SSH蜜罐工具——HonSSH

安全
HonSSH是一个高交互蜜罐解决方案,在攻击者与蜜罐之间,可以创建两个独立的SSH链接。

HonSSH是一个高交互蜜罐解决方案,在攻击者与蜜罐之间,可以创建两个独立的SSH链接,它的特点如下:

1、捕获所有链接尝试,并记录到文本文件中。

2、当攻击者发起密码尝试的时候,HonSSH可以自动更换他们的密码(spoof_login),让他们以为自己猜测到正确的密码。

3、所有交互都会记录到,可以使用Kippo playlog重放。

4、攻击者的会话都捕获在一个文本文件中。

5、可以使用telnet实时查看会话。

安装:

CONF文件配置如下:

#
# ConSSH configuration file (conssh.cfg)
#
[honeypot]

# IP addresses to listen for incoming SSH connections.
#
ssh_addr = 192.168.0.2

# Port to listen for incoming SSH connections.
#
# (default: 2222)
ssh_port = 22

# IP addresses to send outgoing SSH connections.
#
client_addr = 192.168.1.1

# IP addresses of the honeypot.
#
honey_addr = 192.168.1.2

# Directory where to save log files in.
#
# (default: logs)
log_path = logs

# Directory where to save session files in.
#
# (default: sessions)
session_path = sessions

# Public and private SSH key files.
#
public_key = id_rsa.pub
private_key = id_rsa

# Session management interface.
#
# This is a telnet based service that can be used to interact with active
# sessions. Disabled by default.
#
# (default: false)
interact_enabled = true
# (default: 127.0.0.1)
interact_interface = 127.0.0.1
# (default: 5123)
interact_port = 5123

# Spoof password?
#
# (default: false)
spoof_login = true

# Actual login password for the honey pot.
# 
# e.g. if the attacker uses the password "hello" this would replace
#      it with "goodbye" (the actual honeypot password)
spoof_pass = goodbye

[extras]

# Enables Voice
# If enabled will speak about incoming connections.
# Requires espeak and python-espeak
# 
# (default: false)
voice = true

运行:./start.sh

责任编辑:蓝雨泪 来源: FreebuF
相关推荐

2018-12-24 13:38:25

蜜罐SSH

2018-12-24 14:03:15

SSH蜜罐

2012-06-27 10:33:47

2017-02-14 08:36:56

2011-04-02 14:19:10

2011-08-22 10:40:07

SSH命令SSH命令

2019-01-29 07:06:57

2011-06-28 16:47:30

2011-04-02 11:02:24

2024-04-29 14:39:20

2019-04-08 08:50:02

2012-11-26 10:58:33

2017-08-01 06:14:49

2019-04-28 09:34:06

2015-11-09 10:39:58

公有云 ssh 工具箱

2011-01-07 14:05:11

2020-09-20 10:12:54

nccm

2009-07-13 22:46:18

2018-10-07 06:00:36

2011-04-02 10:57:41

点赞
收藏

51CTO技术栈公众号