https://github.com/tillmannw/honeytrap

a low-interaction honeypot
https://github.com/tillmannw/honeytrap

Last synced: 2 months ago
JSON representation

a low-interaction honeypot

• Host: GitHub
• URL: https://github.com/tillmannw/honeytrap
• Owner: tillmannw
• License: gpl-2.0
• Created: 2017-05-24T08:30:41.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2017-06-04T17:31:42.000Z (about 7 years ago)
• Last Synced: 2024-01-24T23:39:24.707Z (5 months ago)
• Language: C
• Size: 723 KB
• Stars: 91
• Watchers: 8
• Forks: 18
• Open Issues: 4
• Metadata Files:
  • Readme: README
  • Changelog: ChangeLog
  • License: COPYING
  • Authors: AUTHORS

Lists

• awesome-honeypots - honeytrap - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. (Honeypots)
• paralax-awesome-honeypots - honeytrap - a low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. (<a name="honeypots"></a> Honeypots)
• awesome-honeypot - **72**星 - interaction honeypot (<a id="a53d22b9c5d09dc894413453f4755658"></a>未分类)
• awesome-honeypots - honeytrap - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. (Honeypots)
• awesome-honeypots - honeytrap - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. (Honeypots)
• -awesome-honeypots- - honeytrap - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. (Honeypots)
• awesome-honeypots - honeytrap - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. (Honeypots)
• fucking-awesome-honeypots - honeytrap - Low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. (Honeypots)

README

        
README

  Honeytrap  is  a network security tool written to observe attacks

  against TCP or UDP services. It runs as a daemon and starts serv-

  er  processes dynamically on requested ports. A server emulates a

  well-known service by simply sending captured network traffic  to

  a connected host.

  Many  clients  and particularly attackers will be fooled and send

  responses to a honeytrap server process. The arriving data is as-

  sembled to a string and written to a database file. Such a string

  is called an attack string.

  Honeytrap can parse an attack string for  commands  advising  the

  server  to  download a file from another host. If a download com-

  mand is found, the server tries  to  retrieve  the  corresponding

  file  automatically.  A downloaded file is stored locally with an

  md5 checksum in its name. Currently, only ftp and tftp  are  sup-

  ported.  Honeytrap implements its own clients with the aim to be-

  have as similar as possible than Windows systems. Http  URIs  are

  recognized  and  logged.  A http download routine may be added in

  future releases.

INSTALLATION

  Installation of honeytrap is  pretty straight forward.  Just do a

  './configure  --with-stream-mon= &&  make &&  make install'

  where '' is the connection monitor  type  of  your  choice.

  Please  refer to the INSTALL file and to the output of './config-

  ure --help' for further information.

WARNINGS

  Honeytrap is a low-interactive honeypot and therefore detectable.

  It  is  written  in  C  and thus potentially vulnerable to buffer

  overflow attacks. Take care. Running in mirror mode is dangerous.

  Attacks  may  be directed to the attacker, appearing to come from

  your system. Use with caution.

  The program needs root privileges, but only  for  binding  server

  processes to well-known ports. Use the -u and -g command line op-

  tions to drop privileges and switch to another user and group  as

  early as possible.

CONTACT

  If  you  have  problems,  questions, ideas or suggestions, please

  contact me at . If you would like to help

  making honeytrap better, you are welcome.