aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2026-02-18 21:04:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,236 Commits 2 Branches 2 Tags
e4950e37137e95246803234e5b10c3e88b2ebb2d
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michel Oosterhof e4950e3713 Squashed commit of the following: 
commit 16466803b98f1dcbe9ba264346bc12a22215e0c4
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Sat Sep 24 09:17:06 2016 +0000

    wip

commit e1bbb9bff1b0e69b6300894a858b1fbf8b2215ae
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Fri Sep 23 20:27:19 2016 +0000

    make copy of env. not original

commit fdddad4fc683ab3c61b9330d553a0efd0bd3bbfa
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Fri Sep 23 20:26:49 2016 +0000

    simplify more

commit c31b88dd075a01551be006d03539d5fab2e216a9
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Fri Sep 23 20:17:11 2016 +0000

    simplify command passing

commit 9c7fe9dc0646814e270e06551ffd7c7f69e3acf0
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Fri Sep 23 19:42:32 2016 +0000

    replace command/args -> argv

commit 3ea6dd00947aeb9b1ebf7d7e61ae5888d02c3276
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Fri Sep 23 19:11:49 2016 +0000

    rargs -> args

commit 3eb4e77fc056f3458ce22fe4f8177ca95019c938
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Fri Sep 23 19:06:18 2016 +0000

    rename to CowrieProcess

commit 603c9611d53380163323fc85749970ea323a8582
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Thu Sep 22 19:13:41 2016 +0000

    wip

commit c253b4031476c7e5f912b9cbeb49887ef97023d0
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Sun Sep 18 21:08:29 2016 +0000

    formatting

commit 730df305057a19a22754ba6d3883e75db653d235
Author: Michel Oosterhof <michel@oosterhof.net>
Date:   Sun Sep 18 21:03:14 2016 +0000

    formatting

commit 1e167e9a535b7173abb32e07ae5157dac53af08d
Author: Dave Germiquet <davegermiquet@trulycanadian.net>
Date:   Wed Sep 7 10:01:43 2016 -0400

    Fixed bug(missing err_data in stdout)

commit 23150cb25581d27e2efc9b43b2a7655f9cd1fcd8
Author: Dave Germiquet <davegermiquet@trulycanadian.net>
Date:   Sun Sep 4 22:02:00 2016 -0400

    Used Stack to keep track of running commands
    Fixed up LOg out
    Took out debug line
    MAde it more like master, (took out unneeded changes)
    Added check back for length
    Fixed up some trouble issues with passwd/and call backs
    Removed debugging logging statements
    Reformatted for master/merge
    Took out parameter in constructor..which broke everything

    Second Implementation Choice

commit daf0c74db8a3357342ac2d448fc68cfef0fc7a28
Author: Dave Germiquet <davegermiquet@trulycanadian.net>
Date:   Sun Sep 4 04:24:22 2016 -0400

    Fixed up PIPE and ; implemetation
    Fixed up WGET, so now it should show prompt by using when commands have stopped.
2016-09-24 09:19:52 +00:00
bin
python3 compat
2016-09-18 21:25:50 +00:00
cowrie
Squashed commit of the following:
2016-09-24 09:19:52 +00:00
data
add correct entry for /
2016-01-13 19:09:48 +04:00
dl
Added 'empty' folders …
2014-05-28 05:00:21 +01:00
doc
add documentation to systemd entry
2016-07-28 15:17:34 +04:00
honeyfs
remove default issue.net
2016-09-07 12:10:47 +04:00
log/tty
Added 'empty' folders …
2014-05-28 05:00:21 +01:00
twisted/plugins
add option to disable ssh
2016-09-23 19:55:34 +00:00
txtcmds
add empty output for stty
2016-04-16 10:11:54 +00:00
.gitattributes
cowrie rename
2015-05-12 14:57:29 +00:00
.gitignore
ignore macosx files
2016-01-17 10:33:08 +04:00
.travis.yml
without semicolon works
2016-09-07 11:36:07 +04:00
CHANGELOG.md
telnet changelog
2016-08-22 16:08:49 +04:00
cowrie.cfg.dist
add option to disable ssh
2016-09-23 19:55:34 +00:00
INSTALL.md
add note about raspberry pi installation (#236)
2016-09-05 01:12:32 +04:00
README.md
new FAQ location
2016-09-18 16:48:49 +00:00
requirements.txt
require Twisted 15.2.1 for future logger work
2016-09-19 12:52:52 +04:00
start.sh
set PYTHONPATH
2016-09-18 15:54:23 +04:00
stop.sh
Remove "\n" in stop.sh.
2016-02-18 12:12:50 +08:00

README.md

Cowrie

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.

Cowrie is developed by Michel Oosterhof.

Features

Some interesting features:

  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML Compatible format for easy replay with original timings
  • Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

Additional functionality over standard kippo:

  • SFTP and SCP support for file upload
  • Support for SSH exec commands
  • Logging of direct-tcp connection attempts (ssh proxying)
  • Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
  • Logging in JSON format for easy processing in log management solutions
  • Many, many additional commands

Requirements

Software required:

  • Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
  • Zope Interface 3.6.0+
  • Twisted 12.0+
  • python-crypto
  • python-cryptography
  • python-pyasn1
  • python-gmpy2 (recommended)
  • python-mysqldb (for MySQL output)
  • python-OpenSSL

Files of interest:

  • cowrie.cfg - Cowrie's configuration file. Default values can be found in cowrie.cfg.dist
  • data/fs.pickle - fake filesystem
  • data/userdb.txt - credentials allowed or disallowed to access the honeypot
  • dl/ - files transferred from the attacker to the honeypot are stored here
  • honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here or use bin/fsctl
  • log/cowrie.json - transaction output in JSON format
  • log/cowrie.log - log/debug output
  • log/tty/*.log - session logs
  • txtcmds/ - file contents for the fake commands
  • bin/createfs - used to create the fake filesystem
  • bin/playlog - utility to replay session logs

Is it secure?

Maybe. See FAQ

I have some questions!

Please visit https://github.com/micheloosterhof/cowrie/issues

Contributors

Many people have contributed to Cowrie over the years. Special thanks to:

  • Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
Description
No description provided
Readme 6.9 MiB
Languages
Python 99.3%
Shell 0.7%