mirror of
https://github.com/aljazceru/cowrie.git
synced 2026-02-21 06:14:23 +01:00
f388b76937
commit 79fff5332ba74bab40d0059e1051ca62614488ff Merge: 645f25f 39c9fa4 Author: Michel Oosterhof <michel@oosterhof.net> Date: Sun Sep 18 14:46:09 2016 +0000 Merge branch 'configparser' of https://github.com/micheloosterhof/cowrie into configparser commit 645f25f6f22dbe374b544f08d69b7de2ef0dcb45 Author: Michel Oosterhof <michel@oosterhof.net> Date: Sun Sep 18 14:37:46 2016 +0000 rewrite code for prompt. this had issues with unicode commit 99adf95f27ef03b229e592f1fa393cf66be3faf0 Author: Michel Oosterhof <michel@oosterhof.net> Date: Sun Sep 18 14:15:10 2016 +0000 can't use "mode" commit bee2b6693fe009d361a0b117c67d11f37ed21c41 Author: Michel Oosterhof <michel@oosterhof.net> Date: Sun Sep 18 14:09:57 2016 +0000 configparser changes. not working well yet on py2 commit 39c9fa406cca9ede51af8329280af81fff870e31 Author: Michel Oosterhof <michel@oosterhof.net> Date: Sun Sep 18 14:37:46 2016 +0000 rewrite code for prompt. this had issues with unicode commit 3dd08206fcb4c7dd0a66d20b914e3279947c77de Author: Michel Oosterhof <michel@oosterhof.net> Date: Sun Sep 18 14:15:10 2016 +0000 can't use "mode" commit f54272b239409b65ef0292ac328b0a2efccbe6cd Author: Michel Oosterhof <michel@oosterhof.net> Date: Sun Sep 18 14:09:57 2016 +0000 configparser changes. not working well yet on py2
Cowrie
Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.
Cowrie is developed by Michel Oosterhof.
Features
Some interesting features:
- Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
- Possibility of adding fake file contents so the attacker can
catfiles such as/etc/passwd. Only minimal file contents are included - Session logs stored in an UML Compatible format for easy replay with original timings
- Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection
Additional functionality over standard kippo:
- SFTP and SCP support for file upload
- Support for SSH exec commands
- Logging of direct-tcp connection attempts (ssh proxying)
- Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
- Logging in JSON format for easy processing in log management solutions
- Many, many additional commands
Requirements
Software required:
- Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
- Zope Interface 3.6.0+
- Twisted 12.0+
- python-crypto
- python-cryptography
- python-pyasn1
- python-gmpy2 (recommended)
- python-mysqldb (for MySQL output)
- python-OpenSSL
Files of interest:
cowrie.cfg- Cowrie's configuration file. Default values can be found incowrie.cfg.distdata/fs.pickle- fake filesystemdata/userdb.txt- credentials allowed or disallowed to access the honeypotdl/- files transferred from the attacker to the honeypot are stored herehoneyfs/- file contents for the fake filesystem - feel free to copy a real system here or usebin/fsctllog/cowrie.json- transaction output in JSON formatlog/cowrie.log- log/debug outputlog/tty/*.log- session logstxtcmds/- file contents for the fake commandsbin/createfs- used to create the fake filesystembin/playlog- utility to replay session logs
Is it secure?
Maybe. See FAQ
I have some questions!
Please visit https://github.com/micheloosterhof/cowrie/issues
Contributors
Many people have contributed to Cowrie over the years. Special thanks to:
- Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based