🍯 Analyze and Visualize Data from Modern Honey Network Servers with R
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
R
README_cache
man
tests
.Rbuildignore
.gitignore
.travis.yml
CONDUCT.md
DESCRIPTION
LICENSE
NAMESPACE
README-ports_g-1.png
README.Rmd
README.md
honeypot.png
mhn.Rproj

README.md

mhn is an R package to interface with the MHN API and (eventually) provide tools to analyze and visualize MHN data.

The API wrapper functions in this package all rely on a MHN server API key residing in the environment variable MHN_API_KEY or being passed in as a parameter. The former is useful in simple deplpoyments where there is only one MHN server. In such cases, the easiest way to accomplish this is to set it in the .Renviron file in your home directory.

This package pairs nicely with:

The following functions are implemented:

  • all_metadata: Get all collected metadata
  • attacker_stats: Get attacker (IP) statistics
  • feed_info: Get data for a specific hpfeed
  • hp_feeds: Getthe raw hpfeeds data collected over a specific channel.
  • intel_feed: Get intel feed
  • ip_metadata: Get IP metadata (mainly from 'p0f' honeypot data)
  • metadata_for: Get metadata for a specific id
  • mhn_api_key: Get or set MHN_API_KEY value
  • mhn_dork: MHN dork (I have no idea what this is tho)
  • mhn_file: MHN file (I have no idea what this is tho)
  • mhn_url: MHN url (I have no idea what this is tho)
  • sensors: Get sensors.
  • sessions: Get normalized sessions/connection data
  • session_info: Get data for a specific attack session
  • top_attackers: Get top attackers

News

  • Version 0.0.1.9000 : paarmeterized the MHN URL
  • Version 0.0.0.9000 : initial release

Installation

devtools::install_github("hrbrmstr/mhn")

Usage

library(mhn)

# current verison
packageVersion("mhn")
#> [1] '0.0.1.9000'

library(dplyr)
library(ggplo2)
library(ggthemes)
library(scales)

ssns <- sessions(hours_ago=24)$data

port_tots <- count(ssns, destination_port)
gg <- ggplot(port_tots)
gg <- gg + geom_bar(stat="identity",
                    aes(x=reorder(destination_port, n), y=n))
gg <- gg + geom_text(aes(x=reorder(destination_port, n), y=n, label=comma(n)), 
                     hjust=-0.5, size=3)
gg <- gg + scale_x_discrete(expand=c(0,0))
gg <- gg + scale_y_continuous(expand=c(0,0), limits=c(0, extendrange(port_tots$n)[2]))
gg <- gg + coord_flip()
gg <- gg + labs(x=NULL, y=NULL, title="Port counts last 24 hrs\n")
gg <- gg + theme_tufte(base_family="Lato")
gg <- gg + theme(axis.ticks.y=element_blank())
gg <- gg + theme(axis.text.x=element_blank())
gg <- gg + theme(axis.ticks.x=element_blank())
gg <- gg + theme(plot.title=element_text(hjust=0))
gg

Test Results

library(mhn)
library(testthat)

date()
#> [1] "Sat Aug 22 12:30:25 2015"

test_dir("tests/")
#> testthat results ========================================================================================================
#> OK: 0 SKIPPED: 0 FAILED: 0
#> 
#> DONE

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.