ssh-grab-passwords-map
A honeypot catching ssh login attempts exposing metrics for dislay using grafana and it's worldmap plugin
This honeypot catches login attempts into an ssh service it creates. The login attempts are logged and the country of the attacker is found out using the geo-ip provider ip-api.com. The data is exposed using an http server so that other services can use the exposed data.
Installation
Local
Linux, Windows, OSX
$ go build ./...
Docker
The docker Image can be build like this:
$ docker build . -t ssh-grab-passwords-map
It can then be run like this:
$ docker run -p 8080:1234 -p 2222:2345 ssh-grab-passwords-map --httpPort 1234 --sshPort 2345
Usage example
The service can be used in combination with Prometheus and Gafana. Prometheus works as a time-series database storing the data and Grafana is used to display it.
The Grafana worldmap plugin can be used to display the attacks. In order to do this, it needs a custom location endpoint which is exposed by the /location endpoint.
Development setup
TODO
Release History
No releases yet...
Meta
Emile – @hanemile
Distributed under the MIT license. See LICENSE for more information.
https://git.darknebu.la/honeysuite/ssh-grab-passwords-map
Contributing
- Fork it (https://git.darknebu.la/repo/fork/379)
- Create your feature branch (
git checkout -b feature/fooBar) - Commit your changes (
git commit -am 'Add some fooBar') - Push to the branch (
git push origin feature/fooBar) - Create a new Pull Request
