aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2025-12-17 05:54:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,433 Commits 2 Branches 2 Tags
develop
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
lelonek1 914e704b11 Improve handling of ImportErrors to notify users that they need to install new dependencies (#390) 
* Improve handling of ImportErrors to notify users that they need to install new dependencies

Also added missing dependency to requirements.txt

* Mention installing dependencies in virtualenv if used

* Improve handling of ImportErrors to notify users that they need to install new dependencies

Also added missing dependency to requirements.txt

* Mention installing dependencies in virtualenv if used

* Move requirements used only by output modules to a separate file

* Using a virtualenv is now the only officially supported method

* Handle ImportErrors when loading output plugins so different install instructions can be given
2017-01-02 12:28:34 +04:00
bin
Use $@ instead of $* so quoted parameters are expanded correctly and support specifying alternate venv name in COWRIE_VENV environment variable (#384)
2016-12-21 12:31:26 +04:00
cowrie
Merge branch 'develop' of https://github.com/micheloosterhof/cowrie into develop
2016-12-21 12:35:14 +04:00
doc
add new path
2016-12-21 12:30:33 +04:00
etc
remove all dblog
2016-12-21 12:31:26 +04:00
share
remove
2016-12-21 12:37:44 +04:00
twisted/plugins
Improve handling of ImportErrors to notify users that they need to install new dependencies (#390)
2017-01-02 12:28:34 +04:00
var
ignore all here
2016-12-21 12:30:33 +04:00
.gitattributes
cowrie rename
2015-05-12 14:57:29 +00:00
.gitignore
ignore trial files
2016-12-21 12:30:33 +04:00
.travis.yml
disable python 3.x testing for now
2016-10-27 04:53:52 +00:00
CHANGELOG.md
more doc updates
2016-12-21 12:30:17 +04:00
INSTALL.md
Update Install Instructions (#388)
2017-01-01 21:19:56 +04:00
README.md
more doc updates
2016-12-21 12:30:17 +04:00
requirements-output.txt
Improve handling of ImportErrors to notify users that they need to install new dependencies (#390)
2017-01-02 12:28:34 +04:00
requirements.txt
Improve handling of ImportErrors to notify users that they need to install new dependencies (#390)
2017-01-02 12:28:34 +04:00

README.md

Welcome to the Cowrie GitHub repository

This is the official repository for the Cowrie SSH and Telnet Honeypot effort.

What is Cowrie

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.

Cowrie is developed by Michel Oosterhof.

Features

Some interesting features:

  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML Compatible format for easy replay with original timings
  • Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

Additional functionality over standard kippo:

  • SFTP and SCP support for file upload
  • Support for SSH exec commands
  • Logging of direct-tcp connection attempts (ssh proxying)
  • Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
  • Logging in JSON format for easy processing in log management solutions
  • Many, many additional commands

Requirements

Software required:

  • Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
  • Zope Interface 3.6.0+
  • Twisted 12.0+
  • python-crypto
  • python-cryptography
  • python-pyasn1
  • python-gmpy2 (recommended)
  • python-mysqldb (for MySQL output)
  • python-OpenSSL

Files of interest:

  • etc/cowrie.cfg - Cowrie's configuration file. Default values can be found in etc/cowrie.cfg.dist
  • etc/userdb.txt - credentials allowed or disallowed to access the honeypot
  • var/log/cowrie/cowrie.log - Twisted format log
  • var/log/cowrie/cowrie.json - transaction output in JSON format
  • var/lib/ttylog/ - session logs UML format
  • var/lib/dl/ - files transferred from the attacker to the honeypot are stored here
  • share/cowrie/fs.pickle - fake filesystem
  • share/cowrie/txtcmds/ - file contents for fake commands
  • share/cowrie/honeyfs/ - file contents for the fake filesystem
  • bin/createfs - used to create the honeypot filesystem
  • bin/playlog - utility to replay session logs in UML format

Is it secure?

Maybe. See FAQ

I have some questions!

Please visit https://github.com/micheloosterhof/cowrie/issues

Contributors

Many people have contributed to Cowrie over the years. Special thanks to:

  • Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
Description
No description provided
Readme 6.9 MiB
Languages
Python 99.3%
Shell 0.7%