GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kryptoslogic → rdppot

kryptoslogic / rdppot

Licence: AGPL-3.0 license
RDP honeypot

Programming Languages

python
139335 projects - #7 most used programming language

Labels

honeypotsuricata

Projects that are alternatives of or similar to rdppot

SSHapendoes
Capture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-43.64%)
Mutual labels:  honeypot
DPDK SURICATA-4 1 1
dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter
Stars: ✭ 81 (+47.27%)
Mutual labels:  suricata
balboa
server for indexing and querying passive DNS observations
Stars: ✭ 42 (-23.64%)
Mutual labels:  suricata
ansible
Ansible playbook automation for pfelk
Stars: ✭ 23 (-58.18%)
Mutual labels:  suricata
django-antispam
Spam protection tools for django applications.
Stars: ✭ 50 (-9.09%)
Mutual labels:  honeypot
potd
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Stars: ✭ 28 (-49.09%)
Mutual labels:  honeypot
citrix-honeypot
Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts
Stars: ✭ 24 (-56.36%)
Mutual labels:  honeypot
RaspberryPi-Packet-Sniffer
An HTTP and HTTPS sniffing tool created using a Raspberry Pi
Stars: ✭ 79 (+43.64%)
Mutual labels:  honeypot
honeyku
A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
Stars: ✭ 56 (+1.82%)
Mutual labels:  honeypot
HosTaGe
Low Interaction Mobile Honeypot
Stars: ✭ 58 (+5.45%)
Mutual labels:  honeypot
masscanned
Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.
Stars: ✭ 50 (-9.09%)
Mutual labels:  honeypot
mhn
🍯 Analyze and Visualize Data from Modern Honey Network Servers with R
Stars: ✭ 16 (-70.91%)
Mutual labels:  honeypot
testmynids.org
A website and framework for testing NIDS detection
Stars: ✭ 55 (+0%)
Mutual labels:  suricata
S1EM
This project is a SIEM with SIRP and Threat Intel, all in one.
Stars: ✭ 270 (+390.91%)
Mutual labels:  suricata
HellPot
HellPot is a portal to endless suffering meant to punish unruly HTTP bots.
Stars: ✭ 146 (+165.45%)
Mutual labels:  honeypot
twisted-honeypots
SSH, FTP and Telnet honeypots based on Twisted
Stars: ✭ 79 (+43.64%)
Mutual labels:  honeypot
honeybits-win
Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!
Stars: ✭ 20 (-63.64%)
Mutual labels:  honeypot
SentryPeer
A distributed peer to peer list of bad actor IP addresses and phone numbers collected via a SIP Honeypot.
Stars: ✭ 108 (+96.36%)
Mutual labels:  honeypot
S2AN
S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (+27.27%)
Mutual labels:  suricata
Mimir
OSINT Threat Intel Interface - CLI for HoneyDB
Stars: ✭ 104 (+89.09%)
Mutual labels:  honeypot
View All Similar Projects ➔

rdppot

RDP based Honeypot

What does this actually do

Listens on 3389, on a new connection it'll create a session & assign a virtual machine from a pool to that session. After 300 seconds (default) of the session being opened or 30 second (default) of no activity the connection will be closed and the session will be terminated. We'll store a copy of the disk & a full pcap, additionally we'll run Suricata against the pcap and will save the output with the disk image and the pcap.

Requirements

  • qemu
  • libvirt
  • qemu
  • Python3.7
  • Suricata
  • tcpdump

Suricata installation

wget https://www.openinfosecfoundation.org/download/suricata-4.1.4.tar.gz
tar -xvf suricata-4.1.4.tar.gz
cd suricata-4.1.4
apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential autoconf automake libtool libpcap-dev libnet1-dev libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libmagic-dev libcap-ng-dev libjansson-dev pkg-config cargo liblz4-dev
cargo install cargo-vendor
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
PATH=$PATH:/root/.cargo/bin ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
make install-full

How to use this

  • Grab a Windows XP image and create a new VM called winxp_template
  • Setup RDP on that VM
  • Make sure it's accessible
  • Run main.py (Probably don't run this as root though, add your user to the libvirtd group & give yourself the permissions for pcaping)

Support

We're unable to provide support for this repository but will do our best to work with anyone who wishes to contribute to the codebase. The code isn't perfect and probably should not be used in production, it was quickly hacked together to get telemetry about CVE-2019-0708 (Bluekeep) in the wild.

Potential ideas:

Some things that we thought might be useful but didn't get round to implementing:

  • YARA on the disk image
  • Snort as well as Suricata?
  • TLS decryption
  • Testing Context's RDP replay tool
  • Making disk images smaller (I don't think this is fully optimized atm & there's probably a method to make them smaller)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].