opencanary
tpotce
opencanary | tpotce | |
---|---|---|
16 | 31 | |
2,004 | 5,896 | |
1.2% | 1.7% | |
7.1 | 8.9 | |
8 days ago | 9 days ago | |
Python | C | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
opencanary
- OpenCanary
- What security and monitoring measures do you have in place for your servers?
-
How to make honeypots.
Thinkst has an open source version of their commercial product called opencanary that is popular and that I also personally vouch for.
-
How to test my security?
Totally forgot to include the link. https://github.com/thinkst/opencanary
-
Suggestions for Canary token alternative
At the start its worth noting, that if you deploy Canaries (our paid version of the free version we build at opencanary.org) you get the fidelity of alert you want. ie. you get to run a fake fileshare with files you want on it. Anytime the file is opened, you get a notification (since you effectively are the host offering the file).
-
Does anyone have OpenCanary working in a docker container?
Have you tried the Dockerfiles and compose from this repo https://github.com/thinkst/opencanary ?
-
Selfhosted intrusion detection systems
I setup open canary. Not exactly the same thing obviously but it was pretty easy to setup and confirm working. I hope anyone that gains access tries to connect to it and gives me a notification via email. No guarantees obviously and I'm not an expert so open to feedback how people think about these things.
-
Canary Honeypot (Updated 2022)
Opencanary Get out https://github.com/thinkst/opencanary for details on this. Run the following for download and installation: sudo apt-get update && sudo apt-get upgrade -y sudo apt install git -y sudo apt-get install build-essential libssl-dev libffi-dev python-dev -y sudo apt-get install python3-pip -y git clone https://github.com/thinkst/opencanary cd opencanary sudo python3 setup.py install Now generate a config file. opencanaryd --copyconfig Now edit the new conf file: vim .opencanary.conf Make sure to keep proper JSON formatting or the OpenCanary service won't start. I used jq to validate that the JSON file is good to go! If there are issues it will help you quickly identify them. If you need more information around using or installing jq please visit https://stedolan.github.io/jq/download/ { "device.node_id": "opencanary-1", "ip.ignorelist": [ ], "git.enabled": false, "git.port" : 9418, "ftp.enabled": true, "ftp.port": 21, "ftp.banner": "FTP server ready", "http.banner": "Apache/2.2.22 (Ubuntu)", "http.enabled": false, "http.port": 80, "http.skin": "nasLogin", "http.skin.list": [ { "desc": "Plain HTML Login", "name": "basicLogin" }, { "desc": "Synology NAS Login", "name": "nasLogin" } ], "httpproxy.enabled" : false, "httpproxy.port": 8080, "httpproxy.skin": "squid", "httproxy.skin.list": [ { "desc": "Squid", "name": "squid" }, { "desc": "Microsoft ISA Server Web Proxy", "name": "ms-isa" } ], "logger": { "class": "PyLogger", "kwargs": { "formatters": { "plain": { "format": "%(message)s" }, "syslog_rfc": { "format": "opencanaryd[%(process)-5s:%(thread)d]: %(name)s %(levelname)-5s %(message)s" } }, "handlers": { "console": { "class": "logging.StreamHandler", "stream": "ext://sys.stdout" }, "file": { "class": "logging.FileHandler", "filename": "/var/tmp/opencanary.log" }, "syslog-unix": { "class": "logging.handlers.SysLogHandler", "formatter":"syslog_rfc", "address": [ "localhost", 514 ], "socktype": "ext://socket.SOCK_DGRAM" }, "json-tcp": { "class": "opencanary.logger.SocketJSONHandler", "host": "127.0.0.1", "port": 1514 }, "SMTP": { "class": "logging.handlers.SMTPHandler", "mailhost": ["smtp.yourserver.com", 25], "fromaddr": "[email protected]", "toaddrs" : ["[email protected]"], "subject" : "OpenCanary Alert", "credentials" : ["youraddress", "SecureStrongpass"], "secure" : [] }, "slack":{ "class":"opencanary.logger.SlackHandler", "webhook_url":"https://hooks.slack.com/services/..." }, "teams": { "class": "opencanary.logger.TeamsHandler", "webhook_url":"https://my-organisation.webhook.office.com/webhookb2/..." } } } }, "portscan.enabled": false, "portscan.logfile":"/var/log/kern.log", "portscan.synrate": 5, "portscan.nmaposrate": 5, "portscan.lorate": 3, "smb.auditfile": "/var/log/samba-audit.log", "smb.enabled": false, "mysql.enabled": false, "mysql.port": 3306, "mysql.banner": "5.5.43-0ubuntu0.14.04.1", "ssh.enabled": false, "ssh.port": 22, "ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4", "redis.enabled": false, "redis.port": 6379, "rdp.enabled": false, "rdp.port": 3389, "sip.enabled": false, "sip.port": 5060, "snmp.enabled": false, "snmp.port": 161, "ntp.enabled": false, "ntp.port": "123", "tftp.enabled": false, "tftp.port": 69, "tcpbanner.maxnum":10, "tcpbanner.enabled": false, "tcpbanner_1.enabled": false, "tcpbanner_1.port": 8001, "tcpbanner_1.datareceivedbanner": "", "tcpbanner_1.initbanner": "", "tcpbanner_1.alertstring.enabled": false, "tcpbanner_1.alertstring": "", "tcpbanner_1.keep_alive.enabled": false, "tcpbanner_1.keep_alive_secret": "", "tcpbanner_1.keep_alive_probes": 11, "tcpbanner_1.keep_alive_interval":300, "tcpbanner_1.keep_alive_idle": 300, "telnet.enabled": false, "telnet.port": "23", "telnet.banner": "", "telnet.honeycreds": [ { "username": "admin", "password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA" }, { "username": "admin", "password": "admin1" } ], "mssql.enabled": false, "mssql.version": "2012", "mssql.port":1433, "vnc.enabled": false, "vnc.port":5000 } $ . env/bin/activate $ opencanaryd --start If everything worked you should have some emails or slack messages alerting you to the startup of the services. Over time, depending on what you enabled, you will receive alerts for port scans, or other attempts. Please visit this document which covers in more detail OpenCanary, https://buildmedia.readthedocs.org/media/pdf/opencanary/latest/opencanary.pdf Slack channel for Opencanary Alerts, set up incoming webhooks. https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack
-
Never Change Your Password
Here's a good and free tip: A unique password breached can be turned around to better know your enemy. Set-up a canary honeypot and monitor your environment for it:
See https://github.com/thinkst/opencanary
- Honeypot on pi
tpotce
-
Honeypot in a home lab
Have a look at tpot created by Deutsche Telekom. https://github.com/telekom-security/tpotce
-
Securely running a honeypot server in a homelab (VLAN, Switch, proxmox, etc)
After installing proxmox, I created a VM on it containing t-pot, an (.iso) packaged group of containerized honeypots with a compelling aggregation of logs, attack attempts, a heatmap showing attack/scan locations, ips, and numerous other criteria logged and viewable in pretty elasticsearch dashboards.
-
Update for your NginxProxyManager Logs Dashboard: npmGrafStats v2.2
The Data for https://www.sicherheitstacho.eu/start/main comes from their Honeypot Software https://github.com/telekom-security/tpotce
-
What project ideas are there for a cybersecurity homelab?
As for blue team, there is tpotce which is a fully integrated Linux distro that deploys multiple honeypot containers and connects them back up into Elastic Search, but you'd need a device with 8GB+ RAM facing the internet unrestricted in a DMZ or something similar - https://github.com/telekom-security/tpotce
-
Unorthodox Things to Self Host?
T-Pot - The All In One Honeypot Platform - T-Pot
-
Docker in Cyber Security
I use it to run Splunk at home for testing. You can also run honeypots or use TPot.
- How to make honeypots.
-
Does anyone have OpenCanary working in a docker container?
Check this https://github.com/telekom-security/tpotce
- Release T-Pot 22.04.0 ยท telekom-security/tpotce
-
Flashy Network Monitoring Product?
If you want a live threat map/Honeypot and get a feel for what's attacking your network while also looking amazing, set up the T-pot - https://github.com/telekom-security/tpotce
What are some alternatives?
VmwareHardenedLoader - Vmware Hardened VM detection mitigation loader (anti anti-vm)
cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
endlessh - SSH tarpit that slowly sends an endless banner
tpotce - ๐ฏ T-Pot - The All In One Honeypot Platform ๐ [Moved to: https://github.com/telekom-security/tpotce]
mhn - Modern Honey Network
pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
cyberchef-recipes - A list of cyber-chef recipes and curated links
pfSense - Main repository for pfSense
Stirling-PDF - #1 Locally hosted web application that allows you to perform various operations on PDF files
ISO-27001-2013-information-technology-security - :closed_lock_with_key: Probably the most boring-but-necessary repo on GitHub. If you care about the security/privacy of your data...! :white_check_mark:
awesome-honeypots - an awesome list of honeypot resources