HonSSH is a high-interaction Honey Pot solution.

HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.

Features

• Captures all connection attempts to a text file, database or email alerts.
• When an attacker sends a password guess, HonSSH can automatically replace their attempt with the correct password (spoof_login option). This allows them to login with any password but confuses them when they try to sudo with the same password.
• All interaction is captured into a TTY log (thanks to Kippo) that can be replayed using the playlog utility included from Kippo.
• A text based summary of an attackers session is captured in a text file.
• Sessions can be viewed or hijacked in real time (again thanks to Kippo) using the management telnet interface.
• Downloads a copy of all files transferred through wget or scp.
• Can use docker to spin up new honeypots and reuse them on ip basis.
• Saves all modifications made to the docker container by using filesystem watcher.
• Advanced networking feature to spoof attackers IP addresses between HonSSH and the honeypot.
• Application hooks to integrate your own output scripts.

• Using a single machine : static honeypot
• Using Docker : docker honeypot

• Deployment Guide
• Advanced Networking
• Password Spoofing

Inspiration and Usage

Kippo Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. https://github.com/desaster/kippo
This project was inspired by Kippo and has made use of it's logging and interaction mechanisms.
Bifrozt An awesome project using Honssh by Are Hansen - http://sourceforge.net/projects/bifrozt/

• An all-in-one Honeypot Ubuntu Server ISO.
• Uses iptables to provide some cool firewall mitigation rules.