GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0x4D31 → Honeybits

0x4D31 / Honeybits

Licence: gpl-3.0
A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

securityhoneypotbreadcrumbs

Projects that are alternatives of or similar to Honeybits

Magento 2 Seo
Magento 2 SEO extension will do perfectly for your better SEO. This is a bundle of outstanding features that are auto-active when you install it from Mageplaza without any code modifications. It is also friendly with your store if you need to insert meta keywords and meta descriptions for your product.
Stars: ✭ 99 (-55.41%)
Mutual labels:  breadcrumbs
Hontel
Telnet Honeypot
Stars: ✭ 145 (-34.68%)
Mutual labels:  honeypot
Bugsnag Cocoa
Bugsnag crash reporting for iOS, macOS and tvOS apps
Stars: ✭ 167 (-24.77%)
Mutual labels:  breadcrumbs
Ddos Rootsec
DDOS Archive by RootSec (Scanners, BotNets (Mirai and QBot Premium & Normal and more), Exploits, Methods, Sniffers)
Stars: ✭ 108 (-51.35%)
Mutual labels:  honeypot
Bluehive
PowerShell based Active Directory Honey User Account Management with Universal Dashboards
Stars: ✭ 126 (-43.24%)
Mutual labels:  honeypot
Glutton
Generic Low Interaction Honeypot
Stars: ✭ 151 (-31.98%)
Mutual labels:  honeypot
Wordpress Seo
Yoast SEO for WordPress
Stars: ✭ 1,301 (+486.04%)
Mutual labels:  breadcrumbs
Miniprint
A medium interaction printer honeypot 🍯
Stars: ✭ 177 (-20.27%)
Mutual labels:  honeypot
Tanner
He who flays the hide
Stars: ✭ 140 (-36.94%)
Mutual labels:  honeypot
Sweetie Data
This repo contains logstash of various honeypots
Stars: ✭ 163 (-26.58%)
Mutual labels:  honeypot
Smartbreadcrumbs
A utility library for ASP.NET Core (both MVC and Razor Pages) websites to easily add and customize breadcrumbs.
Stars: ✭ 113 (-49.1%)
Mutual labels:  breadcrumbs
Raygun4js
JavaScript provider for Raygun
Stars: ✭ 124 (-44.14%)
Mutual labels:  breadcrumbs
Structured Data Json Ld
Collection of structured data snippets in Google preferred JSON-LD format.
Stars: ✭ 157 (-29.28%)
Mutual labels:  breadcrumbs
Xng Breadcrumb
A lightweight, configurable and reactive breadcrumbs for Angular 2+
Stars: ✭ 106 (-52.25%)
Mutual labels:  breadcrumbs
Breadcrumbs
Laravel Breadcrumbs - An easy way to add breadcrumbs to your @Laravel app.
Stars: ✭ 169 (-23.87%)
Mutual labels:  breadcrumbs
Bootstrap Breadcrumbs
Django template tags for easy breadcrumbs using twitter bootstrap css classes or custom template
Stars: ✭ 91 (-59.01%)
Mutual labels:  breadcrumbs
Vue Breadcrumbs
Breadcrumbs for Vue.js
Stars: ✭ 148 (-33.33%)
Mutual labels:  breadcrumbs
Secure Wireguard Implementation
A guide on implementing a secure Wireguard server on OVH (or any other Debian VPS) with DNSCrypt, Port Knocking & an SSH-Honeypot
Stars: ✭ 200 (-9.91%)
Mutual labels:  honeypot
Krumbsview
🍞 The ultimate breadcrumbs view for Android!
Stars: ✭ 170 (-23.42%)
Mutual labels:  breadcrumbs
Python Honeypot
OWASP Honeypot, Automated Deception Framework.
Stars: ✭ 160 (-27.93%)
Mutual labels:  honeypot
View All Similar Projects ➔

Honeybits

A simple PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots.

Author: Adel "0x4D31" Karimi.

The Windows version of this project: honeybits-win

Background

Although honeypots are used by security researchers to study the attackers’ tools, techniques and motives for many years, they still have not been widely accepted and deployed in production environments. One reason is that the traditional implementation of honeypots is static and success is based on an attacker discovering it (which usually requires network scanning)!

Taking a look at the Mitre ATT&CK Matrix, you will see that 'Network Service Scanning' is only one of the many different Post-compromise activities. The more you plant false or misleading information in response to the post-compromise techniques (specially the techniques under ‘credential access’, ‘Discovery’, and ‘Lateral movement’ tactics in ATT&CK matrix), the greater the chance of catching the attackers. Honeybits helps you automate the creation of breadcrumbs/honeytokens on your production Servers and Workstations. These honeytokens or breadcrumbs include:

  • Fake bash_history commands (such as ssh, ftp, rsync, scp, mysql, wget, awscli)
  • Fake AWS credentials and config files (you required to create fake AWS IAM users with no permissions and generate access keys for them)
  • Configuration, backup and connection files such as RDP and VPN
  • Fake entries in hosts, ARP table, etc.
  • Fake browser history, bookmarks and saved passwords
  • Injected fake credentials into LSASS
  • Fake registry keys

Honeybits

Features

  • Creating honeyfiles and monitoring the access to these traps using go-audit or auditd
  • Template based content generator for honeyfiles
  • Insert honeybits into AWS config and credentials file
  • Insert honeybits into /etc/hosts
  • Reading config from a Remote Key/Value Store such as Consul or etcd
  • Insert different honeybits into "bash_history", including the following sample commands:
    • ssh (sshpass -p '123456' ssh -p 2222 [email protected])
    • ftp (ftp ftp://backup:[email protected]:2121)
    • rsync (rsync -avz -e 'ssh -p 2222' [email protected]:/var/db/backup.tar.gz /tmp/backup.tar.gz)
    • scp (scp -P 2222 [email protected]:/var/db/backup.tar.gz /tmp/backup.tar.gz)
    • mysql (mysql -h 192.168.1.66 -P 3306 -u dbadmin -p12345 -e "show databases")
    • wget (wget http://192.168.1.66:8080/backup.zip)
    • any custom commands: (nano /tmp/backup/credentials.txt)
    • aws:
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
aws ec2 describe-instances --profile devops --region us-east-2

Requirements

  • Go Lang 1.7+
  • Viper (go get github.com/spf13/viper)
  • crypt (go get github.com/xordataexchange/crypt/config)
  • go-audit or auditd (if you want to monitor the honeyfiles)

Usage:

$ go build
$ sudo ./honeybits 

Failed reading remote config. Reading the local config file...
Local config file loaded.

[failed] honeyfile already exists at this path: /tmp/secret.txt
[done] go-audit rule for /home/test/secret.txt is added
[done] honeyfile is created (/home/test/secret.txt)
[done] go-audit rule for /opt/secret.txt is added
[done] sshpass honeybit is inserted
[done] wget honeybit is inserted
[done] ftp honeybit is inserted
[done] rsync honeybit is inserted
[done] scp honeybit is inserted
[done] mysql honeybit is inserted
[failed] aws honeybit already exists
[done] hostsconf honeybit is inserted
[done] awsconf honeybit is inserted
[done] awscred honeybit is inserted
[done] custom honeybit is inserted

TODO:

  • [ ] Rewrite the whole code. Current code is crap (just a PoC)!
  • [ ] Improve the Content generator
  • [ ] More traps, including:
    • [ ] Beacon documents
    • [ ] KeePass file with entries (.kdbx)
    • [ ] Database files/backups: SQLite, MySQL
    • [ ] Fake security scan results such as Nmap output
    • [ ] Binary files with hardcoded IP / credentials
  • [ ] More network traps
    • [ ] Fake PCAP / network traffic containing credentials and etc.
    • [ ] Fake ARP Table entries
    • [ ] Monitoring network traps using go-audit
  • [ ] Complete the Windows version (honeybits-win)
  • [ ] Documentation
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].