Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/stamparm/hontel

Telnet Honeypot
https://github.com/stamparm/hontel

botnet chroot honeypot python telnet

Last synced: about 2 months ago
JSON representation

Telnet Honeypot

Host: GitHub
URL: https://github.com/stamparm/hontel
Owner: stamparm
License: mit
Created: 2015-11-11T10:49:46.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2019-03-05T14:49:02.000Z (almost 6 years ago)
Last Synced: 2024-10-14T17:18:54.450Z (about 2 months ago)
Topics: botnet, chroot, honeypot, python, telnet
Language: Python
Size: 550 KB
Stars: 161
Watchers: 11
Forks: 48
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-honeypot - **125**星

README

        # HonTel [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/stamparm/hontel#license-mit)

**HonTel** is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the [chroot](https://help.ubuntu.com/community/BasicChroot) environment. Originally it has been designed to be run inside the Ubuntu/Debian environment, though it could be easily adapted to run inside any Linux environment.

## Documentation:

Setting the environment and running the application requires intermediate Linux administration knowledge. The whole deployment process can be found "step-by-step" inside the [deploy.txt](https://github.com/stamparm/hontel/blob/master/deploy.txt) file. Configuration settings can be found and modified inside the [hontel.py](https://github.com/stamparm/hontel/blob/master/hontel.py) itself. For example, authentication credentials can be changed from default `root:123456` to some arbitrary values (options `AUTH_USERNAME` and `AUTH_PASSWORD`), custom *Welcome* message can be changed from default  (option `WELCOME`), custom *hostname* (option `FAKE_HOSTNAME`), architecture (option `FAKE_ARCHITECTURE`), location of log file (inside the *chroot* environment) containing all telnet commands (option `LOG_PATH`), location of downloaded binary files dropped by connected users (option `SAMPLES_DIR`), etc.

![hontel](http://i.imgur.com/zLCMLML.png)

Note: Some botnets tend to delete the files from compromised hosts (e.g. `/bin/bash`) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurrent) botnets. In such cases either the whole *chroot* environment has to be reinstalled or host directory where the *chroot* directory resides (e.g. `/srv/chroot/`) should be recovered from the previously stored backup (recommended).

## License

This software is provided under under a MIT License. See the accompanying [LICENSE](https://github.com/stamparm/hontel/blob/master/LICENSE) file for more information.