🍯 Analyze and Visualize Data from Modern Honey Network Servers with R
R
Latest commit 796ecab Jan 15, 2016 @hrbrmstr explicit API URL parameter
Permalink
Failed to load latest commit information.
R
README_cache ip_metadata & graph Aug 22, 2015
man
tests
.Rbuildignore
.gitignore
.travis.yml initial commit Aug 22, 2015
CONDUCT.md initial commit Aug 22, 2015
DESCRIPTION
LICENSE Initial commit Aug 22, 2015
NAMESPACE
README-ports_g-1.png ip_metadata & graph Aug 22, 2015
README.Rmd
README.md explicit API URL parameter Jan 15, 2016
honeypot.png
mhn.Rproj initial commit Aug 22, 2015

README.md

mhn is an R package to interface with the MHN API and (eventually) provide tools to analyze and visualize MHN data.

The API wrapper functions in this package all rely on a MHN server API key residing in the environment variable MHN_API_KEY or being passed in as a parameter. The former is useful in simple deplpoyments where there is only one MHN server. In such cases, the easiest way to accomplish this is to set it in the .Renviron file in your home directory.

This package pairs nicely with:

The following functions are implemented:

  • all_metadata: Get all collected metadata
  • attacker_stats: Get attacker (IP) statistics
  • feed_info: Get data for a specific hpfeed
  • hp_feeds: Getthe raw hpfeeds data collected over a specific channel.
  • intel_feed: Get intel feed
  • ip_metadata: Get IP metadata (mainly from 'p0f' honeypot data)
  • metadata_for: Get metadata for a specific id
  • mhn_api_key: Get or set MHN_API_KEY value
  • mhn_dork: MHN dork (I have no idea what this is tho)
  • mhn_file: MHN file (I have no idea what this is tho)
  • mhn_url: MHN url (I have no idea what this is tho)
  • sensors: Get sensors.
  • sessions: Get normalized sessions/connection data
  • session_info: Get data for a specific attack session
  • top_attackers: Get top attackers

News

  • Version 0.0.1.9000 : paarmeterized the MHN URL
  • Version 0.0.0.9000 : initial release

Installation

devtools::install_github("hrbrmstr/mhn")

Usage

library(mhn)

# current verison
packageVersion("mhn")
#> [1] '0.0.1.9000'

library(dplyr)
library(ggplo2)
library(ggthemes)
library(scales)

ssns <- sessions(hours_ago=24)$data

port_tots <- count(ssns, destination_port)
gg <- ggplot(port_tots)
gg <- gg + geom_bar(stat="identity",
                    aes(x=reorder(destination_port, n), y=n))
gg <- gg + geom_text(aes(x=reorder(destination_port, n), y=n, label=comma(n)), 
                     hjust=-0.5, size=3)
gg <- gg + scale_x_discrete(expand=c(0,0))
gg <- gg + scale_y_continuous(expand=c(0,0), limits=c(0, extendrange(port_tots$n)[2]))
gg <- gg + coord_flip()
gg <- gg + labs(x=NULL, y=NULL, title="Port counts last 24 hrs\n")
gg <- gg + theme_tufte(base_family="Lato")
gg <- gg + theme(axis.ticks.y=element_blank())
gg <- gg + theme(axis.text.x=element_blank())
gg <- gg + theme(axis.ticks.x=element_blank())
gg <- gg + theme(plot.title=element_text(hjust=0))
gg

Test Results

library(mhn)
library(testthat)

date()
#> [1] "Sat Aug 22 12:30:25 2015"

test_dir("tests/")
#> testthat results ========================================================================================================
#> OK: 0 SKIPPED: 0 FAILED: 0
#> 
#> DONE

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.