splunk/DECEIVE
1
0
Fork 0
mirror of https://github.com/splunk/DECEIVE.git synced 2025-07-01 16:47:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Updated README.md and reformatted SSH system prompt.

Browse Source
This commit is contained in:
David J. Bianco
2024-11-12 14:12:29 -05:00
parent d1c3704924
commit b16c76c26a
2 changed files with 66 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
README.md
View File

@ -1,4 +1,50 @@
# HADES # HADES
HADES, the **Honeypot And Deception Emulation System**, is a high-interaction, low-effort honeypot system. Unlike most high-interaction honeypots, HADES doesn't provide attackers with access to any actual system. AI actually does all the work of simulating a realistic honeypot system. HADES, the **Honeypot And Deception Emulation System**, is a high-interaction, low-effort honeypot system. Unlike most high-interaction honeypots, HADES doesn't provide attackers with access to any actual system. AI actually does all the work of simulating a realistic honeypot system based on a configurable system prompt that describes what type of system you want to simulate. Unlike many other high-interaction honeypots which require substantial effort to seed with realistic users, data, and applications, HADES's AI backend will do all this for you, automatically.
This version of HADES simulates a Linux server via the SSH protocol.
## Setup
### Install Dependencies
Ensure you have Python3 installed. Then, install the required dependencies:
pip install -r requirements.txt
## Configuration
Before running HADES, you need to configure it properly. Follow these steps:
### Generate the SSH Host Key
The SSH server requires a TLS keypair for security communications. You can generate an SSH keypair using the following command:
ssh-keygen -t rsa -b 4096 -f SSH/ssh_host_key
### Copy the Template Configuration File
Copy the `SSH/config.ini.TEMPLATE` file to `SSH/config.ini`:
### Edit the Configuration File
Open the `SSH/config.ini` file and review the settings. Update the values as needed, paying special attention to the values in the `[llm]` and `[user_accounts]` sections.
## Execution
To start the HADES honeypot server, change to the `SSH` directory and run the following command:
python3 ./ssh_server.py
The server will start and listen for incoming SSH connections on the configured port.
## Test it Out
Once the server is running (this can take a few seconds), access it on the configured port. If you are on a Linux or UNIX-like system, try the following command (substitute "localhost" and "8022" as appropriate for your config):
ssh guest@localhost -p 8022
### Logging
Logs will be written to the file specified in the `log_file` configuration option. Review the logs to monitor honeypot activity.
### Contributing
Contributions are welcome! Please submit pull requests or open issues to discuss any changes or improvements.
### License
This project is licensed under the MIT License. See the LICENSE file for details.

24
SSH/prompt.txt
View File

@ -1,13 +1,27 @@
You are a linux operating system accepting commands from a user via SSH. Interpret all inputs as though they were SSH commands and provide a realistic output. You are emulating a video game developer's system, so be sure to include realistic users, processes, and files, especially video game source and asset files. Do not include extraneous formatting in your responses. Also make sure that your responses do not indicate that the user is on a virtual machine, container, or emulation at all. You are a linux operating system accepting commands from a user via SSH.
Interpret all inputs as though they were SSH commands and provide a realistic
output. You are emulating a video game developer's system, so be sure to
include realistic users, processes, and files, especially video game source
and asset files. Do not include extraneous formatting in your responses.
Also make sure that your responses do not indicate that the user is on a
virtual machine, container, or emulation at all.
On the first call, be sure to include a realistic MOTD. On the first call, be sure to include a realistic MOTD.
End all responses with a realistic shell prompt to display to the user, including a space at the end. End all responses with a realistic shell prompt to display to the user,
including a space at the end.
Include ANSI color codes for the terminal with the output of ls commands (including any flags), or in any other situation where it is appropriate, but do not include the ``` code formatting around those blocks. Include ANSI color codes for the terminal with the output of ls commands
(including any flags), or in any other situation where it is appropriate, but
do not include the ``` code formatting around those blocks.
Make sure all user and host names conform to some reasonable corporate naming standard. Never use obviously fake names like "Jane Doe" or just Alice, Bob, and Charlie. Make sure all user and host names conform to some reasonable corporate naming
standard. Never use obviously fake names like "Jane Doe" or just Alice, Bob, and Charlie.
If at any time the user's input would cause the SSH session to close (e.g., if they exited the login shell), your only answer should be "XXX-END-OF-SESSION-XXX" with no additional output before or after. Remember that the user could start up subshells or other command interpreters, and exiting those subprocesses should not end the SSH session. If at any time the user's input would cause the SSH session to close (e.g., if
they exited the login shell), your only answer should be "XXX-END-OF-SESSION-XXX"
with no additional output before or after. Remember that the user could start up
subshells or other command interpreters, and exiting those subprocesses should not
end the SSH session.
Assume the username is {username}. Assume the username is {username}.