HONEYPY – honeypot de baja interacción

Hoy en día las redes internas y externas no son seguras, es por eso que se implementan varias políticas de seguridad a nivel de red. Estas políticas todavía necesitan muchas adaptaciones nuevas para obtener buenas medidas de seguridad. Varias compañías utilizan firewalls de red, IDS, IPS como medidas de seguridad, aunque la mayoría de las empresas están recurriendo al uso de honeypots. Un honeypot es una configuración de defensa de red para atrapar hackers maliciosos. Los honeypots están diseñados para mantener a raya a los hackers y además identificar actividades maliciosas en la red.

Actualmente hay muchos honeypots populares que son utilizados por muchas empresas. Hoy le mostraremos un honeypot de baja interacción que se utiliza para verificar las actividades que se ejecutan en las redes.

Según el investigador de seguridad en redes del Instituto Internacional de Seguridad Cibernética, los honeypots son excelentes herramientas para monitorear ataques y realizar análisis de malware.

Honeypy está diseñado en python2 y se utiliza para registrar actividades que se realizan en la red. Es un proyecto de baja intención utilizado principalmente para pruebas en redes locales. Honeypy crea registros si hay alguna actividad maliciosa en la red.

Honeypy

HoneyPy fue desarrollado para extender nuevas emulaciones de servicio. Honeypy funciona para TCP y UDP. Honeypy ofrece integraciones de manejadores largos con HoneyDB, slack, Logstash, Twitter y ElasticSearch. HoneyPy registra cada movimiento en la red.

Honeypy ha sido probado en Kali Linux 2018.4 amd64.
Para clonar, escriba git clone https://github.com/foospidy/HoneyPy.git


root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/foospidy/HoneyPy.git

Cloning into 'HoneyPy'…

remote: Enumerating objects: 2, done.

remote: Counting objects: 100% (2/2), done.

remote: Compressing objects: 100% (2/2), done.

remote: Total 2632 (delta 1), reused 0 (delta 0), pack-reused 2630

Receiving objects: 100% (2632/2632), 2.81 MiB | 1.37 MiB/s, done.

Resolving deltas: 100% (1564/1564), done.

Escriba cd HoneyPy & ls


root@kali:/home/iicybersecurity/Downloads# cd HoneyPy/

root@kali:/home/iicybersecurity/Downloads/HoneyPy# ls

docs  etc  Honey.py  lib  LICENSE  loggers  Makefile  mkdocs.yml  Pipfile  plugins  README.md  requirements.txt  VERSION

Escriba pip install -r Requirements.txt


root@kali:/home/iicybersecurity/Downloads/HoneyPy# pip install -r requirements.txt

DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.

Requirement already satisfied: dnslib==0.9.7 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1)) (0.9.7)

Collecting requests==2.20.0 (from -r requirements.txt (line 2))

Downloading https://files.pythonhosted.org/packages/f1/ca/10332a30cb25b627192b4ea272c351bce3ca1091e541245cccbace6051d8/requests-2.20.0-py2.py3-none-any.whl (60kB)

100% |████████████████████████████████| 61kB 141kB/s

Collecting Twisted==14.0.2 (from -r requirements.txt (line 3))

Downloading https://files.pythonhosted.org/packages/0f/88/18bb0eddb483033e35b1b84bdf9de4cedb8906ece178e2d921451282b3c8/Twisted-14.0.2.tar.bz2 (4.3MB)

100% |████████████████████████████████| 4.4MB 159kB/s

Collecting python_twitter==3.1 (from -r requirements.txt (line 4))

Downloading https://files.pythonhosted.org/packages/96/69/53b87d2b717a669eb8f46d6e1d180d0a691f3d303631ca6be80f9d036a2a/python-twitter-3.1.tar.gz (80kB)

100% |████████████████████████████████| 81kB 630kB/s

Requirement already satisfied: certifi in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 5)) (2018.8.24)

Requirement already satisfied: urllib3 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 6)) (1.22)

Collecting pika==0.10.0 (from -r requirements.txt (line 7))

Downloading https://files.pythonhosted.org/packages/26/12/400cf0aca6b1ecf1f00dcd89b246e7a4c8558677304ba067167b8167e714/pika-0.10.0-py2.py3-none-any.whl (92kB)

100% |████████████████████████████████| 102kB 3.0MB/s

Collecting pylint (from -r requirements.txt (line 8))

Downloading https://files.pythonhosted.org/packages/59/65/adcffa71fe942313c4d9e9284565d9a9e67798f4771f464e1d5dd58fea88/pylint-1.9.4-py2.py3-none-any.whl (689kB)

100% |████████████████████████████████| 696kB 727kB/s

Collecting autopep8 (from -r requirements.txt (line 9))

Downloading https://files.pythonhosted.org/packages/5b/ba/37d30e4263c51ee5a655118ac8c331e96a4e45fd4cea876a74b87af9ffc1/autopep8-1.4.3.tar.gz (113kB)

100% |████████████████████████████████| 122kB 22.6MB/s

Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python2.7/dist-packages (from requests==2.20.0->-r requirements.txt (line 2)) (2.6)

Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests==2.20.0->-r requirements.txt (line 2)) (3.0.4)

Requirement already satisfied: zope.interface>=3.6.0 in /usr/lib/python2.7/dist-packages (from Twisted==14.0.2->-r requirements.txt (line 3)) (4.3.2)

Requirement already satisfied: future in /usr/lib/python2.7/dist-packages (from python_twitter==3.1->-r requirements.txt (line 4)) (0.15.2)

Collecting requests-oauthlib (from python_twitter==3.1->-r requirements.txt (line 4))

Downloading https://files.pythonhosted.org/packages/c2/e2/9fd03d55ffb70fe51f587f20bcf407a6927eb121de86928b34d162f0b1ac/requests_oauthlib-1.2.0-py2.py3-none-any.whl

Collecting isort>=4.2.5 (from pylint->-r requirements.txt (line 8))

Downloading https://files.pythonhosted.org/packages/41/d8/a945da414f2adc1d9e2f7d6e7445b27f2be42766879062a2e63616ad4199/isort-4.3.4-py2-none-any.whl (45kB)

100% |████████████████████████████████| 51kB 3.6MB/s

Collecting mccabe (from pylint->-r requirements.txt (line 8))

Downloading https://files.pythonhosted.org/packages/87/89/479dc97e18549e21354893e4ee4ef36db1d237534982482c3681ee6e7b57/mccabe-0.6.1-py2.py3-none-any.whl

Requirement already satisfied: singledispatch; python_version < "3.4" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (3.4.0.3)

Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (1.11.0)

Requirement already satisfied: configparser; python_version == "2.7" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (3.5.0b2)

Requirement already satisfied: backports.functools-lru-cache; python_version == "2.7" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (1.5)

Collecting astroid<2.0,>=1.6 (from pylint->-r requirements.txt (line 8))

Downloading https://files.pythonhosted.org/packages/0e/9b/18b08991c8c6aaa827faf394f4468b8fee41db1f73aa5157f9f5fb2e69c3/astroid-1.6.5-py2.py3-none-any.whl (293kB)

100% |████████████████████████████████| 296kB 8.0MB/s

Collecting pycodestyle>=2.4.0 (from autopep8->-r requirements.txt (line 9))

Downloading https://files.pythonhosted.org/packages/0e/0c/04a353e104d2f324f8ee5f4b32012618c1c86dd79e52a433b64fceed511b/pycodestyle-2.5.0-py2.py3-none-any.whl (51kB)

100% |████████████████████████████████| 51kB 2.8MB/s

Collecting oauthlib>=3.0.0 (from requests-oauthlib->python_twitter==3.1->-r requirements.txt (line 4))

Downloading https://files.pythonhosted.org/packages/16/95/699466b05b72b94a41f662dc9edf87fda4289e3602ecd42d27fcaddf7b56/oauthlib-3.0.1-py2.py3-none-any.whl (142kB)

100% |████████████████████████████████| 143kB 5.8MB/s

Requirement already satisfied: futures in /usr/lib/python2.7/dist-packages (from isort>=4.2.5->pylint->-r requirements.txt (line 8)) (3.2.0)

Requirement already satisfied: enum34>=1.1.3; python_version < "3.4" in /usr/lib/python2.7/dist-packages (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8)) (1.1.6)

Collecting wrapt (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8))

Downloading https://files.pythonhosted.org/packages/67/b2/0f71ca90b0ade7fad27e3d20327c996c6252a2ffe88f50a95bba7434eda9/wrapt-1.11.1.tar.gz

Collecting lazy-object-proxy (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8))

Downloading https://files.pythonhosted.org/packages/52/7e/f0f570ba363e15251bb9fd452257ec2aff91be0187a08a893afbd8ae225f/lazy_object_proxy-1.3.1-cp27-cp27mu-manylinux1_x86_64.whl (56kB)

100% |████████████████████████████████| 61kB 5.0MB/s

Building wheels for collected packages: Twisted, python-twitter, autopep8, wrapt

Building wheel for Twisted (setup.py) … done

Stored in directory: /root/.cache/pip/wheels/05/17/5a/924573fd00805c6339713d6f96af6af763f959f199d7a31341

Building wheel for python-twitter (setup.py) … done

Stored in directory: /root/.cache/pip/wheels/8a/17/09/f9948b2483ac9eeb7961db60cd5f87f03c1ca75667815043ba

Building wheel for autopep8 (setup.py) … done

Stored in directory: /root/.cache/pip/wheels/91/07/fd/99884826d575c769102ddec2f9b96c7ad57cc6b5ca3a5e02b4

Building wheel for wrapt (setup.py) … done

Stored in directory: /root/.cache/pip/wheels/89/67/41/63cbf0f6ac0a6156588b9587be4db5565f8c6d8ccef98202fc

Successfully built Twisted python-twitter autopep8 wrapt

Installing collected packages: requests, Twisted, oauthlib, requests-oauthlib, python-twitter, pika, isort, mccabe, wrapt, lazy-object-proxy, astroid, pylint, pycodestyle, autopep8

Found existing installation: requests 2.9.1

Uninstalling requests-2.9.1:

Successfully uninstalled requests-2.9.1

Found existing installation: Twisted 18.7.0

Uninstalling Twisted-18.7.0:

Successfully uninstalled Twisted-18.7.0

Successfully installed Twisted-14.0.2 astroid-1.6.5 autopep8-1.4.3 isort-4.3.4 lazy-object-proxy-1.3.1 mccabe-0.6.1 oauthlib-3.0.1 pika-0.10.0 pycodestyle-2.5.0 pylint-1.9.4 python-twitter-3.1 requests-2.20.0 requests-oauthlib-1.2.0 wrapt-1.11.1

Después de la instalación, configure las claves de la API en honeypy.cfg
Ingrese la api id & api key. Para obtener la clave de la API, vaya a: https://riskdiscovery.com/honeydb/loginUsers

Escriba cd /honeypy/etc/ & ls
Escriba nano honeypy.cfg
Copie las claves de la API e ingrese esas API en honeypy.cfg


Post your events to HoneyDB. Your HoneyPy honepots can contribute threat information to HoneyDB.

You will need to create API credentails for this to work. See https://riskdiscovery.com/honeydb/#threats

[honeydb]

enabled  = Yes

api_id   = 029b9f7eccfb783dc84418946c517dd7314adaec2ce2803a3098f3c56acc3e4f

api_key  = 9e951e35cada41ce60df63a5627bfc9e44c876529348e3ca1ea0399a7e687e4f

Después de configurar honeypy.cfg, ejecute honeypy

HoneyDB

Honeydb es un sitio web creado para capturar sesiones en vivo de honeypot que se ejecutan a través de la red. Honeydb muestra las estadísticas de los principales países con sus direcciones IP. Honeydb ofrece API que se puede utilizar en diferentes honeypots. Estos están diseñados para comenzar con honeypots.

Teclee pip instal honeydb


root@kali:/home/iicybersecurity/Downloads/HoneyPy# pip install honeydb

DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.

Collecting honeydb

Downloading https://files.pythonhosted.org/packages/49/9f/5347b81d61cad79c7377a0d83ed2ed7faeb0df4275a94084cc7cbf76bf9f/honeydb-0.0.7-py2.py3-none-any.whl

Requirement already satisfied: requests in /usr/local/lib/python2.7/dist-packages (from honeydb) (2.20.0)

Requirement already satisfied: pyopenssl in /usr/local/lib/python2.7/dist-packages (from honeydb) (17.2.0)

Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (2.6)

Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (3.0.4)

Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (1.22)

Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (2018.8.24)

Requirement already satisfied: cryptography>=1.9 in /usr/lib/python2.7/dist-packages (from pyopenssl->honeydb) (2.3)

Requirement already satisfied: six>=1.5.2 in /usr/lib/python2.7/dist-packages (from pyopenssl->honeydb) (1.11.0)

Installing collected packages: honeydb

Successfully installed honeydb-0.0.7

Una vez instalado, Honeydb también se usa para buscar muestras de malware

Fuente: https://noticiasseguridad.com/tutoriales/

Compartir...

Siguenos en twitter: @disoftin

HONEYPY – honeypot de baja interacción

Publicado por fredyavila2

Publicar un comentario

0 Comentarios

Visitas al sitio

Más popular

Dorks de carding para inyección SQL

Cómo usar SQLMAP (Nivel principiante)

La última colección de Google Dorks SQL - SQL Dorks 2017-2019

SN1PER Escáner de vulnerabilidad

Herramienta ofensiva totalmente automatizada para reconocimiento y escaneo de vulnerabilidades

Random Posts

YouTube

Contribuir al blog

Archivo

Tags

Menu Footer Widget

Contact form

HONEYPY – honeypot de baja interacción

Publicado por fredyavila2

Entradas que pueden interesarte

Publicar un comentario

0 Comentarios

Visitas al sitio

Social Plugin

Más popular

Dorks de carding para inyección SQL

Cómo usar SQLMAP (Nivel principiante)

La última colección de Google Dorks SQL - SQL Dorks 2017-2019

SN1PER Escáner de vulnerabilidad

Herramienta ofensiva totalmente automatizada para reconocimiento y escaneo de vulnerabilidades

Random Posts

YouTube

Contribuir al blog

Archivo

Tags

Menu Footer Widget

Contact form