SusAF

Suspicious Activity Framework

What is it?

It's a framework designed to automate detection of compromised accounts, through the use of canary credentials.

How does it work?

The basic principle is:

generate a canary credential (non-existent but plausible looking username and password) and submit it to a phishing site
monitor auth logs for any auth attempts using the canary credential
For any auth attempts, log the IP and save it as a "bad IP"
monitor auth logs for any auth activity from bad IPs. Alert on successful auth.

When I looked at the code my eyes started to burn

I originally wrote this as a few horrible bash scripts. I've started to re-write it again in bash, mostly as psuedo code to demonstrate the principle. I will be devloping a version in python.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
hackybash		hackybash
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

hackybash

hackybash

LICENSE

LICENSE

README.md

README.md

Repository files navigation

SusAF

What is it?

How does it work?

When I looked at the code my eyes started to burn

About

Releases

Packages

Languages

License

cuvy/SusAF

Folders and files

Latest commit

History

Repository files navigation

SusAF

What is it?

How does it work?

When I looked at the code my eyes started to burn

About

Resources

License

Stars

Watchers

Forks

Languages