{"id":13796191,"url":"https://github.com/xme/dshield-docker","last_synced_at":"2026-02-05T02:10:27.057Z","repository":{"id":138994357,"uuid":"53887472","full_name":"xme/dshield-docker","owner":"xme","description":"Docker container running cowrie with DShield output enabled.","archived":false,"fork":false,"pushed_at":"2016-06-08T10:13:27.000Z","size":6,"stargazers_count":14,"open_issues_count":3,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-03T23:06:30.998Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xme.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-03-14T19:58:25.000Z","updated_at":"2024-02-23T19:00:48.000Z","dependencies_parsed_at":"2024-01-03T04:02:43.945Z","dependency_job_id":null,"html_url":"https://github.com/xme/dshield-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xme%2Fdshield-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xme%2Fdshield-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xme%2Fdshield-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xme%2Fdshield-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xme","download_url":"https://codeload.github.com/xme/dshield-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225159848,"owners_count":17430191,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T23:01:07.399Z","updated_at":"2026-02-05T02:10:27.019Z","avatar_url":"https://github.com/xme.png","language":"Shell","readme":"DShield Docker\n==============\n\nThis Docker container starts a SSH honeypot (based on Cowrie[1]) and enables the DShield output module to report statistics to the SANS ISC DShield project. This project is based on Johannes Ulrich's Raspberry Pi sensor project[2].\n\n[1] https://github.com/micheloosterhof/cowrie\n[2] https://github.com/DShield-ISC/dshield\n\n\n# Building the image:\n\n```\n# git clone https://github.com/xme/dshield-docker\n# cd dshield-docker\n# docker build -t dshield/honeypot .\n```\n\n# Running the image\n\nFirst, create a configuration file which will contain your DShield account details:\n```\n# cat env.txt\nDSHIELD_UID=xxxxxxxxxx\nDSHIELD_APIKEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nDSHIELD_EMAIL=xxxxxxxxxxxxxxxxxxx\n``` \nYour credentials will be validated and the honeyport properly configured.\nDon't forget to register[1] if you don't already have an account.\n\n[1] https://www.dshield.org/register.html\n\nBoot the container:\n```\n# docker run -d -p 2222:2222 --env-file=env.txt --restart=always --name dshield dshield/honeypot\nb56e526b6f7c9b6cb419245757b0586f73d7e99089fa93409f3626122990505a\n# docker logs dshield\nValidating provided credentials...\nAPI key verification succeeded!\nStarting cowrie...\n# \n```\nThe honeypot is listening to port TCP/2222. The parameter '-p 2222:2222' used to run the container allows you to still access the Docker server on port 22. Be sure to redirect your malicious SSH traffic to the port 2222 at your firewall.\n\n# Post-boot steps\n\nOnce the container started, connect to it:\n```\n# docker exec -it dshield bash\n```\nThe honeypot is installed in /src/cowrie/. You can track data report to DShield by looking for the following events in log/cowrie.log:\n```\n2016-03-14 21:32:59+0100 [-] dshield SUCCESS: Sent 52 bytes worth of data to secure.dshield.org\n```\n\n# Todo\n\n- Implement more reporting\n- Automatic log rotation\n- Data persistence\n","funding_links":[],"categories":["Honeypots","\u003ca id=\"2e3aed6e2eb3c766dfc9fc9e2366822a\"\u003e\u003c/a\u003eDocker"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxme%2Fdshield-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxme%2Fdshield-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxme%2Fdshield-docker/lists"}