A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Clone or download
Latest commit 9baf4a5 Sep 19, 2018

README.md

Build Status Coverity Status Codacy Badge GitHub issues GitHub license Gitter chat

honey[potd]aemon

This project is part of a BA thesis. It is currently in a pre-alpha state.

Dependencies

Kernel/libc requirements: Cgroups, Namespaces (UTS, IPC, PID, NET, CGROUPS)

Required: libssh, pthread

Optional: libseccomp

A chroot'able directory that contains an executable named '/bin/sh'.

HowTo

Build:

  • ./autogen.sh
  • ./configure
  • make

Run:

  • Example:

        ./src/potd --redirect 0.0.0.0:2222:127.0.0.1:22222
                   --protocol 127.0.0.1:22222:127.0.0.1:33333
                   --jail 127.0.0.1:33333
    

    This will process, filter and redirect all traffic incoming from 0.0.0.0:2222 to the protocol handler at 127.0.0.1:22222 and if the protocol accepts it, it will forward all traffic to the jail/sandbox at 127.0.0.1:33333.

    (clunky atm, will be simplified in the future)

  • see ./src/potd --help

Features

The ssh server currently supports only shell channels. But exec and direct-tcp channels are coming soon!

Supported protocols (at the moment):

  • ssh with libssh

Protocols to implement:

  • HTTP
  • ssh with openssh
  • SCADA
  • MySQL

Suits perfect for your favoured Desktop/Server/OpenWrt Linux system.

TODOs

  • RESTful listener for output sampled data from different processes (send (real-time)statistics about protocols/jails/etc to higher level apps)
  • ptrace support for jailed processes (trace syscalls)
  • improved event handling (maybe libevent?)