Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/antihax/gambit

GaMBiT Honeypot
https://github.com/antihax/gambit

honeypot security-tools

Last synced: about 2 months ago
JSON representation

GaMBiT Honeypot

Awesome Lists containing this project

README 

        
# GaMBiT

Collection of services to run a honeypot and analytics UI. Conman can also be ran as an internal sensor reporting to syslog to detect unwanted probes. This is a work in progress and just a fun project.



[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/O5O33VK5S)



## Conman

The connection manager (Conman) attempts to sense the protocol based on matching the first few bytes of the packet, unwrapping TLS if detected, and forwarding on to a driver to attempt to extract more information about the session. A single port can seamlessly handle multiple protocols in this manner.



The current goal is to fake an endpoint long enough to collect passwords from the malefactor.



Conman can run as a docker container using host networking to consume all ports on a device and feed output to syslog.



### Services

| Service        | Description | 

| ------------- |-------------| 

| Conman      | Honeypot | 

| Contrive    | Frontend UI | 



### Infrastructure

Beats is utilized to consume syslog events from Conman, these are fed into elasticsearch.



Contrive performs queries against elasticsearch to provide a simple UI to consume the data.



Kibana can optionally be used, but is not currently exposed.



HAProxy provides Ingress to Contrive and leverages CertManager to obtain LetsEncrypt certificates through ACME.