honeypots: 30 honeypots in a single pypi package

honeypots

30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials.

The honeypots respond back, non-blocking, can be used as objects, or called directly with the in-built auto-configure scripts! Also, they are easy to set up and customize; it takes 1-2 seconds to spin a honeypot up. You can spin up multiple instances with the same type. For easy integration, the output can be logged to a Postgres database, file[s], terminal, or Syslog.

This honeypots package is the only package that contains all the following: dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc.

Current Servers/Emulators

• QDNSServer
  • Server: DNS
  • Port: 53/udp
  • Lib: Twisted.dns
  • Logs: ip, port
• QFTPServer
  • Server: FTP
  • Port: 21/tcp
  • Lib: Twisted.ftp
  • Logs: ip, port, username and password (default)
  • Options: Capture all threat actor commands and data (available)
• QHTTPProxyServer
  • Server: HTTP Proxy
  • Port: 8080/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port and data
  • Options: Capture all threat actor commands and data (available)
  • Returns a dummy template by default
    • A custom template can be provided by setting "template" for this server in config.json (should be an absolute path)
• QHTTPServer
  • Server: HTTP
  • Port: 80/tcp
  • Lib: Twisted.http
  • Logs: ip, port, username and password
  • Options: Capture all threat actor commands and data (available)
• QHTTPSServer
  • Server: HTTPS
  • Port: 443/tcp
  • Lib: Twisted.https
  • Logs: ip, port, username and password
• QIMAPServer
  • Server: IMAP
  • Port: 143/tcp
  • Lib: Twisted.imap
  • Logs: ip, port, username and password (default)
  • Options: Capture all threat actor commands and data (available)
• QMysqlServer
  • Emulator: Mysql
  • Port: 3306/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port, username and password
• QPOP3Server
  • Server: POP3
  • Port: 110/tcp
  • Lib: Twisted.pop3
  • Logs: ip, port, username and password (default)
  • Options: Capture all threat actor commands and data (available)
• QPostgresServer
  • Emulator: Postgres
  • Port: 5432/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port, username and password
• QRedisServer
  • Emulator: Redis
  • Port: 6379/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port, username and password
• QSMBServer
  • Server: Redis
  • Port: 445/tcp
  • Lib: impacket
  • Logs: ip, port and username
• QSMTPServer
  • Server: SMTP
  • Port: 25/tcp
  • Lib: Twisted
  • Logs: ip, port, username and password (default)
  • Options: Capture all threat actor commands and data (available)
• QSOCKS5Server
  • Server: SOCK5
  • Port: 1080/tcp
  • Lib: socketserver
  • Logs: ip, port, username and password
• QSSHServer
  • Server: SSH
  • Port: 22/tcp
  • Lib: paramiko
  • Logs: ip, port, username and password
  • Options: Capture all threat actor commands and data (available)
• QTelnetServer
  • Server: Telnet
  • Port: 23/tcp
  • Lib: Twisted
  • Logs: ip, port, username and password
• QVNCServer
  • Emulator: VNC
  • Port: 5900/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port, username and password
• QMSSQLServer
  • Emulator: MSSQL
  • Port: 1433/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port, username and password or hash
• QElasticServer
  • Emulator: Elastic
  • Port: 9200/tcp
  • Lib: http.server
  • Logs: ip, port and data
• QLDAPServer
  • Emulator: LDAP
  • Port: 389/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port, username and password
• QNTPServer
  • Emulator: NTP
  • Port: 123/udp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port and data
• QMemcacheServer
  • Emulator: Memcache
  • Port: 11211/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port and data
• QOracleServer
  • Emulator: Oracle
  • Port: 1521/tcp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port and connect data
• QSNMPServer
  • Emulator: SNMP
  • Port: 161/udp
  • Lib: Twisted (low level emulation)
  • Logs: ip, port and data
• QSIPServer
  • Emulator: SIP
  • Port: 5060/udp
  • Lib: Twisted.sip
  • Logs: ip, port and data
  • Options: Capture all threat actor commands and data (available)
• QIRCServer
  • Emulator: IRC
  • Port: 6667/tcp
  • Lib: Twisted.irc
  • Logs: ip, port, username and password
  • Options: Capture all threat actor commands and data (available)
• QPJLServer
  • Emulator: PJL
  • Port: 9100/tcp
  • Lib: Twisted
  • Logs: ip, port
  • Options: Capture all threat actor commands and data (available)
• QIPPServer
  • Emulator: IPP
  • Port: 631/tcp
  • Lib: Twisted
  • Logs: ip, port
  • Options: Capture all threat actor commands and data (available)
• QRDPServer
  • Emulator: RDP
  • Port: 3389/tcp
  • Lib: Sockets
  • Logs: ip, port, username and password
  • Options: Capture all threat actor commands and data (available)
• QDHCPServer
  • Emulator: DHCP
  • Port: 67/udp
  • Lib: Sockets
  • Logs: ip, port

Install

pip3 install honeypots

Usage Example – Auto configure

honeypot, or multiple honeypots separated by comma or word all

python3 -m honeypots ssh

Usage Example – Auto configure with specific ports

Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port

python3 -m honeypots imap:143,mysql:3306,redis:6379

Usage Example – Import as object and auto test

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”ip%3D%20String%20E.g.%200.0.0.0%0Aport%3D%20Int%20E.g.%209999%0Ausername%3D%20String%20E.g.%20Test%0Apassword%3D%20String%20E.g.%20Test%0Amocking%3D%20Boolean%20or%20String%20E.g%20OpenSSH%207.0%0Alogs%3D%20String%20E.g%20db%2C%20terminal%20or%20all%0Aalways%20remember%20to%20add%20process%3Dtrue%20to%20run_server()%20for%20non-blocking”/]

Usage Example – Import as object and test with external ssh command

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”from%20honeypots%20import%20QSSHServer%0Aqsshserver%20%3D%20QSSHServer(port%3D9999)%0Aqsshserver.run_server(process%3DTrue)”/]

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”ssh%20test%40127.0.0.1%0A”/]

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”INFO%3Achameleonlogger%3A%5B’servers’%2C%20%7B’status’%3A%20’success’%2C%20’username’%3A%20’test’%2C%20’ip’%3A%20’127.0.0.1’%2C%20’server’%3A%20’ssh_server’%2C%20’action’%3A%20’login’%2C%20’password’%3A%20’test’%2C%20’port’%3A%2038696%7D%5D%0Aqsshserver.kill_server()”/]

Copyright (C) 2020 qeeqbox

Source: https://github.com/qeeqbox/

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy