A honeypot focus on ssh and https
It contains a set of honeypot services designed to simulate vulnerable systems and capture attempted attacks. It includes two honeypot services:
- HTTP Honeypot
- SSH Honeypot
Both services log connection attempts and interactions in order to gather useful data on attack patterns and unauthorized access attempts.
# directory structure
.
├── honey
│ ├── certificate
│ │ ├── server.crt
│ │ └── server.key
│ ├── honeyhttp.py
│ ├── honeyssh.py
│ ├── pretty.sh
│ └── wushi.go
├── LICENSE.md
├── README.md
├── requirements.txt
└── setup.sh
- Built using Flask, it logs HTTP requests and login attempts on port 443 (HTTPS).
- Logs client IP, geolocation details, and user agent data.
- Fake login page with CAPTCHA to deter automated bots.
- Logs stored in
Logs/https.log.
- Built using Paramiko, it simulates an SSH server on port 22.
- Captures login attempts and logs them to
Logs/ssh.log. - Provides a "jailed" shell for authenticated users, restricting interaction to a controlled environment.
- Persistent RSA server key for secure connections.
Clone the repository to your local machine:
git clone https://github.com/Debang5hu/wushi.git
cd wushi
chmod +x setup.sh
# to setup the dependencies
sudo ./setup.sh
cd honey
# to start the server
go run wushi.goThe Go server coordinates the start of the honeypot services (HTTP and SSH). To run it:
go run wushi.goThe server will start the HTTP and SSH honeypots in separate goroutines. It logs activities into Logs/monitor.log.
- Implement proper restricted shell
- Implement asyncssh for maintaining multiple ssh instances
- Use HTTPS Properly
- Implement reCAPTCHA to make it look more legitimate
- Database Integration
- Dockerization
- Feel free to report any bugs
Contributions are appreciated ❤️
