Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
1,331 Commits 2 Branches 21 Tags 58 MiB
Python 98.4%
Shell 0.7%
Makefile 0.5%
Dockerfile 0.4%
Go to file
Michel Oosterhof 77d2744403 move cfg.dist file 2016-11-14 09:19:15 +04:00
bin usage message in function 2016-10-30 10:06:04 +04:00
cowrie sent NAWS instead of ECHO for telnet nego 2016-11-08 21:49:09 +04:00
data add bin/enable to pickle and enable sample output 2016-11-01 21:09:50 +04:00
dl Added 'empty' folders … 2014-05-28 05:00:21 +01:00
doc Update description 2016-10-27 17:28:16 +04:00
etc move cfg.dist file 2016-11-14 09:19:15 +04:00
honeyfs wrong dir 2016-11-01 21:11:54 +04:00
log/tty Added 'empty' folders … 2014-05-28 05:00:21 +01:00
share add share/cowrie 2016-10-30 15:14:04 +04:00
twisted/plugins document -p switch 2016-10-18 22:10:31 +04:00
txtcmds wrong dir 2016-11-01 21:11:54 +04:00
var Add etc/ and var/ directory structure for future use 2016-10-24 14:53:43 +04:00
.gitattributes cowrie rename 2015-05-12 14:57:29 +00:00
.gitignore ignore *env 2016-11-13 13:48:19 +04:00
.travis.yml disable python 3.x testing for now 2016-10-27 04:53:52 +00:00
CHANGELOG.md telnet changelog 2016-08-22 16:08:49 +04:00
INSTALL.md document authbind for telnet 2016-10-28 05:38:43 +00:00
README.md update text 2016-11-09 22:36:15 +04:00
requirements.txt Tftp implementation (#330) 2016-11-02 22:40:55 +04:00
start.sh move PID file to var/run directory 2016-10-24 15:21:32 +04:00
stop.sh move PID file to var/run directory 2016-10-24 15:21:32 +04:00

README.md

Welcome to the Cowrie GitHub repository

This is the official repository for the Cowrie SSH and Telnet Honeypot effort.

What is Cowrie

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.

Cowrie is developed by Michel Oosterhof.

Features

Some interesting features:

  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML Compatible format for easy replay with original timings
  • Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

Additional functionality over standard kippo:

  • SFTP and SCP support for file upload
  • Support for SSH exec commands
  • Logging of direct-tcp connection attempts (ssh proxying)
  • Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
  • Logging in JSON format for easy processing in log management solutions
  • Many, many additional commands

Requirements

Software required:

  • Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
  • Zope Interface 3.6.0+
  • Twisted 12.0+
  • python-crypto
  • python-cryptography
  • python-pyasn1
  • python-gmpy2 (recommended)
  • python-mysqldb (for MySQL output)
  • python-OpenSSL

Files of interest:

  • cowrie.cfg - Cowrie's configuration file. Default values can be found in cowrie.cfg.dist
  • data/fs.pickle - fake filesystem
  • data/userdb.txt - credentials allowed or disallowed to access the honeypot
  • dl/ - files transferred from the attacker to the honeypot are stored here
  • honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here or use bin/fsctl
  • log/cowrie.json - transaction output in JSON format
  • log/cowrie.log - log/debug output
  • log/tty/*.log - session logs
  • txtcmds/ - file contents for the fake commands
  • bin/createfs - used to create the fake filesystem
  • bin/playlog - utility to replay session logs

Is it secure?

Maybe. See FAQ

I have some questions!

Please visit https://github.com/micheloosterhof/cowrie/issues

Contributors

Many people have contributed to Cowrie over the years. Special thanks to:

  • Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based