Twisted Honeypots
Twisted-honeypots SSH, FTP and Telnet honeypot services based on the Twisted engine for Python 3. All credentials are stored on a local MySQL database. This will create easily (and painlessly) very good dictionaries to use for pentesting. Install: $ git clone https://github.com/lanjelot/twisted-honeypots /opt/twisted-honeypots $ cd /opt/twisted-honeypots $ sudo ./install.sh && ./setup-db.sh Usage: To start/stop the services: $ sudo ./start.sh $ sudo ./stop.sh To monitor the current execution: $ ./monitor.sh To extract the login/passwords in a wordlist sorted by best popularity: $ source vars.sh # logins $ echo "select distinct login from pot group by login order by count(login) desc" | mysql -rs -u${MYSQL_USER} -p${MYSQL_PWD} ${MYSQL_DB} # passwords $ echo "select distinct password from pot group by password order by count(password) desc" | mysql -rs -u${MYSQL_USER} -p${MYSQL_PWD} ${MYSQL_DB}
FEATURES
SIMILAR TOOLS
A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
An open-source Python software for creating honeypots and honeynets securely.
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
Apache 2 based honeypot for detecting and blocking Struts CVE 2017-5638 exploit with added support for content disposition filename parsing vulnerability.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.