Potbuster is a tool designed to detect SSH honeypots. It runs a series of checks to identify potential honeypot servers. These checks include banner analysis, connection delay, invalid command responses, and more. This tool is beneficial for security testing of SSH servers to uncover possible traps or suspicious behavior.
- Banner Analysis: Checks the SSH banner for known honeypot signatures.
- Connection Delay: Measures the time it takes to establish a connection.
- Invalid Command Responses: Sends commands and analyzes the responses for anomalies.
- Multiple Protocol Support: Works with various SSH configurations.
- Easy to Use: Simple command-line interface for quick checks.
To get started with SSHPotbuster, you need to download the latest release. Visit the Releases section to find the appropriate file for your system. Download and execute the file as instructed in the release notes.
- Python 3.x
- pip (Python package installer)
-
Clone the Repository:
git clone https://github.com/eguzmanc/sshpotbuster.git cd sshpotbuster -
Install Required Packages:
Use pip to install the necessary dependencies:
pip install -r requirements.txt
-
Run the Tool:
After installation, you can run SSHPotbuster directly from the command line.
Using SSHPotbuster is straightforward. You can run the tool with a simple command.
To check a specific SSH server, use the following command:
python sshpotbuster.py <target_ip>Replace <target_ip> with the IP address of the SSH server you want to test.
python sshpotbuster.py 192.168.1.1This command will initiate the checks on the specified IP address.
SSHPotbuster performs several key checks to determine if an SSH server is a honeypot:
-
Banner Analysis:
- Retrieves the SSH banner and checks it against a database of known honeypot banners.
-
Connection Delay:
- Measures the time taken to establish a connection. Honeypots often introduce delays.
-
Invalid Command Responses:
- Sends various commands and checks for unusual responses that may indicate a honeypot.
-
Protocol Version Check:
- Verifies the SSH protocol version in use. Some honeypots may use outdated versions.
-
Session Behavior:
- Observes how the server responds to session initiation requests.
We welcome contributions to SSHPotbuster. If you would like to contribute, please follow these steps:
- Fork the Repository: Click on the fork button at the top right of the page.
- Create a New Branch: Use a descriptive name for your branch.
git checkout -b feature/your-feature-name
- Make Your Changes: Implement your changes or fixes.
- Commit Your Changes: Write a clear commit message.
git commit -m "Add feature" - Push to Your Fork:
git push origin feature/your-feature-name
- Open a Pull Request: Go to the original repository and click on "New Pull Request."
This project is licensed under the MIT License. See the LICENSE file for details.
For questions or suggestions, feel free to reach out:
- Author: Eguzmanc
- Email: eguzmanc@example.com
- GitHub: eguzmanc
SSHPotbuster is a valuable tool for security professionals and enthusiasts. By detecting honeypots, it helps ensure that you can safely assess the security of SSH servers. For the latest updates and releases, check the Releases section.
Feel free to explore the code, report issues, and contribute to the project. Your input helps improve the tool and enhances security for everyone.