snare: Super Next generation Advanced Reactive honEypot

SNARE

Super Next-generation Advanced Reactive honEypot

It is a web application honeypot sensor attracting all sort of maliciousness from the Internet.

snare

Getting started

  • You need a Python3. We tested primarily with >=3.4
  • This was tested with a recent Ubuntu based Linux.

Steps to setup

  1. Clone the repo:
    git clone https://github.com/mushorg/snare.git && cd snare
  2. Install requirements:
    pip3 install -r requirements.txt
  3. Setup:
    sudo python3 setup.py install
  4. Clone a page:
    sudo clone –target http://example.com
  5. Run:
    sudo snare --port 8080 --page-dir example.com
  6. Test: Visit http://localhost:8080/index.html
  7. (Optionally) Have your own tanner service running.

[Note: Cloner clones the whole website, to restrict to a desired depth of cloning add –max-depth parameter]

You obviously want to bind to 0.0.0.0 and port 80 when running in production.

Use

The command line parameters

snare [–page-dir folder ] [–list-pages] [–host-ip] [–index-page filename] [–portport] [–interface ip_addr] [–debug ] [–tanner tanner_ip*] [–skip-check-version] [–slurp-enabled] [–slurp-host host_ip] [–slurp-auth] [–configfilename] [–auto-update] [–update-timeout timeout]

 

Description

  • page–dir – name of the folder to be served
  • list–pages – list available pages
  • host–ip – host ip to bind to, default: localhost
  • index–page – file name of the index page, default: index.html
  • port – port to listen on, default: 8080
  • interface – interface to bind to
  • debug – run web server in debug mode, default: False
  • tanner – ip of the tanner service, default: tanner.mushmush.org
  • skip–check-version – skip check for update
  • slurp–enabled – enable nsq logging
  • slurp–host – nsq logging host, default: slurp.mushmush.org
  • slurp–auth – nsq logging auth, default: slurp
  • config – snare config file, default: snare.cfg
  • auto–update – auto update SNARE if new version available, default: True
  • update–timeout – update SNARE every timeout (possible labels are: D – day, H– hours, M – minutes), default: 24H
  • server–header – set server header, default: nginx

Tutorial

Demo

Copyright (C) ©2016, mushorg

Share