The sshd-honeypot is a modified version of the OpenSSH deamon that forwards commands to Cowrie where all commands are interpreted and returned. The sshd-honeypot is designed to let Cowrie log brute force attacks and the shell interaction performed by the attacker. As the sshd-honeypot uses OpenSSH, it can not be fingerprinted based on protocol deviations or differences in error messages. [1] Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale, Proceedings of the 12th USENIX Workshop on Offensive Technologies (WOOT ’18) [PDF] Installing the sshd-honeypot Step 1: Install cowrie-sshd Step 2: Install dependencies Step 3: Checkout the code Step 4: Run the installer Step 5: Start the honeypot Step 1: Install cowrie-sshd First we need to install cowrie-sshd. Cowrie-sshd is a modified version of Cowrie which functions as backend for the sshd-honeypot to interpret commands and log interactions performed by the attacker. Step 2: Install dependencies On Debian based
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A subset of the Modern Honey Network project set up to run in docker, including hpfeeds broker, cowrie honeypot, and dionaea honeypot.
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.