Advanced Honeypot framework.

Honeytrap Gitter Go Report Card Build Status codecov Docker pulls

Honeytrap is an extensible and opensource system for running, monitoring and managing honeypots.

Features

  • Combine multiple services to one honeypot, eg a LAMP server
  • Honeytrap Agent will download the configuration from the Honeytrap Server
  • Use the Honeytrap Agent to redirect traffic out of the network to a seperate network
  • Deploy a large amount agents while having one Honeytrap Server, configuration will be downloaded automatically and logging centralized
  • Payload detection to determine which service should handle the request, one port can handle multiple protocols
  • Monitor lateral movement within your network with the Sensor listener. The sensor will complete the handshake (in case of tcp), and store the payload
  • Create high interaction honeypots using the LXC or remote hosts directors, traffic will be man-in-the-middle proxied, while information will be extracted
  • Extend honeytrap with existing honeypots (like cowrie or glutton), while using the logging and listening framework of Honeytrap
  • Advanced logging system with filtering and logging to Elasticsearch, Kafka, Splunk, Raven, File or Console
  • Services are easily extensible and will extract as much information as possible
  • Low- to high interaction Honeypots, where connections will be upgraded seamless to high interaction

To start using Honeytrap

See our documentation on docs.honeytrap.io.

Community

Join the honeytrap-users mailing list to discuss all things Honeytrap.

Creators

DutchSec’s mission is to safeguard the evolution of technology and therewith humanity. By delivering groundbreaking and solid, yet affordable security solutions we make sure no people, companies or institutes are harmed while using technology. We aim to make cyber security available for everyone.

Our team consists of boundary pushing cyber crime experts, grey hat hackers and developers specialized in big data, machine learning, data- and context driven security. By building open source and custom-made security tooling we protect and defend data, both offensively and proactively.

We work on the front line of security development and explore undiscovered grounds to fulfill our social (and corporate) responsibility. We are driven by the power of shared knowledge and constant learning, and hope to instigate critical thinking in all who use technology in order to increase worldwide safety. We therefore stimulate an open culture, without competition or rivalry, for our own team, as well as our clients. Security is what we do, safety is what you get.

Copyright and license

Code and documentation copyright 2016-2019 DutchSec B.V..

Code released under Apache License, Version 2.0.

Owner
Honeytrap
Honeytrap
https://github.com/honeytrap/honeytrap https://docs.honeytrap.io/
Comments
  • Fixing JA3 Fingerprint

    Fixing JA3 Fingerprint

    As documented in section 6 (https://datatracker.ietf.org/doc/html/rfc8701) , the GREASE values also apply to "TLS Cipher Suites" and due to the fact we are filtering out GREASE values when creating JA3 fingerprints these values should be skipped when generating them.

  • build(deps): bump github.com/gorilla/websocket from 1.2.0 to 1.4.1

    build(deps): bump github.com/gorilla/websocket from 1.2.0 to 1.4.1

    Bumps github.com/gorilla/websocket from 1.2.0 to 1.4.1.

    Release notes

    Sourced from github.com/gorilla/websocket's releases.

    v1.4.1

    Notable Changes

    ⚠️ This release fixes a potential denial-of-service (DoS) vector in gorilla/websocket, and we recommend that all users upgrade to this version (v1.4.1) or later

    The vulnerability could allow an attacker to consume excessive amounts of memory on the server by bypassing read limits, and potentially cause the server to go out-of-memory (OOM).

    See the published security advisory for more details.

    Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

    CHANGELOG

    c3e18be Create release-drafter.yml (#538) 5b740c2 Read Limit Fix (#537) 7e9819d fix typos (#532) ae1634f Create CircleCI config.yml (#519) 80c2d40 fix autobahn test suite link (#503) 6a67f44 remove redundant err!=nil check in conn.go Close method (#505) 0ec3d1b Fix typo 856ca61 Add buffer commentary 7c8e298 Add support for go-module 8ab6030 Add JoinMessages 95ba29e Updated autobahn test suite URL 483fb8d Add "in bytes" to sizes in documentation 76e4896 Fix formatting problem in the docs. (#435) a51a35a Improve header parsing code 3130e8d Return write buffer to pool on write error (#427) cdd40f5 Add comprehensive host test (#429)

    v1.4.0

    Note: This release drops support for Go versions prior to v1.7.

    This release adds a new DialContext function, which supports cancellation via the context.Context.

    CHANGELOG:

    66b9c49 Move context to first parameter in DialContext a9dd6e8 miscellaneous cleanup ceae452 Add context in the Dialer b378cae Add write buffer pooling 5fb9417 drop Go versions prior to 1.7 in CI

    v1.3.0

    Note: This will be the last release that supports Go 1.6 and earlier. Go 1.6 was released in February 2016. Features may be backported upon request, but we recommend users build their applications with the latest versions of Go wherever possible.

    CHANGELOG

    3ff3320 Improve server subprotocol documentation

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • can't test https connections

    can't test https connections

    Deployed docker honeytrap playground version Need to use http and https services http is working fine but https is disconnecting: client error: $ curl -k https://10.9.121.15:443/index.html curl: (52) Empty reply from server server/honeytrap container error: 14:40:12.033 honeytrap/server ▶ DEBU 1d8 Accepted connection for 10.9.103.17:44322 => 172.18.0.4:443 14:40:12.033 honeytrap/server ▶ DEBU 1d9 Handling connection for 10.9.103.17:44322 => 172.18.0.4:443 https(https) 14:40:12.206 honeytrap/server ▶ DEBU 1da Disconnected connection for 10.9.103.17:44322 => 172.18.0.4:443 %!s(<nil>) > %!s(<nil>) > date=2022-05-16 14:40:12.20624518 +0000 UTC m=+9176.628632464, destination-ip=172.18.0.4, destination-port=443, message=runtime error: invalid memory address or nil pointer dereference, source-ip=10.9.103.17, source-port=44322, stacktrace=goroutine 228 [running]:\x0aruntime/debug.Stack(0xc001046ca0, 0xd56940, 0xc007748478)\x0a\x09/usr/local/go/src/runtime/debug/stack.go:24 +0x9f\x0agithub.com/honeytrap/honeytrap/event.Stack.func1(0xc00103af00)\x0a\x09/src/honeytrap/event/event.go:267 +0x26\x0agithub.com/honeytrap/honeytrap/event.New(0xc00008d8a0, 0x5, 0x5, 0x1)\x0a\x09/src/honeytrap/event/map.go:53 +0xeb\x0agithub.com/honeytrap/honeytrap/server.(*Honeytrap).handle.func2(0xc00006cf60, 0x100f2f8, 0xc00640a010)\x0a\x09/src/honeytrap/server/honeytrap.go:692 +0x211\x0apanic(0xda12a0, 0x15342f0)\x0a\x09/usr/local/go/src/runtime/panic.go:965 +0x1b9\x0agithub.com/honeytrap/honeytrap/services.(*httpService).Handle(0xc0005fa1e0, 0x1004130, 0xc000038030, 0x100eed8, 0xc00103a9f0, 0x0, 0x0)\x0a\x09/src/honeytrap/services/http.go:138 +0x7bd\x0agithub.com/honeytrap/honeytrap/services.(*httpsService).Handle(0xc0005fa1e0, 0x1004130, 0xc000038030, 0x100f090, 0xc0065d00c0, 0x4, 0x4)\x0a\x09/src/honeytrap/services/https.go:161 +0x2d5\x0agithub.com/honeytrap/honeytrap/server.(*Honeytrap).handle(0xc00006cf60, 0x100f2f8, 0xc00640a010)\x0a\x09/src/honeytrap/server/honeytrap.go:719 +0x5e6\x0acreated by github.com/honeytrap/honeytrap/server.(*Honeytrap).Run\x0a\x09/src/honeytrap/server/honeytrap.go:667 +0x2bca\x0a, token=ca120kuf87dg00dbj930, type=fatal

    We are expecting a https connection after SSL negotiation just like on http

    Test env is a centos VM with 4vpcu, 8GB memory for all the playground containers (kibana, elastic, honeytrap) No other system/resource errors

  • can't connect elasticsearch

    can't connect elasticsearch

    i can't send log to my elasticsearch v8.2,maybe is api update?

    following is error log: 15:30:36.246 honeytrap/server ▶ WARN 00a Unrecognized keys in configuration: [channel.elasticsearch.url channel.elasticsearch.username channel.elasticsearch.password channel.elasticsearch.sniff channel.elasticsearch.insecure]

    15:31:56.175 channels/elasticsearch ▶ ERRO 010 Error indexing: elastic: Error 400 (Bad Request): Action/metadata line [1] contains an unknown parameter [_type] [type=illegal_argument_exception]

  • Protocols Don't work

    Protocols Don't work

    Hello All, I have more than one issue maybe it's a basic questions but I am new to this community. 1- Whenever I use the SSH-Simulator Protocol and login to the SSH, any command wouldn't be supported so why is that or is it a specific commands just to decrease the danger of the attacks? 2- When I add a new protocol such as FTP or Telnet in config file and restart the honeytrap, when I use it that way (using: telnet <ip_address> , or ftp <ip_address>) , it doesn't appear in the log file so any ideas why is that happened ? (note: I use the same syntax in the documentation) And thanks in advance

Related tags
Web Frameworks security framework honeypot
Golanger Web Framework is a lightweight framework for writing web applications in Go.

/* Copyright 2013 Golanger.com. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except

Nov 14, 2022
The jin is a simplified version of the gin web framework that can help you quickly understand the core principles of a web framework.

jin About The jin is a simplified version of the gin web framework that can help you quickly understand the core principles of a web framework. If thi

Jul 14, 2022
laravel for golang,goal,fullstack framework,api framework
 laravel for golang,goal,fullstack framework,api framework

laravel for golang,goal,fullstack framework,api framework

Feb 24, 2022
Gin is a HTTP web framework written in Go (Golang).
Gin is a HTTP web framework written in Go (Golang).

Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.

Jan 3, 2023
An ideally refined web framework for Go.

Air An ideally refined web framework for Go. High-performance? Fastest? Almost all web frameworks are using these words to tell people that they are t

Dec 15, 2022
An opinionated productive web framework that helps scaling business easier.
 An opinionated productive web framework that helps scaling business easier.

appy An opinionated productive web framework that helps scaling business easier, i.e. focus on monolith first, only move to microservices with GRPC la

Nov 4, 2022
BANjO is a simple web framework written in Go (golang)

BANjO banjo it's a simple web framework for building simple web applications Install $ go get github.com/nsheremet/banjo Example Usage Simple Web App

Sep 27, 2022
beego is an open-source, high-performance web framework for the Go programming language.
 beego is an open-source, high-performance web framework for the Go programming language.

Beego Beego is used for rapid development of enterprise application in Go, including RESTful APIs, web apps and backend services. It is inspired by To

Jan 1, 2023
High performance, minimalist Go web framework
 High performance, minimalist Go web framework

Supported Go versions As of version 4.0.0, Echo is available as a Go module. Therefore a Go version capable of understanding /vN suffixed imports is r

Jan 2, 2023
⚡️ Express inspired web framework written in Go
 ⚡️ Express inspired web framework written in Go

Fiber is an Express inspired web framework built on top of Fasthttp, the fastest HTTP engine for Go. Designed to ease things up for fast development w

Jan 2, 2023
Go web framework with a natural feel

Fireball Overview Fireball is a package for Go web applications. The primary goal of this package is to make routing, response writing, and error hand

Nov 9, 2022
Flexible E-Commerce Framework on top of Flamingo. Used to build E-Commerce "Portals" and connect it with the help of individual Adapters to other services.

Flamingo Commerce With "Flamingo Commerce" you get your toolkit for building fast and flexible commerce experience applications. A demoshop using the

Dec 31, 2022
Gearbox :gear: is a web framework written in Go with a focus on high performance
 Gearbox :gear: is a web framework written in Go with a focus on high performance

gearbox ⚙️ is a web framework for building micro services written in Go with a focus on high performance. It's built on fasthttp which is up to 10x fa

Jan 3, 2023
A small and evil REST framework for Go

go-rest A small and evil REST framework for Go Reflection, Go structs, and JSON marshalling FTW! go get github.com/ungerik/go-rest import "github.com/

Dec 6, 2022
Goa is a web framework based on middleware, like koa.js.

Goa Goa is under construction, if you are familiar with koa or go and interested in this project, please join us. What is goa? goa = go + koa Just lik

Sep 27, 2022
Golax, a go implementation for the Lax framework.
 Golax, a go implementation for the Lax framework.

Golax is the official go implementation for the Lax framework. About Lax Getting started Routing example Performance How interceptor works Handling pa

Dec 7, 2022
:golf: The Golf web framework
 :golf: The Golf web framework

A fast, simple and lightweight micro-web framework for Go, comes with powerful features and has no dependencies other than the Go Standard Library. Ho

Dec 3, 2022
The web framework for writing faster sites, faster

Gondola The web framework for writing faster sites, faster. Written in Go. View documentation at http://gondolaweb.com. Unless indicated otherwise at

Nov 20, 2022
Lightweight web framework based on net/http.

Goweb Light weight web framework based on net/http. Includes routing middleware logging easy CORS (experimental) Goweb aims to rely only on the standa

Dec 21, 2022