SSH蜜罐工具 – HonSSH

摘要

HonSSH是一个高交互蜜罐解决方案,在攻击者与蜜罐之间,可以创建两个独立的SSH链接,它的特点如下:

HonSSH是一个高交互蜜罐解决方案,在攻击者与蜜罐之间,可以创建两个独立的SSH链接,它的特点如下:

1、捕获所有链接尝试,并记录到文本文件中
2、当攻击者发起密码尝试的时候,HonSSH可以自动更换他们的密码(spoof_login),让他们以为自己猜测到正确的密码。
3、所有交互都会记录到,可以使用Kippo playlog重放
4、攻击者的会话都捕获在一个文本文件中
5、可以使用telnet实时查看会话。

安装:

CONF文件配置如下:

# # ConSSH configuration file (conssh.cfg) # [honeypot]  # IP addresses to listen for incoming SSH connections. # ssh_addr = 192.168.0.2  # Port to listen for incoming SSH connections. # # (default: 2222) ssh_port = 22  # IP addresses to send outgoing SSH connections. # client_addr = 192.168.1.1  # IP addresses of the honeypot. # honey_addr = 192.168.1.2  # Directory where to save log files in. # # (default: logs) log_path = logs  # Directory where to save session files in. # # (default: sessions) session_path = sessions  # Public and private SSH key files. # public_key = id_rsa.pub private_key = id_rsa  # Session management interface. # # This is a telnet based service that can be used to interact with active # sessions. Disabled by default. # # (default: false) interact_enabled = true # (default: 127.0.0.1) interact_interface = 127.0.0.1 # (default: 5123) interact_port = 5123  # Spoof password? # # (default: false) spoof_login = true  # Actual login password for the honey pot. #  # e.g. if the attacker uses the password "hello" this would replace #      it with "goodbye" (the actual honeypot password) spoof_pass = goodbye  [extras]  # Enables Voice # If enabled will speak about incoming connections. # Requires espeak and python-espeak #  # (default: false) voice = true

运行:
./start.sh

更多点击: 
https://code.google.com/p/honssh/wiki/Config
下载方式:
git clone https://code.google.com/p/honssh/

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: