Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Open source SSH honeypot with an API (sshpot.com)
49 points by namidark on July 6, 2014 | hide | past | web | favorite | 15 comments

Hey namidark,

As an avid honeypot person I like this project a lot, I'll be doing a talk at a conference about them soon. Do you provide a master repository for the username/password combinations that have been guessed? I understand I could do this with constant JSON fetching but I admit, I don't have an incredible talent when it comes to web technologies (but it is something I am working on improving).

If you drop me a line I can get you a DB dump - josh [ at ] bluescripts.net or open an issue on github

Any chance you'll make it generally public? I can see reasons for keeping it private and for having a public repository with occasional database dumps, don't know where you fall on that.

Of course, anyone who runs an SSH server on port 22 knows it's not that hard to generate your own little database quickly enough.

All the data is currently public (via the API) - you just have to know how to query the API to get it. Not sure if a publicly accessible endpoint to dump all data is a good idea (since that could get resource intensive).

If you have a suggestion for some api endpoints or better querying, let me know.

Does this do anything after login, like Kippo does?


Not yet - I'd like to implement that but this was just a first draft and to learn some go. It just collects usernames/passwords as of submission.

yeah, this is what I was talking about. Once for a college project we had VMs acting as honeypots, to try to get the big bears (not just bots) so we changed OpenSSH source code, let them in at the 3rd try and then the idea was to send back through ICMP payloads the session keys to decrypt the communication, based on a nettables module hack published at phrack!

Linky? This sounds interesting.

That looks cool! How about letting them in and gather the 1st ~10 commands issued :D (i done something similar for a college project)

Is there any benefit to running this vs just keeping your SSH port on 22 and running fail2ban or denyhosts which also run servers cataloging black-listed IP address (well, denyhosts supports the option, not sure about fail2ban).

The purpose of this is to collect login and passwords as a honey pot - it is by no means a replacement for openssh or a functioning ssh server.

It is open source so it can be run on your own networks or you can just run the daemon and report stats back to sshpot.com

It allows us to collect passwords crackers are using, and banner users from using them? Increasing security by learning what the attackers are doing?

That is also another goal I would like to add - is the ability to cross-check passwords against the API so you can prevent users from using them.

Pedantic: daemons, not daemon's (the possessive) :)

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact