SSH蜜罐工具解决方案——HonSSH

  • A+
所属分类:神兵利刃

HonSSH是一个高交互蜜罐解决方案,在攻击者与蜜罐之间,可以创建两个独立的SSH链接,它的特点如下:

  1、捕获所有链接尝试,并记录到文本文件中。

  2、当攻击者发起密码尝试的时候,HonSSH可以自动更换他们的密码(spoof_login),让他们以为自己猜测到正确的密码。

  3、所有交互都会记录到,可以使用Kippo playlog重放。

  4、攻击者的会话都捕获在一个文本文件中。

  5、可以使用telnet实时查看会话。

  安装:

  CONF文件配置如下:

  #

  # ConSSH configuration file (conssh.cfg)

  #

  [honeypot]

  # IP addresses to listen for incoming SSH connections.

  #

  ssh_addr = 192.168.0.2

  # Port to listen for incoming SSH connections.

  #

  # (default: 2222)

  ssh_port = 22

  # IP addresses to send outgoing SSH connections.

  #

  client_addr = 192.168.1.1

  # IP addresses of the honeypot.

  #

  honey_addr = 192.168.1.2

  # Directory where to save log files in.

  #

  # (default: logs)

  log_path = logs

  # Directory where to save session files in.

  #

  # (default: sessions)

  session_path = sessions

  # Public and private SSH key files.

  #

  public_key = id_rsa.pub

  private_key = id_rsa

  # Session management interface.

  #

  # This is a telnet based service that can be used to interact with active

  # sessions. Disabled by default.

  #

  # (default: false)

  interact_enabled = true

  # (default: 127.0.0.1)

  interact_interface = 127.0.0.1

  # (default: 5123)

  interact_port = 5123

  # Spoof password?

  #

  # (default: false)

  spoof_login = true

  # Actual login password for the honey pot.

  #

  # e.g. if the attacker uses the password "hello" this would replace

  # it with "goodbye" (the actual honeypot password)

  spoof_pass = goodbye

  [extras]

  # Enables Voice

  # If enabled will speak about incoming connections.

  # Requires espeak and python-espeak

  #

  # (default: false)

  voice = true

  运行:./start.sh

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: