Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chrisbdaemon/BearTrap
https://github.com/chrisbdaemon/BearTrap
Last synced: 14 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/chrisbdaemon/BearTrap
- Owner: chrisbdaemon
- License: bsd-2-clause
- Created: 2011-10-27T22:26:18.000Z (about 13 years ago)
- Default Branch: master
- Last Pushed: 2016-11-22T17:16:57.000Z (almost 8 years ago)
- Last Synced: 2024-08-02T06:15:25.509Z (4 months ago)
- Language: Ruby
- Homepage:
- Size: 51.8 KB
- Stars: 19
- Watchers: 4
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README
- License: LICENSE
Awesome Lists containing this project
README
BearTrap v0.2-beta
BearTrap is meant to be a portable network defense utility written entirely in
Ruby. It opens "trigger" ports on the host that an attacker would connect to.
When the attacker connects and/or performs some interactions with the trigger
an alert is raised and the attacker's ip address is potentially blacklisted.
The idea came from listening to the PaulDotCom Security Podcast
(http://pauldotcom.com/security-weekly/) particularly episodes 203 and 204 as
the concept of honeyports is described.
Dependencies:
Ruby 1.9.x interpreter
Installation varies from system to system.
getopt ruby gem
Install with 'gem install getopt'
Installation:
No installation required. Simply edit the configuration file, config.yml. It
should be fairly well documented and/or self-explanatory. If its not, check
out the support section below.
Usage:
ruby bear_trap.rb -c config.yml
Running as root is recommended, as most blacklisting tools (pfctl, iptables,
etc) must be ran as root.
Support:
If you have any significant problems, send me an email at
chrisbdaemon [at] gmail.com with BearTrap somewhere in the subject.
If you would like to contribute, go ahead and fork the github repo, make your
changes and send a pull request (see http://help.github.com/fork-a-repo/).