Skip to content
/ Honeypot Public

A vulnerable honeypot setup using Flask and SSH to capture and analyze malicious activities. Includes real-time logging and monitoring to study attack patterns and exploit attempts

7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

whxitte/Honeypot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
templates
templates
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
monitor_honeypot.py
monitor_honeypot.py
 
 
requirements.txt
requirements.txt
 
 
run_honeypot.sh
run_honeypot.sh
 
 

Repository files navigation

Honeypot Project

"Buy Me A Coffee"

A simple honeypot implementation to capture and monitor malicious activity. This project uses Flask to create a vulnerable web application and sets up an SSH service for attackers to interact with. It includes logging and monitoring scripts to track and analyze the activity.

Project Ongoing...⌛

honeypotrun

Table of Contents

Features

  • Flask-based vulnerable web application
  • SSH service configured with weak credentials
  • Logging of commands executed via the web application
  • Real-time monitoring of honeypot logs
  • More features coming soon...⌛

  1. Pre Setup

    Create a new user on your system for making that account as the Honeypot.

    sudo useradd -m -s /bin/bash vulnerableuser # change vulnerable user to your desired username sudo passwd vulnerableuser # Set a weak password like 'password123 or admin or root'

Installation

  1. Clone the repository:

    git clone https://github.com/whxitte/Honeypot.git
cd Honeypot

  2. Create and activate a Python virtual environment:

    python -m venv honeypot-env
source honeypot-env/bin/activate  # For Windows use `honeypot-env\Scripts\activate`

  3. Install the required Python packages:

    pip install -r requirements.txt

  4. Install and configure SSH:

    sudo apt-get install openssh-server
sudo nano /etc/ssh/sshd_config

    Edit the SSH configuration file (/etc/ssh/sshd_config) to allow password authentication. Add or modify the following lines:

    PermitRootLogin yes
PasswordAuthentication yes
PermitEmptyPasswords yes  # Optional, but increases vulnerability

    Restart the SSH service:

    sudo systemctl restart ssh

Setup

  1. Run the Flask application and SSH service:

    sudo su
./run_honeypot.sh

  2. Monitor logs in real-time:

    >> tail -f /var/log/auth.log  # For SSH logs
or
>> sudo journalctl -u ssh -f (if above command for ssh not works)
or check ssh log in your system / monitor it live 

>> tail -f /var/log/honeypot.log  # For Flask app logs

Usage

  • Access the vulnerable web application at http://localhost

  • Use the /vulnerable endpoint to execute commands. For example:

    http://localhost/vulnerable?cmd=ls

  • The output of commands and any errors will be logged in /var/log/honeypot.log.

Monitoring

To monitor the honeypot activity, you can use the monitor_honeypot.py script:

```bash
python monitor_honeypot.py
```

This script will print new log entries in a formatted table in real-time.

Notes

  • Make sure to adjust permissions and configurations based on your security needs.
  • This setup is intentionally vulnerable for educational purposes and should not be used in a production environment.

About

A vulnerable honeypot setup using Flask and SSH to capture and analyze malicious activities. Includes real-time logging and monitoring to study attack patterns and exploit attempts

Topics

log-analysis monitoring honeypot firewall logging hacking ids web-security network-analysis hacking-tool network-security intrusion-detection-system monitoring-tool

Resources

Readme
Activity

Stars

7 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages