From a6268d3bb81efc8195c630e6b927c92cbcc4c385 Mon Sep 17 00:00:00 2001 From: Emile Date: Mon, 27 Jan 2020 21:23:38 +0100 Subject: propper readme --- README.md | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d66df62..f4f6656 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ -[![Go Report Card](https://goreportcard.com/badge/git.darknebu.la/honeysuite/ssh-grab-passwords-map)](https://goreportcard.com/report/git.darknebu.la/honeysuite/ssh-grab-passwords-map) [![Build Status](https://drone.darknebu.la/api/badges/honeysuite/ssh-grab-passwords-map/status.svg)](https://drone.darknebu.la/honeysuite/ssh-grab-passwords-map) # ssh-grab-passwords @@ -7,3 +6,64 @@ Try to grab username/passwords. As simple as it sounds. ## Usage Simply run it. The executable takes no command line arguments + +# ssh-grab-passwords-map +> A honeypot catching ssh login attempts exposing metrics for dislay using grafana and it's worldmap plugin + +[![Go Report Card](https://goreportcard.com/badge/git.darknebu.la/honeysuite/ssh-grab-passwords-map)](https://goreportcard.com/report/git.darknebu.la/honeysuite/ssh-grab-passwords-map) [![Build Status](https://drone.darknebu.la/api/badges/honeysuite/ssh-grab-passwords-map/status.svg)](https://drone.darknebu.la/honeysuite/ssh-grab-passwords-map) + +This honeypot catches login attempts into an ssh service it creates. The login attempts are logged and the country of the attacker is found out using the geo-ip provider [ip-api.com](https://ip-api.com). The data is exposed using an http server so that other services can use the exposed data. + +## Installation + +### Local + +Linux, Windows, OSX +```sh +$ go build ./... +``` + +### Docker + +The docker Image can be build like this: + +``` +$ docker build . -t ssh-grab-passwords-map +``` + +It can then be run like this: + +``` +$ docker run -p 8080:1234 -p 2222:2345 ssh-grab-passwords-map --httpPort 1234 --sshPort 2345 +``` + +## Usage example + +The service can be used in combination with [Prometheus](https://prometheus.io) and [Gafana](https://grafana.com/). Prometheus works as a time-series database storing the data and Grafana is used to display it. + +The Grafana [worldmap plugin](https://github.com/grafana/worldmap-panel) can be used to display the attacks. In order to do this, it needs a custom location endpoint which is exposed by the `/location` endpoint. + +## Development setup + +TODO + + +## Release History + +No releases yet... + +## Meta + +Emile – [@hanemile](https://twitter.com/hanemile) + +Distributed under the MIT license. See ``LICENSE`` for more information. + +[https://git.darknebu.la/honeysuite/ssh-grab-passwords-map](https://git.darknebu.la/honeysuite/ssh-grab-passwords-map) + +## Contributing + +1. Fork it () +2. Create your feature branch (`git checkout -b feature/fooBar`) +3. Commit your changes (`git commit -am 'Add some fooBar'`) +4. Push to the branch (`git push origin feature/fooBar`) +5. Create a new Pull Request \ No newline at end of file -- cgit 1.4.1