SSH Honeypots

Honeypots for SSH!

At some point the c-Champions will need to provide technical resources to the network engineers and stakeholder managers. This section of the Toolkit provides a listing of various cyber threat hunting tools for the technical analysts within stakeholder organizations. Below are a series of hotlinks and short descriptions of honeypots for monitoring the SSH protocol.

Kippo -“Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.”(Desaster. (2017) desaster/kippo: Kippo – SSH Honeypot. Retrieved April 22, 2017, from https://github.com/desaster/kippo)

Cowrie -“Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.”(Micheloosterhof. (2017) micheloosterhof/cowrie: Cowrie SSH/Telnet Honeypot. Retrieved April 22, 2017, from https://github.com/micheloosterhof/cowrie)

SSH-Lowpot -(Magisterquis. (2017) magisterquis/sshlowpot: Yet another no-frills low-interaction ssh honeypot in Go. Retrieved April 22, 2017, from https://github.com/magisterquis/sshlowpot)

SSH-Hipot -(Magisterquis. (2017) magisterquis/sshhipot: High-interaction MitM SSH honeypot. Retrieved April 22, 2017, from https://github.com/magisterquis/sshhipot)

DShield Docker -(Xme. (2017) xme/dshield-docker: Docker container running cowrie with DShield output enabled. Retrieved April 22, 2017, from https://github.com/xme/dshield-docker)

Hornet -“Hornet is aimed to be a medium interaction SSH Honeypot, that supports multiple virtual hosts.”(Czardoz. (2017) czardoz/hornet: SSH Multipot. Retrieved April 22, 2017, from https://github.com/czardoz/hornet)

SSH Honeypot – (Droberson. (2017) droberson/ssh-honeypot: Fake sshd that logs ip addresses, usernames, and passwords. Retrieved April 22, 2017, from https://github.com/droberson/ssh-honeypot)

Kojoney2 – (Madirish. (2017) madirish/kojoney2: Kojoney2 is a low interaction SSH honeypot written in Python. Based on Kojoney by Jose Antonio Coret. Retrieved April 22, 2017, from https://github.com/madirish/kojoney2)