Cowrie记录包里攻击者的 Shell 交互记录
Cowrie是一种中等交互式SSH和Telnet蜜罐,用于记录暴力攻击和攻击者执行的shell交互。 Cowrie还充当SSH和telnet代理,以观察攻击者对另一个系统的行为。
使用方法:
docker run -p 2222:2222 cowrie/cowrie ssh -p 2222 root@localhost
文件列表:
- etc/cowrie.cfg - Cowrie's configuration file. Default values can be found in etc/cowrie.cfg.dist.
- share/cowrie/fs.pickle - fake filesystem
- etc/userdb.txt - credentials to access the honeypot
- honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here or use bin/fsctl
- honeyfs/etc/issue.net - pre-login banner
- honeyfs/etc/motd - post-login banner
- var/log/cowrie/cowrie.json - transaction output in JSON format
- var/log/cowrie/cowrie.log - log/debug output
- var/lib/cowrie/tty/ - session logs, replayable with the bin/playlog utility.
- var/lib/cowrie/downloads/ - files transferred from the attacker to the honeypot are stored here
- share/cowrie/txtcmds/ - file contents for simple fake commands
- bin/createfs - used to create the fake filesystem
- bin/playlog - utility to replay session logs
评论