Sometimes (actually, most times) you don’t need advanced deception technology, but rather just a simple tool to answer some simple questions. I was recently in that situation, and needed the answers to the following questions:
To answer these questions, I needed a tool that would output something similar to:
2016-03-12 20:35:02.258198,192.168.2.129,51551,23,telnet,bond,james
2016-03-12 20:35:09.658593,192.168.2.129,51551,23,telnet,clark,[email protected]
2016-03-18 19:31:38.521047,192.168.2.129,53416,22,ssh,guest,guest
2016-03-18 19:31:39.376768,192.168.2.129,53416,22,ssh,HundeMad,katNIPkat
2016-03-18 19:33:07.064504,192.168.2.129,53431,110,pop3,charles,N00P1SH
2016-03-18 19:33:12.504483,192.168.2.129,53431,110,pop3,NektarManden,mANDENnEktar
2016-03-18 19:36:56.077840,192.168.2.129,53445,21,ftp,Joooop,Pooop
To fulfill my requirements I forked and modified an existing open source project to facilitate the creation of a new simplistic honeypot:
Heralding – the credentials catching honeypot.
The source code and install instructions can be found in the Github repo here.
Key points: Simplicity works, open source rocks!
Regards,
Johnny Vestergaard