Endlessh Logo

Endlessh

0
Free
Visit Website

Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server. Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time. Usage information is printed with -h. Usage: endlessh [-vhs] [-d MS] [-f CONFIG] [-l LEN] [-m LIMIT] [-p PORT] -4 Bind to IPv4 only -6 Bind to IPv6 only -d INT Message millisecond delay [10000] -f Set and load config file [/etc/endlessh/config] -h Print this help message and exit -l INT Maximum banner line length (3-255) [32] -m INT Maximum number of clients [4096] -p INT Listening port [2222] -s Print diagnostics to syslog instead of standard output -v Print diagnostics (repeatable) Argument order matters. The configuration file is loaded when the -f argument is processed, so only the options that follow will override the c

FEATURES

ALTERNATIVES

KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.

A Python-based honeypot service for SSH, FTP, and Telnet connections

A signature-based, multi-step, high interaction honeypot detection tool with support for various detection methods and protocols.

LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.

Honey-Pod for SSH that logs username and password tries during brute-force attacks.

A tool for testing subdomain takeover possibilities at a mass scale.

An LLM-based honeypot file system creator that generates realistic file systems and configurations to lure attackers and improve analyst engagement.

A script for setting up a dionaea and kippo honeypot using Docker images.