ssh-honeypot
A modified OpenSSH daemon that forwards attacker commands to Cowrie for logging and interaction interpretation.
Overview
The sshd-honeypot is a modified version of the OpenSSH daemon designed to detect and log SSH-based attacks. It forwards all attacker commands to Cowrie, a honeypot backend, which interprets the commands and returns responses, enabling detailed logging of brute force attempts and shell interactions. Because it uses the genuine OpenSSH codebase, it avoids fingerprinting based on protocol deviations or error message differences, making it a stealthy detection tool.
Key Features
- OpenSSH Integration — Uses a modified OpenSSH daemon to provide realistic SSH server behavior, reducing detection by attackers.
- Command Forwarding — Transfers all attacker commands to Cowrie for interpretation and logging, capturing full shell interactions.
- Brute Force Logging — Records SSH brute force attacks and subsequent attacker activities in a controlled environment.
- Stealth Operation — Avoids protocol and error message fingerprints that typically identify honeypots, enhancing deception.
- Configurable Deployment — Listens on a customizable port (default 65222) and connects to Cowrie on a configurable address/port.
Philosophy
The project aims to create a high-interaction honeypot that mimics real SSH servers as closely as possible, using OpenSSH to improve stealth and effectiveness in capturing attacker behavior.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
