need higher user permissions for binding\\closing some ports\n\nfrom honeypots import QSSHServer\nqsshserver = QSSHServer(port=9999)\nqsshserver.run_server(process=True)\n```\n```sh\nssh test@127.0.0.1\n```\n```python\nINFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]\nqsshserver.kill_server()\n```\n\n## All output values\n```sh\n'error'     :'Information about current error' \n'server'    :'Server name'\n'timestamp' :'Time in ISO'\n'action'    :'Query, login, etc..'\n'data'      :'More info about the action'\n'status'    :'The return status of the action (success or fail)'\n'dest_ip'   :'Server address'\n'dest_port' :'Server port'\n'src_ip'    :'Attacker address'\n'src_port'  :'Attacker port'\n'username'  :'Attacker username'\n'password'  :'Attacker password'\n```\n\n## Current Servers/Emulators\n- QDNSServer\n    - Server: DNS \n    - Port: 53/udp\n    - Lib: Twisted.dns\n    - Logs: ip, port\n- QFTPServer\n    - Server: FTP \n    - Port: 21/tcp\n    - Lib: Twisted.ftp\n    - Logs: ip, port, username and password (default)\n    - Options: Capture all threat actor commands and data (available)\n- QHTTPProxyServer\n    - Server: HTTP Proxy\n    - Port: 8080/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port and data\n    - Options: Capture all threat actor commands and data (available)\n    - Returns a dummy template by default\n      - A custom template can be provided by setting `\"template\"` for this server in `config.json` (should be an absolute path) \n- QHTTPServer\n    - Server: HTTP\n    - Port: 80/tcp\n    - Lib: Twisted.http\n    - Logs: ip, port, username and password\n    - Options: Capture all threat actor commands and data (available)\n- QHTTPSServer\n    - Server: HTTPS\n    - Port: 443/tcp\n    - Lib: Twisted.https\n    - Logs: ip, port, username and password\n- QIMAPServer\n    - Server: IMAP\n    - Port: 143/tcp\n    - Lib: Twisted.imap\n    - Logs: ip, port, username and password (default)\n    - Options: Capture all threat actor commands and data (available)\n- QMysqlServer\n    - Emulator: Mysql\n    - Port: 3306/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port, username and password\n- QPOP3Server\n    - Server: POP3\n    - Port: 110/tcp\n    - Lib: Twisted.pop3\n    - Logs: ip, port, username and password (default)\n    - Options: Capture all threat actor commands and data (available)\n- QPostgresServer\n    - Emulator: Postgres\n    - Port: 5432/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port, username and password\n- QRedisServer\n    - Emulator: Redis\n    - Port: 6379/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port, username and password\n- QSMBServer\n    - Server: Redis\n    - Port: 445/tcp\n    - Lib: impacket\n    - Logs: ip, port and username\n- QSMTPServer\n    - Server: SMTP\n    - Port: 25/tcp\n    - Lib: Twisted\n    - Logs: ip, port, username and password (default)\n    - Options: Capture all threat actor commands and data (available)\n- QSOCKS5Server\n    - Server: SOCK5\n    - Port: 1080/tcp\n    - Lib: socketserver\n    - Logs: ip, port, username and password\n- QSSHServer\n    - Server: SSH\n    - Port: 22/tcp\n    - Lib: paramiko\n    - Logs: ip, port, username and password\n    - Options: Capture all threat actor commands and data (available)\n- QTelnetServer\n    - Server: Telnet\n    - Port: 23/tcp\n    - Lib: Twisted\n    - Logs: ip, port, username and password\n- QVNCServer\n    - Emulator: VNC\n    - Port: 5900/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port, username and password\n- QMSSQLServer\n    - Emulator: MSSQL\n    - Port: 1433/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port, username and password or hash\n- QElasticServer\n    - Emulator: Elastic\n    - Port: 9200/tcp\n    - Lib: http.server\n    - Logs: ip, port and data\n- QLDAPServer\n    - Emulator: LDAP\n    - Port: 389/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port, username and password\n- QNTPServer\n    - Emulator: NTP\n    - Port: 123/udp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port and data\n- QMemcacheServer\n    - Emulator: Memcache\n    - Port: 11211/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port and data\n- QOracleServer\n    - Emulator: Oracle\n    - Port: 1521/tcp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port and connect data\n- QSNMPServer\n    - Emulator: SNMP\n    - Port: 161/udp\n    - Lib: Twisted (low level emulation)\n    - Logs: ip, port and data\n- QSIPServer\n    - Emulator: SIP\n    - Port: 5060/udp\n    - Lib: Twisted.sip\n    - Logs: ip, port and data\n    - Options: Capture all threat actor commands and data (available)\n- QIRCServer\n    - Emulator: IRC\n    - Port: 6667/tcp\n    - Lib: Twisted.irc\n    - Logs: ip, port, username and password\n    - Options: Capture all threat actor commands and data (available)\n- QPJLServer\n    - Emulator: PJL\n    - Port: 9100/tcp\n    - Lib: Twisted\n    - Logs: ip, port\n    - Options: Capture all threat actor commands and data (available)\n- QIPPServer\n    - Emulator: IPP\n    - Port: 631/tcp\n    - Lib: Twisted\n    - Logs: ip, port\n    - Options: Capture all threat actor commands and data (available)\n- QRDPServer\n    - Emulator: RDP\n    - Port: 3389/tcp\n    - Lib: Sockets\n    - Logs: ip, port, username and password\n    - Options: Capture all threat actor commands and data (available)\n- QDHCPServer\n    - Emulator: DHCP\n    - Port: 67/udp\n    - Lib: Sockets\n    - Logs: ip, port\n\n## acknowledgment\n- By using this framework, you are accepting the license terms of all these packages: `pipenv twisted psutil dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server`\n- Let me know if I missed a reference or resource!\n\n## Notes\n- Almost all servers and emulators are stripped-down - You can adjust that as needed\n\n## Other Projects\n[![](https://github.com/qeeqbox/.github/blob/main/data/social-analyzer.png)](https://github.com/qeeqbox/social-analyzer) [![](https://github.com/qeeqbox/.github/blob/main/data/analyzer.png)](https://github.com/qeeqbox/analyzer) [![](https://github.com/qeeqbox/.github/blob/main/data/chameleon.png)](https://github.com/qeeqbox/chameleon) [![](https://github.com/qeeqbox/.github/blob/main/data/osint.png)](https://github.com/qeeqbox/osint) [![](https://github.com/qeeqbox/.github/blob/main/data/url-sandbox.png)](https://github.com/qeeqbox/url-sandbox) [![](https://github.com/qeeqbox/.github/blob/main/data/mitre-visualizer.png)](https://github.com/qeeqbox/mitre-visualizer) [![](https://github.com/qeeqbox/.github/blob/main/data/woodpecker.png)](https://github.com/qeeqbox/woodpecker) [![](https://github.com/qeeqbox/.github/blob/main/data/docker-images.png)](https://github.com/qeeqbox/docker-images) [![](https://github.com/qeeqbox/.github/blob/main/data/seahorse.png)](https://github.com/qeeqbox/seahorse) [![](https://github.com/qeeqbox/.github/blob/main/data/rhino.png)](https://github.com/qeeqbox/rhino) [![](https://github.com/qeeqbox/.github/blob/main/data/raven.png)](https://github.com/qeeqbox/raven) [![](https://github.com/qeeqbox/.github/blob/main/data/image-analyzer.png)](https://github.com/qeeqbox/image-analyzer)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fhoneypots","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Fhoneypots","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fhoneypots/lists"}