cowrie/README.md

# Cowrie

Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Cowrie is directly based on [Kippo](http://github.com/desaster/kippo/) by desaster.
Kippo is inspired, but not based on [Kojoney](http://kojoney.sourceforge.net/).

## Features
Some interesting features:
* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
* Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
* Session logs stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/)  format for easy replay with original timings
* Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

Additional functionality over standard kippo:

* SFTP and SCP support for file upload
* Support for SSH exec commands
* Logging of direct-tcp connection attempts (ssh proxying)
* Logging in JSON format for easy processing in log management solutions
* Many, many additional commands

## Requirements
Software required:

* An operating system (tested on Debian, CentOS, FreeBSD and Windows 7)
* Python 2.5+
* Twisted 8.0+
* PyCrypto
* pyasn1
* Zope Interface

## Files of interest:

* dl/ - files downloaded with wget are stored here
* log/cowrie.log - log/debug output
* log/cowrie.json - transaction output in JSON format
* log/tty/ - session logs
* utils/playlog.py - utility to replay session logs
* utils/createfs.py - used to create fs.pickle
* data/fs.pickle - fake filesystem
* honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here

## Is it secure?
Maybe. See [FAQ](https://github.com/desaster/kippo/wiki/FAQ)

## I have some questions!
Please visit https://github.com/micheloosterhof/cowrie/issues
missed some renames 2015-05-12 15:01:57 +00:00			`# Cowrie`
add readme file 2014-05-27 20:31:54 +00:00
cowrie rename 2015-05-12 14:57:29 +00:00			`Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.`
add readme file 2014-05-27 20:31:54 +00:00
missed some renames 2015-05-12 15:01:57 +00:00			`Cowrie is directly based on [Kippo](http://github.com/desaster/kippo/) by desaster.`
add readme file 2014-05-27 20:31:54 +00:00			`Kippo is inspired, but not based on [Kojoney](http://kojoney.sourceforge.net/).`

			`## Features`
			`Some interesting features:`
			`* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included`
Removed all trailing spaces 2014-05-28 04:13:55 +00:00			`* Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included`
			`* Session logs stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/) format for easy replay with original timings`
missed some renames 2015-05-12 15:01:57 +00:00			`* Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection`
add readme file 2014-05-27 20:31:54 +00:00
more 2015-05-12 15:05:54 +00:00			`Additional functionality over standard kippo:`

			`* SFTP and SCP support for file upload`
			`* Support for SSH exec commands`
			`* Logging of direct-tcp connection attempts (ssh proxying)`
			`* Logging in JSON format for easy processing in log management solutions`
			`* Many, many additional commands`

add readme file 2014-05-27 20:31:54 +00:00			`## Requirements`
			`Software required:`

			`* An operating system (tested on Debian, CentOS, FreeBSD and Windows 7)`
			`* Python 2.5+`
			`* Twisted 8.0+`
			`* PyCrypto`
add pyasn1 to dependencies (needed to do pip install on macosx) 2014-11-05 06:35:59 +00:00			`* pyasn1`
add readme file 2014-05-27 20:31:54 +00:00			`* Zope Interface`

remove link 2015-05-12 15:26:42 +00:00			`## Files of interest:`
add readme file 2014-05-27 20:31:54 +00:00
			`* dl/ - files downloaded with wget are stored here`
cowrie rename 2015-05-12 14:57:29 +00:00			`* log/cowrie.log - log/debug output`
			`* log/cowrie.json - transaction output in JSON format`
add readme file 2014-05-27 20:31:54 +00:00			`* log/tty/ - session logs`
			`* utils/playlog.py - utility to replay session logs`
			`* utils/createfs.py - used to create fs.pickle`
cowrie rename 2015-05-12 14:57:29 +00:00			`* data/fs.pickle - fake filesystem`
add readme file 2014-05-27 20:31:54 +00:00			`* honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here`

			`## Is it secure?`
more wiki syntax tweaks 2014-05-27 20:39:50 +00:00			`Maybe. See [FAQ](https://github.com/desaster/kippo/wiki/FAQ)`
add readme file 2014-05-27 20:31:54 +00:00
			`## I have some questions!`
cowrie rename 2015-05-12 14:57:29 +00:00			`Please visit https://github.com/micheloosterhof/cowrie/issues`