VelLMes-AI-Honeypot: Creates interactive, dynamic, and realistic honeypots
VelLMes-AI-Honeypot
The VelLMes
read as (Vel-L-M-es, from Slavic deity Veles and LLMs) creates interactive, dynamic, and realistic honeypots through the use of Large Language Models (LLMs). The VelLMes
tool was created from a research project to show the effectiveness of dynamic fake file systems and command responses to keep attackers trapped longer, thus increasing the intelligence collected.
The VelLMes
can simulate services such as SSH Linux shell (shelLM
), MySQL, POP3, and HTTP.
This repository also includes the Attacker LLM
that can interact with Linux shells, search for vulnerabilities, and report on its findings.
Feature
VelLMes
was developed in Python and currently uses Open AI GPT models. Among its key features are:
- The content from a previous session can be carried over to a new session to ensure consistency.
- It uses a combination of techniques for prompt engineering, including chain-of-thought.
- Uses prompts with precise instructions to address common LLM problems.
- More creative file and directory names for Linux shells
- In the Linux shell the users can “move” through folders
- Response is correct also for non-commands for all services
- It can simulate databases and their relations in the MySQL honeypot.
- It can create emails with all the necessary header info in the POP3 honeypots.
- It can respond to HTTP GET requests