{"id":13796076,"url":"https://github.com/wisepythagoras/honeyshell","last_synced_at":"2025-04-16T02:09:25.239Z","repository":{"id":65404270,"uuid":"140362710","full_name":"wisepythagoras/honeyshell","owner":"wisepythagoras","description":"An SSH honeypot written entirely in Go.","archived":false,"fork":false,"pushed_at":"2025-01-15T22:28:05.000Z","size":107,"stargazers_count":13,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-16T02:09:07.355Z","etag":null,"topics":["cyber-security","cybersecurity","go","golang","honeypot","honeypots","information-security","infosec","ssh","ssh-honeypot","ssh-server","threat-analysis","threat-detection","threat-hunting","threat-intel","threat-intelligence","threat-sharing","threatintel"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wisepythagoras.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-10T01:50:34.000Z","updated_at":"2025-01-15T22:28:06.000Z","dependencies_parsed_at":"2024-08-03T23:06:21.311Z","dependency_job_id":"db831886-6a0f-45f1-acc2-dd8c959b0dff","html_url":"https://github.com/wisepythagoras/honeyshell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisepythagoras%2Fhoneyshell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisepythagoras%2Fhoneyshell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisepythagoras%2Fhoneyshell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wisepythagoras%2Fhoneyshell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wisepythagoras","download_url":"https://codeload.github.com/wisepythagoras/honeyshell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249183105,"owners_count":21226142,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber-security","cybersecurity","go","golang","honeypot","honeypots","information-security","infosec","ssh","ssh-honeypot","ssh-server","threat-analysis","threat-detection","threat-hunting","threat-intel","threat-intelligence","threat-sharing","threatintel"],"created_at":"2024-08-03T23:01:05.888Z","updated_at":"2025-04-16T02:09:25.221Z","avatar_url":"https://github.com/wisepythagoras.png","language":"Go","funding_links":[],"categories":["\u003ca id=\"c8f749888134d57b5fb32382c78ef2d1\"\u003e\u003c/a\u003eSSH\u0026\u0026Telnet"],"sub_categories":[],"readme":"# Honeyshell\n\nAn extensible SSH honeypot written entirely in Go, using `crypto/ssh` as its base.\n\nCurrently, it allows connections on the server and collects failed login attempts, meaning all usernames and passwords. Also, you can decrease the permissions on the process by flipping to a different user (ie 'nobody').\n\nA version running [libssh](https://www.libssh.org/) can be found in the [legacy](https://github.com/wisepythagoras/honeyshell/tree/legacy) branch. It has been tested up to version `0.10` of the library. Two functions that it's using have been deprecated and I was trying to get rid of them with the work on the [c-branch](https://github.com/wisepythagoras/honeyshell/tree/c-branch) branch. The code on `c-branch` hasn't been fully tested and is buggy, because the libssh team decided to swittch to a callback model and I had to improvise on how to get it to work with Go.\n\n## Building\n\nTo compile the program, simply run `make` in your terminal.\n\n## Running\n\nThe default port is 22 and no user is mandatory, but the `-key` is, so make sure you set one.\n\n```\nUsage of ./honeyshell:\n  -banner string\n        The banner for the SSH server (default \"SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3\")\n  -key string\n        The RSA key to use\n  -plugins string\n        The path to the folder containing the plugins\n  -port int\n        The port the deamon should run on (default 22)\n  -user string\n        Set the permissions to a certain user (ie 'nobody')\n  -verbose\n        Print out debug messages\n  -vfs string\n        The path to the VFS (virtual file system) JSON file\n```\n\nExample usage:\n\n``` sh\nsudo ./honeyshell -user nobody -port 2222 -key ~/.ssh/key_for_honeypot_rsa\n```\n\nThe output should look something like this:\n\n```\n2022/12/27 11:30:09 Starting on port 2222\n2022/12/27 11:30:09 Changing permissions to user 'nobody'\n2022/12/27 11:30:12 127.0.0.1:54476 test key:442f78a53b6188a6b18a225c86aeb9c77592add0d714d26f8d84c9e4f9f59a77 (ssh-rsa)\n2022/12/27 11:30:12 127.0.0.1:54476 test key:dfde57ac7251135922968b933fd28944e384a504515ba7ce27cd925224af4657 (ssh-rsa)\n2022/12/27 11:30:12 127.0.0.1:54476 test key:c09d0feddad874b7a2cd82bdc4b846632fa47a7113a17cf8c846876a5f4eaf4a (ssh-rsa)\n2022/12/27 11:30:12 127.0.0.1:54476 test key:589adac413c8d42c9166dd0e56d2da5cdeaf4abd731f001b3fa40b3c6232383b (ssh-rsa)\n2022/12/27 11:30:12 Error during handshake ssh: disconnect, reason 2: too many authentication failures\n2022/12/27 11:30:19 127.0.0.1:54478 test pass:test\n2022/12/27 11:30:20 127.0.0.1:54478 test pass:admin\n2022/12/27 11:30:26 127.0.0.1:54478 test pass:password123\n```\n\n## Plugins\n\nHoneyshell has a Lua-based plugin engine (documentation is still being worked on) which enables you to do whatever you want with the information that's received. For example, You can:\n\n1. Send all username and password pairs to a webhook.\n2. Aggregate the IPs that attempt to connect by country and time.\n3. Build an entire Bash emulation shell.\n\nIf your end goal is to emulate a system, you should make a snapshot of an existing filesystem and save it into a JSON file with the `vfsutil` command line tool.\n\nPlans are being drafted on using WebAssembly in the future, but I won't get started soon as there are things that are misisng that will be needed.\n\nA plugin that defines a prompt and a command can be found in [this repository](https://github.com/wisepythagoras/system-example-plugin).\n\n## License\n\nAlthough the license for the source code is GNU GPL v3, I prohibit the use of the code herein for the training of any kind of AI model.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwisepythagoras%2Fhoneyshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwisepythagoras%2Fhoneyshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwisepythagoras%2Fhoneyshell/lists"}