API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 6th, 2016
164
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.34 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # HonSSH configuration file (honssh.cfg)
  3. #
  4.  
  5. [devmode]
  6. enabled=true
  7.  
  8. #----------------------------------------------#
  9. # GENERAL SETUP #
  10. #----------------------------------------------#
  11.  
  12. #-----------------------#
  13. # HONEYPOT #
  14. #-----------------------#
  15. [honeypot]
  16.  
  17. # IP addresses to listen for incoming SSH connections.
  18. #
  19. # input: IP Address
  20. # required: YES
  21. ssh_addr = 192.168.100.215
  22.  
  23. # Port to listen for incoming SSH connections.
  24. #
  25. # input: Number
  26. # required: YES
  27. # default: 2222
  28. ssh_port = 2222
  29.  
  30. # IP addresses to send outgoing SSH connections.
  31. # 0.0.0.0 for all interfaces
  32. #
  33. # input: IP Address
  34. # required: YES
  35. client_addr = 0.0.0.0
  36.  
  37. # Public and private SSH key files.
  38. #
  39. # input: Text
  40. # required: YES
  41. # default: id_rsa.pub
  42. # default: id_rsa
  43. # default: id_dsa.pub
  44. # default: id_dsa
  45. public_key = id_rsa.pub
  46. private_key = id_rsa
  47. public_key_dsa = id_dsa.pub
  48. private_key_dsa = id_dsa
  49.  
  50. # SSH banner to send to clients
  51. # If not specified, HonSSH will try and obtain it by connecting to
  52. # honey_addr:honey_port
  53. #
  54. # input: text
  55. # required: No
  56. # default:
  57. ssh_banner = SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
  58.  
  59. # connection_timeout: connection timeout for pre and post auth handlers
  60. # required: YES
  61. # default: 10
  62. connection_timeout = 10
  63.  
  64. #-----------------------#
  65. # HONEYPOT STATIC #
  66. #-----------------------#
  67. [honeypot-static]
  68. # Documentation to come, stick with these options and ignore honeypot-* unless you know what you are doing or fancy a challenge
  69. enabled = false
  70.  
  71. # Should HonSSH use this plugin to get the honeypot details (before authentication)
  72. pre-auth = true
  73.  
  74. # Should HonSSH use this plugin to get the honeypot details (after authentication)
  75. post-auth = false
  76.  
  77. # This name will be used when logging to any of the output mechanisms.
  78. # Please ensure it is meaningful.
  79. #
  80. # input: Text
  81. # required: YES
  82. sensor_name = hon1
  83.  
  84. # IP addresses of the honeypot.
  85. #
  86. # input: IP Address
  87. # required: YES
  88. honey_ip = 172.17.0.6
  89.  
  90. # SSH port of the honeypot.
  91. #
  92. # input: Number
  93. # required: YES
  94. # default: 22
  95. honey_port = 22
  96.  
  97. #-----------------------#
  98. # HONEYPOT SCRIPT #
  99. #-----------------------#
  100. [honeypot-script]
  101. # Documentation to come
  102. enabled = false
  103.  
  104. # Should HonSSH use this plugin to get the honeypot details (before authentication)
  105. pre-auth = false
  106.  
  107. # Should HonSSH use this plugin to get the honeypot details (after authentication)
  108. post-auth = false
  109.  
  110. # ./script IP LOCALIP PORT LOCALPORT
  111. pre-auth-script =
  112.  
  113. # ./script IP LOCALIP PORT LOCALPORT USERNAME PASSWORD
  114. post-auth-script =
  115.  
  116. #-----------------------#
  117. # HONEYPOT DOCKER #
  118. #-----------------------#
  119. [honeypot-docker]
  120. # Documentation to come
  121. enabled = true
  122.  
  123. # Should HonSSH use this plugin to get the honeypot details (before authentication)
  124. pre-auth = true
  125.  
  126. # Should HonSSH use this plugin to get the honeypot details (after authentication)
  127. post-auth = true
  128.  
  129. # image: image id/name to use for honeypot container
  130. # required: if enabled = true
  131. image = rastasheep/ubuntu-sshd:14.04
  132.  
  133. # uri: socket to interact with container daemon
  134. # required: if enabled = true
  135. # default: unix://var/run/docker.sock
  136. uri = unix://var/run/docker.sock
  137.  
  138. # honey_hostname: the hostname for the container
  139. # required: if enabled = true
  140. hostname = lime
  141.  
  142. # launch_cmd: command to run when container is first launched
  143. # required: if enabled = true
  144. # default = service ssh start
  145. launch_cmd = service ssh start
  146.  
  147. # SSH port of the honeypot.
  148. #
  149. # input: Number
  150. # required: YES
  151. # default: 22
  152. honey_port = 22
  153.  
  154. # Pid limit of the honeypot (-1 for unlimited)
  155. #
  156. # input: Number
  157. # required: NO
  158. # default: -1
  159. pids_limit =
  160.  
  161. # Memory limit of the honeypot
  162. # Example: 1G
  163. #
  164. # required: NO
  165. mem_limit =
  166.  
  167. # Swap limit of the honeypot
  168. # Example: 1G
  169. #
  170. # required: NO
  171. memswap_limit =
  172.  
  173. # Shm size limit of the honeypot
  174. # Example: 1G
  175. #
  176. # required: NO
  177. shm_size =
  178.  
  179. # Microseconds of CPU time that the container can get in a CPU period of the honeypot
  180. #
  181. # input: Number
  182. # required: NO
  183. cpu_period =
  184.  
  185. # CPU shares (relative weight) of the honeypot
  186. # Example: Percentage * value of cat /sys/fs/cgroup/cpu/docker/cpu.shares
  187. #
  188. # required: NO
  189. cpu_shares =
  190.  
  191. # CPUs in which to allow execution of the honeypot
  192. # Example: 0-3, 0,1
  193. #
  194. # required: NO
  195. cpuset_cpus =
  196.  
  197. #-----------------------#
  198. # HONEYPOT RESTRICTIONS #
  199. #-----------------------#
  200. [hp-restrict]
  201.  
  202. # When enabled, HonSSH will restrict connections to password only and decline any public keys.
  203. # HonSSH will not work with public keys - this should always be true.
  204. #
  205. # input: true/false
  206. # required: YES
  207. # default: true
  208. disable_publicKey = true
  209.  
  210. # When enabled, HonSSH will block any attempts to start an X11 session.
  211. # You can allow X11 but HonSSH will not log the session.
  212. #
  213. # input: true/false
  214. # required: YES
  215. # default: true
  216. disable_x11 = true
  217.  
  218. # When enabled, HonSSH will block any attempts to start an SFTP session.
  219. # HonSSH will log SFTP traffic and capture downloaded files.
  220. #
  221. # input: true/false
  222. # required: YES
  223. # default: false
  224. disable_sftp = false
  225.  
  226. # When enabled, HonSSH will block any attempts to start an EXEC session.
  227. # HonSSH will log all EXEC sessions, including SCP transfers.
  228. #
  229. # input: true/false
  230. # required: YES
  231. # default: false
  232. disable_exec = true
  233.  
  234. # When enabled, HonSSH will block any attempts to start running port forwarding over SSH.
  235. # You can allow port forwarding but HonSSH will not log the session - Yet! (log to PCAP?)
  236. #
  237. # input: true/false
  238. # required: YES
  239. # default: true
  240. disable_port_forwarding = true
  241.  
  242. #-----------------------#
  243. # OUTPUT DIRECTORIES #
  244. #-----------------------#
  245. [folders]
  246.  
  247. # Directory where log files will be saved in.
  248. #
  249. # input: Text
  250. # required: YES
  251. # default: logs
  252. log_path = logs
  253.  
  254. # Directory where session files will be saved in.
  255. #
  256. # input: Text
  257. # required: YES
  258. # default: sessions
  259. session_path = sessions
  260.  
  261. #-----------------------#
  262. # ADVANCED NETWORKING #
  263. #-----------------------#
  264. [advNet]
  265.  
  266. # To enable this HonSSH must be ran as root or an account allowed to run
  267. # iptables and ip link/addr commands.
  268. #
  269. # With this disabled, the honeypot will always see connections coming from
  270. # honey_addr. With this enabled, connections will look as if the connections
  271. # are coming from the attacker.
  272. # See the Wiki page for more details.
  273. # https://github.com/tnich/honssh/wiki/Advanced-Networking
  274. #
  275. # input: true/false
  276. # required: YES
  277. # default: false
  278. enabled = true
  279.  
  280. #-----------------------#
  281. # LIVE INTERACTION #
  282. #-----------------------#
  283. [interact]
  284.  
  285. # Session management interface.
  286. #
  287. # This is a TCP based service that can be used to interact with active
  288. # sessions. Disabled by default.
  289. #
  290. # Use honsshInteraction.py to interact with this interface.
  291. #
  292. # input: true/false
  293. # required: YES
  294. # default: false
  295. enabled = false
  296.  
  297. # Interface to create the interaction on - 0.0.0.0 for all.
  298. #
  299. # input: IP Address
  300. # required: if interact_enabled = true
  301. # default: 127.0.0.1
  302. interface = 127.0.0.1
  303.  
  304. # Port to create the interaction on
  305. #
  306. # input: Number
  307. # required: if interact_enabled = true
  308. # default: 5123
  309. port = 5123
  310.  
  311. #-----------------------#
  312. # PASSWORD SPOOFING #
  313. #-----------------------#
  314. [spoof]
  315.  
  316. # Enabling this will allow HonSSH to spoof an incorrect password with the real password.
  317. # A list of users and passwords must be defined in the users.cfg file.
  318. #
  319. # Passwords to spoof can either be a fixed list or a random chance.
  320. #
  321. # See the Wiki page for more details.
  322. # https://github.com/tnich/honssh/wiki/Password-Spoofing
  323. #
  324. # input: true/false
  325. # required: YES
  326. # default: false
  327. enabled = true
  328.  
  329. # Location of the users.cfg file
  330. #
  331. # input: text
  332. # required: if enabled is true
  333. # default: users.cfg
  334. users_conf = users.cfg
  335.  
  336. #----------------------------------------------#
  337. # LOGGING AND OUTPUTS #
  338. #----------------------------------------------#
  339.  
  340. #-----------------------#
  341. # FILE DOWNLOADING #
  342. #-----------------------#
  343. [download]
  344.  
  345. # File Download
  346. #
  347. # HonSSH will attempt to download all scp and sftp files to a local store if this is true
  348. #
  349. # input: true/false
  350. # required: YES
  351. # default: false
  352. passive = true
  353.  
  354. # HonSSH wil attempt to download all wget files to a local store.
  355. #
  356. # I believe another tool should be used to passively capture all http(s) connections on all ports - maybe the next project?
  357. # Until then HonSSH will use a 'best effort' approach to capture files when the wget commands is detected.
  358. # It will not be able to capture commands such as:
  359. # url=www.test.url; wget $url
  360. #
  361. # input: true/false
  362. # required: YES
  363. # default: false
  364. active = true
  365.  
  366. #-----------------------#
  367. # TEXT LOGGING #
  368. #-----------------------#
  369. [output-txtlog]
  370.  
  371. # All activity will be logged to text files
  372. # A log of entry attempts will be kept in log_path/
  373. # A log of session activity will be kept in session_path/
  374. #
  375. # input: true/false
  376. # required: YES
  377. # default: true
  378. enabled = true
  379.  
  380. #-----------------------#
  381. # MYSQL LOGGING #
  382. #-----------------------#
  383. [output-mysql]
  384.  
  385. # All activity will be logged to a MYSQL Database
  386. # Database structure for this module is supplied in utils/honssh.sql
  387. #
  388. # input: true/false
  389. # required: yes
  390. # default: false
  391. enabled = true
  392.  
  393. # IP address of the database
  394. #
  395. # input: IP Address
  396. # required: if enabled = true
  397. # default: localhost
  398. host = localhost
  399.  
  400. # Port to connect to the database on
  401. #
  402. # input: Number
  403. # required: NO
  404. # default: 3306
  405. port = 3306
  406.  
  407. # Name of the database
  408. #
  409. # input: Text
  410. # required: if enabled = true
  411. database = cowrie
  412.  
  413. # Username to authenticate with the database
  414. #
  415. # input: Text
  416. # required: if enabled = true
  417. username = cowrie
  418.  
  419. # Password to authenticate with the database
  420. #
  421. # input: Text
  422. # required: if enabled = true
  423. password = cowrie
  424.  
  425. #-----------------------#
  426. # EMAIL LOGGING #
  427. #-----------------------#
  428. [output-email]
  429.  
  430. # Enable email output plugin
  431. #
  432. # dependency: txtlog MUST be enabled
  433. # input: true/false
  434. # required: YES
  435. # default: false
  436. enabled = false
  437.  
  438. # Send an email upon hacker connect
  439. #
  440. # dependency: txtlog MUST be enabled
  441. # input: true/false
  442. # required: YES
  443. # default: false
  444. login = false
  445.  
  446. # Send an email upon hacker disconnect - Will attach the tty log file
  447. #
  448. # dependency: txtlog MUST be enabled
  449. # input: true/false
  450. # required: YES
  451. # default: false
  452. attack = false
  453.  
  454. # Your SMTP Host
  455. #
  456. # input: Text
  457. # required: if login or attack = true
  458. host =
  459.  
  460. # Your SMTP Port
  461. #
  462. # input: Number
  463. # required: if login or attack = true
  464. port =
  465.  
  466. # Use SSL/TLS to connect to the SMTP provider?
  467. #
  468. # input: true/false
  469. # required: if login or attack = true
  470. # default: true
  471. use_tls = true
  472.  
  473. # Does your SMTP provider require a login?
  474. #
  475. # input: true/false
  476. # required: if login or attack = true
  477. # default: true
  478. use_smtpauth = true
  479.  
  480. # Your SMTP login username
  481. #
  482. # input: Text
  483. # required: if use_smtpauth = true
  484. username =
  485.  
  486. # Your SMTP login password
  487. #
  488. # input: Text
  489. # required: if use_smtpauth = true
  490. password =
  491.  
  492. # The address the email is sent from
  493. #
  494. # input: Email Address
  495. # required: if login or attack = true
  496. from =
  497.  
  498. # The address(es) the email is sent to
  499. #
  500. # input: Email Addresses in a comma seperated list spaces without
  501. # required: if login or attack = true
  502. to =
  503.  
  504. #-----------------------#
  505. # HP FEEDS #
  506. #-----------------------#
  507. [output-hpfeeds]
  508.  
  509. # All activity will be logged to a hpfeeds broker for dissemination
  510. # between the honeypot community.
  511. # Authentication attempts will be logged to honssh.auth
  512. # Sessions will be logged to honssh.sessions
  513. #
  514. # input: true/false
  515. # required: yes
  516. # default: false
  517. enabled = false
  518.  
  519. # The server address of the hpfeeds broker
  520. #
  521. # input: Text
  522. # required: if enabled = true
  523. server =
  524.  
  525. # The server port of the hpfeeds broker
  526. #
  527. # input: Number
  528. # required: if enabled = true
  529. port =
  530.  
  531. # Your hpfeed authe key identifier
  532. #
  533. # input: Text
  534. # required: if enabled = true
  535. identifier =
  536.  
  537. # Your hpfeed authe key secret
  538. #
  539. # input: Text
  540. # required: if enabled = true
  541. secret =
  542.  
  543. #-----------------------#
  544. # APPLICATION HOOKS #
  545. #-----------------------#
  546. [output-app_hooks]
  547.  
  548. # Enable app_hooks output plugin
  549. #
  550. # input: true/false
  551. # required: YES
  552. # default: false
  553. enabled = false
  554.  
  555. # If you want any other application hooks or arguments passing, raise an issue
  556. # on the HonSSH code page.
  557.  
  558. # Calls the script when a connection is made with the following arguments
  559. # ./script CONNECTION_MADE DATETIME IP PORT HONEYIP HONEYPORT SESSION_ID
  560. #
  561. # input: path of script to run
  562. # required: NO
  563. connection_made =
  564.  
  565. # Calls the script when a connection is lost with the following arguments
  566. # ./script CONNECTION_LOST DATETIME IP PORT HONEYIP HONEYPORT SESSION_ID
  567. #
  568. # input: path of script to run
  569. # required: NO
  570. connection_lost =
  571.  
  572. # Calls the script when a login is successful with the following arguments
  573. # ./script LOGIN_SUCCESSFUL DATETIME IP USERNAME PASSWORD
  574. #
  575. # input: path of script to run
  576. # required: NO
  577. login_successful =
  578.  
  579. # Calls the script when a login has failed with the following arguments
  580. # ./script LOGIN_FAILED DATETIME IP USERNAME PASSWORD
  581. #
  582. # input: path of script to run
  583. # required: NO
  584. login_failed =
  585.  
  586. # Calls the script when a channel is opened with the following arguments
  587. # ./script CHANNEL_OPENED DATETIME NAME CHANNEL_ID
  588. #
  589. # input: path of script to run
  590. # required: NO
  591. channel_opened =
  592.  
  593. # Calls the script when a channel is closed with the following arguments
  594. # ./script CHANNEL_CLOSED DATETIME NAME CHANNEL_ID
  595. #
  596. # input: path of script to run
  597. # required: NO
  598. channel_closed =
  599.  
  600. # Calls the script when a command is entered with the following arguments
  601. # ./script COMMAND_ENTERED DATETIME CHANNEL_ID COMMAND
  602. #
  603. # input: path of script to run
  604. # required: NO
  605. command_entered =
  606.  
  607. # Calls the script when a file download is started with the following arguments
  608. # ./script DOWNLOAD_STARTED DATETIME CHANNEL_ID LINK FILE_PATH
  609. #
  610. # input: path of script to run
  611. # required: NO
  612. download_started =
  613.  
  614. # Calls the script when a file download is finished with the following arguments
  615. # ./script DOWNLOAD_FININSHED DATETIME CHANNEL_ID LINK FILE_PATH
  616. #
  617. # input: path of script to run
  618. # required: NO
  619. download_finished =
  620.  
  621. #-----------------------#
  622. # PACKET LOGGING #
  623. #-----------------------#
  624. [packet_logging]
  625.  
  626. # Set to true to enable plugins to use the packet_logged function
  627. #
  628. # input: true/false
  629. # required: YES
  630. # default: false
  631. enabled = false
  632.  
  633. [output-packets]
  634.  
  635. # Log all SSH Packets to text file (.log-adv)
  636. #
  637. # dependency: packet_logging MUST be enabled
  638. # input: true/false
  639. # required: YES
  640. # default: false
  641. enabled = false
  642.  
  643. #-----------------------#
  644. # SLACK #
  645. #-----------------------#
  646. [output-slack]
  647.  
  648. # Set to true to enable outputting to a Slack channel
  649. #
  650. # input: true/false
  651. # required: YES
  652. # default: false
  653. enabled = false
  654.  
  655. # The webhook URL for Slack
  656. #
  657. # input: Text
  658. # required: if enabled = true
  659. webhook-url =
  660.  
  661. #-----------------------#
  662. # CONTRIBUTE #
  663. #-----------------------#
  664. [output-contribute]
  665.  
  666. # I created this project because I like watching what people do on honeypots.
  667. # This plugin simply posts the data from each session to me (no private information, just data generated by HonSSH).
  668. # Feel free to turn it off.
  669. #
  670. # input: true/false
  671. # required: YES
  672. # default: true
  673. enabled = false
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!