https://github.com/1birdo/smb-honeypot
A Simplistic SMB HoneyPot With AbuseIPDB Reporting
https://github.com/1birdo/smb-honeypot
abuse abuseipdb abuseipdb-api honeypot ip linux logging logs open-source python python3 reporting trap wsl
Last synced: 2 months ago
JSON representation
A Simplistic SMB HoneyPot With AbuseIPDB Reporting
- Host: GitHub
- URL: https://github.com/1birdo/smb-honeypot
- Owner: 1Birdo
- Created: 2024-07-29T01:36:36.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2025-03-21T22:10:21.000Z (over 1 year ago)
- Last Synced: 2026-02-25T09:35:44.818Z (4 months ago)
- Topics: abuse, abuseipdb, abuseipdb-api, honeypot, ip, linux, logging, logs, open-source, python, python3, reporting, trap, wsl
- Language: Python
- Homepage: https://birdo.uk
- Size: 53.7 KB
- Stars: 2
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# SMB Honeypot
This script captures login and connection attempts to SMB port 445 and optionally reports the IP addresses to AbuseIPDB. It also logs these attempts in a separate `/logs/` directory, e.g., `smb_attempts_20250116.log`.
## Features
- **IP Reporting**: Optional integration with [AbuseIPDB](https://www.abuseipdb.com/) for reporting malicious IP addresses.
- **Logging**: Detailed logs of all login/connection attempts.
- **Open-source Example**: See my AbuseIPDB reports [here](https://www.abuseipdb.com/user/137416).
---
If you having issue killing the processing or by using CTRL + Z or C, i would recommend using these commands instead,
#### Check what's using port 445
`sudo netstat -tulpn | grep 445`
#### Kill the process using port 445 (replace PID with the number you see from above command)
`sudo kill PID`
#### Or more aggressively if needed:
`sudo kill -9 PID`
## Getting Started
### Prerequisites
- **Python 3.x**
- **Linux or WSL**: Requires `iptables` (not recommended on WSL due to compatibility issues). A Windows alternative must be used for Windows endpoints.
### AbuseIPDB Integration
You can make public reports via AbuseIPDB, but note that anonymous submissions cannot be tracked or deleted and may be perceived as less legitimate.
---
## Installation
1. **Clone the Repository**:
```bash
git clone https://github.com/Birdo1221/SMB-HoneyPot.git
cd SMB-HoneyPot
```
2. **Install Required Packages**:
```bash
pip install requests ipaddress
```
3. **Configure AbuseIPDB**:
Replace the placeholder in the script with your AbuseIPDB API key:
```python
ABUSE_IPDB_API_KEY = 'Replace with your AbuseIPDB API Token'
```
---
## Usage
1. **Run the Script**:
```bash
screen python3 main.py
```
2. **Enable Logging**:
The script will create log files like `smb_attempts_20250116.log` in the `/logs/` directory.
3. **Edit Configurations**:
Customize the script as needed, including your AbuseIPDB API key. To get an API key, visit the API tab [AbuseIPDB API](https://www.abuseipdb.com/) after logging in.
---
## Latest Version