HonSSH是一個高交互蜜罐解決方案,在***者與蜜罐之間,可以創建兩個獨立的SSH鏈接,它的特點如下:
1、捕獲所有鏈接嘗試,並記錄到文本文件中
2、當***者發起密碼嘗試的時候,HonSSH可以自動更換他們的密碼(spoof_login),讓他們以爲自己猜測到正確的密碼。
3、所有交互都會記錄到,可以使用Kippo playlog重放
4、***者的會話都捕獲在一個文本文件中
5、可以使用telnet實時查看會話。
安裝:
CONF文件配置如下:
## ConSSH configuration file (conssh.cfg)#[honeypot]# IP addresses to listen for incoming SSH connections.#ssh_addr = 192.168.0.2# Port to listen for incoming SSH connections.## (default: 2222)ssh_port = 22# IP addresses to send outgoing SSH connections.#client_addr = 192.168.1.1# IP addresses of the honeypot.#honey_addr = 192.168.1.2# Directory where to save log files in.## (default: logs)log_path = logs# Directory where to save session files in.## (default: sessions)session_path = sessions# Public and private SSH key files.#public_key = id_rsa.pubprivate_key = id_rsa# Session management interface.## This is a telnet based service that can be used to interact with active# sessions. Disabled by default.## (default: false)interact_enabled = true# (default: 127.0.0.1)interact_interface = 127.0.0.1# (default: 5123)interact_port = 5123# Spoof password?## (default: false)spoof_login = true# Actual login password for the honey pot.# # e.g. if the attacker uses the password "hello" this would replace# it with "goodbye" (the actual honeypot password)spoof_pass = goodbye[extras]# Enables Voice# If enabled will speak about incoming connections.# Requires espeak and python-espeak# # (default: false)voice = true
運行:
./start.sh
更多點擊:
https://code.google.com/p/honssh/wiki/Config
下載方式:
git clone https://code.google.com/p/honssh/
