Dystopia - a low to medium multithreaded Ubuntu Core honeypot coded in Python

July 23, 2021
(849 views)

Low to medium Ubuntu Core honeypot coded in Python.

Quick Guide

Features

  • Optional login prompt
  • Logs who connects and what they do
  • Capture session to pcap file
  • Automatically download links used by attackers
  • Customize MOTD, Port, Hostname and how many clients can connect at once (default is unlimited)
  • Geolocation (with ipstack)
  • Save and load config
  • Add support to a plethora of commands

Todo

  • Better Logging
  • Service
  • Email Alerts
  • Insights such as charts & graphs
  • Add Default Configurations
  • Optimize / Fix Code

Installation

chmod 755 setup.sh
sudo ./setup.sh
[+] Tcpdump is used to capture dystopia sessions!
[+] Would you like to install 'Tcpdump'? [Y/n] y
[+] 1 --> Install for Arch Linux
[+] 2 --> Install for Debian Users
1
[sudo] password for drew: 
resolving dependencies...
looking for conflicting packages...

Packages (1) tcpdump-4.99.0-1

Total Installed Size:  1.35 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                     [######################] 100%
.....
[+] Creating needed directorys!

python3 dystopy.py

Arguments

usage: dystopia.py [-h] [--host HOST] [--port PORT] [--motd MOTD] [--max MAX]
                   [--login] [--username USERNAME] [--password PASSWORD]
                   [--hostname HOSTNAME] [--localhost] [--capture]
                   [--interface INTERFACE] [--save SAVE] [--load LOAD]
                   [--download] [--version]

Dystopia | A python Honeypot.

optional arguments:
  -h, --help            show this help message and exit
  --host HOST           IP Address to host the Honeypot. Default:
                        192.168.0.xxx
  --port PORT, -P PORT  specify a port to bind to
  --motd MOTD, -m MOTD  specify the message of the day
  --max MAX, -M MAX     max number of clients allowed to be connected at once
                        default is unlimited
  --login, -f           create a fake login prompt (no encryption)
  --username USERNAME, -u USERNAME
                        username for fake login prompt and the user for the
                        Honeypot session default: 'ubuntu'
  --password PASSWORD, -p PASSWORD
                        password for fake login prompt. Default: 'P@$$W0RD'
  --hostname HOSTNAME, -H HOSTNAME
                        Hostname of the Honeypot default: 'localhost'
  --localhost, -L       start Honeypot on localhost
  --capture, -c         enable packet capturing using the tool Tcpdump
  --interface INTERFACE, -i INTERFACE
                        interface to capture traffic on if --capture / -c is
                        used and no interface is configured, the default is:
                        'eth0'
  --save SAVE, -s SAVE  save config to a json file E.g: '--save settings.json'
  --load LOAD, -l LOAD  load config from a json file E.g '--load
                        settings.json'
  --download, -a        Automatically download links used by attackers
  --version             print version and exit

How to add Support for More Commands

You can add support to new commands by editing the file "commands.json". The format is command:output
for eg

{
  "dog":"Dog command activated!"
}

example

dstat

How To Run

cd tools/
chmod 755 dstat.py
./dstat.py --report -f report.html
+---------------+-----------------+---------------+----------------+
|   IP Address  | Times Connected | Failed Logins | Correct Logins |
+---------------+-----------------+---------------+----------------+
| 192.168.0.239 |        22345    |      1231     |      2         |
| 192.168.0.223 |      546646     |     27531     |      53        |
+---------------+-----------------+---------------+----------------+

Arguments

usage: dstat.py [-h] [--address ADDRESS] [--report] [--sort SORT] [--update]
                [--filename FILENAME]

dstat | Statistics tool for Dystopia

optional arguments:
  -h, --help            show this help message and exit
  --address ADDRESS, -a ADDRESS
                        ip address to investigate
  --report, -r          show a general report
  --sort SORT, -s SORT  sort the report table by row name
  --update, -U          update geolocation entries
  --filename FILENAME, -f FILENAME
                        Filename of report file

Original repository: https://github.com/Drew-Alleman/dystopia

(849 views)
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.