Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/knalli/honeypot-for-tcp-32764

Honeypot for router backdoor (TCP 32764)
https://github.com/knalli/honeypot-for-tcp-32764

coffeescript honeypot nodejs

Last synced: 2 months ago
JSON representation

Honeypot for router backdoor (TCP 32764)

Host: GitHub
URL: https://github.com/knalli/honeypot-for-tcp-32764
Owner: knalli
Archived: true
Created: 2014-01-12T01:02:27.000Z (about 11 years ago)
Default Branch: master
Last Pushed: 2014-02-06T18:51:18.000Z (almost 11 years ago)
Last Synced: 2024-08-04T23:09:28.648Z (6 months ago)
Topics: coffeescript, honeypot, nodejs
Language: CoffeeScript
Homepage:
Size: 395 KB
Stars: 15
Watchers: 6
Forks: 3
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-honeypot - **9**星

README

# Honeypot for Router Backdoor (TCP-32764)

This is a first try to mock the router backdoor "TCP32764" found in several router firmwares at the end of 2013. The POC of the backdoor is located at this [repository](https://github.com/elvanderb/TCP-32764).

## A note

This honeypot is not fully compatible to the real backdoor. However, we try to response positive answers for well known tests. Said this, both the `poc.py` and the web test from [Heise](http://www.heise.de/security/dienste/portscan/test/go.shtml?scanart=3) recognize this being a real backdoor.

Do not complain about any actions or problems after using this piece of code. Relax, take the time, read it first, and then try it on your own.

## Dependencies

NodeJS

## How to use (easy start)

1. `git clone https://github.com/knalli/honeypot-for-tcp-32764.git` && `cd honeypot-for-tcp-32764`
2. `npm install`
3. `node_modules/.bin/coffee server.coffee`

## How to use (daemon)

There are two user scripts defined in the `package.json` which instruments [Forever](https://github.com/nodejitsu/forever). Simply use `npm start` to start the server and `npm stop` to stop the server. The flag `-w` is used therefor any file changes will effectily restart the server in a second.

## How to monitor

There are following user scripts defined for an easy access to the log:

* `npm run-script print-log` printing out the log file of the current daemon (started by `npm start`)
* `npm run-script tail-log` tailing out the log file of the current daemon (started by `npm start`)

## Contribution

Yes, if you like.

## License

Free for all.

MIT