snare - Super Next generation Advanced Reactive honEypot
Super Next generation Advanced Reactive honEypot
SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet.
The documentation can be found here.
- Surface first. Focus on the attack surface generation.
- Sensors and masters. Lightweight collectors (SNARE) and central decision maker (tanner).
- You need Python3. We tested primarily with >=3.5
- This was tested with a recent Ubuntu based Linux.
Steps to setup
- Get SNARE:
git clone https://github.com/mushorg/snare.gitand
- Install requirements:
sudo pip3 install -r requirements.txt
- Setup snare:
sudo python3 setup.py install
- Clone a page:
sudo clone --target http://example.com
- Run SNARE:
sudo snare --port 8080 --page-dir example.com
- Test: Visit http://localhost:8080/index.html
- (Optionally) Have your own tanner service running.
Docker build instructions
- Change current directory to
docker-composecan be found here.
[Note : Cloner clones the whole website, to restrict to a desired depth of cloning add
You obviously want to bind to 0.0.0.0 and port 80 when running in production.
In order to run the tests and receive a test coverage report, we recommend running
pip install pytest pytest-cov
sudo pytest --cov-report term-missing --cov=snare snare/tests/
# sudo snare --port 8080 --page-dir example.com
_____ _ _____ ____ ______
/ ___// | / / | / __ \/ ____/
\__ \/ |/ / /| | / /_/ / __/
___/ / /| / ___ |/ _, _/ /___
/____/_/ |_/_/ |_/_/ |_/_____/
privileges dropped, running as "nobody:nogroup"
serving with uuid 9c10172f-7ce2-4fb4-b1c6-abc70141db56
Debug logs will be stored in /opt/snare/snare.log
Error logs will be stored in /opt/snare/snare.err
======== Running on http://127.0.0.1:8080 ========
(Press CTRL+C to quit)
you are running the latest version