Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
README Honeytrap is a network security tool written to observe attacks against TCP or UDP services. It runs as a daemon and starts serv- er processes dynamically on requested ports. A server emulates a well-known service by simply sending captured network traffic to a connected host. Many clients and particularly attackers will be fooled and send responses to a honeytrap server process. The arriving data is as- sembled to a string and written to a database file. Such a string is called an attack string. Honeytrap can parse an attack string for commands advising the server to download a file from another host. If a download com- mand is found, the server tries to retrieve the corresponding file automatically. A downloaded file is stored locally with an md5 checksum in its name. Currently, only ftp and tftp are sup- ported. Honeytrap implements its own clients with the aim to be- have as similar as possible than Windows systems. Http URIs are recognized and logged. A http download routine may be added in future releases. INSTALLATION Installation of honeytrap is pretty straight forward. Just do a './configure --with-stream-mon=<type> && make && make install' where '<type>' is the connection monitor type of your choice. Please refer to the INSTALL file and to the output of './config- ure --help' for further information. WARNINGS Honeytrap is a low-interactive honeypot and therefore detectable. It is written in C and thus potentially vulnerable to buffer overflow attacks. Take care. Running in mirror mode is dangerous. Attacks may be directed to the attacker, appearing to come from your system. Use with caution. The program needs root privileges, but only for binding server processes to well-known ports. Use the -u and -g command line op- tions to drop privileges and switch to another user and group as early as possible. CONTACT If you have problems, questions, ideas or suggestions, please contact me at <email@example.com>. If you would like to help making honeytrap better, you are welcome.