HonSSH is a high-interaction Honey Pot solution.
HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.
- Captures all connection attempts to a text file.
- When an attacker sends a password guess, HonSSH can automatically replace their attempt with the correct password (spoof_login option). This allows them to login with any password but confuses them when they try to sudo with the same password.
- All interaction is captured into a TTY log (thanks to Kippo) that can be replayed using the playlog utility included from Kippo.
- A text based summary of an attackers session is captured in a text file.
- Sessions can be viewed or hijacked in real time (again thanks to Kippo) using the management telnet interface.