Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cowrie/cowrie
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
https://github.com/cowrie/cowrie
attacker cowrie cowrie-ssh deception decoy honeypot kippo scp security sftp ssh telnet telnet-honeypot threat-analysis threat-sharing threatintel
Last synced: 3 months ago
JSON representation
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
- Host: GitHub
- URL: https://github.com/cowrie/cowrie
- Owner: cowrie
- License: other
- Created: 2015-05-12T14:58:09.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2024-03-11T20:29:05.000Z (3 months ago)
- Last Synced: 2024-03-12T22:12:44.047Z (3 months ago)
- Topics: attacker, cowrie, cowrie-ssh, deception, decoy, honeypot, kippo, scp, security, sftp, ssh, telnet, telnet-honeypot, threat-analysis, threat-sharing, threatintel
- Language: Python
- Homepage: https://www.cowrie.org/
- Size: 9.58 MB
- Stars: 4,843
- Watchers: 123
- Forks: 837
- Open Issues: 102
-
Metadata Files:
- Readme: README.rst
- Changelog: CHANGELOG.rst
- Contributing: CONTRIBUTING.rst
- Funding: .github/FUNDING.yml
- License: LICENSE.rst
- Support: .github/SUPPORT.md
Lists
- awesome-python-applications - Repo
- awesome-honeypots - Cowrie - Cowrie SSH Honeypot (based on kippo). (Honeypots)
- my-awesome-stars - cowrie
- awesome-stars - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-stars - cowrie/cowrie
- awesome-stars - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (security)
- awesome-repositories - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-tools - cowrie
- awesome-honeypot - **2956**星
- awesome-python-application - Repo
- awesome-stars - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- my-awesome-stars - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-stars - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-honeypots - Cowrie - Cowrie SSH Honeypot (based on kippo). (Honeypots)
- awesome-python-applications - Repo
- awesome-stars - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- my-awesome - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-honeypots - Cowrie - Cowrie SSH Honeypot (based on kippo). (Honeypots)
- awesome-ssh - Cowrie - Launch containers on demand (Honeypots)
- awesome-python-applications - Repo
- awesome-cyber-security - **2906**星
- -awesome-honeypots- - Cowrie - Cowrie SSH Honeypot (based on kippo). (Honeypots)
- awesome-rainmana - cowrie/cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-python-applications - Repo
- awesome - cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-stars - cowrie/cowrie - `★4956` Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- awesome-stars - cowrie/cowrie - `★4908` Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io (Python)
- fucking-awesome-honeypots - Cowrie - Cowrie SSH Honeypot (based on kippo). (Honeypots)
README
Cowrie
######
Welcome to the Cowrie GitHub repository
*****************************************
This is the official repository for the Cowrie SSH and Telnet
Honeypot effort.
What is Cowrie
*****************************************
Cowrie is a medium to high interaction SSH and Telnet honeypot
designed to log brute force attacks and the shell interaction
performed by the attacker. In medium interaction mode (shell) it
emulates a UNIX system in Python, in high interaction mode (proxy)
it functions as an SSH and telnet proxy to observe attacker behavior
to another system.
`Cowrie `_ is maintained by Michel Oosterhof.
Documentation
****************************************
The Documentation can be found `here `_.
Slack
*****************************************
You can join the Cowrie community at the following `Slack workspace `_.
Features
*****************************************
* Choose to run as an emulated shell (default):
* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
* Possibility of adding fake file contents so the attacker can `cat` files such as `/etc/passwd`. Only minimal file contents are included
* Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection
* Or proxy SSH and telnet to another system
* Run as a pure telnet and ssh proxy with monitoring
* Or let Cowrie manage a pool of QEMU emulated servers to provide the systems to login to
For both settings:
* Session logs are stored in an `UML Compatible `_ format for easy replay with the `bin/playlog` utility.
* SFTP and SCP support for file upload
* Support for SSH exec commands
* Logging of direct-tcp connection attempts (ssh proxying)
* Forward SMTP connections to SMTP Honeypot (e.g. `mailoney `_)
* JSON logging for easy processing in log management solutions
Docker
*****************************************
Docker versions are available.
* To get started quickly and give Cowrie a try, run::
$ docker run -p 2222:2222 cowrie/cowrie:latest
$ ssh -p 2222 root@localhost
* On Docker Hub: https://hub.docker.com/r/cowrie/cowrie
* Configuring Cowrie in Docker
Cowrie in Docker can be configured using environment variables. The
variables start with COWRIE_ then have the section name in capitals,
followed by the stanza in capitals. An example is below to enable
telnet support::
COWRIE_TELNET_ENABLED=yes
Alternatively, Cowrie in Docker can use an `etc` volume to store
configuration data. Create `cowrie.cfg` inside the etc volume
with the following contents to enable telnet in your Cowrie Honeypot
in Docker::
[telnet]
enabled = yes
Requirements
*****************************************
Software required to run locally:
* Python 3.8+
* python-virtualenv
For Python dependencies, see `requirements.txt `_.
Files of interest:
*****************************************
* `etc/cowrie.cfg` - Cowrie's configuration file. Default values can be found in `etc/cowrie.cfg.dist `_.
* `share/cowrie/fs.pickle` - fake filesystem
* `etc/userdb.txt` - credentials to access the honeypot
* `honeyfs/ `_ - file contents for the fake filesystem - feel free to copy a real system here or use `bin/fsctl`
* `honeyfs/etc/issue.net` - pre-login banner
* `honeyfs/etc/motd `_ - post-login banner
* `var/log/cowrie/cowrie.json` - transaction output in JSON format
* `var/log/cowrie/cowrie.log` - log/debug output
* `var/lib/cowrie/tty/` - session logs, replayable with the `bin/playlog` utility.
* `var/lib/cowrie/downloads/` - files transferred from the attacker to the honeypot are stored here
* `share/cowrie/txtcmds/ `_ - file contents for simple fake commands
* `bin/createfs `_ - used to create the fake filesystem
* `bin/playlog `_ - utility to replay session logs
Contributors
***************
Many people have contributed to Cowrie over the years. Special thanks to:
* Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
* Dave Germiquet (davegermiquet) for TFTP support, unit tests, new process handling
* Olivier Bilodeau (obilodeau) for Telnet support
* Ivan Korolev (fe7ch) for many improvements over the years.
* Florian Pelgrim (craneworks) for his work on code cleanup and Docker.
* Guilherme Borges (sgtpepperpt) for SSH and telnet proxy (GSoC 2019)
* And many many others.