aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2026-02-06 23:14:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,268 Commits 2 Branches 2 Tags
731ec40492ade9edc101fb7c4e2acca5743b528e
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Sam Edwards 731ec40492 fs: Explore the honeyfs directory for realfile names at init time. 
The old method of checking the honeyfs directory whenever a file was
accessed for the first time required that the original path to the file
be known. If the file was renamed, copied, moved to a new directory, or
one of its parent directories was renamed before its first access, its
original path would be completely lost and the real filename would not be
resolved.

This new method ensures that all A_REALFILE attributes are populated
upfront, and the filesystem can be rearranged plenty without breaking
honeyfs.
2016-10-13 19:07:55 +04:00
bin
python3 compat
2016-09-18 21:25:50 +00:00
cowrie
fs: Explore the honeyfs directory for realfile names at init time.
2016-10-13 19:07:55 +04:00
data
add correct entry for /
2016-01-13 19:09:48 +04:00
dl
Added 'empty' folders …
2014-05-28 05:00:21 +01:00
doc
add documentation to systemd entry
2016-07-28 15:17:34 +04:00
honeyfs
remove default issue.net
2016-09-07 12:10:47 +04:00
log/tty
Added 'empty' folders …
2014-05-28 05:00:21 +01:00
twisted/plugins
add option to disable ssh
2016-09-23 19:55:34 +00:00
txtcmds
add empty output for stty
2016-04-16 10:11:54 +00:00
.gitattributes
cowrie rename
2015-05-12 14:57:29 +00:00
.gitignore
ignore macosx files
2016-01-17 10:33:08 +04:00
.travis.yml
without semicolon works
2016-09-07 11:36:07 +04:00
CHANGELOG.md
telnet changelog
2016-08-22 16:08:49 +04:00
cowrie.cfg.dist
remove dblog_hpfeeds example
2016-10-03 11:22:59 +04:00
INSTALL.md
add RSA key workaround
2016-09-28 22:51:34 +04:00
README.md
new FAQ location
2016-09-18 16:48:49 +00:00
requirements.txt
add crypto explicitly, it's missing for some people
2016-10-01 21:04:37 +00:00
start.sh
set PYTHONPATH
2016-09-18 15:54:23 +04:00
stop.sh
Remove "\n" in stop.sh.
2016-02-18 12:12:50 +08:00

README.md

Cowrie

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.

Cowrie is developed by Michel Oosterhof.

Features

Some interesting features:

  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML Compatible format for easy replay with original timings
  • Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

Additional functionality over standard kippo:

  • SFTP and SCP support for file upload
  • Support for SSH exec commands
  • Logging of direct-tcp connection attempts (ssh proxying)
  • Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
  • Logging in JSON format for easy processing in log management solutions
  • Many, many additional commands

Requirements

Software required:

  • Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
  • Zope Interface 3.6.0+
  • Twisted 12.0+
  • python-crypto
  • python-cryptography
  • python-pyasn1
  • python-gmpy2 (recommended)
  • python-mysqldb (for MySQL output)
  • python-OpenSSL

Files of interest:

  • cowrie.cfg - Cowrie's configuration file. Default values can be found in cowrie.cfg.dist
  • data/fs.pickle - fake filesystem
  • data/userdb.txt - credentials allowed or disallowed to access the honeypot
  • dl/ - files transferred from the attacker to the honeypot are stored here
  • honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here or use bin/fsctl
  • log/cowrie.json - transaction output in JSON format
  • log/cowrie.log - log/debug output
  • log/tty/*.log - session logs
  • txtcmds/ - file contents for the fake commands
  • bin/createfs - used to create the fake filesystem
  • bin/playlog - utility to replay session logs

Is it secure?

Maybe. See FAQ

I have some questions!

Please visit https://github.com/micheloosterhof/cowrie/issues

Contributors

Many people have contributed to Cowrie over the years. Special thanks to:

  • Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
Description
No description provided
Readme 6.9 MiB
Languages
Python 99.3%
Shell 0.7%