A simple SSH honeypot written on Go. Strictly not a honeypot as it doesn't trap or jail anything, it simply collects data on attempts to login to a generic SSH server open to the internet.
The tool runs an SSH server that rejects all login attempts. There is no session created it just allows a login attempt and records the username and password and source IP for later analysis.
make binaryor direct way if make not an option for you
CGO_ENABLED=0 go build github.com/kyberorg/honeypot/cmd/honeypotSee our DockerHub Repo
docker pull kyberorg/honeypot:tagname # (Optionally) creating host key
ssh-keygen -t rsa -f honeypot.id_rsa
# Run it
bin/honeypot --hostkey honeypot.id_rsa bin/honeypot --helpGeoIP enriches access log with geoip information (city, region, country) based on connection IP.
--geoip-mmdb-file=/path/to/GeoLite2-City.mmdbModule that exposes prometheus metrics.
--with-prom-metricsModule that provides application metrics. It writes metrics to stdout (application log) or to file. Module Readme
--with-raw-metrics- Simple Example
[Unit]
Description=Fake SSH
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
Restart=always
RestartSec=5s
Environment="ACCESS_LOG=connections.log"
WorkingDirectory=/srv/honeypot
ExecStart=/srv/honeypot/honeypot \
--hostkey=honeypot.id_rsa \
--geoip-mmdb-file=/var/lib/GeoIP/GeoLite2-City.mmdb \
--prom-metrics-enable
SyslogIdentifier=honeypot
[Install]
WantedBy=multi-user.target
