Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/plazmaz/liquidhoney

A small, fluid, low-interaction honeypot
https://github.com/plazmaz/liquidhoney

honeypot low-interaction monitoring security tcp udp

Last synced: about 1 month ago
JSON representation

A small, fluid, low-interaction honeypot

Host: GitHub
URL: https://github.com/plazmaz/liquidhoney
Owner: Plazmaz
License: other
Created: 2019-03-24T01:54:20.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2019-05-20T00:34:36.000Z (over 5 years ago)
Last Synced: 2024-08-03T23:04:28.587Z (4 months ago)
Topics: honeypot, low-interaction, monitoring, security, tcp, udp
Language: Python
Size: 67.4 KB
Stars: 20
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

awesome-honeypot - **15**星 - interaction honeypot (<a id="a53d22b9c5d09dc894413453f4755658"></a>未分类)

README

# LiquidHoney
A small, fluid, low-interaction honeypot designed to spoof banners across thousands of ports.

## Features
* Parsing and spoofing based on nmap's [nmap-service-probes](https://nmap.org/book/vscan-fileformat.html) file format.
* Support for ssl-wrapped protocols (See `create-cert.sh`)
* Hourly log rollover
* Support for UDP and TCP based protocols
* Works passively, can be used for recon/capturing in addition to being a honeypot
* Does not require root after setup

**Note**:
While LiquidHoney will attempt to register iptables rules redirecting ports to itself, you may need to do this manually if
iptables is not present or is not usable.

## Setup
Setup is relatively simple. You will need Python 3 and pip installed to run this application.
1. Install nmap-service-probes. This file is under a different license (https://nmap.org/book/man-legal.html). Either of these options will work:
* Intall nmap
* Download it here: https://raw.githubusercontent.com/nmap/nmap/master/nmap-service-probes.
2. `pip install -r requirements.txt`
3. `./create-cert.sh` to generate an SSL certificate
4. Set up the iptables rules using `sudo python3 liquid_honey.py --create-rules`
5. Run the server with `python3 liquid_honey.py`
6. Watch the logs roll in!

**Note:** By default, LiquidHoney drops packets sent to the listen port from non-internal addresses, however it is highly
recommended that you block external traffic to that port (11337 by default).

## Configuration
LiquidHoney can be configured in more depth using the `config.yml` file. There are descriptions of the options in the default config.