README.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

# ssh-grab-passwords-map
> A honeypot catching ssh login attempts exposing metrics for dislay using grafana and it's worldmap plugin

[![Go Report Card](https://goreportcard.com/badge/git.darknebu.la/honeysuite/ssh-grab-passwords-map)](https://goreportcard.com/report/git.darknebu.la/honeysuite/ssh-grab-passwords-map) [![Build Status](https://drone.darknebu.la/api/badges/honeysuite/ssh-grab-passwords-map/status.svg)](https://drone.darknebu.la/honeysuite/ssh-grab-passwords-map)

This honeypot catches login attempts into an ssh service it creates. The login attempts are logged and the country of the attacker is found out using the geo-ip provider [ip-api.com](https://ip-api.com). The data is exposed using an http server so that other services can use the exposed data.

## Installation

### Local

Linux, Windows, OSX
```sh
$ go build ./...
```

### Docker

The docker Image can be build like this:

```
$ docker build . -t ssh-grab-passwords-map
```

It can then be run like this:

```
$ docker run -p 8080:1234 -p 2222:2345 ssh-grab-passwords-map --httpPort 1234 --sshPort 2345
```

## Usage example

The service can be used in combination with [Prometheus](https://prometheus.io) and [Gafana](https://grafana.com/). Prometheus works as a time-series database storing the data and Grafana is used to display it.

The Grafana [worldmap plugin](https://github.com/grafana/worldmap-panel) can be used to display the attacks. In order to do this, it needs a custom location endpoint which is exposed by the `/location` endpoint.

## Development setup

TODO


## Release History

No releases yet...

## Meta

Emile – [@hanemile](https://twitter.com/hanemile)

Distributed under the MIT license. See ``LICENSE`` for more information.

[https://git.darknebu.la/honeysuite/ssh-grab-passwords-map](https://git.darknebu.la/honeysuite/ssh-grab-passwords-map)

## Contributing

1. Fork it (<https://git.darknebu.la/repo/fork/379>)
2. Create your feature branch (`git checkout -b feature/fooBar`)
3. Commit your changes (`git commit -am 'Add some fooBar'`)
4. Push to the branch (`git push origin feature/fooBar`)
5. Create a new Pull Request