23 different honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. All honeypots are non-blocking and can be used as objects or called directly with the in-built auto-configure scripts. Also, they are easy to setup and customize, it takes 1-2 seconds to spin a honeypot up. The output can be logged to a postgres database, file[s], terminal or syslog for easy integration.
This honeypots package is the only package that contains all the following: dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, and oracle.
Honeypots now is in the awesome telekom security T-Pot project!
pip3 install honeypots
honeypot, or multiple honeypots separated by comma or word all
python3 -m honeypots --setup ssh
honeypot, or multiple honeypots separated by comma or word all
sudo -E python3 -m honeypots --setup ssh:22
Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port
python3 -m honeypots --setup imap:143,mysql:3306,redis:6379
honeypot, or multiple honeypots separated by comma or word all
python3 -m honeypots --setup ssh --config config.json
#config.json
{
"logs":"file,terminal",
"logs_location":"/temp/honeypots_logs/"
}
honeypot, or multiple honeypots in a dict
python3 -m honeypots --setup ftp --config config.json{
"logs":"file,terminal",
"logs_location":"/temp/honeypots_logs/",
"honeypots": {
"ftp": {
"port": 21,
"ip": "0.0.0.0",
"username": "test",
"password": "test"
}
}
}{
"logs":"syslog",
"logs_location":"",
"syslog_address": "udp://localhost:514",
"syslog_facility": 3,
"honeypots": {
"ftp": {
"port": 21,
"ip": "0.0.0.0",
"username": "test",
"password": "test"
}
}
}
{
"logs": "db",
"logs_location": "",
"syslog_address":"",
"syslog_facility":0,
"postgres":"//username:[email protected]:9999/honeypots",
"db_options":["drop"],
"filter": "",
"interface": "",
"honeypots": {
"ftp": {
"port": 21,
"username": "test",
"password": "test"
}
}
}[
{
"id": 1,
"date": "2021-11-18 06:06:42.304338+00",
"data": {
"server": "'ftp_server'",
"action": "'process'",
"status": "'success'",
"ip": "'0.0.0.0'",
"port": "21",
"username": "'test'",
"password": "'test'"
}
}
]#you need higher user permissions for binding\closing some ports
ip= String E.g. 0.0.0.0
port= Int E.g. 9999
username= String E.g. Test
password= String E.g. Test
mocking= Boolean or String E.g OpenSSH 7.0
logs= String E.g db, terminal or all
always remember to add process=true to run_server() for non-blocking
from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)
qsshserver.test_server(port=9999)
INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]
qsshserver.kill_server()#you need higher user permissions for binding\closing some ports
from honeypots import QSSHServer
qsshserver = QSSHServer(port=9999)
qsshserver.run_server(process=True)INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]
qsshserver.kill_server()- QDNSServer
- Server: DNS
- Port: 53
- Lib: Twisted
- Logs: ip, port
- QFTPServer
- Server: FTP
- Port: 21
- Lib: Twisted
- Logs: ip, port, username and password
- QHTTPProxyServer
- Server: HTTP Proxy
- Port: 8080
- Lib: Twisted
- Logs: ip, port and data
- QHTTPServer
- Server: HTTP
- Port: 80
- Lib: Twisted
- Logs: ip, port, username and password
- QHTTPSServer
- Server: HTTPS
- Port: 443
- Lib: Twisted
- Logs: ip, port, username and password
- QIMAPServer
- Server: IMAP
- Port: 143
- Lib: Twisted
- Logs: ip, port, username and password
- QMysqlServer
- Emulator: Mysql
- Port: 3306
- Lib: Twisted
- Logs: ip, port, username and password
- QPOP3Server
- Server: POP3
- Port: 110
- Lib: Twisted
- Logs: ip, port, username and password
- QPostgresServer
- Emulator: Postgres
- Port: 5432
- Lib: Twisted
- Logs: ip, port, username and password
- QRedisServer
- Emulator: Redis
- Port: 6379
- Lib: Twisted
- Logs: ip, port, username and password
- QSMBServer
- Server: Redis
- Port: 445
- Lib: impacket
- Logs: ip, port and username
- QSMTPServer
- Server: SMTP
- Port: 25
- Lib: smtpd
- Logs: ip, port, username and password
- QSOCKS5Server
- Server: SOCK5
- Port: 1080
- Lib: socketserver
- Logs: ip, port, username and password
- QSSHServer
- Server: SSH
- Port: 22
- Lib: paramiko
- Logs: ip, port, username and password
- QTelnetServer
- Server: Telnet
- Port: 23
- Lib: Twisted
- Logs: ip, port, username and password
- QVNCServer
- Emulator: VNC
- Port: 5900
- Lib: Twisted
- Logs: ip, port, username and password
- QMSSQLServer
- Emulator: MSSQL
- Port: 1433
- Lib: Twisted
- Logs: ip, port, username and password or hash
- QElasticServer
- Emulator: Elastic
- Port: 9200
- Lib: http.server
- Logs: ip, port and data
- QLDAPServer
- Emulator: LDAP
- Port: 389
- Lib: Twisted
- Logs: ip, port, username and password
- QNTPServer
- Emulator: NTP
- Port: 123
- Lib: Twisted
- Logs: ip, port and data
- QMemcacheServer
- Emulator: Memcache
- Port: 11211
- Lib: Twisted
- Logs: ip, port and data
- QOracleServer
- Emulator: Oracle
- Port: 1521
- Lib: Twisted
- Logs: ip, port and connet data
- QSNMPServer
- Emulator: SNMP
- Port: 161
- Lib: Twisted
- Logs: ip, port and data
- By using this framework, you are accepting the license terms of all these packages:
pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server - Let me know if I missed a reference or resource!
- Almost all servers and emulators are stripped-down - You can adjust that as needed
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent