API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 30th, 2016
117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.34 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # HonSSH configuration file (honssh.cfg)
  3. #
  4.  
  5. #----------------------------------------------#
  6. # GENERAL SETUP #
  7. #----------------------------------------------#
  8.  
  9. #-----------------------#
  10. # HONEYPOT #
  11. #-----------------------#
  12. [honeypot]
  13.  
  14. # IP addresses to listen for incoming SSH connections.
  15. #
  16. # input: IP Address
  17. # required: YES
  18. ssh_addr = 95.85.57.242
  19.  
  20. # Port to listen for incoming SSH connections.
  21. #
  22. # input: Number
  23. # required: YES
  24. # default: 2222
  25. ssh_port = 22
  26.  
  27. # IP addresses to send outgoing SSH connections.
  28. # 0.0.0.0 for all interfaces
  29. #
  30. # input: IP Address
  31. # required: YES
  32. client_addr = 0.0.0.0
  33.  
  34. # Public and private SSH key files.
  35. #
  36. # input: Text
  37. # required: YES
  38. # default: id_rsa.pub
  39. # default: id_rsa
  40. # default: id_dsa.pub
  41. # default: id_dsa
  42. public_key = id_rsa.pub
  43. private_key = id_rsa
  44. public_key_dsa = id_dsa.pub
  45. private_key_dsa = id_dsa
  46.  
  47. # SSH banner to send to clients
  48. # If not specified, HonSSH will try and obtain it by connecting to
  49. # honey_addr:honey_port
  50. #
  51. # input: text
  52. # required: No
  53. # default:
  54. ssh_banner =
  55.  
  56. #-----------------------#
  57. # HONEYPOT STATIC #
  58. #-----------------------#
  59. [honeypot-static]
  60. # Documentation to come, stick with these options and ignore honeypot-* unless you know what you are doing or fancy a challenge
  61. enabled = false
  62.  
  63. # Should HonSSH use this plugin to get the honeypot details (before authentication)
  64. pre-auth = true
  65.  
  66. # Should HonSSH use this plugin to get the honeypot details (after authentication)
  67. post-auth = true
  68.  
  69. # This name will be used when logging to any of the output mechanisms.
  70. # Please ensure it is meaningful.
  71. #
  72. # input: Text
  73. # required: YES
  74. sensor_name =
  75.  
  76. # IP addresses of the honeypot.
  77. #
  78. # input: IP Address
  79. # required: YES
  80. honey_ip =
  81.  
  82. # SSH port of the honeypot.
  83. #
  84. # input: Number
  85. # required: YES
  86. # default: 22
  87. honey_port =
  88.  
  89. #-----------------------#
  90. # HONEYPOT SCRIPT #
  91. #-----------------------#
  92. [honeypot-script]
  93. # Documentation to come
  94. enabled = false
  95.  
  96. # Should HonSSH use this plugin to get the honeypot details (before authentication)
  97. pre-auth = false
  98.  
  99. # Should HonSSH use this plugin to get the honeypot details (after authentication)
  100. post-auth = false
  101.  
  102. # ./script IP LOCALIP PORT LOCALPORT
  103. pre-auth-script =
  104.  
  105. # ./script IP LOCALIP PORT LOCALPORT USERNAME PASSWORD
  106. post-auth-script =
  107.  
  108. #-----------------------#
  109. # HONEYPOT DOCKER #
  110. #-----------------------#
  111. [honeypot-docker]
  112. # Documentation to come
  113. enabled = true
  114.  
  115. # Should HonSSH use this plugin to get the honeypot details (before authentication)
  116. pre-auth = true
  117.  
  118. # Should HonSSH use this plugin to get the honeypot details (after authentication)
  119. post-auth = true
  120.  
  121. # image: image id/name to use for honeypot container
  122. # required: if enabled = true
  123. image = rastasheep/ubuntu-sshd:14.04
  124.  
  125. # uri: socket to interact with container daemon
  126. # required: if enabled = true
  127. # default: unix://var/run/docker.sock
  128. uri = unix://var/run/docker.sock
  129.  
  130. # honey_hostname: the hostname for the container
  131. # required: if enabled = true
  132. hostname = test-box
  133.  
  134. # launch_cmd: command to run when container is first launched
  135. # required: if enabled = true
  136. # default = service ssh start
  137. launch_cmd = echo hi
  138.  
  139. # SSH port of the honeypot.
  140. #
  141. # input: Number
  142. # required: YES
  143. # default: 22
  144. honey_port = 22
  145.  
  146. #-----------------------#
  147. # HONEYPOT RESTRICTIONS #
  148. #-----------------------#
  149. [hp-restrict]
  150.  
  151. # When enabled, HonSSH will restrict connections to password only and decline any public keys.
  152. # HonSSH will not work with public keys - this should always be true.
  153. #
  154. # input: true/false
  155. # required: YES
  156. # default: true
  157. disable_publicKey = true
  158.  
  159. # When enabled, HonSSH will block any attempts to start an X11 session.
  160. # You can allow X11 but HonSSH will not log the session.
  161. #
  162. # input: true/false
  163. # required: YES
  164. # default: true
  165. disable_x11 = true
  166.  
  167. # When enabled, HonSSH will block any attempts to start an SFTP session.
  168. # HonSSH will log SFTP traffic and capture downloaded files.
  169. #
  170. # input: true/false
  171. # required: YES
  172. # default: false
  173. disable_sftp = false
  174.  
  175. # When enabled, HonSSH will block any attempts to start an EXEC session.
  176. # HonSSH will log all EXEC sessions, including SCP transfers.
  177. #
  178. # input: true/false
  179. # required: YES
  180. # default: false
  181. disable_exec = false
  182.  
  183. # When enabled, HonSSH will block any attempts to start running port forwarding over SSH.
  184. # You can allow port forwarding but HonSSH will not log the session - Yet! (log to PCAP?)
  185. #
  186. # input: true/false
  187. # required: YES
  188. # default: true
  189. disable_port_forwarding = true
  190.  
  191. #-----------------------#
  192. # OUTPUT DIRECTORIES #
  193. #-----------------------#
  194. [folders]
  195.  
  196. # Directory where log files will be saved in.
  197. #
  198. # input: Text
  199. # required: YES
  200. # default: logs
  201. log_path = logs
  202.  
  203. # Directory where session files will be saved in.
  204. #
  205. # input: Text
  206. # required: YES
  207. # default: sessions
  208. session_path = sessions
  209.  
  210. #-----------------------#
  211. # ADVANCED NETWORKING #
  212. #-----------------------#
  213. [advNet]
  214.  
  215. # To enable this HonSSH must be ran as root or an account allowed to run
  216. # iptables and ip link/addr commands.
  217. #
  218. # With this disabled, the honeypot will always see connections coming from
  219. # honey_addr. With this enabled, connections will look as if the connections
  220. # are coming from the attacker.
  221. # See the Wiki page for more details.
  222. # https://github.com/tnich/honssh/wiki/Advanced-Networking
  223. #
  224. # input: true/false
  225. # required: YES
  226. # default: false
  227. enabled = true
  228.  
  229. #-----------------------#
  230. # LIVE INTERACTION #
  231. #-----------------------#
  232. [interact]
  233.  
  234. # Session management interface.
  235. #
  236. # This is a TCP based service that can be used to interact with active
  237. # sessions. Disabled by default.
  238. #
  239. # Use honsshInteraction.py to interact with this interface.
  240. #
  241. # input: true/false
  242. # required: YES
  243. # default: false
  244. enabled = false
  245.  
  246. # Interface to create the interaction on - 0.0.0.0 for all.
  247. #
  248. # input: IP Address
  249. # required: if interact_enabled = true
  250. # default: 127.0.0.1
  251. interface = 127.0.0.1
  252.  
  253. # Port to create the interaction on
  254. #
  255. # input: Number
  256. # required: if interact_enabled = true
  257. # default: 5123
  258. port = 5123
  259.  
  260. #-----------------------#
  261. # PASSWORD SPOOFING #
  262. #-----------------------#
  263. [spoof]
  264.  
  265. # Enabling this will allow HonSSH to spoof an incorrect password with the real password.
  266. # A list of users and passwords must be defined in the users.cfg file.
  267. #
  268. # Passwords to spoof can either be a fixed list or a random chance.
  269. #
  270. # See the Wiki page for more details.
  271. # https://github.com/tnich/honssh/wiki/Password-Spoofing
  272. #
  273. # input: true/false
  274. # required: YES
  275. # default: false
  276. enabled = true
  277.  
  278. # Location of the users.cfg file
  279. #
  280. # input: text
  281. # required: if enabled is true
  282. # default: users.cfg
  283. users_conf = users.cfg
  284.  
  285. #----------------------------------------------#
  286. # LOGGING AND OUTPUTS #
  287. #----------------------------------------------#
  288.  
  289. #-----------------------#
  290. # FILE DOWNLOADING #
  291. #-----------------------#
  292. [download]
  293.  
  294. # File Download
  295. #
  296. # HonSSH will attempt to download all scp and sftp files to a local store if this is true
  297. #
  298. # input: true/false
  299. # required: YES
  300. # default: false
  301. passive = true
  302.  
  303. # HonSSH wil attempt to download all wget files to a local store.
  304. #
  305. # I believe another tool should be used to passively capture all http(s) connections on all ports - maybe the next project?
  306. # Until then HonSSH will use a 'best effort' approach to capture files when the wget commands is detected.
  307. # It will not be able to capture commands such as:
  308. # url=www.test.url; wget $url
  309. #
  310. # input: true/false
  311. # required: YES
  312. # default: false
  313. active = true
  314.  
  315. #-----------------------#
  316. # TEXT LOGGING #
  317. #-----------------------#
  318. [output-txtlog]
  319.  
  320. # All activity will be logged to text files
  321. # A log of entry attempts will be kept in log_path/
  322. # A log of session activity will be kept in session_path/
  323. #
  324. # input: true/false
  325. # required: YES
  326. # default: true
  327. enabled = true
  328.  
  329. #-----------------------#
  330. # MYSQL LOGGING #
  331. #-----------------------#
  332. [output-mysql]
  333.  
  334. # All activity will be logged to a MYSQL Database
  335. # Database structure for this module is supplied in utils/honssh.sql
  336. #
  337. # input: true/false
  338. # required: yes
  339. # default: false
  340. enabled = false
  341.  
  342. # IP address of the database
  343. #
  344. # input: IP Address
  345. # required: if enabled = true
  346. # default: localhost
  347. host =
  348.  
  349. # Port to connect to the database on
  350. #
  351. # input: Number
  352. # required: NO
  353. # default: 3306
  354. port = 3306
  355.  
  356. # Name of the database
  357. #
  358. # input: Text
  359. # required: if enabled = true
  360. database =
  361.  
  362. # Username to authenticate with the database
  363. #
  364. # input: Text
  365. # required: if enabled = true
  366. username =
  367.  
  368. # Password to authenticate with the database
  369. #
  370. # input: Text
  371. # required: if enabled = true
  372. password =
  373.  
  374. #-----------------------#
  375. # EMAIL LOGGING #
  376. #-----------------------#
  377. [output-email]
  378.  
  379. # Enable email output plugin
  380. #
  381. # dependency: txtlog MUST be enabled
  382. # input: true/false
  383. # required: YES
  384. # default: false
  385. enabled = false
  386.  
  387. # Send an email upon hacker connect
  388. #
  389. # dependency: txtlog MUST be enabled
  390. # input: true/false
  391. # required: YES
  392. # default: false
  393. login = false
  394.  
  395. # Send an email upon hacker disconnect - Will attach the tty log file
  396. #
  397. # dependency: txtlog MUST be enabled
  398. # input: true/false
  399. # required: YES
  400. # default: false
  401. attack = false
  402.  
  403. # Your SMTP Host
  404. #
  405. # input: Text
  406. # required: if login or attack = true
  407. host =
  408.  
  409. # Your SMTP Port
  410. #
  411. # input: Number
  412. # required: if login or attack = true
  413. port =
  414.  
  415. # Use SSL/TLS to connect to the SMTP provider?
  416. #
  417. # input: true/false
  418. # required: if login or attack = true
  419. # default: true
  420. use_tls = true
  421.  
  422. # Does your SMTP provider require a login?
  423. #
  424. # input: true/false
  425. # required: if login or attack = true
  426. # default: true
  427. use_smtpauth = true
  428.  
  429. # Your SMTP login username
  430. #
  431. # input: Text
  432. # required: if use_smtpauth = true
  433. username =
  434.  
  435. # Your SMTP login password
  436. #
  437. # input: Text
  438. # required: if use_smtpauth = true
  439. password =
  440.  
  441. # The address the email is sent from
  442. #
  443. # input: Email Address
  444. # required: if login or attack = true
  445. from =
  446.  
  447. # The address(es) the email is sent to
  448. #
  449. # input: Email Addresses in a comma seperated list spaces without
  450. # required: if login or attack = true
  451. to =
  452.  
  453. #-----------------------#
  454. # HP FEEDS #
  455. #-----------------------#
  456. [output-hpfeeds]
  457.  
  458. # All activity will be logged to a hpfeeds broker for dissemination
  459. # between the honeypot community.
  460. # Authentication attempts will be logged to honssh.auth
  461. # Sessions will be logged to honssh.sessions
  462. #
  463. # input: true/false
  464. # required: yes
  465. # default: false
  466. enabled = false
  467.  
  468. # The server address of the hpfeeds broker
  469. #
  470. # input: Text
  471. # required: if enabled = true
  472. server =
  473.  
  474. # The server port of the hpfeeds broker
  475. #
  476. # input: Number
  477. # required: if enabled = true
  478. port =
  479.  
  480. # Your hpfeed authe key identifier
  481. #
  482. # input: Text
  483. # required: if enabled = true
  484. identifier =
  485.  
  486. # Your hpfeed authe key secret
  487. #
  488. # input: Text
  489. # required: if enabled = true
  490. secret =
  491.  
  492. #-----------------------#
  493. # APPLICATION HOOKS #
  494. #-----------------------#
  495. [output-app_hooks]
  496.  
  497. # Enable app_hooks output plugin
  498. #
  499. # input: true/false
  500. # required: YES
  501. # default: false
  502. enabled = false
  503.  
  504. # If you want any other application hooks or arguments passing, raise an issue
  505. # on the HonSSH code page.
  506.  
  507. # Calls the script when a connection is made with the following arguments
  508. # ./script CONNECTION_MADE DATETIME IP PORT HONEYIP HONEYPORT SESSION_ID
  509. #
  510. # input: path of script to run
  511. # required: NO
  512. connection_made =
  513.  
  514. # Calls the script when a connection is lost with the following arguments
  515. # ./script CONNECTION_LOST DATETIME IP PORT HONEYIP HONEYPORT SESSION_ID
  516. #
  517. # input: path of script to run
  518. # required: NO
  519. connection_lost =
  520.  
  521. # Calls the script when a login is successful with the following arguments
  522. # ./script LOGIN_SUCCESSFUL DATETIME IP USERNAME PASSWORD
  523. #
  524. # input: path of script to run
  525. # required: NO
  526. login_successful =
  527.  
  528. # Calls the script when a login has failed with the following arguments
  529. # ./script LOGIN_FAILED DATETIME IP USERNAME PASSWORD
  530. #
  531. # input: path of script to run
  532. # required: NO
  533. login_failed =
  534.  
  535. # Calls the script when a channel is opened with the following arguments
  536. # ./script CHANNEL_OPENED DATETIME NAME CHANNEL_ID
  537. #
  538. # input: path of script to run
  539. # required: NO
  540. channel_opened =
  541.  
  542. # Calls the script when a channel is closed with the following arguments
  543. # ./script CHANNEL_CLOSED DATETIME NAME CHANNEL_ID
  544. #
  545. # input: path of script to run
  546. # required: NO
  547. channel_closed =
  548.  
  549. # Calls the script when a command is entered with the following arguments
  550. # ./script COMMAND_ENTERED DATETIME CHANNEL_ID COMMAND
  551. #
  552. # input: path of script to run
  553. # required: NO
  554. command_entered =
  555.  
  556. # Calls the script when a file download is started with the following arguments
  557. # ./script DOWNLOAD_STARTED DATETIME CHANNEL_ID LINK FILE_PATH
  558. #
  559. # input: path of script to run
  560. # required: NO
  561. download_started =
  562.  
  563. # Calls the script when a file download is finished with the following arguments
  564. # ./script DOWNLOAD_FININSHED DATETIME CHANNEL_ID LINK FILE_PATH
  565. #
  566. # input: path of script to run
  567. # required: NO
  568. download_finished =
  569.  
  570. #-----------------------#
  571. # PACKET LOGGING #
  572. #-----------------------#
  573. [packet_logging]
  574.  
  575. # Set to true to enable plugins to use the packet_logged function
  576. #
  577. # input: true/false
  578. # required: YES
  579. # default: false
  580. enabled = false
  581.  
  582. [output-packets]
  583.  
  584. # Log all SSH Packets to text file (.log-adv)
  585. #
  586. # dependency: packet_logging MUST be enabled
  587. # input: true/false
  588. # required: YES
  589. # default: false
  590. enabled = false
  591.  
  592. #-----------------------#
  593. # SLACK #
  594. #-----------------------#
  595. [output-slack]
  596.  
  597. # Set to true to enable outputting to a Slack channel
  598. #
  599. # input: true/false
  600. # required: YES
  601. # default: false
  602. enabled = false
  603.  
  604. # The webhook URL for Slack
  605. #
  606. # input: Text
  607. # required: if enabled = true
  608. webhook-url =
  609.  
  610. #-----------------------#
  611. # CONTRIBUTE #
  612. #-----------------------#
  613. [output-contribute]
  614.  
  615. # I created this project because I like watching what people do on honeypots.
  616. # This plugin simply posts the data from each session to me (no private information, just data generated by HonSSH).
  617. # Feel free to turn it off.
  618. #
  619. # input: true/false
  620. # required: YES
  621. # default: true
  622. enabled = true
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!