Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Cowrie - SSH/Telnet Honeypot

Cowrie is a medium interaction SSH and Telnet Honeypot designed to log brute force attacks and the shell interaction performed by the attacker.


  • Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
  • python-virtualenv


  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included.
  • The possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included.
  • Session logs stored in a UML Compatible format for easy replay with original timings.
  • Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection.
Additional functionality over standard kippo:
  • SFTP and SCP support for file upload
  • Support for SSH exec commands
  • Logging of direct-tcp connection attempts (ssh proxying)
  • Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
  • Logging in JSON format for easy processing in log management solutions
  • Many, many additional commands


  • Get the Dockerfile directly at
  • Run from the Docker registry with: docker pull cowrie/cowrie

Download Cowrie

You might also like:
  • Hackode - Android App For Hackers
  • DotDotPwn - Directory Traversal Fuzzer
  • OSForensics - Tool For Extracting Forensic Data From Computers
  • Snort - OpenSource Network Intrusion Detection Tool
  • Weevely - Weaponized Web Shell
  • Pentoo - Gentoo-Based Linux Distribution For Penetration Testers
  • evasi0n - Jailbreak Tool For iOS 6, 7 Devices
  • SSLyze - Tool For Analysing SSL/TLS Configurations
  • Advanced Windows Service Manager - Tool For Analyzing Windows Services
  • SoftPerfect WiFi Guard - Tool For Detecting & Alerting WiFi Network Intrusions
  • BlindElephant - Web Application Fingerprinter
  • theHarvester - Tool For Gathering Target Information (E-mail accounts, subdomain names, open ports and etc.)
  • SI6 Networks' IPv6 Toolkit - A Security Assessment & Troubleshooting Tool For IPv6 Protocols
  • Automater - Tool For Analyzing URLs/Domains, IP Addresses, and Md5 Hashes
  • Web-Sorrow - Tool For Detecting Misconfigurations and Collecting Server Information
  • ADHD - An Ubuntu Based Security Distribution
  • ARPwner - ARP & DNS Poisoning Attack Tool
  • Xortool - A Tool To Analyze Multi-byte XOR Cipher

This post first appeared on Effect Hacking - Hacking Tools, How To Guides An, please read the originial post: here

Share the post

Cowrie - SSH/Telnet Honeypot


Subscribe to Effect Hacking - Hacking Tools, How To Guides An

Get updates delivered right to your inbox!

Thank you for your subscription