Skip to content
/ Mikes_Bee_Knees Public

A quick and simple honeypot that also allows you to be notified of a intrusion on your network using yagmail services

License

AGPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mgalde/Mikes_Bee_Knees

BranchesTags

Repository files navigation

Mikes Bee Knees

BeeKnee

This is a simple honeypot that also allows you to be notified of a intrusion on your network

So check it out, you want a honeypot and you want it quick and you want it simple

BAM here you go, check it out. I borrowed heavely from https://mindchasers.com/dev/net-python-socket and I encurage you to read that blog to get a stronger understanding of what this is doing.

Ok so first off here is what you want to import

import sys
import argparse
import yagmail
import datetime
import time
from socket import socket, AF_INET, SOCK_STREAM

you may need to pip install yagmail to send emails. It is really easy and I encurage you to do so

VERSION = '0.5 Mikes Fun Version'
welcome = b"Secret Server login: "

These are setting some global objects, when you run the command it says what version it is. Simple self promotion and the welcome line is what the Telnet client will see

def send_email(src_address):
    """ This sends a email from a gmail account so I am alerted """
    ts = time.time()
    st = datetime.datetime.fromtimestamp(ts).strftime('%Y-%m-%d %H:%M:%S')
    contents = ("Port 23 was accessed by: " + (src_address) + " at: " + (st))
    print (contents)
    yagmail.SMTP('insertemailhere@gmail.com').send('insertemailhere@gmail.com', 'HONEYPOT ALERT!', contents)
    pass

This is setting up a email message that will send once it is called. It will be passed the address from the telnet definition.

The email will need to be set up in your own keyring. You can set the username and password up but that is a little crazy. Add it to your keyring.

you may need to run the following as well

pip install keyring

then do the following commands

python
>>> import yagmail
>>> yagmail.register('mygmailusername', 'mygmailpassword')
>>> exit()

Insert your gmail username and password here and add them to your keyring.

Please do not use your password in your script. Take the extra steps.

Next we define the Telnet Honeypot

def telnet(address,port=23):
    """ create a listening port """
    try:
        ski=socket(AF_INET,SOCK_STREAM)
        ski.bind((address, port))
        ski.listen()
        conn,addr = ski.accept()
        print('ALERT! you have been visited by ' + addr[0])
        send_email(addr[0])
        """Send Alert Email"""
        conn.sendall(welcome)
        while True:
            data=conn.recv(1024)
            if data == b'\r\n':
                pass
                ski.close(2)
                sys.exit()
    except: 
        ski.close()
        sys.exit()

This opens a connection socket and waits for a connection

Once a connection is made it sends a welcome message

The connection then waits for a interaction from the connecting client

So this is looking at Telnet, RDP and SSH

You would run each C2 program which will then call it directly in a new IDLE window

Running Honeypot_RDP.py for example will run rdp.py and will look for the program to end. Once it does this will restart it.

I welcome any improvements!!

So any questions??

About

A quick and simple honeypot that also allows you to be notified of a intrusion on your network using yagmail services

Topics

python ssh honeypot telnet bee rdp restart

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages