Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/whxitte/honeypot
A vulnerable honeypot setup using Flask and SSH to capture and analyze malicious activities. Includes real-time logging and monitoring to study attack patterns and exploit attempts
https://github.com/whxitte/honeypot
firewall hacking hacking-tool honeypot ids intrusion-detection-system log-analysis logging monitoring monitoring-tool network-analysis network-security web-security
Last synced: about 5 hours ago
JSON representation
A vulnerable honeypot setup using Flask and SSH to capture and analyze malicious activities. Includes real-time logging and monitoring to study attack patterns and exploit attempts
- Host: GitHub
- URL: https://github.com/whxitte/honeypot
- Owner: whxitte
- Created: 2024-08-05T10:30:43.000Z (5 months ago)
- Default Branch: master
- Last Pushed: 2024-12-13T05:22:29.000Z (about 1 month ago)
- Last Synced: 2024-12-13T06:23:51.180Z (about 1 month ago)
- Topics: firewall, hacking, hacking-tool, honeypot, ids, intrusion-detection-system, log-analysis, logging, monitoring, monitoring-tool, network-analysis, network-security, web-security
- Language: HTML
- Homepage:
- Size: 49.8 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Honeypot Project
[![](https://visitcount.itsvg.in/api?id=whxitte&label=Repo%20Views%20Count&color=0&icon=5&pretty=false)](https://visitcount.itsvg.in) [!["Buy Me A Coffee"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoffee.com/whxitte)
A simple honeypot implementation to capture and monitor malicious activity. This project uses Flask to create a vulnerable web application and sets up an SSH service for attackers to interact with. It includes logging and monitoring scripts to track and analyze the activity.
**_Project Ongoing...⌛_**
![honeypotrun](https://github.com/user-attachments/assets/ad39a6f7-fcfc-4052-a0de-d88deba95d44)
## Table of Contents
- [Features](#features)
- [Installation](#installation)
- [Setup](#setup)
- [Usage](#usage)
- [Monitoring](#monitoring)
- [Notes](#notes)
- [License](#license)## Features
- Flask-based vulnerable web application
- SSH service configured with weak credentials
- Logging of commands executed via the web application
- Real-time monitoring of honeypot logs
- More features coming soon...⌛0. **Pre Setup**
Create a new user on your system for making that account as the Honeypot.
sudo useradd -m -s /bin/bash vulnerableuser # change vulnerable user to your desired username
sudo passwd vulnerableuser # Set a weak password like 'password123 or admin or root'
## Installation
1. **Clone the repository:**
```bash
git clone https://github.com/whxitte/Honeypot.git
cd Honeypot
```2. **Create and activate a Python virtual environment:**
```bash
python -m venv honeypot-env
source honeypot-env/bin/activate # For Windows use `honeypot-env\Scripts\activate`
```3. **Install the required Python packages:**
```bash
pip install -r requirements.txt
```4. **Install and configure SSH:**
```bash
sudo apt-get install openssh-server
sudo nano /etc/ssh/sshd_config
```Edit the SSH configuration file (`/etc/ssh/sshd_config`) to allow password authentication. Add or modify the following lines:
```
PermitRootLogin yes
PasswordAuthentication yes
PermitEmptyPasswords yes # Optional, but increases vulnerability
```Restart the SSH service:
```bash
sudo systemctl restart ssh
```## Setup
1. **Run the Flask application and SSH service:**
```bash
sudo su
./run_honeypot.sh
```2. **Monitor logs in real-time:**
```bash
>> tail -f /var/log/auth.log # For SSH logs
or
>> sudo journalctl -u ssh -f (if above command for ssh not works)
or check ssh log in your system / monitor it live
>> tail -f /var/log/honeypot.log # For Flask app logs
```## Usage
- Access the vulnerable web application at [http://localhost](http://localhost)
- Use the `/vulnerable` endpoint to execute commands. For example:```bash
http://localhost/vulnerable?cmd=ls
```- The output of commands and any errors will be logged in `/var/log/honeypot.log`.
## Monitoring
To monitor the honeypot activity, you can use the `monitor_honeypot.py` script:
```bash
python monitor_honeypot.py
```This script will print new log entries in a formatted table in real-time.
## Notes
- Make sure to adjust permissions and configurations based on your security needs.
- This setup is intentionally vulnerable for educational purposes and should not be used in a production environment.