heralding v1.0.5 releases: Credentials catching honeypot


Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently, the following protocols are supported: ftp, telnet, ssh, http, https, pop3, pop3s, imap, imaps, and smtp.

You need Python 3.5.0 or higher.

Changelog v1.0.5

– Fixed asynssh issue (#111)


For step by step instructions on how to install and run heralding in a Python virtual environment using Ubuntu, see this guide. Otherwise, the basic installation instructions are below.

To install the latest stable (well, semi-stable) version, use pip:

pip install heralding

Make sure that requirements and pip are installed. A simple way to do this on a Debian-based OS is:

sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev
git clone https://github.com/johnnykv/heralding.git
cd heralding
sudo pip install -r requirements.txt

And finally start the honeypot:

mkdir tmp
cd tmp
sudo heralding

Starting the honeypot

$ sudo heralding
2017-05-14 21:55:55,948 (root) Initializing Heralding version 0.2.0
2017-05-14 21:55:55,968 (root) Using default config file: "/home/kajoj/heralding/bin/heralding/heralding.yml", if you want to customize values please copy this file to the current working directory
2017-05-14 21:55:55,998 (heralding.reporting.file_logger) File logger started, using file: heralding_activity.log
2017-05-14 21:55:55,999 (heralding.honeypot) Started Telnet capability listening on port 23
2017-05-14 21:55:55,999 (heralding.honeypot) Started Http capability listening on port 80
2017-05-14 21:55:55,999 (heralding.honeypot) Started Pop3 capability listening on port 110
2017-05-14 21:55:56,000 (heralding.honeypot) Started https capability listening on port 443
2017-05-14 21:55:56,000 (heralding.honeypot) Started Imap capability listening on port 143
2017-05-14 21:55:56,000 (heralding.honeypot) Started ftp capability listening on port 21
2017-05-14 21:55:56,000 (heralding.honeypot) Started Imaps capability listening on port 993
2017-05-14 21:55:56,001 (heralding.honeypot) Started Pop3S capability listening on port 995
2017-05-14 21:55:56,116 (heralding.honeypot) Started SSH capability listening on port 22
2017-05-14 21:55:56,117 (heralding.honeypot) Started smtp capability listening on port 25
2017-05-14 21:55:56,118 (root) Privileges dropped, running as nobody/nogroup.





Viewing the collected data

Copyright (C) 2016 johnnykv

Source: https://github.com/johnnykv