performant & low interaction honeypot solution
Wiki | Releases | Contributing
- Table of Contents
- β¨ About The Project
- πΉοΈ Getting Started
- π« Usage
- π Roadmap
- π Contributing
- License
- Contact
This project strives to provide a highly configurable, low interaction honeypot and a system to handle multi-node deployments.
The Replay honeypots are a security tool designed to monitor and collect useful network information from active deployments. This project began in 2019, and has been growing in multiple ways ever since. In August 2020, it was made open source! The most notable components of the system are the:
- Honeypots
- Management System
- Data Collection / Export Solution
- Frontend Analysis
- Replay Command Line Interface (CLI)
- Deployment Strategy
Currently, the project supports Docker and Bare Metal deployment options, although Docker is simpler for managing multiple devices and complex setups.
To expedite the analysis of honeypot logs, a web-based management frontend was created
with local authentication using Node.js, Passport.js, and Vue.js. The frontend
provides a way for users to do basic queries to the log database as well as be alerted
of potential attacks, problems, and/or configuration changes of deployed honeypots. The
user may also export data to an external Security Information and Event Management
System (SIEM) by utilizing the database's API.
Additionally, progress is being made on an automated deployment and configuration tool called the ReplayCLI. This is a command line tool that assists in the administration of honeypots. This tool assumes that the user has set up SSH keys to connect to the system on which they intend to deploy a honeypot. This tool is primarily used to deploy honeypots on bare-metal machines.
| Replay Honeypots | Replay Manager |
|---|---|
| TRIO | VueJS |
| Scapy | Tachyons |
| CouchDB | PassportJS |
To get a local copy up and running follow these guides
| Install | Development | Users |
|---|
Use this space to show useful examples of how a project can be used. Additional screenshots, code examples and demos work well in this space. You may also link to more resources.
For more examples, please refer to the Documentation
See the open issues and projects for a list of proposed features (and problems we are addressing).
First off, thank you for considering contributing to the Replay Honeypots. Contributions are what make the open source community such an amazing place to be. Any contributions you make are greatly appreciated.
There are many ways to help: documenting use cases, improving the various guides, finding bugs, adding to the roadmap with ideas and improvements, or, of course, writing code to enhance the system.
Development responsibilities
- Ensure cross-platform compatibility for every change that's accepted. ARM, Intel, Baremetal, Docker Containers, and Ubuntu Linux.
- Create issues for any major changes and enhancements that you wish to make. Be transparent and look for feedback.
- Run the test suites and
pre-commmitchecks (see the Development guide for more details) - Update guides and readme if changing anything important that is mentioned/explained
- Mention an issue number with your commits
At this point, you're ready to make your changes! Feel free to ask for help; everyone is a beginner at first πΈ
If a maintainer asks you to "rebase" your PR, they're saying that a lot of code has changed, and that you need to update your branch so it's easier to merge.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request and explain what is going on
Distributed under the GNU GPLv3 License. See LICENSE for more information.
Felix Ritscher Montilla - Felix.Ritscher@gmail.com
Seth Parrish - me@sethp.cc
Project Link: https://github.com/ReplayProject/ReplayHoneypots