cyber-security-resources/honeypots_honeynets

Honeypots and HoneyNets

The following are several references and resources related to HoneyPots/HoneyNets.

Community

• The HoneyNet Project: an international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight against malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world.

HoneyPots and Tools

• T-Pot: an awesome collection of honeypots and additional tools.
• adbhoney: Low interaction honeypot designed for Android Debug Bridge over TCP/IP
• ciscoasa: A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
• citrixhoneypot: Detect and log CVE-2019-19781 scan and exploitation attempts.
• conpot: Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex.
• cowrie: Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.
• dicompot: A Digital Imaging and Communications in Medicine (DICOM) Honeypot.
• dionaea: Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls.
• elasticpot: An Elasticsearch Honeypot
• glutton: Glutton provide SSH and a TCP proxy. SSH proxy works as a MITM between attacker and server to log everything in plain text.
• heralding: Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently the following protocols are supported: ftp, telnet, ssh, http, https, pop3, pop3s, imap, imaps, smtp, vnc, postgresql and socks5.
• honeypy: A low interaction honeypot with the capability to be more of a medium interaction honeypot.
• honeysap: HoneySAP is a low-interaction research-focused honeypot specific for SAP services. It's aimed at learn the techniques and motivations behind attacks against SAP systems.
• honeytrap: Honeytrap is a network security tool written to observe attacks against TCP or UDP services. It runs as a daemon and starts server processes dynamically on requested ports. A server emulates a well-known service by simply sending captured network traffic to a connected host.
• ipphoney:A honeypot for the Internet Printing Protocol.
• mailoney: Mailoney is a SMTP Honeypot I wrote just to have fun learning Python.
• medpot: Health Level Seven International (HL7) / Fast Healthcare Interoperability Resources (FHIR) Honeypot.
• rdpy: Remote Desktop Protocol Honeypot written in Python.
• snare: SNARE, a web application honeypot sensor, is the successor of Glastopf. SNARE has feature parity with Glastopf and allows to convert existing web pages into attack surfaces.
• tanner: TANNER is SNARES "brain". Every event is send from SNARE to TANNER, gets evaluated and TANNER decides how SNARE should respond to the client. This allows us to change the behaviour of many sensors on the fly. We are providing a TANNER instance for your use, but there is nothing stopping you from setting up your own instance.