Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/UHH-ISS/honeygrove

A multi-purpose, modular medium-interaction honeypot based on Twisted.
https://github.com/UHH-ISS/honeygrove

broker cybersecurity honeypot twisted

Last synced: about 1 month ago
JSON representation

A multi-purpose, modular medium-interaction honeypot based on Twisted.

Host: GitHub
URL: https://github.com/UHH-ISS/honeygrove
Owner: UHH-ISS
License: mit
Created: 2017-10-20T09:36:13.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2021-06-07T15:11:13.000Z (over 3 years ago)
Last Synced: 2024-08-03T23:04:45.908Z (4 months ago)
Topics: broker, cybersecurity, honeypot, twisted
Language: HTML
Homepage:
Size: 811 KB
Stars: 19
Watchers: 9
Forks: 8
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-honeypots - Honeygrove - Multi-purpose modular honeypot based on Twisted. (Honeypots)
awesome-honeypots - Honeygrove - Multi-purpose modular honeypot based on Twisted. (Honeypots)
fucking-awesome-honeypots - Honeygrove - Multi-purpose modular honeypot based on Twisted. (Honeypots)

README

![Honeygrove](https://raw.githubusercontent.com/wiki/UHH-ISS/honeygrove/img/honeygrove_logo_v2.png)

Honeygrove is a modular honeypot based on Python that builds upon [Broker](https://github.com/zeek/broker) and the [Twisted Framework](https://twistedmatrix.com/trac/wiki).

## System Requirements

Honeygrove currently requires **Python 3.5+** and was tested on Ubuntu 16.4, Debian 9.1 and ArchLinux. However it should work on other distributions that provide a compatible Python distribution.
If the [`broker`](https://github.com/zeek/broker) communication library is not available, the honeypot itself can be used without it. Currently there is no possibility to communicate with the management-console or the monitoring stack without Broker.
If Honeygrove is configured to use the Siemens S7 protocol, the [`Snap7`](http://snap7.sourceforge.net/) library needs to be installed on the system.

## Quickstart Guide

* Clone the repository or download and unzip it
* Optional: Setup a virtualenv to contain the required dependencies
```shell
$ python3 -m venv .venv
$ source .venv/bin/activate
```
* Install the required python dependencies
```shell
$ pip3 install --upgrade -r requirements.txt
```
* Optional: Install [`broker`](https://github.com/zeek/broker) and the python bindings to communicate with a CIM
* Optional: Install [`Snap7`](http://snap7.sourceforge.net/) to make use of the Siemens S7 protocol
* Create the honeygrove main directory and some required subdirectories
```shell
$ mkdir -p /var/honeygrove/{logs,resources/{quarantine,honeytoken_files}}
```
* Copy the provided example resources to the main directory
```shell
$ cp -a resources /var/honeygrove
```
* Edit the configuration file to fit your needs
```shell
$ $EDITOR honeygrove/config.py
```
* Start honeygrove and verify everything works as expected
```shell
$ sudo python3 -m honeygrove
```

For further information see our [wiki](https://github.com/UHH-ISS/honeygrove/wiki) (currently only the user guide for honeygrove is available in english).

## Related Projects

Honeygrove is intended to be used with a Cyber Incident Monitor (CIM) ([honeygrove-cim](https://github.com/UHH-ISS/honeygrove-cim)) and can additionally be controlled through a management console ([honeygrove-console](https://github.com/UHH-ISS/honeygrove-console)) that communicates with honeygrove via `broker`.

## License

Honeygrove is licensed under the MIT license. See LICENSE for more details.