Capture Malicious Payload
Switch branches/tags
Clone or download
Latest commit 6e999d5 Sep 18, 2018
Permalink
Failed to load latest commit information.
config add honeypot Mar 4, 2018
decoder updage Aug 2, 2018
doc/images update Jul 9, 2018
honeypot update Sep 18, 2018
logp delete metrics May 29, 2017
outputs add heartbeat Jun 21, 2018
paths fixbug May 2, 2017
sniffer add debug info Aug 8, 2017
utils support send log to nsq Sep 20, 2017
LICENSE update license Mar 7, 2018
Makefile add intelAMTResponse Jan 15, 2018
README.md Update README.md Jul 21, 2018
create_kp.sh add tls Feb 16, 2018
main.go add honeypot Mar 4, 2018

README.md

APacket

Capture malicious payload

It is built on the shoulders of Beats and blackhole. A big thanks.

Requirements

  • System tools
    • conntrack #Netfilter's connection tracking userspace tools

Features

  • Low Interaction Honeypot
  • Capture TCP/SYN and backscatter packet only.
  • Capture Malicious payload,reference blackhole.
  • Capture all packets.

Installation from source

go get github.com/Acey9/apacket
cd $GOPATH/src/github.com/Acey9/apacket
make install
apacket -i eth1 -bs -f "not tcp port 22 and not arp" -r 102400 -k 10 -p ./apacket.logs -n apacket.log  -listen 0.0.0.0:54321 -tlslisten 0.0.0.0:54322 -crt ./localhost.crt -key ./ocalhost.key smtp memcached

#install log server
go get github.com/Acey9/sapacket
cd $GOPATH/src/github.com/Acey9/sapacket
make install
sapacket -h

Framework

apacket