Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
Go to file
dependabot[bot] 1338665e38
Bump pyright from 1.1.344 to 1.1.347 (#2065)
Bumps [pyright](https://github.com/RobertCraigie/pyright-python) from 1.1.344 to 1.1.347.
- [Release notes](https://github.com/RobertCraigie/pyright-python/releases)
- [Commits](https://github.com/RobertCraigie/pyright-python/compare/v1.1.344...v1.1.347)

---
updated-dependencies:
- dependency-name: pyright
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-16 14:51:07 +08:00
.github docker image updates through dependabit (#2040) 2023-12-28 12:41:57 +08:00
bin load cowrie path (#2061) 2024-01-13 12:58:54 +08:00
docker different syntax for run because there's no shell (#1962) 2023-10-11 22:56:04 +08:00
docs Bump readthedocs-sphinx-search from 0.3.1 to 0.3.2 (#2068) 2024-01-16 14:50:47 +08:00
etc Oracle cloud custom logs plugin (#1997) 2023-11-13 20:26:50 +08:00
honeyfs Csirtg (#1564) 2021-05-23 15:12:53 +08:00
share Pip check (#1576) 2021-06-09 13:37:10 +08:00
src Update fsctl.py (#2013) 2023-11-28 14:09:41 +08:00
var Add a pool of backends for the proxy (#1181) 2019-08-26 12:11:58 +01:00
.dockerignore Integrated docker (#1646) 2021-10-22 14:19:55 +08:00
.gitattributes cowrie rename 2015-05-12 14:57:29 +00:00
.gitignore moving from twisted.trial.unittest to unittest (#1672) 2022-01-29 11:38:46 +08:00
.pre-commit-config.yaml Fixes2 (#1802) 2023-01-07 22:09:09 +08:00
.pyre_configuration Gh action tox (#1536) 2021-04-16 21:47:12 +08:00
.readthedocs.yml 23.8 (#1907) 2023-09-01 17:29:06 +08:00
.yamllint.yml Pip check (#1576) 2021-06-09 13:37:10 +08:00
CHANGELOG.rst Release 2.5.0 (#1808) 2023-01-09 23:18:42 +08:00
CONTRIBUTING.rst Fixes2 (#1802) 2023-01-07 22:09:09 +08:00
INSTALL.rst Removed DAEMONIZE steps. (#1983) 2024-01-13 12:58:25 +08:00
LICENSE.rst 26apr (#1552) 2021-05-03 23:42:25 +08:00
MANIFEST.in Setup (#996) 2019-01-27 12:25:40 +04:00
Makefile docker: debian bullseye to bookworm (#1940) 2023-09-21 21:50:07 +08:00
README.rst remove python 3.7 (#1721) 2022-05-25 09:15:19 +08:00
pyproject.toml Bump twisted from 23.8.0 to 23.10.0 (#1990) 2023-11-02 20:37:57 +08:00
requirements-dev.txt Bump pyright from 1.1.344 to 1.1.347 (#2065) 2024-01-16 14:51:07 +08:00
requirements-output.txt Bump pymisp from 2.4.182 to 2.4.183 (#2059) 2024-01-13 13:02:20 +08:00
requirements.txt Bump attrs from 23.1.0 to 23.2.0 (#2058) 2024-01-13 13:02:08 +08:00
setup.cfg Devops (#1811) 2023-01-30 17:51:20 +08:00
setup.py scripts can now be run, and pip install -e works (#1927) 2023-09-12 11:58:00 +08:00
tox.ini py 3.12 and pypy 3.10 (#1952) 2023-10-06 09:43:18 +08:00

README.rst

Cowrie
######

Welcome to the Cowrie GitHub repository
*****************************************

This is the official repository for the Cowrie SSH and Telnet
Honeypot effort.

What is Cowrie
*****************************************

Cowrie is a medium to high interaction SSH and Telnet honeypot
designed to log brute force attacks and the shell interaction
performed by the attacker. In medium interaction mode (shell) it
emulates a UNIX system in Python, in high interaction mode (proxy)
it functions as an SSH and telnet proxy to observe attacker behavior
to another system.

`Cowrie <http://github.com/cowrie/cowrie/>`_ is maintained by Michel Oosterhof.

Documentation
****************************************

The Documentation can be found `here <https://cowrie.readthedocs.io/en/latest/index.html>`_.

Slack
*****************************************

You can join the Cowrie community at the following `Slack workspace <https://www.cowrie.org/slack/>`_.

Features
*****************************************

* Choose to run as an emulated shell (default):
   * Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
   * Possibility of adding fake file contents so the attacker can `cat` files such as `/etc/passwd`. Only minimal file contents are included
   * Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

* Or proxy SSH and telnet to another system
   * Run as a pure telnet and ssh proxy with monitoring
   * Or let Cowrie manage a pool of QEMU emulated servers to provide the systems to login to

For both settings:

* Session logs are stored in an `UML Compatible <http://user-mode-linux.sourceforge.net/>`_  format for easy replay with the `bin/playlog` utility.
* SFTP and SCP support for file upload
* Support for SSH exec commands
* Logging of direct-tcp connection attempts (ssh proxying)
* Forward SMTP connections to SMTP Honeypot (e.g. `mailoney <https://github.com/awhitehatter/mailoney>`_)
* JSON logging for easy processing in log management solutions

Docker
*****************************************

Docker versions are available.

* To get started quickly and give Cowrie a try, run::

    $ docker run -p 2222:2222 cowrie/cowrie:latest
    $ ssh -p 2222 root@localhost

* On Docker Hub: https://hub.docker.com/r/cowrie/cowrie

* Configuring Cowrie in Docker

Cowrie in Docker can be configured using environment variables. The
variables start with COWRIE_ then have the section name in capitals,
followed by the stanza in capitals. An example is below to enable
telnet support::

    COWRIE_TELNET_ENABLED=yes

Alternatively, Cowrie in Docker can use an `etc` volume to store
configuration data.  Create `cowrie.cfg` inside the etc volume
with the following contents to enable telnet in your Cowrie Honeypot
in Docker::

    [telnet]
    enabled = yes

Requirements
*****************************************

Software required to run locally:

* Python 3.8+
* python-virtualenv

For Python dependencies, see `requirements.txt <https://github.com/cowrie/cowrie/blob/master/requirements.txt>`_.

Files of interest:
*****************************************

* `etc/cowrie.cfg` - Cowrie's configuration file. Default values can be found in `etc/cowrie.cfg.dist <https://github.com/cowrie/cowrie/blob/master/etc/cowrie.cfg.dist>`_.
* `share/cowrie/fs.pickle` - fake filesystem
* `etc/userdb.txt` - credentials to access the honeypot
* `honeyfs/ <https://github.com/cowrie/cowrie/tree/master/honeyfs>`_ - file contents for the fake filesystem - feel free to copy a real system here or use `bin/fsctl`
* `honeyfs/etc/issue.net` - pre-login banner
* `honeyfs/etc/motd <https://github.com/cowrie/cowrie/blob/master/honeyfs/etc/issue>`_ - post-login banner
* `var/log/cowrie/cowrie.json` - transaction output in JSON format
* `var/log/cowrie/cowrie.log` - log/debug output
* `var/lib/cowrie/tty/` - session logs, replayable with the `bin/playlog` utility.
* `var/lib/cowrie/downloads/` - files transferred from the attacker to the honeypot are stored here
* `share/cowrie/txtcmds/ <https://github.com/cowrie/cowrie/tree/master/share/cowrie/txtcmds>`_ - file contents for simple fake commands
* `bin/createfs <https://github.com/cowrie/cowrie/blob/master/bin/createfs>`_ - used to create the fake filesystem
* `bin/playlog <https://github.com/cowrie/cowrie/blob/master/bin/playlog>`_ - utility to replay session logs

Contributors
***************

Many people have contributed to Cowrie over the years. Special thanks to:

* Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
* Dave Germiquet (davegermiquet) for TFTP support, unit tests, new process handling
* Olivier Bilodeau (obilodeau) for Telnet support
* Ivan Korolev (fe7ch) for many improvements over the years.
* Florian Pelgrim (craneworks) for his work on code cleanup and Docker.
* Guilherme Borges (sgtpepperpt) for SSH and telnet proxy (GSoC 2019)
* And many many others.