honeypot: Use it for catching hackers

Nowdays internal & external networks are not secure. That’s why various security policies are implemented on networking level are implemented. These policies still need many new adaptations for getting a good security measures. Various companies uses network firewalls, IDS, IPS & honeypots for network security. Nowdays most companies are adopting honeypots in their security. Honeypot is a network defence setup to trap attackers. Honeypots are designed to defend hackers & identify malicious activities over the network. There are many popular honeypots which are used by many companies. Today we will show you low interaction honeypot which is used check activities running on networks.

According to ethical hacking researcher of international institute of cyber security honeypots are great tools to monitor attacks & quite handful in malware analysis.

Honeypy is designed in python2 used to log activities going on network. Its an low intend project mostly used for testing on the local networks. Honeypy create logs if any malicious activities is going on the network.

HoneyPy :-

HoneyPy was built to extend new service emulations. Honeypy works for TCP & UDP. Honeypy do offer long handler integrations with HoneyDB, slack, Logstash, Twitter & ElasticSearch. HoneyPy logs each movement on the network.

  • Honeypy has been tested on Kali Linux 2018.4 amd64.
  • For cloning type git clone https://github.com/foospidy/HoneyPy.git
root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/foospidy/HoneyPy.git
Cloning into 'HoneyPy'…
remote: Enumerating objects: 2, done.
remote: Counting objects: 100% (2/2), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 2632 (delta 1), reused 0 (delta 0), pack-reused 2630
Receiving objects: 100% (2632/2632), 2.81 MiB | 1.37 MiB/s, done.
Resolving deltas: 100% (1564/1564), done.
  • Type cd HoneyPy & ls
root@kali:/home/iicybersecurity/Downloads# cd HoneyPy/
root@kali:/home/iicybersecurity/Downloads/HoneyPy# ls
docs etc Honey.py lib LICENSE loggers Makefile mkdocs.yml Pipfile plugins README.md requirements.txt VERSION
  • Type pip install -r requirements.txt
root@kali:/home/iicybersecurity/Downloads/HoneyPy# pip install -r requirements.txt
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Requirement already satisfied: dnslib==0.9.7 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1)) (0.9.7)
Collecting requests==2.20.0 (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/f1/ca/10332a30cb25b627192b4ea272c351bce3ca1091e541245cccbace6051d8/requests-2.20.0-py2.py3-none-any.whl (60kB)
100% |████████████████████████████████| 61kB 141kB/s
Collecting Twisted==14.0.2 (from -r requirements.txt (line 3))
Downloading https://files.pythonhosted.org/packages/0f/88/18bb0eddb483033e35b1b84bdf9de4cedb8906ece178e2d921451282b3c8/Twisted-14.0.2.tar.bz2 (4.3MB)
100% |████████████████████████████████| 4.4MB 159kB/s
Collecting python_twitter==3.1 (from -r requirements.txt (line 4))
Downloading https://files.pythonhosted.org/packages/96/69/53b87d2b717a669eb8f46d6e1d180d0a691f3d303631ca6be80f9d036a2a/python-twitter-3.1.tar.gz (80kB)
100% |████████████████████████████████| 81kB 630kB/s
Requirement already satisfied: certifi in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 5)) (2018.8.24)
Requirement already satisfied: urllib3 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 6)) (1.22)
Collecting pika==0.10.0 (from -r requirements.txt (line 7))
Downloading https://files.pythonhosted.org/packages/26/12/400cf0aca6b1ecf1f00dcd89b246e7a4c8558677304ba067167b8167e714/pika-0.10.0-py2.py3-none-any.whl (92kB)
100% |████████████████████████████████| 102kB 3.0MB/s
Collecting pylint (from -r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/59/65/adcffa71fe942313c4d9e9284565d9a9e67798f4771f464e1d5dd58fea88/pylint-1.9.4-py2.py3-none-any.whl (689kB)
100% |████████████████████████████████| 696kB 727kB/s
Collecting autopep8 (from -r requirements.txt (line 9))
Downloading https://files.pythonhosted.org/packages/5b/ba/37d30e4263c51ee5a655118ac8c331e96a4e45fd4cea876a74b87af9ffc1/autopep8-1.4.3.tar.gz (113kB)
100% |████████████████████████████████| 122kB 22.6MB/s
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python2.7/dist-packages (from requests==2.20.0->-r requirements.txt (line 2)) (2.6)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests==2.20.0->-r requirements.txt (line 2)) (3.0.4)
Requirement already satisfied: zope.interface>=3.6.0 in /usr/lib/python2.7/dist-packages (from Twisted==14.0.2->-r requirements.txt (line 3)) (4.3.2)
Requirement already satisfied: future in /usr/lib/python2.7/dist-packages (from python_twitter==3.1->-r requirements.txt (line 4)) (0.15.2)
Collecting requests-oauthlib (from python_twitter==3.1->-r requirements.txt (line 4))
Downloading https://files.pythonhosted.org/packages/c2/e2/9fd03d55ffb70fe51f587f20bcf407a6927eb121de86928b34d162f0b1ac/requests_oauthlib-1.2.0-py2.py3-none-any.whl
Collecting isort>=4.2.5 (from pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/41/d8/a945da414f2adc1d9e2f7d6e7445b27f2be42766879062a2e63616ad4199/isort-4.3.4-py2-none-any.whl (45kB)
100% |████████████████████████████████| 51kB 3.6MB/s
Collecting mccabe (from pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/87/89/479dc97e18549e21354893e4ee4ef36db1d237534982482c3681ee6e7b57/mccabe-0.6.1-py2.py3-none-any.whl
Requirement already satisfied: singledispatch; python_version < "3.4" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (3.4.0.3)
Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (1.11.0)
Requirement already satisfied: configparser; python_version == "2.7" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (3.5.0b2)
Requirement already satisfied: backports.functools-lru-cache; python_version == "2.7" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (1.5)
Collecting astroid<2.0,>=1.6 (from pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/0e/9b/18b08991c8c6aaa827faf394f4468b8fee41db1f73aa5157f9f5fb2e69c3/astroid-1.6.5-py2.py3-none-any.whl (293kB)
100% |████████████████████████████████| 296kB 8.0MB/s
Collecting pycodestyle>=2.4.0 (from autopep8->-r requirements.txt (line 9))
Downloading https://files.pythonhosted.org/packages/0e/0c/04a353e104d2f324f8ee5f4b32012618c1c86dd79e52a433b64fceed511b/pycodestyle-2.5.0-py2.py3-none-any.whl (51kB)
100% |████████████████████████████████| 51kB 2.8MB/s
Collecting oauthlib>=3.0.0 (from requests-oauthlib->python_twitter==3.1->-r requirements.txt (line 4))
Downloading https://files.pythonhosted.org/packages/16/95/699466b05b72b94a41f662dc9edf87fda4289e3602ecd42d27fcaddf7b56/oauthlib-3.0.1-py2.py3-none-any.whl (142kB)
100% |████████████████████████████████| 143kB 5.8MB/s
Requirement already satisfied: futures in /usr/lib/python2.7/dist-packages (from isort>=4.2.5->pylint->-r requirements.txt (line 8)) (3.2.0)
Requirement already satisfied: enum34>=1.1.3; python_version < "3.4" in /usr/lib/python2.7/dist-packages (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8)) (1.1.6)
Collecting wrapt (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/67/b2/0f71ca90b0ade7fad27e3d20327c996c6252a2ffe88f50a95bba7434eda9/wrapt-1.11.1.tar.gz
Collecting lazy-object-proxy (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/52/7e/f0f570ba363e15251bb9fd452257ec2aff91be0187a08a893afbd8ae225f/lazy_object_proxy-1.3.1-cp27-cp27mu-manylinux1_x86_64.whl (56kB)
100% |████████████████████████████████| 61kB 5.0MB/s
Building wheels for collected packages: Twisted, python-twitter, autopep8, wrapt
Building wheel for Twisted (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/05/17/5a/924573fd00805c6339713d6f96af6af763f959f199d7a31341
Building wheel for python-twitter (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/8a/17/09/f9948b2483ac9eeb7961db60cd5f87f03c1ca75667815043ba
Building wheel for autopep8 (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/91/07/fd/99884826d575c769102ddec2f9b96c7ad57cc6b5ca3a5e02b4
Building wheel for wrapt (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/89/67/41/63cbf0f6ac0a6156588b9587be4db5565f8c6d8ccef98202fc
Successfully built Twisted python-twitter autopep8 wrapt
Installing collected packages: requests, Twisted, oauthlib, requests-oauthlib, python-twitter, pika, isort, mccabe, wrapt, lazy-object-proxy, astroid, pylint, pycodestyle, autopep8
Found existing installation: requests 2.9.1
Uninstalling requests-2.9.1:
Successfully uninstalled requests-2.9.1
Found existing installation: Twisted 18.7.0
Uninstalling Twisted-18.7.0:
Successfully uninstalled Twisted-18.7.0
Successfully installed Twisted-14.0.2 astroid-1.6.5 autopep8-1.4.3 isort-4.3.4 lazy-object-proxy-1.3.1 mccabe-0.6.1 oauthlib-3.0.1 pika-0.10.0 pycodestyle-2.5.0 pylint-1.9.4 python-twitter-3.1 requests-2.20.0 requests-oauthlib-1.2.0 wrapt-1.11.1
  • After installation configure API keys into the honeypy.cfg
  • Enter the api id & api key. For getting API key go to : https://riskdiscovery.com/honeydb/loginUsers
  • Type cd /honeypy/etc/ & ls
  • Type nano honeypy.cfg
  • Copy the API keys and enter those API into honeypy.cfg
Post your events to HoneyDB. Your HoneyPy honepots can contribute threat information to HoneyDB.
You will need to create API credentails for this to work. See https://riskdiscovery.com/honeydb/#threats
[honeydb]
enabled = Yes
api_id = 029b9f7eccfb783dc84418946c517dd7314adaec2ce2803a3098f3c56acc3e4f
api_key = 9e951e35cada41ce60df63a5627bfc9e44c876529348e3ca1ea0399a7e687e4f
  • After configuring honeypy.cfg. Run honeypy

HoneyDB :-

Honeydb is a website created to capture live honeypot sessions running over the network. Honeydb shows top countries stats with their IP addresses. Honeydb offers API which can be used in different honeypots. These are design to start with honeypots.

  • Type pip install honeydb
root@kali:/home/iicybersecurity/Downloads/HoneyPy# pip install honeydb
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting honeydb
Downloading https://files.pythonhosted.org/packages/49/9f/5347b81d61cad79c7377a0d83ed2ed7faeb0df4275a94084cc7cbf76bf9f/honeydb-0.0.7-py2.py3-none-any.whl
Requirement already satisfied: requests in /usr/local/lib/python2.7/dist-packages (from honeydb) (2.20.0)
Requirement already satisfied: pyopenssl in /usr/local/lib/python2.7/dist-packages (from honeydb) (17.2.0)
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (2.6)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (3.0.4)
Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (1.22)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (2018.8.24)
Requirement already satisfied: cryptography>=1.9 in /usr/lib/python2.7/dist-packages (from pyopenssl->honeydb) (2.3)
Requirement already satisfied: six>=1.5.2 in /usr/lib/python2.7/dist-packages (from pyopenssl->honeydb) (1.11.0)
Installing collected packages: honeydb
Successfully installed honeydb-0.0.7
  • Once installed, Honeydb is also used to scan for the malware samples.
(Visited 149 1 times,)