Question 1

How to set up ADBHoney on a Raspberry Pi?

Accepted Answer

Use the Docker method: build the image with `docker build -t adbhoney:latest .` and run it with appropriate ports and volumes, ensuring the config file is placed correctly. Since it's lightweight, it should run well on resource-constrained devices like Raspberry Pi.

Question 2

ADBHoney vs Cowrie for IoT security honeypots?

Accepted Answer

ADBHoney is specialized for ADB over TCP/IP attacks on Android and IoT devices, while Cowrie is a more general SSH and Telnet honeypot. Choose ADBHoney for targeted ADB threat intelligence, but Cowrie for broader protocol coverage.

Question 3

Does ADBHoney support ADB over USB connections?

Accepted Answer

No, ADBHoney emulates ADB over TCP/IP only, as per the README's focus on exposed port 5555. USB-based ADB connections require different handling and are not covered.

Question 4

How to customize shell responses in ADBHoney?

Accepted Answer

Edit the `responses.py` file to define outputs for specific commands; for example, you can simulate realistic directory listings to enhance the honeypot's deception.

Question 5

What kind of malware has been caught using ADBHoney?

Accepted Answer

The README doesn't specify, but it's designed to capture files uploaded via `adb push`, commonly used in Android malware distribution. Researchers can analyze saved files to identify payloads like ransomware or bots.

Question 6

Is ADBHoney safe to run on a production network?

Accepted Answer

It's a honeypot meant for monitoring, so deploy it in isolated segments to avoid attracting attacks to critical systems. Use Docker for isolation and ensure proper firewall rules to limit exposure.

ADBHoney

What is ADBHoney?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions