Super Next generation Advanced Reactive honEypot
SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet.
The documentation can be found here.
- Surface first. Focus on the attack surface generation.
- Sensors and masters. Lightweight collectors (SNARE) and central decision maker (tanner).
- You need Python3.6 to run SNARE
- This was tested with a recent Ubuntu based Linux.
Steps to setup
- Get SNARE:
git clone https://github.com/mushorg/snare.gitand
- [Optional] Make virtual environment:
python3 -m venv venv
- [Optional] Activate virtual environment:
Note: Do not use sudo with below commands if you're running snare in virtual environment.
- Install requirements:
sudo pip3 install -r requirements.txt
- Setup snare:
sudo python3 setup.py install
- Clone a page:
sudo clone --target http://example.com --path <path to base dir>
- Run SNARE:
sudo snare --port 8080 --page-dir example.com --path <path to base dir>
- Test: Visit http://localhost:8080/index.html
- (Optionally) Have your own tanner service running.
[Note : Cloner clones the whole website, to restrict to a desired depth of cloning add
Docker build instructions
- Change current directory to
- Snare will start on 0.0.0.0 with port 80.
More information about running
docker-composecan be found here.
In case of an error while running
docker-compose up, check the availability of port 80, if it is occupied then refer to Docker documentation to change the default port.
You obviously want to bind to 0.0.0.0 and port 80 when running in production.
In order to run the tests and receive a test coverage report, we recommend running
pip install pytest pytest-cov sudo pytest --cov-report term-missing --cov=snare snare/tests/
# sudo snare --port 8080 --page-dir example.com _____ _ _____ ____ ______ / ___// | / / | / __ \/ ____/ \__ \/ |/ / /| | / /_/ / __/ ___/ / /| / ___ |/ _, _/ /___ /____/_/ |_/_/ |_/_/ |_/_____/ privileges dropped, running as "nobody:nogroup" serving with uuid 9c10172f-7ce2-4fb4-b1c6-abc70141db56 Debug logs will be stored in /opt/snare/snare.log Error logs will be stored in /opt/snare/snare.err ======== Running on http://127.0.0.1:8080 ======== (Press CTRL+C to quit) you are running the latest version