This is a honeypot, a program designed to mimic real services on the network in order to log hackers trying to hack those services, and to delay them by wasting their time. Bugs/vulnerabilities in honeypots may themselves enable hacker attacks, this is written with extra paranoia. The services are written in a strongly sandboxed Lua scripting environment.
Some major attributes are:
* Lua -- All the services are written in the Lua scripting language, which
is popular for other cybersec projects, such as Snort, nmap, and Wireshark.
* Sandbox -- Instead of a standard Lua environment, this has been sandboxed.
There is no generic access to the filesystem, for example, only a tightly
controlled one. Of course, the expectation is that there will be further
containerization and VMs securing this as well.
* Scale -- Takes advantage of scalable APIs like epoll() in order to support
massive numbers of connections, so that firewalls/routers can be configured
to redirect traffic to this device.
* Multi-core -- Designed to use all the CPU cores in the system.
* Lightweight -- Designed to be run on low-end $19 wifi routers that have been
reflashed with OpenWRT that may have only 64-megabytes of memory.
* Portable -- Runs on Linux, macOS, Windows, as well as pretty much any operating
system that supports ANSI C and POSIX Sockets. This can include things like AIX,
Solaris, QNX, VxWorks, and so on.
* Functional -- Many of the mock services are fully functional, so you could use
this as a real web-server for example.
* User-mode -- Some honeypots are designed to mimic other operating systems at
the TCP stack level. In contrast, this is designed to run in user-mode, using
whatever TCP/IP stack is on the system.
* UPnP client -- Uses UPnP so that it can open up listening ports on the public
Internet from behind a home NAT router.
The code is ANSI C, so the files can just be compiled with your favorite compiler.
Or you could use the Makefile, which is written for gmake and works for
a lot of platforms, such as Linux, macOS, and MingGW.
There are also IDE projects for Visual Studio in the vs10 directory and
for XCode in the xcode directory.
Run scanme configfile.conf to run as configured in the specified configuration
file.
Run scanme somescript.lua to run a service where all the necessarry settings
come from the script itself or from defaults.