cowrie
ssh-mitm
cowrie | ssh-mitm | |
---|---|---|
15 | 42 | |
4,910 | 1,225 | |
0.9% | 1.1% | |
9.3 | 8.9 | |
5 days ago | 10 days ago | |
Python | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cowrie
-
Brute.Fail Watch brute force attacks in real time
Thanks for the reference; after some link chasing I was able to end up on the project I believe you're thinking of: https://github.com/cowrie/cowrie#features (appears to be BSD-3-Clause: https://github.com/cowrie/cowrie/blob/master/LICENSE.rst )
- Openssh username and password
-
Potentially millions of Android TVs and phones come with malware preinstalled
Technically, yes, but it is quite difficult to perform a realistic emulation of an OS with shell facilities, as evidenced by all the system emulation on SSH honeypots e.g. cowrie[1].
[1] https://github.com/cowrie/cowrie/issues
-
I'd like to build a database of the login/password associated with failed ssh attempts to my server and am trying to research the legality of this
In EU Law as long as you don't post full names you should be fine. There are honeypots for this purpose ready to deploy btw! Check out Cowrie. Best SSH honeypot I encountered so far.
- Cowrie SSH/Telnet Honeypot
-
Server Hardening
Thanks for your opinion mate. I use Cowrie in connection with qemu aka my proxmox Here is the link 2 it: https://github.com/cowrie/cowrie
-
[OC] Last 48 hours of honeypot data showing successful logins and attack map
Source is from data collected using Cowrie Honeypot The tool for displaying the data is Splunk
-
Security research homelab, made with <3
It's currently a cowrie (https://github.com/cowrie/cowrie) with ssh and telnet. For my use case a low interaction in enough, maybe I'll code my own in the future.
-
Honeypot server
I set up one of these a while back: https://github.com/cowrie/cowrie
-
Geographical distribution of brute-force attacks on one of my servers during the first week of October – 88644 attempts from 739 sources.
Hey I’ve done some honeypot research if you’re wanting to explore that take a look at cowrie: https://github.com/cowrie/cowrie
ssh-mitm
-
Terrapin-Attack Style Vulnerability Likely Exploited for 2 Years
I wanted to share some insights into a security concern that echoes the Terrapin-Attack scenario, highlighting a similar vulnerability that has been observed in other tools.
Recently, I came across a Pull Request on GitHub for the SSH-MITM tool, which sheds light on a critical aspect of SSH protocol security, specifically regarding RFC 4253 during the KEXINIT process. The Pull Request, available at GitHub https://github.com/ssh-mitm/ssh-mitm/pull/163, describes the necessity of discarding certain packages during the KEXINIT phase to prevent issues with intercepted clients.
Moreover, a look into the GitHub Blame for SSH-MITM reveals that these crucial changes in the KEXINIT step were integrated into SSH-MITM about 1-2 years ago. You can see the specific changes at this link: https://github.com/ssh-mitm/ssh-mitm/blame/4fc3ef418847c35d17d0c427e2701b33a03c323c/sshmitm/workarounds/transport.py#L178-L188
An important note to add is that this information suggests that a similar form of attack, akin to the Terrapin-Attack, could potentially have been exploited for the last two years. This raises significant concerns about the historical vulnerability of systems to such attack techniques and emphasizes the importance of retroactive security analysis in addition to ongoing vigilance.
-
Terrapin Attack for prefix injection in SSH
There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165
-
Check if a publickey is known by GitHub or Gitlab without iterating all users
During some audits, it's likely that you find some ssh public keys laying around on some servers.
If you want to verify if this key is known by other services, but you don't have access to those services, this task might be hard.
SSH-MITM has an additional command, which allows to check if a public ssh key is known by GitHub, GitLab, and other code hosters. It's not limited to GitHub and other major platforms and even works with each service, which is accessible over SSH.
First you must install SSH-MITM. It's recommended to use the AppImage, because this works out of the box on most Linux machines.
$ wget https://github.com/ssh-mitm/ssh-mitm/releases/latest/download/ssh-mitm-x86_64.AppImage
-
Should SSH-MITM add a Codehoster user check as a default setting?
SSH-MITM is a tool to audit ssh sessions and protocols, which uses SSH as the transport protocol: https://github.com/ssh-mitm/ssh-mitm
-
Python API Documentation created with ChatGPT
you can find the project on github: https://github.com/ssh-mitm/ssh-mitm
- SSH-MitM has prebuilt windows executables
- SSH-MitM's new logo is a fish (OpenSSH's logo) on a hook
- SSH-MitM – Support for OpenSSH's Certificate Authority Planned
-
SSH-MITM - Support for OpenSSH's certificate authority planned
You should check the Revisionhistory of the Readme file first.. https://github.com/ssh-mitm/ssh-mitm/commit/564028af25c395528446fbb679c7392469d59bfd
-
SSH-MitM 2.0.0 – Licence change to GPLv3
The “customized wording” you’re seeing is “The LGPL”. It’s a different license from the GPL.
The history on the repo shows that the original license was GPL (June 2020), the author changed the license to LGPL (December 2022), and now they’re changing it to GPL again. https://github.com/ssh-mitm/ssh-mitm/commits/master/LICENSE
What are some alternatives?
tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
docker-sshd - Minimal Alpine Linux Docker image with sshd exposed and rsync installed
endlessh - SSH tarpit that slowly sends an endless banner
sftpretty - Provides multi-threaded routines and high level protocol abstractions for a pretty quick & simple file transfer experience. Drop in replacement for pysftp.
opencanary - Modular and decentralised honeypot
super-auto-pets - A tool to allow for viewing of arbitrary Super Auto Pets replays
MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
mitm - 👨🏼💻 A customizable man-in-the-middle TCP intercepting proxy.
django-honeypot - 🍯 Generic honeypot utilities for use in django projects.
openssh-portable - Portable OpenSSH
docker-ssh-honey - SSH Honey pot for docker
BDFProxy - Patch Binaries via MITM: BackdoorFactory + mitmProxy.