Cowrie is a medium interaction SSH and Telnet Honeypot designed to log brute force attacks and the shell interaction performed by the attacker.
Requirements:
- Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
- python-virtualenv
Features:
- Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included.
- The possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included.
- Session logs stored in a UML Compatible format for easy replay with original timings.
- Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection.
- SFTP and SCP support for file upload
- Support for SSH exec commands
- Logging of direct-tcp connection attempts (ssh proxying)
- Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
- Logging in JSON format for easy processing in log management solutions
- Many, many additional commands
Docker:
- Get the Dockerfile directly at https://github.com/micheloosterhof/docker-cowrie
- Run from the Docker registry with: docker pull cowrie/cowrie
You might also like:
- Hackode - Android App For Hackers
- DotDotPwn - Directory Traversal Fuzzer
- OSForensics - Tool For Extracting Forensic Data From Computers
- Snort - OpenSource Network Intrusion Detection Tool
- Weevely - Weaponized Web Shell
- Pentoo - Gentoo-Based Linux Distribution For Penetration Testers
- evasi0n - Jailbreak Tool For iOS 6, 7 Devices
- SSLyze - Tool For Analysing SSL/TLS Configurations
- Advanced Windows Service Manager - Tool For Analyzing Windows Services
- SoftPerfect WiFi Guard - Tool For Detecting & Alerting WiFi Network Intrusions
- BlindElephant - Web Application Fingerprinter
- theHarvester - Tool For Gathering Target Information (E-mail accounts, subdomain names, open ports and etc.)
- SI6 Networks' IPv6 Toolkit - A Security Assessment & Troubleshooting Tool For IPv6 Protocols
- Automater - Tool For Analyzing URLs/Domains, IP Addresses, and Md5 Hashes
- Web-Sorrow - Tool For Detecting Misconfigurations and Collecting Server Information
- ADHD - An Ubuntu Based Security Distribution
- ARPwner - ARP & DNS Poisoning Attack Tool
- Xortool - A Tool To Analyze Multi-byte XOR Cipher
This post first appeared on Effect Hacking - Hacking Tools, How To Guides An, please read the originial post: here