Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/birdo1221/ssh-honeypot

A Simplistic SSH HoneyPot With AbuseIPDB Reporting
https://github.com/birdo1221/ssh-honeypot

abuse-detection abuseipdb abuseipdb-api actor brute brute-force bruteforce detection geolocation honeypot honeypot-fake logging malicious network ssh ssh-abuse

Last synced: 3 days ago
JSON representation

A Simplistic SSH HoneyPot With AbuseIPDB Reporting

Host: GitHub
URL: https://github.com/birdo1221/ssh-honeypot
Owner: Birdo1221
License: mit
Created: 2024-07-22T00:28:30.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-08-27T22:34:05.000Z (3 months ago)
Last Synced: 2024-08-28T18:27:09.775Z (3 months ago)
Topics: abuse-detection, abuseipdb, abuseipdb-api, actor, brute, brute-force, bruteforce, detection, geolocation, honeypot, honeypot-fake, logging, malicious, network, ssh, ssh-abuse
Language: Python
Homepage: https://github.com/Birdo1221/SSH-HoneyPot/tree/main
Size: 66.4 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# SSH Honeypot

The script is designed to capture login attempts for exact credentaisl used + reporting the IP addresses to AbuseIPDB.

I am currently using this myself, [ AbuseipDB Results ](https://www.abuseipdb.com/user/137416) .

## Getting Started
### Prerequisites
- Python 3.x
- Paramiko library
- Requests library
- Curl
- iptables ==> Linux Only, Will need to find a Windows Alternative

### Example of the log file in action

![Example](https://github.com/user-attachments/assets/000ff986-2d39-4748-9d48-07d4eeb26f69)

### Installation

1. Clone the repository:
```sh
git clone https://github.com/Birdo1221/SSH-HoneyPot.git
cd ssh-honeypot
```

2. Install the required Python packages:
```sh
pip install paramiko requests
```

3. Replace the placeholder in the script with your Abuse-IPDB API key:
```python
ABUSE_IPDB_API_KEY = 'Replace with Abuse-IPDB API Token'
```
4. You don’t need to manually remove any ports from the list; the script will simply skip any that are already in use.
However, to run the server on the ports below 1024, you will need to have sudo / administrative privileges.
```python
PORTS = [2222, 2200, 22222, 50000, 3389, 1337, 10001, 222, 2022, 2181, 23, 2000, 830, 2002, 5353, 8081, 6000, 5900]
```
Im currently using these ports due to them being the most commonly used port for ssh on shodan / zoomeye.

## Usage

### 1. Just need to run the file

**Run:** `Python3 ssh-honeypot-All.py`

### 2. Running the logging varients will create the log file
**File:** `ssh_login_attempts.log`

You can change the name of the log file to whatever.