awesome-honeypots
endlessh
awesome-honeypots | endlessh | |
---|---|---|
21 | 40 | |
8,056 | 6,883 | |
- | - | |
5.9 | 0.0 | |
about 1 month ago | 10 months ago | |
Python | C | |
Artistic License 2.0 | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-honeypots
- Building a Windows Honeypots?
- Covenant C2 - unrecognized connections
- Wordlists
-
I have 10 Linux VMs that I want to run a bash script on misconfiguring OS layer options. Comment your ideas! More info in post.
you're looking for a honeypot
-
How to make honeypots.
You may be interested in https://github.com/paralax/awesome-honeypots
- What is the best open source honeypot? [Need Experiences]
- Intentionally Vulnerable Website
-
Cybersecurity 101 — What is a Honeypot?
Also you might want to check these lists here and here for deploying some more honeypots.
-
Cybersecurity Repositories
Honeypots
-
Using honeypots data to create IOCs collection
Agreed with u/Sloky, if you want catch internal adversaries you may need a lot of tweaking. There are plenty of good lists out there such as this and this and this one
endlessh
-
Why so many bots?
You can reduce the noise a lot by moving ssh to a non standard port. Security through obscurity isn't actually security, but it will reduce the number of attempts you receive. Another thing I like to do is put Endlessh on the standard port 22. That way as bots go by they will get stuck or at least slow down on that connection.
-
Is SSH secure enough?
SSH tarpit with Endlessh and for the hidden SSH: auth with both a key files (that need unlocking and is on the computer) AND an One Time Password on my phone.
-
"Failed password for root" SSH login hacking attemp?
If you change the ssh port, install https://github.com/skeeto/endlessh to slow down the attackers
-
ChatGPT doxes itself
Even this requires you to successfully guess the username and password correctly, and if it's just not the default most people won't bother brute forcing further. Sidenote: you can use endlessh on a computer and port forward port 22 to trap scanners that scan the entire internet for open ssh ports to exploit.
-
Ssh brute force attack with fail2ban.
The fun way is moving your ssh port somewhere else and installing endlessh to f the bots.
-
Security for your Homeserver
Such as endlessh
-
Keep it tight everyone! This is a day of sshd logs from a proxy server in China pinging my SSH server and trying every username imaginable. Does anyone have any tips to increase security?
But, as a prank to Chinese hackers, what I did on my system was to run endless ssh. It keeps the ssh client busy as it slowly sends the ssh banner. I modified the code to send strings like:
-
VPN to remotely access dockerized services
For hardening: I use lynis for some guidance, the VPS runs rkhunter, AIDE and other things nightly and mails me the reports, fail2ban manages the SSH port, having SSH on a custom port helps to keep things quiet. If you're into these kind of things, have a look at the Endlessh tarpit to learn about login attempts on port 22 on your machine - I found it eye-opening.
- Any app out there to trap port scanners?
- Mein Server wird für Bruteforce Attacken genutzt, was kann ich tun?
What are some alternatives?
tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
opencanary - Modular and decentralised honeypot
Awesome-WAF - 🔥 Web-application firewalls (WAFs) from security standpoint.
sshesame - An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
hacker101 - Source code for Hacker101.com - a free online web and mobile security class.
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
minerstat-os - msOS - Open Source Mining OS. Repository moved, no longer using github
dvws-node - Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.
geoip-blocking-w-firewalld - Block unwanted countries IPv4 & IPv6 ranges with firewalld using ipdeny.com