cowrie/cowrie
Fork: 893 Star: 5225 (更新于 2024-11-26 18:34:14)
license: NOASSERTION
Language: Python .
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
最后发布版本: v2.5.0 ( 2023-01-09 23:19:22)
Cowrie
Welcome to the Cowrie GitHub repository
This is the official repository for the Cowrie SSH and Telnet Honeypot effort.
What is Cowrie
Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.
Cowrie <http://github.com/cowrie/cowrie/>
_ is maintained by Michel Oosterhof.
Documentation
The Documentation can be found here <https://cowrie.readthedocs.io/en/latest/index.html>
_.
Slack
You can join the Cowrie community at the following Slack workspace <https://www.cowrie.org/slack/>
_.
Features
-
Choose to run as an emulated shell (default):
- Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
- Possibility of adding fake file contents so the attacker can
cat
files such as/etc/passwd
. Only minimal file contents are included - Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection
-
Or proxy SSH and telnet to another system
- Run as a pure telnet and ssh proxy with monitoring
- Or let Cowrie manage a pool of QEMU emulated servers to provide the systems to login to
For both settings:
- Session logs are stored in an
UML Compatible <http://user-mode-linux.sourceforge.net/>
_ format for easy replay with thebin/playlog
utility. - SFTP and SCP support for file upload
- Support for SSH exec commands
- Logging of direct-tcp connection attempts (ssh proxying)
- Forward SMTP connections to SMTP Honeypot (e.g.
mailoney <https://github.com/awhitehatter/mailoney>
_) - JSON logging for easy processing in log management solutions
Docker
Docker versions are available.
-
To get started quickly and give Cowrie a try, run::
$ docker run -p 2222:2222 cowrie/cowrie:latest $ ssh -p 2222 root@localhost
-
On Docker Hub: https://hub.docker.com/r/cowrie/cowrie
Configuring Cowrie in Docker
Cowrie in Docker can be configured using environment variables. The
variables start with COWRIE_ then have the section name in capitals,
followed by the stanza in capitals. An example is below to enable
telnet support::
COWRIE_TELNET_ENABLED=yes
Alternatively, Cowrie in Docker can use an `etc` volume to store
configuration data. Create `cowrie.cfg` inside the etc volume
with the following contents to enable telnet in your Cowrie Honeypot
in Docker::
[telnet]
enabled = yes
Requirements
*****************************************
Software required to run locally:
* Python 3.9+
* python-virtualenv
For Python dependencies, see `requirements.txt <https://github.com/cowrie/cowrie/blob/master/requirements.txt>`_.
Files of interest:
*****************************************
* `etc/cowrie.cfg` - Cowrie's configuration file.
* `etc/cowrie.cfg.dist <https://github.com/cowrie/cowrie/blob/master/etc/cowrie.cfg.dist>`_ - default settings, don't change this file
* `etc/userdb.txt` - credentials to access the honeypot
* `src/cowrie/data/fs.pickle` - fake filesystem, this only contains metadata (path, uid, gid, size)
* `honeyfs/ <https://github.com/cowrie/cowrie/tree/master/honeyfs>`_ - contents for the fake filesystem
* `honeyfs/etc/issue.net` - pre-login banner
* `honeyfs/etc/motd <https://github.com/cowrie/cowrie/blob/master/honeyfs/etc/issue>`_ - post-login banner
* `src/cowrie/data/txtcmds/` - output for simple fake commands
* `var/log/cowrie/cowrie.json` - audit output in JSON format
* `var/log/cowrie/cowrie.log` - log/debug output
* `var/lib/cowrie/tty/` - session logs, replayable with the `bin/playlog` utility.
* `var/lib/cowrie/downloads/` - files transferred from the attacker to the honeypot are stored here
* `bin/createfs` - create your own fake filesystem
* `bin/playlog` - utility to replay session logs
Contributors
***************
Many people have contributed to Cowrie over the years. Special thanks to:
* Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
* Dave Germiquet (davegermiquet) for TFTP support, unit tests, new process handling
* Olivier Bilodeau (obilodeau) for Telnet support
* Ivan Korolev (fe7ch) for many improvements over the years.
* Florian Pelgrim (craneworks) for his work on code cleanup and Docker.
* Guilherme Borges (sgtpepperpt) for SSH and telnet proxy (GSoC 2019)
* And many many others.
最近版本更新:(数据更新于 2024-09-15 00:55:06)
2023-01-09 23:19:22 v2.5.0
2022-07-16 10:41:17 v2.4.0
2021-10-17 23:32:51 v2.3.0
2020-11-12 00:35:30 v2.2.0
2020-05-10 23:39:11 v2.1.0
2019-11-06 02:41:11 v2.0.2
2019-11-02 21:15:35 v2.0.1
2019-10-15 23:50:09 v2.0.0
2019-10-05 00:37:07 v1.9.7
2019-04-05 04:55:53 1.6.0
主题(topics):
attacker, cowrie, cowrie-ssh, deception, decoy, honeypot, kippo, scp, security, sftp, ssh, telnet, telnet-honeypot, threat-analysis, threat-sharing, threatintel
cowrie/cowrie同语言 Python最近更新仓库
2024-12-22 18:18:34 LeslieLeung/heimdallr
2024-12-22 09:03:32 ultralytics/ultralytics
2024-12-21 13:26:40 notepad-plus-plus/nppPluginList
2024-12-21 11:42:53 XiaoMi/ha_xiaomi_home
2024-12-21 04:33:22 comfyanonymous/ComfyUI
2024-12-20 18:47:56 home-assistant/core