A script to install and deploy a honeypot automatically and without user interaction. Currently installs and sets up: kippo, dionaea, p0f. These will all be installed as system services so running this script once should turn a vanilla install into a robust honeypot. Aims to use useful and secure defaults. Currently tested on Ubuntu 12.04. Use with caution: This script will happily and without prompt overwrite files, change the port your SSH server runs and all sorts. It is intended to be run on a vanilla install of Ubuntu 12.04. No thoughts have been made for the integrity of existing installations of software - so be careful! Usage: This script can cause damage to your system. It is meant only to be used on a vanilla installation. Only run this if you know what you are doing. wget -q https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/setup.bash -O /tmp/setup.bash && bash /tmp/setup.bash. Effects: Moves SSH server from port 22 to 65534. Installs Dionaea, Kippo, p0f. Sets up Dionaea, Kippo, and p0f as system services that run on startup. Directory Structure: Logging Dionaea: /var/dionaea/, Kippo: /var/kippo/, p0f: /var/p0f/.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.