Honeysuite

Honeysuite repos

According to Wikipedia:

[…] a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site, but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, who are then blocked.

https://en.wikipedia.org/wiki/Honeypot_(computing)

Below, you can find a list of the simple honeypots we built. These are

FTP

ftp-grab-password

A simple ftp server logging the password entered.

HTTP

http-grab-basicauth

A simple http-basicauth dialog logging the entered password.

http-grab-url

A simple http server exposing the amount of connections to the / endpoint. The amount of requests can be found by making a GET request to the /metrics endpoint.

SSH

ssh-grab-keypass

A simple ssh server exposing the amounf of key-based login attempts. An SSH server and a HTTP server are started, the HTTP server for the sole purpose of exposing metrics.

ssh-grab-passwords

A simple ssh server exposing the amounf of password logins. An SSH server and a HTTP server are started, the HTTP server for the sole purpose of exposing metrics.

ssh-grab-password-map

ssh-grab-passwords exposing the data for usage with the grafana-worldmap plugin.

Analysis

honeypot-log-analyzer

Some analysis scripts. These include making rankings for “what is the most used password, username or password/username combination”.