Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wh1t3-e4gl3/honeypot

A vulnerable honeypot setup using Flask and SSH to capture and analyze malicious activities. Includes real-time logging and monitoring to study attack patterns and exploit attempts
https://github.com/wh1t3-e4gl3/honeypot

firewall hacking hacking-tool honeypot ids intrusion-detection-system log-analysis logging monitoring monitoring-tool network-analysis network-security web-security

Last synced: 5 days ago
JSON representation

A vulnerable honeypot setup using Flask and SSH to capture and analyze malicious activities. Includes real-time logging and monitoring to study attack patterns and exploit attempts

Host: GitHub
URL: https://github.com/wh1t3-e4gl3/honeypot
Owner: WH1T3-E4GL3
Created: 2024-08-05T10:30:43.000Z (4 months ago)
Default Branch: master
Last Pushed: 2024-10-24T05:38:11.000Z (26 days ago)
Last Synced: 2024-10-24T23:44:36.023Z (25 days ago)
Topics: firewall, hacking, hacking-tool, honeypot, ids, intrusion-detection-system, log-analysis, logging, monitoring, monitoring-tool, network-analysis, network-security, web-security
Language: HTML
Homepage:
Size: 43.9 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Honeypot Project

[![](https://visitcount.itsvg.in/api?id=WH1T3-E4GL3&label=Repo%20Views%20Count&color=0&icon=5&pretty=false)](https://visitcount.itsvg.in)

A simple honeypot implementation to capture and monitor malicious activity. This project uses Flask to create a vulnerable web application and sets up an SSH service for attackers to interact with. It includes logging and monitoring scripts to track and analyze the activity.

**_Project Ongoing...⌛_**

![honeypotrun](https://github.com/user-attachments/assets/ad39a6f7-fcfc-4052-a0de-d88deba95d44)

## Table of Contents

- [Features](#features)
- [Installation](#installation)
- [Setup](#setup)
- [Usage](#usage)
- [Monitoring](#monitoring)
- [Notes](#notes)
- [License](#license)

## Features

- Flask-based vulnerable web application
- SSH service configured with weak credentials
- Logging of commands executed via the web application
- Real-time monitoring of honeypot logs
- More features coming soon...⌛

0. **Pre Setup**

Create a new user on your system for making that account as the Honeypot.

sudo useradd -m -s /bin/bash vulnerableuser # change vulnerable user to your desired username
sudo passwd vulnerableuser # Set a weak password like 'password123 or admin or root'

## Installation

1. **Clone the repository:**

```bash
git clone https://github.com/WH1T3-E4GL3/Honeypot.git
cd Honeypot
```

2. **Create and activate a Python virtual environment:**

```bash
python -m venv honeypot-env
source honeypot-env/bin/activate # For Windows use `honeypot-env\Scripts\activate`
```

3. **Install the required Python packages:**

```bash
pip install -r requirements.txt
```

4. **Install and configure SSH:**

```bash
sudo apt-get install openssh-server
sudo nano /etc/ssh/sshd_config
```

Edit the SSH configuration file (`/etc/ssh/sshd_config`) to allow password authentication. Add or modify the following lines:

```
PermitRootLogin yes
PasswordAuthentication yes
PermitEmptyPasswords yes # Optional, but increases vulnerability
```

Restart the SSH service:

```bash
sudo systemctl restart ssh
```

## Setup

1. **Run the Flask application and SSH service:**

```bash
sudo su
./run_honeypot.sh
```

2. **Monitor logs in real-time:**

```bash
>> tail -f /var/log/auth.log # For SSH logs
or
>> sudo journalctl -u ssh -f (if above command for ssh not works)
or check ssh log in your system / monitor it live

>> tail -f /var/log/honeypot.log # For Flask app logs
```

## Usage

- Access the vulnerable web application at [http://localhost](http://localhost)
- Use the `/vulnerable` endpoint to execute commands. For example:

```bash
http://localhost/vulnerable?cmd=ls
```

- The output of commands and any errors will be logged in `/var/log/honeypot.log`.

## Monitoring

To monitor the honeypot activity, you can use the `monitor_honeypot.py` script:

```bash
python monitor_honeypot.py
```

This script will print new log entries in a formatted table in real-time.

## Notes

- Make sure to adjust permissions and configurations based on your security needs.
- This setup is intentionally vulnerable for educational purposes and should not be used in a production environment.