Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cymmetria/mtpot
Open Source Telnet Honeypot
https://github.com/cymmetria/mtpot
Last synced: 25 days ago
JSON representation
Open Source Telnet Honeypot
- Host: GitHub
- URL: https://github.com/cymmetria/mtpot
- Owner: Cymmetria
- License: mit
- Created: 2016-11-10T10:06:05.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2017-03-20T22:02:12.000Z (over 7 years ago)
- Last Synced: 2024-08-04T23:09:59.003Z (4 months ago)
- Language: Python
- Size: 15.6 KB
- Stars: 103
- Watchers: 13
- Forks: 34
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-honeypot - **93**星
README
### Update:
### Cymmetria Research has released a new honeypot for the Apache Struts exploit, see more info here: https://github.com/Cymmetria/StrutsHoneypot# CymmetriaResearch
MTPot is a simple open source honeypot, released under the MIT license for the use of the community.
Cymmetria Research, 2016.
http://www.cymmetria.com/
Please consider trying out the MazeRunner Community Edition, the free version of our cyber deception platform.
Written by: Itamar Sher (@itamar_sher), Dean Sysman (@DeanSysman), Imri Goldberg (@lorgandon)
Contact: [email protected]Install
-------
* Python 2.7
* pip install telnetsrv
* pip install geventUsage
-------
usage: MTPot.py [-h] [-v] [-o OUTPUT] configpositional arguments:
config Path to a json config file, see README for all
available parametersoptional arguments:
-h, --help show this help message and exit
-v, --verbose Increase MTPot verbosity
-o OUTPUT, --output OUTPUT
Output the results to this fileConfig file keys
-------
* port - REQUIRED, The port MTPot will bind to.
* commands - REQUIRED, A python dict containing the commands expected to receive from the scanner (Mirai e.g.) as the keys and the responses as values. IMPORTANT: at the moment commands are assumed to be run under /bin/busybox. (e.g. command="ps" means that the command that would actually get handled is "/bin/busybox ps")
* ddos_name - REQUIRED, The name of the attack (Mirai e.g.) that will appear whenever a successful fingerprint has occured
* ip - REQUIRED, The IP address MTPot will bind to.
* syslog_address - OPTIONAL, Syslog IP address to send the fingerprinted IPs to.
* syslog_port - OPTIONAL, Syslog PORT.
* syslog_protocol - OPTIONAL, Protocol used by the syslog (TCP/UDP)Also included are sample config files (mirai_conf.json, mirai_scanner_conf.json) built for fingerprinting mirai based on the code available from: https://github.com/jgamblin/Mirai-Source-Code
Important note on sample downloading
-------
We had to stop debugging mirai at some point. An issue left open is that the remote mirai infector crashes when it receives an expected response to one of its commands.We did not have the time to work on this last issue (which apparently some folks see as a feature), but happy to get the help of the community if anyone wants to take a stab at making that aspect of the honeypot work.
Known Issues
-------
Some users reported to us that the telnetsrv library throws this exception:
> Traceback (most recent call last):
> File "/usr/lib/python2.7/dist-packages/gevent/greenlet.py", line 327, in run
> result = self._run(*self.args, **self.kwargs)
> File "/usr/local/lib/python2.7/dist-packages/telnetsrv/telnetsrvlib.py", line 821, in inputcooker
> c2 = self._inputcooker_getc(block=False)
> File "/usr/local/lib/python2.7/dist-packages/telnetsrv/telnetsrvlib.py", line 774, in _inputcooker_> getc
> if not self.inputcooker_socket_ready():
> File "/usr/local/lib/python2.7/dist-packages/telnetsrv/green.py", line 44, in inputcooker_socket_ready
> return gevent.select.select([self.sock.fileno()], [], [], 0) != ([], [], [])
> AttributeError: 'module' object has no attribute 'select'
> >> failed with AttributeErrorThis bug appears to be in the libtelnetsrv/gevent library, here's a temporary fix (at your own discretion and risk) to get rid of the exception:
Open green.py in telnetserv and add the following code to the beginning of the file -
```python
import select
```
And replace line 44
```python
return gevent.select.select([self.sock.fileno()], [], [], 0) != ([], [], []):)
```
With:
```python
return select.select([self.sock.fileno()], [], []) != ([], [], [])
```