SSH Honeypot using Python
- Logs authentication attempts with IP addresses and passwords.
- Blocks IP addresses after a specified number of failed attempts.
- Logs commands executed by authenticated users.
- Simulates a basic shell environment.
- Python 3.6+
- Paramiko
- Cryptography
-
Clone the repository:
git clone https://github.com/Tharbouch/ssh-honeypot.git cd ssh-honeypot
-
Install the dependencies:
pip install -r requirements.txt
-
Run the honeypot:
python honeypot.py --host <host> --port <port>
--host
: Host address for the SSH server (default:0.0.0.0
).--port
: Port number for the SSH server (default:2222
).
-
Default credentials: The script uses a default allowed user
admin
with passwordsecret
. Modify this in the script or extend the allowed users as needed.
- Logs are stored in
server.log
with timestamps, IP addresses, usernames, passwords, and executed commands.
- The script generates RSA keys if they do not exist in the script directory. These keys are used to authenticate the server.
- Customize the maximum number of authentication attempts and the block time by modifying the
MAX_AUTH_ATTEMPTS
andBLOCK_TIME
constants in the script.
python honeypot.py --host 0.0.0.0 --port 2222
Feel free to fork this repository and contribute by submitting pull requests. Any enhancements and bug fixes are welcome.
License This project is licensed under the MIT License - see the LICENSE file for details.