https://github.com/mariocandela/beelzebub

A secure low code honeypot framework, leveraging AI for System Virtualization.
https://github.com/mariocandela/beelzebub

cloudnative cloudsecurity cybersecurity framework go golang honeypot kubernetes llama3 llm llm-honeypot llm-security low-code ollama openai research research-project security whitehat

Last synced: about 2 months ago
JSON representation

A secure low code honeypot framework, leveraging AI for System Virtualization.

• Host: GitHub
• URL: https://github.com/mariocandela/beelzebub
• Owner: mariocandela
• License: mit
• Created: 2022-05-08T18:47:02.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-07-21T18:28:30.000Z (about 2 months ago)
• Last Synced: 2024-07-28T19:32:47.740Z (about 2 months ago)
• Topics: cloudnative, cloudsecurity, cybersecurity, framework, go, golang, honeypot, kubernetes, llama3, llm, llm-honeypot, llm-security, low-code, ollama, openai, research, research-project, security, whitehat
• Language: Go
• Homepage: https://beelzebub-honeypot.com
• Size: 276 KB
• Stars: 626
• Watchers: 9
• Forks: 48
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

• awesome-go - beelzebub - A secure low code honeypot framework, leveraging AI for System Virtualization. (Security / HTTP Clients)
• Awesome-ChatGPT - Beelzebub ChatGPT Honeypot
• awesome-gpt-security - beelzebub - Go-Based Low-Code Honeypot Framework with Enhanced Security, Leveraging GPT-3 for System Virtualization (Tools / Investigation)
• awesome-chatgpt - Beelzebub - Secure honeypot framework. (Web apps / Self-hosted)
• fucking-awesome-chatgpt - Beelzebub ChatGPT Honeypot
• awesome-chatgpt - Beelzebub ChatGPT Honeypot
• awesome-chatgpt - Beelzebub ChatGPT Honeypot
• awesome-chatgpt - mariocandela/beelzebub - Go based low code Honeypot Framework with Enhanced Security, leveraging OpenAI GPT for System Virtualization (Channel Resources / GitHub Projects)
• awesome-chatgpt - beelzebub
• awesome-chatgpt-zh - Beelzebub ChatGPT 蜜罐
• awesome-chatgpt - Beelzebub - Secure honeypot framework. (Web apps / Self-hosted)
• awesome-gpt - Beelzebub ChatGPT Honeypot

README

        
# Beelzebub

[![CI](https://github.com/mariocandela/beelzebub/actions/workflows/ci.yml/badge.svg)](https://github.com/mariocandela/beelzebub/actions/workflows/ci.yml) [![Docker](https://github.com/mariocandela/beelzebub/actions/workflows/docker-image.yml/badge.svg)](https://github.com/mariocandela/beelzebub/actions/workflows/docker-image.yml) [![codeql](https://github.com/mariocandela/beelzebub/actions/workflows/codeql.yml/badge.svg)](https://github.com/mariocandela/beelzebub/actions/workflows/codeql.yml)

[![Go Report Card](https://goreportcard.com/badge/github.com/mariocandela/beelzebub/v3)](https://goreportcard.com/report/github.com/mariocandela/beelzebub/v3)

[![codecov](https://codecov.io/gh/mariocandela/beelzebub/graph/badge.svg?token=8XTK7D4WHE)](https://codecov.io/gh/mariocandela/beelzebub)

[![Go Reference](https://pkg.go.dev/badge/github.com/mariocandela/beelzebub/v3.svg)](https://pkg.go.dev/github.com/mariocandela/beelzebub/v3)

[![Mentioned in Awesome Go](https://awesome.re/mentioned-badge.svg)](https://github.com/avelino/awesome-go)  

## Overview

Beelzebub is an advanced honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks. It offers a low code approach for easy implementation and uses AI to mimic the behavior of a high-interaction honeypot.



## LLM Honeypot

[![asciicast](https://asciinema.org/a/665295.svg)](https://asciinema.org/a/665295)

## Telegram Bot for Real-Time Attacks

Stay updated on real-time attacks by joining our dedicated Telegram channel: [Telegram Channel](https://t.me/beelzebubhoneypot)

## Examples

To better understand the capabilities of Beelzebub, you can explore our example repository: [mariocandela/beelzebub-example](https://github.com/mariocandela/beelzebub-example)

## Quick Start

We provide two quick start options for build and run Beelzebub: using Docker Compose or the Go compiler.

### Using Docker Compose

1. Build the Docker images:

   ```bash

   $ docker-compose build

   ```

2. Start Beelzebub in detached mode:

   ```bash

   $ docker-compose up -d

   ```

### Using Go Compiler

1. Download the necessary Go modules:

   ```bash

   $ go mod download

   ```

2. Build the Beelzebub executable:

   ```bash

   $ go build

   ```

3. Run Beelzebub:

   ```bash

   $ ./beelzebub

   ```

### Deploy on kubernetes cluster using helm

1. Install helm

2. Deploy beelzebub:

   ```bash

   $ helm install beelzebub ./beelzebub-chart

   ```

3. Next release

   ```bash

   $ helm upgrade beelzebub ./beelzebub-chart

   ```

## Testing

We provide two types of tests: unit tests and integration tests.

### Unit Tests

To run unit tests:

```bash

$ make test.unit

```

### Integration Tests

To run integration tests:

```bash

$ make test.dependencies.start

$ make test.integration

$ make test.dependencies.down

```

## Key Features

Beelzebub offers a wide range of features to enhance your honeypot environment:

- Support for Ollama

- Support for OpenAI

- SSH Honeypot

- HTTP Honeypot

- TCP Honeypot

- Prometheus openmetrics integration

- Docker integration

- RabbitMQ integration

- kubernetes

## Example Configuration

Beelzebub allows easy configuration for different services and ports. Simply create a new file for each service/port within the `/configurations/services` directory.

To execute Beelzebub with your custom path, use the following command:

```bash

$ ./beelzebub --confCore ./configurations/beelzebub.yaml --confServices ./configurations/services/

```

Here are some example configurations for different honeypot scenarios:

#### Example HTTP Honeypot on Port 80

###### http-80.yaml

```yaml

apiVersion: "v1"

protocol: "http"

address: ":80"

description: "Wordpress 6.0"

commands:

  - regex: "^(/index.php|/index.html|/)$"

    handler:

      

        

          Wordpress 6 test page

        

        

          
Hello from Wordpress

        

      

    headers:

      - "Content-Type: text/html"

      - "Server: Apache/2.4.53 (Debian)"

      - "X-Powered-By: PHP/7.4.29"

    statusCode: 200

  - regex: "^(/wp-login.php|/wp-admin)$"

    handler:

      

        

          Wordpress 6 test page

        

        

          

            Username

            


            Password

            

            Login

          

        

      

    headers:

      - "Content-Type: text/html"

      - "Server: Apache/2.4.53 (Debian)"

      - "X-Powered-By: PHP/7.4.29"

    statusCode: 200

  - regex: "^.*$"

    handler:

      

        

          404

        

        

          
Not found!

        

      

    headers:

      - "Content-Type: text/html"

      - "Server: Apache/2.4.53 (Debian)"

      - "X-Powered-By: PHP/7.4.29"

    statusCode: 404

```


#### Example HTTP Honeypot on Port 8080

###### http-8080.yaml

```yaml

apiVersion: "v1"

protocol: "http"

address: ":8080"

description: "Apache 401"

commands:

  - regex: ".*"

    handler: "Unauthorized"

    headers:

      - "www-Authenticate: Basic"

      - "server: Apache"

    statusCode: 401

```

#### Example SSH Honeypot

###### Honeypot LLM Honeypots

Example with OpenAI GPT-4:

```yaml

apiVersion: "v1"

protocol: "ssh"

address: ":2222"

description: "SSH interactive OpenAI  GPT-4"

commands:

  - regex: "^(.+)$"

    plugin: "LLMHoneypot"

serverVersion: "OpenSSH"

serverName: "ubuntu"

passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"

deadlineTimeoutSeconds: 60

plugin:

   llmModel: "gpt4-o"

   openAISecretKey: "sk-proj-123456"

```

Example with Ollama Llama3:

```yaml

apiVersion: "v1"

protocol: "ssh"

address: ":2222"

description: "SSH Ollama Llama3"

commands:

  - regex: "^(.+)$"

    plugin: "LLMHoneypot"

serverVersion: "OpenSSH"

serverName: "ubuntu"

passwordRegex: "^(root|qwerty|Smoker666|123456|jenkins|minecraft|sinus|alex|postgres|Ly123456)$"

deadlineTimeoutSeconds: 60

plugin:

   llmModel: "llama3"

   host: "http://example.com/api/chat" #default http://localhost:11434/api/chat

```

###### SSH Honeypot on Port 22

###### ssh-22.yaml

```yaml

apiVersion: "v1"

protocol: "ssh"

address: ":22"

description: "SSH interactive"

commands:

  - regex: "^ls$"

    handler: "Documents Images Desktop Downloads .m2 .kube .ssh .docker"

  - regex: "^pwd$"

    handler: "/home/"

  - regex: "^uname -m$"

    handler: "x86_64"

  - regex: "^docker ps$"

    handler: "CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES"

  - regex: "^docker .*$"

    handler: "Error response from daemon: dial unix docker.raw.sock: connect: connection refused"

  - regex: "^uname$"

    handler: "Linux"

  - regex: "^ps$"

    handler: "PID TTY TIME CMD\n21642 ttys000 0:00.07 /bin/dockerd"

  - regex: "^(.+)$"

    handler: "command not found"

serverVersion: "OpenSSH"

serverName: "ubuntu"

passwordRegex: "^(root|qwerty|Smoker666)$"

deadlineTimeoutSeconds: 60

```

## Roadmap

Our future plans for Beelzebub include developing it into a robust PaaS platform.

## Contributing

The Beelzebub team welcomes contributions and project participation. Whether you want to report bugs, contribute new features, or have any questions, please refer to our [Contributor Guide](CONTRIBUTING.md) for detailed information. We encourage all participants and maintainers to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md) and foster a supportive and respectful community.

Happy hacking!

## License

Beelzebub is licensed under the [MIT License](LICENSE).

## Supported by JetBrains

[![JetBrains Black Box Logo logo](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_square.png)](https://jb.gg/OpenSourceSupport)