HonSSH - Log all SSH communications between a client and server

HonSSH is a high-interaction Honey Pot solution.

HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.

  • Captures all connection attempts to a text file, database or email alerts.
  • When an attacker sends a password guess, HonSSH can automatically replace their attempt with the correct password (spoof_login option). This allows them to login with any password but confuses them when they try to sudo with the same password.
  • All interaction is captured into a TTY log (thanks to Kippo) that can be replayed using the playlog utility included from Kippo.
  • A text based summary of an attackers session is captured in a text file.
  • Sessions can be viewed or hijacked in real time (again thanks to Kippo) using the management telnet interface.
  • Downloads a copy of all files transferred through wget or scp.
  • Can use docker to spin up new honeypots and reuse them on ip basis.
  • Saves all modifications made to the docker container by using filesystem watcher.
  • Advanced networking feature to spoof attackers IP addresses between HonSSH and the honeypot.
  • Application hooks to integrate your own output scripts.

Setup and Configuration

Useful links

Inspiration and Usage

KippoKippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. https://github.com/desaster/kippo
This project was inspired by Kippo and has made use of it's logging and interaction mechanisms.
BifroztAn awesome project using Honssh by Are Hansen - http://sourceforge.net/projects/bifrozt/

  • An all-in-one Honeypot Ubuntu Server ISO.
  • Uses iptables to provide some cool firewall mitigation rules.

Disqus Comments