Releases: martidu4/honey-ai
Releases Β· martidu4/honey-ai
v1.1.0 β 14 Protocols, Multi-Platform Reporting, Security Hardening
π What's New
New Protocol Handlers
- ποΈ MSSQL β Fake SQL Server 2019 with TDS prelogin + login handshake (port 14330)
- π‘ SNMP β Fake SNMP v1/v2c UDP agent with sysDescr, sysName, sysUptime responses (port 16100) β Closes #1
- π HTTP Proxy β Fake Squid 5.7 proxy capturing CONNECT tunnels (port 8180)
Reporting Integration
- Existing platforms (AbuseIPDB, OTX, DShield, Blocklist.de) now receive attack data from the 3 new protocols automatically
Security Hardening
- π‘οΈ Anti-timing fingerprint β 150-800ms random jitter on all HTTP responses prevents attackers from detecting the honeypot via response time analysis
- π Caddy header hardening β strips
Viaheader, keeps fakeServer: ApacheandX-Powered-By: PHP - π FTP PASV IP β returns plausible public IP (203.0.113.45) instead of internal LAN
- π Report poisoning protection β uses socket IP only, never trusts X-Forwarded-For (except with proxy secret)
- π Private IP filter β never reports internal IPs to AbuseIPDB/OTX
Testing
- 119 tests passing (all offline, no Ollama required)
- Advanced pentest audit: 13 attack vectors tested (SSRF, report poisoning, path traversal, prototype pollution, SSH escape, DoS, log injection, timing fingerprint)
Full Changelog
Protocols: 11 β 14 (MSSQL, SNMP, HTTP Proxy)
Tests: 98 β 119