cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Tweaked README (Files of interest)

Browse Source
This commit is contained in:
g0tmi1k
2016-01-22 00:11:05 +00:00
parent 2a4925b65f
commit 6da973d84d
1 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -5,9 +5,11 @@ Cowrie is a medium interaction SSH honeypot designed to log brute force attacks
Cowrie is directly based on [Kippo](http://github.com/desaster/kippo/) by Upi Tamminen (desaster). Cowrie is directly based on [Kippo](http://github.com/desaster/kippo/) by Upi Tamminen (desaster).
## Features ## Features
Some interesting features: Some interesting features:
* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included * Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
* Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included * Possibility of adding fake file contents so the attacker can `cat` files such as `/etc/passwd`. Only minimal file contents are included
* Session logs stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/) format for easy replay with original timings * Session logs stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/) format for easy replay with original timings
* Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection * Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection
@ -20,6 +22,7 @@ Additional functionality over standard kippo:
* Many, many additional commands * Many, many additional commands
## Requirements ## Requirements
Software required: Software required:
* An operating system (tested on Debian, CentOS, FreeBSD and Windows 7) * An operating system (tested on Debian, CentOS, FreeBSD and Windows 7)
@ -31,17 +34,22 @@ Software required:
## Files of interest: ## Files of interest:
* dl/ - files downloaded with wget are stored here * `cowrie.cfg` - Cowrie's configuration file. Default values can be found in `cowrie.cfg.dist`
* log/cowrie.log - log/debug output * `data/fs.pickle` - fake filesystem
* log/cowrie.json - transaction output in JSON format * `data/userdb.txt` - credentials allowed or disallowed to access the honeypot
* log/tty/ - session logs * `dl/` - files transferred from the attacker to the honeypot are stored here
* utils/playlog.py - utility to replay session logs * `honeyfs/` - file contents for the fake filesystem - feel free to copy a real system here or use `utils/fsctl.py`
* utils/createfs.py - used to create fs.pickle * `log/cowrie.json` - transaction output in JSON format
* data/fs.pickle - fake filesystem * `log/cowrie.log` - log/debug output
* honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here * `log/tty/*.log` - session logs
* `txtcmds/` - file contents for the fake commands
* `utils/createfs.py` - used to create the fake filesystem
* `utils/playlog.py` - utility to replay session logs
## Is it secure? ## Is it secure?
Maybe. See [FAQ](https://github.com/desaster/kippo/wiki/FAQ) Maybe. See [FAQ](https://github.com/desaster/kippo/wiki/FAQ)
## I have some questions! ## I have some questions!
Please visit https://github.com/micheloosterhof/cowrie/issues Please visit https://github.com/micheloosterhof/cowrie/issues