Welcome to the Comprehensive Honeypot Project! This project aims to provide a versatile and effective honeypot solution for cybersecurity research, threat detection, and intelligence gathering. The honeypot is designed to mimic various services commonly targeted by attackers and includes several functionalities to enhance its capabilities.
Honeypots are decoy systems or services designed to lure attackers and gather information about their techniques, tools, and motives. By deploying honeypots, organizations can detect and analyze malicious activities, improve threat intelligence, and enhance overall cybersecurity posture.
-
ssh_honeypot_logging: The honeypot logs connection attempts, authentication attempts, and executed commands, providing valuable insight into potential attackers' behavior. All logs are stored in a dedicated log file (
honeypot.log) for analysis. -
ssh_honeypot_authentication: Enhanced authentication mechanism with basic brute-force protection. The honeypot logs authentication attempts and blocks suspicious behavior, such as repeated failed login attempts.
-
ssh_honeypot_decoyservices: The honeypot mimics multiple services commonly targeted by attackers, including SSH, FTP, Telnet, and HTTP. By diversifying the services, it increases the chances of detecting various types of attacks.
-
ssh_honeypot_interaction: Simulates interaction with attackers by responding to certain commands with predetermined outputs. For example, it provides fake filesystems and command outputs to simulate a real system, allowing for gathering more information about attackers' intentions.
-
ssh_honeypot_alerting: Set up alerts to notify administrators when certain conditions are met, such as a large number of failed login attempts within a short period or suspicious commands being executed. Alerts are logged and can trigger additional actions, such as sending emails or notifications.
-
ssh_honeypot_geolocation: Gathers geolocation information from incoming connections to identify the geographical origin of potential attackers. This functionality enhances the understanding of attack patterns and provides additional context for analyzing threats.
-
ssh_honeypot_comprehensive: This script contains the above all functionalities combined into one.
- Clone the repository to your local machine:
git clone https://github.com/yourusername/HONEYPOTS.git-
Customize the honeypot settings and configurations as needed.
-
Run the honeypot script:
python <whichever_script_you_want_to_run>.py- Monitor the honeypot logs (
honeypot.log) and analyze incoming connections and activities.
Contributions to the Comprehensive Honeypot project are welcome! If you have ideas for improvements, new features, or bug fixes, please feel free to open an issue or submit a pull request.
This project is licensed under the MIT License.