https://github.com/nhh/tarbit
Tarbit is a tcp tarpit written in ruby.
https://github.com/nhh/tarbit
bots networking ruby security
Last synced: 8 months ago
JSON representation
Tarbit is a tcp tarpit written in ruby.
- Host: GitHub
- URL: https://github.com/nhh/tarbit
- Owner: nhh
- License: mit
- Created: 2020-02-26T07:16:27.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-10-31T19:46:11.000Z (over 2 years ago)
- Last Synced: 2025-02-09T04:38:50.058Z (over 1 year ago)
- Topics: bots, networking, ruby, security
- Language: Ruby
- Homepage: https://github.com/nhh/tarbit
- Size: 141 KB
- Stars: 1
- Watchers: 3
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Tarbit - A async ruby tcp tarpit
## Introduction
Tarbit is a tcp tarpit written in ruby. It can slow down automated ssh/http/tcp "attacks" or bot connections.
It is designed to consume a very little amount of cpu and memory. Tarbit can also generate statistic images.
*"Red Wood Cutting", Vladimir Kush*

Tarbit is heaviliy inspired by endlessh, the python version, feel free to take a look: https://nullprogram.com/blog/2019/03/22/
## Installation
```
gem install tarbit
```
You can now run tarbit manually (you can also omit the default params):
The interval option marks the seconds until the statistics are written to disk.
```
tarbit serve --port 22 --interval 1800
```
## Advanced
Create a systemd service
Verify your tarbit executable: (change the path `bin` to `wrapper` within the systemd `ExecStart` )
```
which tarbit
```
```bash
[Unit]
Description=Tarbit - ruby ssh tarpit
[Service]
Type=simple
ExecStart=/usr/local/rvm/gems/ruby-2.6.5/wrappers/tarbit serve
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
```
Create a cron job for making statistic snapshots:
Again make sure the path has changed `bin` with `wrapper`
```
* */2 * * * /usr/local/rvm/gems/ruby-2.6.5/wrappers/tarbit snapshot
```
It is recommended to cleanup the statistics folder. You can use a cron job too.
(It will remove all statistics every 12 hours)
```
* */12 * * * rm /etc/tarbit/statistics/*.json
```
Enjoy statistics like these:

## Troubleshooting
Native extensions: Imagemagick can not find `MagickWand.h`
On Ubuntu, you can run:
```
sudo apt-get install libmagickwand-dev
```
On Centos, you can run:
```
sudo yum install gcc ImageMagick-devel make which
```
On Macos, you can run:
```
brew install imagemagick@6
brew link --force imagemagick@6
```
On Windoes, you can install Linux instead.