Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/antihax/gambit
GaMBiT Honeypot
https://github.com/antihax/gambit
honeypot security-tools
Last synced: 21 days ago
JSON representation
GaMBiT Honeypot
- Host: GitHub
- URL: https://github.com/antihax/gambit
- Owner: antihax
- Created: 2019-09-14T00:12:30.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-11-13T03:54:05.000Z (29 days ago)
- Last Synced: 2024-11-13T04:23:42.222Z (29 days ago)
- Topics: honeypot, security-tools
- Language: Go
- Homepage:
- Size: 517 KB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - antihax/gambit - GaMBiT Honeypot (Go)
README
# GaMBiT
Collection of services to run a honeypot and analytics UI. Conman can also be ran as an internal sensor reporting to syslog to detect unwanted probes. This is a work in progress and just a fun project.[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/O5O33VK5S)
## Conman
The connection manager (Conman) attempts to sense the protocol based on matching the first few bytes of the packet, unwrapping TLS if detected, and forwarding on to a driver to attempt to extract more information about the session. A single port can seamlessly handle multiple protocols in this manner.The current goal is to fake an endpoint long enough to collect passwords from the malefactor.
Conman can run as a docker container using host networking to consume all ports on a device and feed output to syslog.
### Services
| Service | Description |
| ------------- |-------------|
| Conman | Honeypot |
| Contrive | Frontend UI |### Infrastructure
Beats is utilized to consume syslog events from Conman, these are fed into elasticsearch.Contrive performs queries against elasticsearch to provide a simple UI to consume the data.
Kibana can optionally be used, but is not currently exposed.
HAProxy provides Ingress to Contrive and leverages CertManager to obtain LetsEncrypt certificates through ACME.