Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0x4d31/honeybits-win

Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!
https://github.com/0x4d31/honeybits-win

deception go golang honeybits honeypot honeytoken honeytrap security

Last synced: 2 months ago
JSON representation

Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!

Host: GitHub
URL: https://github.com/0x4d31/honeybits-win
Owner: 0x4D31
License: mit
Archived: true
Created: 2017-06-17T10:10:06.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2017-06-19T02:42:12.000Z (over 7 years ago)
Last Synced: 2024-08-04T23:09:31.541Z (6 months ago)
Topics: deception, go, golang, honeybits, honeypot, honeytoken, honeytrap, security
Language: Go
Homepage:
Size: 3.91 KB
Stars: 24
Watchers: 4
Forks: 10
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-honeypot - **8**星 - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots! (<a id="a53d22b9c5d09dc894413453f4755658"></a>未分类)

README

        # Honeybits-win

A simple tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!

The Linux version of this project: [honeybits](https://github.com/0x4D31/honeybits)

_Author: Adel "0x4D31" Karimi._

## Features:

* Creating fake credentials in Windows Credential Manager

* Reading config from a remote Key/Value Store such as Consule or etcd

## Requirements:

* [Go Lang 1.7+](https://golang.org/dl/)

* Viper (```go get github.com/spf13/viper```)

* crypt (```go get github.com/xordataexchange/crypt/config```)

## Usage:

```

> go run honeybits-win.go

  /\  /\___  _ __   ___ _   _| |__ (_) |_ ___

 / /_/ / _ \| '_ \ / _ \ | | | '_ \| | __/ __|

/ __  / (_) | | | |  __/ |_| | |_) | | |_\__ \

\/ /_/ \___/|_| |_|\___|\__, |_.__/|_|\__|___/

========================|___/=================

Failed reading remote config. Reading the local config file...

Local config file loaded.

[+] Generic credential created (192.168.1.66)

[+] Generic credential created (realco-AWS_SECRET_ACCESS_KEY-david)

[+] Domain credential created (domain01)

[+] Domain credential created (winsrv)

```

## TODO:

* Honeyfiles

  + Type 1 - honeytoken (monitored)

  + Type 2 - breadcrumb (containing false information)

  + Type 3 - beacon docs

* Content generator module for honeyfiles

* More traps, including:

  + AWS credentials file

  + Fake entries in CMD/PowerShell commands history

  + Fake browser history, bookmarks and saved passwords

  + Database files/backups: SQLite, MySQL

  + Confoguration, backup, and connection files such as RDP and VPN

  + MS Outlook Data file (.ost/.pst)

  + Hosts files (hosts, lmhosts)

  + Fake ARP entries

  + KeePass file with fake entries (.kdbx)

  + Registery keys (WinSCP, PuTTY, etc.)

  + Injected fake credentials in LSASS

* Documentation