chameleon: Customizable honeypots for monitoring network traffic, bots activities

chameleon

Customizable honeypots for monitoring network traffic, bots activities, and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET and Postgres, and MySQL).

General Features

• Modular approach (honeypots run as scripts or imported as objects)
• Most honeypots serve as servers (Only a few that emulate the application layer protocols)
• Settings servers with username, password, and banner (Default username and password are test)
• ICMP, DNS TCP, and UDP payloads are parsed and check against common patterns
• Visualized Grafana interfaces for monitoring the results (Filter by IP – default is all)
• Unstructured and structured logs are parsed and inserted into Postgres
• All honeypots contain clients for testing the servers
• All ports are opened and monitored by default
• Easy automation and can be deployed on AWS ec2
• & More features to Explore

Current Servers/Emulators

• DNS (Server using Twisted)
• HTTP Proxy (Server using Twisted)
• HTTP (Server using Twisted)
• HTTPS (Server using Twisted)
• SSH (Server using socket)
• POP3 (Server using Twisted)
• IMAP (Server using Twisted)
• STMP (Server using smtpd)
• RDP (Server using Twisted)
• SMB (Server using impacket)
• SOCK5 (Server using socketserver)
• TELNET (Server using Twisted)
• VNC (Emulator using Twisted)
• Postgres (Emulator using Twisted)
• Redis (Emulator using Twisted)
• Mysql (Emulator using Twisted)
• Elasticsearch (Coming..)
• Oracle (Coming..)
• ldap (maybe)

Install & Use

Copyright (C) 2020 qeeqbox