GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → victpork → sshsyrup

victpork / sshsyrup

Licence: GPL-3.0 License
A low-to-medium interaction SSH Honeypot with features to capture terminal activity and upload to asciinema.org

Programming Languages

go
31211 projects - #10 most used programming language
Dockerfile
14818 projects

Labels

sshhoneypotssh-serverssh-honeypot

Projects that are alternatives of or similar to sshsyrup

Secure Wireguard Implementation
A guide on implementing a secure Wireguard server on OVH (or any other Debian VPS) with DNSCrypt, Port Knocking & an SSH-Honeypot
Stars: ✭ 200 (+138.1%)
Mutual labels:  ssh, honeypot, ssh-server
Ssh2docker
🐳 standalone SSH server that connects you to your Docker containers
Stars: ✭ 159 (+89.29%)
Mutual labels:  ssh, ssh-server
Wolfssh
wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
Stars: ✭ 142 (+69.05%)
Mutual labels:  ssh, ssh-server
Chameleon
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)
Stars: ✭ 230 (+173.81%)
Mutual labels:  ssh, honeypot
Sshserver
This is a tutorial on how to build a basic SSH Server in C#, but you are welcome to try following in any language.
Stars: ✭ 114 (+35.71%)
Mutual labels:  ssh, ssh-server
Coco
Jumpserver ssh/ws server
Stars: ✭ 139 (+65.48%)
Mutual labels:  ssh, ssh-server
Ssh
Easy SSH servers in Golang
Stars: ✭ 2,254 (+2583.33%)
Mutual labels:  ssh, ssh-server
Ssh Proxy
SSH proxy that allows support agents go to customers servers with using intermediate corporate SSH key
Stars: ✭ 53 (-36.9%)
Mutual labels:  ssh, ssh-server
fakessh
A dockerized fake SSH server honeypot written in Go that logs login attempts.
Stars: ✭ 42 (-50%)
Mutual labels:  honeypot, ssh-honeypot
potd
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Stars: ✭ 28 (-66.67%)
Mutual labels:  honeypot, ssh-honeypot
seahorse
ELKFH - Elastic, Logstash, Kibana, Filebeat and Honeypot (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)
Stars: ✭ 31 (-63.1%)
Mutual labels:  ssh, honeypot
Addon Ssh
SSH & Web Terminal - Home Assistant Community Add-ons
Stars: ✭ 114 (+35.71%)
Mutual labels:  ssh, ssh-server
Mockssh
Mock an SSH server and define all commands it supports (Python, Twisted)
Stars: ✭ 107 (+27.38%)
Mutual labels:  ssh, ssh-server
Dos ssh
Use BIOS ram hacks to make a SSH server out of any INT 10 13h app (MS-DOS is one of those)
Stars: ✭ 139 (+65.48%)
Mutual labels:  ssh, ssh-server
Docker Cowrie
Cowrie Docker GitHub repository
Stars: ✭ 68 (-19.05%)
Mutual labels:  ssh, honeypot
lobbyboy
A lobby boy will create a VPS server when you need one, and destroy it after using it.
Stars: ✭ 212 (+152.38%)
Mutual labels:  ssh, ssh-server
Sshportal
🎩 simple, fun and transparent SSH (and telnet) bastion server
Stars: ✭ 978 (+1064.29%)
Mutual labels:  ssh, ssh-server
Sshesame
A fake SSH server that lets everyone in and logs their activity
Stars: ✭ 1,062 (+1164.29%)
Mutual labels:  ssh, honeypot
Bastillion
Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
Stars: ✭ 2,730 (+3150%)
Mutual labels:  ssh, ssh-server
dystopia
Low to medium multithreaded Ubuntu Core honeypot coded in Python.
Stars: ✭ 59 (-29.76%)
Mutual labels:  ssh, honeypot
View All Similar Projects ➔

Build Status Build status

Syrup

A SSH honeypot with rich features written in Go

Features

  • SSH self-defined accounts and passwords, also allow any logins
  • Fake shell. Records shell sessions and upload to asciinema.org (Or, if you wish, can log as UML-compatible format)
  • Virtual Filesystem for browsing and fooling intruder
  • SFTP/SCP support for uploading/downloading files
  • Logs client key fingerprints
  • Logs in JSON format for easy parsing
  • Push activities to ElasticSearch for analysis and storage
  • Record local and remote host when client attempt to create port redirection
  • Structure allows extending command sets with ease

See Recorded Session in Action!

asciicast

Requirements

Running

  • Linux, Mac or Windows (I've only tested in Windows/WSL/Linux on ARMv7, the other platforms should work as expected)

Building

  • Go 1.9+ and dep, or
  • Go 1.11+ and Git

Download

You may find the pre-build packages for various platform on the release tab. If you find the platform you need is not on the list, you can follow the building procedure in the next section.

Building

Go pre-1.11/1.11 with GO111MODULE=auto:

go get -u github.com/mkishere/sshsyrup
cd ~/go/src/github.com/mkishere/sshsyrup
dep ensure
go build -ldflags "-s -w" -o sshsyrup ./cmd/syrup
go build -ldflags "-s -w" -o createfs ./cmd/createfs

Go 1.11 with GO111MODULE=on:

Currently building executable with GO111MODULE=on is a bit tricky in Go 1.11 with module, here is how to do it if you want to leave module on:

git clone https://github.com/mkishere/sshsyrup/
go build -ldflags "-s -w" -o sshsyrup ./cmd/syrup
go build -ldflags "-s -w" -o createfs ./cmd/createfs

Setting up for the first run

  • Modify config.yaml. Here is a sample configuration

    server:
    addr: 0.0.0.0           # Host IP
    port: 22                # Port listen to
    allowRandomUser: false  # Allow random user
    speed: 0                # Connection max speed in kb/s
    processDelay: 0         # Artifical delay after server returns responses in ms
    timeout: 0              # Connection timeout, 0 for none

  • Prepare the virtual filesystem image by downloading the filesystem.zip from master branch or create your own by running

    ./createfs -p / -o filesystem.zip

    Since we'll need to read every file from the directory, it will take some time to load. For Windows, since there are no user/group information, the file/directory owner will always be root.

    Alternatively, you can create your own image file by using zip in Linux (or any compatible zip utility file that is capable preserving uid/gid, symbolic links and timestamps in zip file). After all the image created is a standard zip file. Theoretically you can zip your entire filesystem into a zip file and hosted in Syrup, but remember to exclude sensitive files like /etc/passwd

  • Prepare user and passwd file Put passwd and group file in the same directory as config.json. The format of both files are the same as their real-life counterpart in /etc, except that passwd also stores the password in the second field of each line, and asterisk(*) in password field can be used to denote matching any password.

  • Generate SSH private key and renamed as id_rsa and put it in the same directory

    ssh-keygen -t rsa

  • Start the server

    ./sshsyrup

Running from a Docker instance

A Docker image based on the latest build:

  docker pull mkishere/sshsyrup

By default the internal sshsyrup listens on 22.

docker run -d mkishere/sshsyrup

The following example shows how you can customize stuff while running Syrup in container:

docker run -d -p 9999:22 \
-v /path/to/vfs/image.zip:/filesystem.zip \
-v /path/to/config.yaml:/config.yaml \
-v /path/to/logfiles:/logs \
-v /path/to/group:/group \
-v /path/to/passwd:/passwd \
-v /path/to/private_key:/id_rsa \
-v /path/to/commands.txt:/commands.txt \
-v /path/to/command_output:/cmdOutput \
mkishere/sshsyrup

But you may want to map to port 22 to make your honeypot easier to find.

If you want to see what happens (logs) in the Docker instance, get the instance id (docker ps) and then run docker logs -f YOUR_INSTANCE_ID.

Configuration parameters

Check out config.yaml

Logging

By default Syrup will create a logging file in logs/ directory with file name activity.log in JSON format.

Please note that Syrup will no longer append dates to log files. Use a proper log rotation tool (e.g. logrotate) to do the work.

Also, each terminal session (the shell) will be logged into a separate file under logs/sessions in asciinema v2 format.

Extending Syrup

Syrup comes with a framework that helps to implement command easier. By implementing the Command interface you can create your own command and being executed by intruders connecting to your honeypot. For more details refer to the wiki.

If your command prints static output every time, you can put the output in cmdOutput/, and Syrup will print that when client type the command in terminal.

Contributing

Feel free to submit feature request/bug report via the GitHub issue tracker.

For submitting PR, do the following steps:

  1. Fork
  2. Create a branch for the feature/bugfix containing your changes on your fork
  3. Submit PR with your branch

It is advised that creating an issue to discuss the matter in advance if your change is large :)

TODO

  • Minimal set of POSIX commands/utilities
  • Shell parser
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].