In [5]:
import json
from collections import Counter
import pandas as pd


In [6]:
def parse_cowrie_log(file_path):
    with open(file_path, 'r', errors='ignore') as file:
        clean_file = file.read().replace('\0', '')
        reader = csv.DictReader(clean_file.splitlines())
        log_data = [row for row in reader if 'username_auth' in row and 'input_cmd' in row and 'password_auth' in row]

    return log_data

def get_top_combinations(log_data, keys, n=10):
    combinations = [tuple(entry[key] for key in keys) for entry in log_data]
    counter = Counter(combinations)
    return counter.most_common(n)

def get_top_items(log_data, item_key, n=10):
    items = [entry[item_key] for entry in log_data]
    counter = Counter(items)
    return counter.most_common(n)

def display_results(results, column_names):
    df = pd.DataFrame(results, columns=column_names)
    print(df)



In [7]:
if __name__ == "__main__":
    file_path = 'cowrie_honeypot_ml_dataset.csv'  # Replace with your log file path
    log_data = parse_cowrie_log(file_path)
    
    top_usernames = get_top_items(log_data, 'username_auth')
    top_passwords = get_top_items(log_data, 'password_auth')
    top_commands = get_top_items(log_data, 'input_cmd')
    
    top_combinations = get_top_combinations(log_data, ['username_auth', 'password_auth'])
    
    print("Top  Usernames & Password Combo:")
    display_results(top_combinations, ['Username-Password', 'Count'])

    print("Top  Usernames:")
    display_results(top_usernames, ['Username', 'Count'])
    
    print("Top Passwords:")
    display_results(top_passwords, ['Password', 'Count'])
    
    print("\nTop  Commands:")
    display_results(top_commands, ['Command', 'Count'])

Top  Usernames & Password Combo:
        Username-Password  Count
0            (root, root)   1008
1          (admin, admin)    806
2         (admin, 123456)    722
3           (admin, 1234)    717
4         (root, aquario)    683
5           (root, admin)    622
6        (root, password)    495
7           (root, ttnet)    401
8           (root, ivdev)    395
9  (supervisor, zyad1234)    393
Top  Usernames:
     Username  Count
0        root  42568
1       admin   7810
2     aaliyah   3013
3       guest    941
4  supervisor    720
5        user    396
6      mother    355
7     service    350
8     support    348
9      666666    346
Top Passwords:
       Password  Count
0         admin   1750
1          1234   1457
2        123456   1258
3      password   1140
4          root   1065
5         12345    978
6                  811
7       aquario    683
8  7ujMko0admin    679
9          user    628

Top  Commands:
                                             Command  Count
0            