UHH-ISS / honeygrove

A multi-purpose, modular medium-interaction honeypot based on Twisted.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Honeygrove

Honeygrove is a modular honeypot based on Python that builds upon Broker and the Twisted Framework.

System Requirements

Honeygrove currently requires Python 3.5+ and was tested on Ubuntu 16.4, Debian 9.1 and ArchLinux. However it should work on other distributions that provide a compatible Python distribution. If the broker communication library is not available, the honeypot itself can be used without it. Currently there is no possibility to communicate with the management-console or the monitoring stack without Broker. If Honeygrove is configured to use the Siemens S7 protocol, the Snap7 library needs to be installed on the system.

Quickstart Guide

  • Clone the repository or download and unzip it
  • Optional: Setup a virtualenv to contain the required dependencies
    $ python3 -m venv .venv
    $ source .venv/bin/activate
  • Install the required python dependencies
    $ pip3 install --upgrade -r requirements.txt
  • Optional: Install broker and the python bindings to communicate with a CIM
  • Optional: Install Snap7 to make use of the Siemens S7 protocol
  • Create the honeygrove main directory and some required subdirectories
    $ mkdir -p /var/honeygrove/{logs,resources/{quarantine,honeytoken_files}}
  • Copy the provided example resources to the main directory
    $ cp -a resources /var/honeygrove
  • Edit the configuration file to fit your needs
    $ $EDITOR honeygrove/config.py
  • Start honeygrove and verify everything works as expected
    $ sudo python3 -m honeygrove

For further information see our wiki (currently only the user guide for honeygrove is available in english).

Related Projects

Honeygrove is intended to be used with a Cyber Incident Monitor (CIM) (honeygrove-cim) and can additionally be controlled through a management console (honeygrove-console) that communicates with honeygrove via broker.

License

Honeygrove is licensed under the MIT license. See LICENSE for more details.

About

A multi-purpose, modular medium-interaction honeypot based on Twisted.

License:MIT License


Languages

Language:HTML 82.1%Language:Python 17.8%Language:Dockerfile 0.0%