https://github.com/chrisbdaemon/BearTrap

https://github.com/chrisbdaemon/BearTrap

Last synced: 17 days ago
JSON representation

• Host: GitHub
• URL: https://github.com/chrisbdaemon/BearTrap
• Owner: chrisbdaemon
• License: bsd-2-clause
• Created: 2011-10-27T22:26:18.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2016-11-22T17:16:57.000Z (over 7 years ago)
• Last Synced: 2024-02-21T06:37:10.725Z (4 months ago)
• Language: Ruby
• Homepage:
• Size: 51.8 KB
• Stars: 19
• Watchers: 4
• Forks: 7
• Open Issues: 0
• Metadata Files:
  • Readme: README
  • License: LICENSE

Lists

• awesome-active-defense - Bear Trap - A portable network defense utility (Uncategorized / Uncategorized)

README

        
BearTrap v0.2-beta

BearTrap is meant to be a portable network defense utility written entirely in

Ruby.  It opens "trigger" ports on the host that an attacker would connect to.

When the attacker connects and/or performs some interactions with the trigger

an alert is raised and the attacker's ip address is potentially blacklisted.

The idea came from listening to the PaulDotCom Security Podcast

(http://pauldotcom.com/security-weekly/) particularly episodes 203 and 204 as

the concept of honeyports is described.

Dependencies:

Ruby 1.9.x interpreter

	Installation varies from system to system.

getopt ruby gem

	Install with 'gem install getopt'

Installation:

No installation required.  Simply edit the configuration file, config.yml.  It

should be fairly well documented and/or self-explanatory.  If its not, check

out the support section below.

Usage:

ruby bear_trap.rb -c config.yml

Running as root is recommended, as most blacklisting tools (pfctl, iptables,

etc) must be ran as root.

Support:

If you have any significant problems, send me an email at

chrisbdaemon [at] gmail.com with BearTrap somewhere in the subject.

If you would like to contribute, go ahead and fork the github repo, make your

changes and send a pull request (see http://help.github.com/fork-a-repo/).