Telnet Honeypot
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
captured New samples Jun 8, 2017
thirdparty
.gitattributes New files Nov 11, 2015
.gitignore
LICENSE
README.md Update README.md Oct 29, 2016
deploy.txt Update deploy.txt Jun 30, 2017
hontel.py Fixes #3 Nov 30, 2017
requirements.txt

README.md

HonTel Python 2.6|2.7 License

HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu environment, though it could be easily adapted to run inside any Linux environment.

Documentation:

Setting the environment and running the application requires intermmediate Linux administration knowledge. The whole deployment process can be found "step-by-step" inside the deploy.txt file. Configuration settings can be found and modified inside the hontel.py itself. For example, authentication credentials can be changed from default root:123456 to some arbitrary values (options AUTH_USERNAME and AUTH_PASSWORD), custom Welcome message can be changed from default (option WELCOME), custom hostname (option FAKE_HOSTNAME), architecture (option FAKE_ARCHITECTURE), location of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH), location of downloaded binary files dropped by connected users (option SAMPLES_DIR), etc.

hontel

Note: Some botnets tend to delete the files from compromised hosts (e.g. /bin/bash) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurent) botnets. In such cases either the whole chroot environment has to be reinstalled or host directory where the chroot directory resides (e.g. /srv/chroot/) should be recovered from the previously stored backup (recommended).

License

This software is provided under under a MIT License. See the accompanying LICENSE file for more information.