Sometimes (actually, most times) you don’t need advanced deception technology, but rather just a simple tool to answer some simple questions. I was recently in that situation, and needed the answers to the following questions:
- Which protocols does my adversary try to brute-force?
- Which username and password did he use?
- At which speed did he brute-force?
- From where did he proxy from?
- What time of day did he brute-force?
To answer these questions, I needed a tool that would output something similar to:
To fulfill my requirements I forked and modified an existing
open source project to facilitate the creation of a new simplistic honeypot:
Heralding - the credentials catching honeypot
The source code and install instructions can be found in the Github repo here.
Key points: Simplicity works, open source rocks!