Metadata-Version: 2.1
Name: honeypots
Version: 0.52
Summary: 23 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc) 
Home-page: https://github.com/qeeqbox/honeypots
Author: QeeqBox
Author-email: gigaqeeq@gmail.com
License: AGPL-3.0
Platform: UNKNOWN
Requires-Python: >=3.5
Provides-Extra: test

.. image:: https://raw.githubusercontent.com/qeeqbox/honeypots/main/readme/honeypots.png

25 different honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. 

Why honeypots package is very powerful?
=======================================

The honeypots respond back, non-blocking, can be used as objects, or called directly with the in-built auto-configure scripts! Also, they are easy to setup and customize, it takes 1-2 seconds to spin a honeypot up. You can spin up multiple instances with the same type. The output can be logged to a Postgres database, file[s], terminal or syslog for easy integration.

This honeypots package is the only package that contains all the following: dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc.

This honeypots package is the only package that contains all the following: dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc.

Honeypots now is in the awesome `telekom security T-Pot project! <https://github.com/telekom-security/tpotce>`_


Install
=======

.. code:: bash

    pip3 install honeypots

honeypots -h
============

.. code:: bash

    Qeeqbox/honeypots customizable honeypots for monitoring network traffic, bots activities, and username\password credentials

    Arguments:
      --setup               target honeypot E.g. ssh or you can have multiple E.g ssh,http,https
      --list                list all available honeypots
      --kill                kill all honeypots
      --verbose             Print error msgs

    Honeypots options:
      --ip                  Override the IP
      --port                Override the Port (Do not use on multiple!)
      --username            Override the username
      --password            Override the password
      --config              Use a config file for honeypots settings
      --options             Extra options (capture_commands for capturing all threat actor data)

    General options:
      --termination-strategy {input,signal} Determines the strategy to terminate by
      --test                Test a honeypot
      --auto                Setup the honeypot with random port


Usage Example - Auto configuration with default ports
=====================================================
Use a honeypot, or multiple honeypots separated by comma or word all

.. code:: bash

    sudo -E python3 -m honeypots --setup ssh

Usage Example - Auto configuration with random port (No need for higher privileges)
===================================================================================
Use a honeypot, or multiple honeypots separated by comma or word all

.. code:: bash

    python3 -m honeypots --setup ssh --auto

Usage Example - Auto configure with specific ports
==================================================
Use as honeypot:port or multiple honeypots as honeypot:port,honeypot:port

.. code:: bash

    python3 -m honeypots --setup imap:143,mysql:3306,redis:6379

Usage Example - Custom configure with logs location
===================================================
Use a honeypot, or multiple honeypots separated by comma or word all

.. code:: bash

    python3 -m honeypots --setup ssh --config config.json

config.json (Output to folder and terminal)
===========================================

.. code:: json

    {
      "logs": "file,terminal,json",
      "logs_location": "/var/log/honeypots/",
      "syslog_address": "",
      "syslog_facility": 0,
      "postgres": "",
      "sqlite_file":"",
      "db_options": [],
      "sniffer_filter": "",
      "sniffer_interface": "",
      "honeypots": {
        "ftp": {
          "port": 21,
          "ip": "0.0.0.0",
          "username": "ftp",
          "password": "anonymous",
          "log_file_name": "ftp.log",
          "max_bytes": 10000,
          "backup_count": 10
        }
      }
    }

config.json (Output to syslog)
==============================

.. code:: json

    {
      "logs": "syslog",
      "logs_location": "",
      "syslog_address": "udp://localhost:514",
      "syslog_facility": 3,
      "postgres": "",
      "sqlite_file":"",
      "db_options": [],
      "sniffer_filter": "",
      "sniffer_interface": "",
      "honeypots": {
        "ftp": {
          "port": 21,
          "ip": "0.0.0.0",
          "username": "test",
          "password": "test"
        }
      }
    }

config.json (Output to Postgres db)
===================================

.. code:: json

    {
        "logs": "db_postgres",
        "logs_location": "",
        "syslog_address":"",
        "syslog_facility":0,
        "postgres":"//username:password@172.19.0.2:9999/honeypots",
        "sqlite_file":"",
        "db_options":["drop"],
        "sniffer_filter": "",
        "sniffer_interface": "",
        "honeypots": {
            "ftp": {
                "port": 21,
                "username": "test",
                "password": "test"
            }
        }
    }


config.json (Output to Sqlite db)
=================================

.. code:: json

    {
        "logs": "db_postgres",
        "logs_location": "",
        "syslog_address":"",
        "syslog_facility":0,
        "postgres":"",
        "sqlite_file":"/home/test.db",
        "db_options":["drop"],
        "sniffer_sniffer_filter": "",
        "sniffer_interface": "",
        "honeypots": {
            "ftp": {
                "port": 21,
                "username": "test",
                "password": "test"
            }
        }
    }

db structure
============

.. code:: json

    [
      {
        "id": 1,
        "date": "2021-11-18 06:06:42.304338+00",
        "data": {
          "server": "'ftp_server'",
          "action": "'process'",
          "status": "'success'",
          "ip": "'0.0.0.0'",
          "port": "21",
          "username": "'test'",
          "password": "'test'"
        }
      }
    ]

Usage Example - Import as object and auto test
==============================================

.. code:: python

    #ip= String E.g. 0.0.0.0
    #port= Int E.g. 9999
    #username= String E.g. Test
    #password= String E.g. Test
    #options= Boolean or String E.g OpenSSH 7.0
    #logs= String E.g db, terminal or all
    #always remember to add process=true to run_server() for non-blocking

    from honeypots import QSSHServer
    qsshserver = QSSHServer(port=9999)
    qsshserver.run_server(process=True)
    qsshserver.test_server(port=9999)
    INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]
    qsshserver.kill_server()

Usage Example - Import as object and test with external ssh command
===================================================================

.. code:: python

    from honeypots import QSSHServer
    qsshserver = QSSHServer(port=9999)
    qsshserver.run_server(process=True)

.. code:: bash

    ssh test@127.0.0.1

Honeypot answer

.. code:: python

    INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'src_ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'src_port': 38696}]

Close the honeypot

.. code:: python

    qsshserver.kill_server()

Current Servers/Emulators
=========================
- QDNSServer
    - Server: DNS 
    - Port: 53
    - Lib: Twisted
    - Logs: ip, port
- QFTPServer
    - Server: FTP 
    - Port: 21
    - Lib: Twisted
    - Logs: ip, port, username and password
- QHTTPProxyServer
    - Server: HTTP Proxy
    - Port: 8080
    - Lib: Twisted
    - Logs: ip, port and data
- QHTTPServer
    - Server: HTTP
    - Port: 80
    - Lib: Twisted
    - Logs: ip, port, username and password
- QHTTPSServer
    - Server: HTTPS
    - Port: 443
    - Lib: Twisted
    - Logs: ip, port, username and password
- QIMAPServer
    - Server: IMAP
    - Port: 143
    - Lib: Twisted
    - Logs: ip, port, username and password
- QMysqlServer
    - Emulator: Mysql
    - Port: 3306
    - Lib: Twisted
    - Logs: ip, port, username and password
- QPOP3Server
    - Server: POP3
    - Port: 110
    - Lib: Twisted
    - Logs: ip, port, username and password
- QPostgresServer
    - Emulator: Postgres
    - Port: 5432
    - Lib: Twisted
    - Logs: ip, port, username and password
- QRedisServer
    - Emulator: Redis
    - Port: 6379
    - Lib: Twisted
    - Logs: ip, port, username and password
- QSMBServer
    - Server: Redis
    - Port: 445
    - Lib: impacket
    - Logs: ip, port and username
- QSMTPServer
    - Server: SMTP
    - Port: 25
    - Lib: smtpd
    - Logs: ip, port, username and password
- QSOCKS5Server
    - Server: SOCK5
    - Port: 1080
    - Lib: socketserver
    - Logs: ip, port, username and password
- QSSHServer
    - Server: SSH
    - Port: 22
    - Lib: paramiko
    - Logs: ip, port, username and password
- QTelnetServer
    - Server: Telnet
    - Port: 23
    - Lib: Twisted
    - Logs: ip, port, username and password
- QVNCServer
    - Emulator: VNC
    - Port: 5900
    - Lib: Twisted
    - Logs: ip, port, username and password
- QMSSQLServer
    - Emulator: MSSQL
    - Port: 1433
    - Lib: Twisted
    - Logs: ip, port, username and password or hash
- QElasticServer
    - Emulator: Elastic
    - Port: 9200
    - Lib: http.server
    - Logs: ip, port and data
- QLDAPServer
    - Emulator: LDAP
    - Port: 389
    - Lib: Twisted
    - Logs: ip, port, username and password
- QNTPServer
    - Emulator: NTP
    - Port: 123
    - Lib: Twisted
    - Logs: ip, port and data
- QMemcacheServer
    - Emulator: Memcache
    - Port: 11211
    - Lib: Twisted
    - Logs: ip, port and data
- QOracleServer
    - Emulator: Oracle
    - Port: 1521
    - Lib: Twisted
    - Logs: ip, port and connet data
- QSNMPServer
    - Emulator: SNMP
    - Port: 161
    - Lib: Twisted
    - Logs: ip, port and data

acknowledgement
===============
- By using this framework, you are accepting the license terms of all these packages: `pipenv twisted psutil psycopg2-binary dnspython requests impacket paramiko redis mysql-connector pycryptodome vncdotool service_identity requests[socks] pygments http.server`
- Let me know if I missed a reference or resource!

Some Articles
=============
- `securityonline <https://securityonline.info/honeypots-16-honeypots-in-a-single-pypi-package/>`_

Notes
=====
- Almost all servers and emulators are stripped-down - You can adjust that as needed

Other projects
==============
.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//social-analyzer.png
    :target: https://github.com/qeeqbox/social-analyzer

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//analyzer.png
    :target: https://github.com/qeeqbox/analyzer

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//chameleon.png
    :target: https://github.com/qeeqbox/chameleon

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//osint.png
    :target: https://github.com/qeeqbox/osint

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//url-sandbox.png
    :target: https://github.com/qeeqbox/url-sandbox

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//mitre-visualizer.png
    :target: https://github.com/qeeqbox/mitre-visualizer

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//woodpecker.png
    :target: https://github.com/qeeqbox/woodpecker

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//docker-images.png
    :target: https://github.com/qeeqbox/docker-images

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//seahorse.png
    :target: https://github.com/qeeqbox/seahorse

.. image:: https://raw.githubusercontent.com/qeeqbox/.github/main/data//rhino.png
    :target: https://github.com/qeeqbox/rhino


