GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → paralax → BurningDogs

paralax / BurningDogs

Licence: Apache-2.0 License
Honeypot log processor to create OTX Pulse entries

Programming Languages

F#
602 projects

Labels

honeypothoneypot-logs

Projects that are alternatives of or similar to BurningDogs

honeyku
A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
Stars: ✭ 56 (+80.65%)
Mutual labels:  honeypot
rdppot
RDP honeypot
Stars: ✭ 55 (+77.42%)
Mutual labels:  honeypot
cowrie-logviewer
A simple log viewer for cowrie
Stars: ✭ 20 (-35.48%)
Mutual labels:  honeypot
potd
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Stars: ✭ 28 (-9.68%)
Mutual labels:  honeypot
RaspberryPi-Packet-Sniffer
An HTTP and HTTPS sniffing tool created using a Raspberry Pi
Stars: ✭ 79 (+154.84%)
Mutual labels:  honeypot
seahorse
ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)
Stars: ✭ 31 (+0%)
Mutual labels:  honeypot
mhn
🍯 Analyze and Visualize Data from Modern Honey Network Servers with R
Stars: ✭ 16 (-48.39%)
Mutual labels:  honeypot
Awesome-Deception
An awesome list of resources on deception-based security with honeypots and honeytokens
Stars: ✭ 61 (+96.77%)
Mutual labels:  honeypot
SentryPeer
A distributed peer to peer list of bad actor IP addresses and phone numbers collected via a SIP Honeypot.
Stars: ✭ 108 (+248.39%)
Mutual labels:  honeypot
WebTrap
This project is designed to create deceptive webpages to deceive and redirect attackers away from real websites.
Stars: ✭ 45 (+45.16%)
Mutual labels:  honeypot
Mimir
OSINT Threat Intel Interface - CLI for HoneyDB
Stars: ✭ 104 (+235.48%)
Mutual labels:  honeypot
HellPot
HellPot is a portal to endless suffering meant to punish unruly HTTP bots.
Stars: ✭ 146 (+370.97%)
Mutual labels:  honeypot
dystopia
Low to medium multithreaded Ubuntu Core honeypot coded in Python.
Stars: ✭ 59 (+90.32%)
Mutual labels:  honeypot
honeybits-win
Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!
Stars: ✭ 20 (-35.48%)
Mutual labels:  honeypot
techmap
Honeypot's Tech Map
Stars: ✭ 43 (+38.71%)
Mutual labels:  honeypot
django-antispam
Spam protection tools for django applications.
Stars: ✭ 50 (+61.29%)
Mutual labels:  honeypot
ElasticpotPY
Elasticsearch honeypot written in Python with Bottle framework
Stars: ✭ 16 (-48.39%)
Mutual labels:  honeypot
sshsyrup
A low-to-medium interaction SSH Honeypot with features to capture terminal activity and upload to asciinema.org
Stars: ✭ 84 (+170.97%)
Mutual labels:  honeypot
anti-honeypot
一款可以检测WEB蜜罐并阻断请求的Chrome插件,能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api
Stars: ✭ 38 (+22.58%)
Mutual labels:  honeypot
VindicateTool
LLMNR/NBNS/mDNS Spoofing Detection Toolkit
Stars: ✭ 40 (+29.03%)
Mutual labels:  honeypot
View All Similar Projects ➔

BurningDogs

Tool to create OTX Pulse entries from honeypot logs

Supported honeypots

BurningDogs reads honeypot logs and determines attacking client IPs, malicious URLs, and hashes of downloaded files, and then uploads that to AlienVault OTX.

SSH honeypots

BurningDogs supports Kippo and Cowrie logfiles to detect malicious client IPs, downloaded files, and malicious URLs.

Apache

BurningDogs uses the "wwwids" logfile analyzer to detect signs of web application abuse attempts. This is based in part on the principles in the SANS paper Detecting Attacks on Web Applications from Log Files.

phpMySqlAdmin

BurningDogs uses a custom PHP scipt (see the ShoppingLeague repository) to detect abuse attempts of phpMySqlAdmin. Client IPs, URLs, and files are characterized.

Wordpot

BurningDogs uses a custom set of PHP scripts (see the ShoppingLeague repository) to detect abuse attempts of Wordpress installations, including brute force intrusions and DDoS attempts via xmlrpc.php script abuse.

Redispot

BurningDogs uses the Redis honeypot from NoSQLpot to detect brute force authentication abuse attempts. Client IPs and URLs are characterized.

VncLowPot

BurningDogs uses the VNC honeypot from vnclowpot to detect brute force authentication attempts.

Pghoney

BurningDocs uses the PostgreSQL honeypot from pghoney to detect brute force authentication attempts.

Dependencies

You'll need to sign up at OTX to get an API key to upload pulses.

BurningDogs depends on FAKE to build and NewtonSoft.Json for serialization. Use Paket to manage those via the paket.dependencies file.

Building

BurningDogs uses FAKE to manage the build, simply issue a fake once dependencies are downloaded.

Running

I run BurningDogs via cron every night near midnight.

Modifying

Use the application.config file to manage paths, and you may have to edit code to address some of my local specifics (e.g. log file format).

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].