Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET and Postgres and MySQL)

• Modular approach (honeypots run as scripts or imported as objects)
• Most honeypots serve as servers (Only a few that emulate the application layer protocols)
• Settings servers with username, password and banner (Default username and password are test)
• ICMP, DNS TCP and UDP payloads are parsed and check against common patterns
• Visualized Grafana interfaces for monitoring the results (Filter by IP - default is all)
• Unstructured and structured logs are parsed and inserted into Postgres
• All honeypots contain clients for testing the servers
• All ports are opened and monitored by default
• Easy automation and can be deployed on AWS ec2
• & More features to Explore

git clone https://github.com/qeeqbox/chameleon.gitcd chameleon# choose which honeypot http, https, ssh etc and use -p in docker for the portsdocker build -t honeypot ./honeypot/. && docker run -p 9999:9999 -p 9998:9998 -it honeypot --mode normal --servers "ssh:9999 http:9998"

git clone https://github.com/qeeqbox/chameleon.gitcd chameleonchmod +x ./run.sh./run.sh auto_configure

The Grafana interface http://localhost:3000 will open automatically after finishing the initialization process (username is changeme457f6460cb287 and passowrd is changemed23b8cc6a20e0)

Wait for a few seconds until honeypot shows the IP address

...honeypot_1  | Your IP: 172.19.0.3honeypot_1  | Your MAC: 09:45:aa:23:10:03...

You can interact with the honeypot from your local system

ping 172.19.0.3or run any network tool against itnmap 172.19.0.3

git clone https://github.com/qeeqbox/chameleon.gitcd chameleonchmod +x ./run.sh./run.sh auto_test

The Grafana interface http://localhost:3000 will open automatically after finishing the initialization process (username is admin and passowrd is admin)

copy ssh_server.py to your folder

# ip= String E.g. 0.0.0.0# port= Int E.g. 9999# username= String E.g. Test# password= String E.g. Test# mocking= Boolean or String E.g OpenSSH 7.0# logs= String E.g db, terminal or all# --------------------------------------------------------------------# always remember to add process=true to run_server() for non-blockingfrom ssh_server import QSSHServerqsshserver = QSSHServer(port=9999)qsshserver.run_server(process=True)qsshserver.test_server(port=9999)qsshserver.kill_server()

ssh [email protected]

INFO:chameleonlogger:['servers', {'status': 'success', 'username': 'test', 'ip': '127.0.0.1', 'server': 'ssh_server', 'action': 'login', 'password': 'test', 'port': 38696}]

apt-get update -y && apt-get install -y iptables-persistent tcpdump nmap iputils-ping python python-pip python-psycopg2 lsof psmisc dnsutilspip install scapy netifaces pyftpdlib sqlalchemy pyyaml paramiko==2.7.1 impacket twisted rdpy==1.3.2 psutil requestspip install -U requests[socks]pip install -Iv rsa==4.0

• DNS (Server using Twisted)
• HTTP Proxy (Server using Twisted)
• HTTP (Server using Twisted)
• HTTPS (Server using Twisted)
• SSH (Server using socket)
• POP3 (Server using Twisted)
• IMAP (Server using Twisted)
• STMP (Server using smtpd)
• RDP (Server using Twisted)
• SMB (Server using impacket)
• SOCK5 (Server using socketserver)
• TELNET (Server using Twisted)
• VNC (Emulator using Twisted)
• Postgres (Emulator using Twisted)
• Redis (Emulator using Twisted)
• Mysql (Emulator using Twisted)
• Elasticsearch (Coming..)
• Oracle (Coming..)
• ldap (maybe)

• 2020.V.01.05 added mysql
• 2020.V.01.04 added redis
• 2020.V.01.03 switched ftp servers to twisted
• 2020.V.01.02 switched http and https servers to twisted
• 2020.V.01.02 Fixed changing ip in grafana interface

• Refactoring logging
• Fixing logger
• Code Cleanup
• Switching some servers to twisted
• Adding graceful connection close (error response)
• Implementing the rest of servers
• Adding some detection logic to the sinffer
• Adding a control panel

Twisted, documentation, Impacket, documentation, Grafana, documentation, Expert, Twisted, robertheaton

By using this framework, you are accepting the license terms of all these packages: grafana, tcpdump, nmap, psycopg, dnsutils, scapy, netifaces, pyftpdlib, sqlalchemy, pyyaml, paramiko, impacket, rdpy, psutil, requests, FreeRDP, SMBClient, tigervnc

redteaming.net my-infosec-awesome

• Do not deploy without proper configuration
• Setup some security group rules and remove default credentials
• Almost all servers and emulators are stripped-down - You can adjust that as needed
• Please let me know if i missed a resource or dependency