- Clone repo locally
git clone https://github.com/fnzv/YAFH.git && cd YAFH
- Get deps
go get github.com/gliderlabs/ssh && go get github.com/kr/pty
- Build and create Go binaries
go build sshd.go && go build telnetd.go && go build fake-shell.go
- Execute the Honeypot(s):
./sshd
./telnetd
- All users trying to connecting via TELNET to port 23 will be shown a fake CISCO router login (Any input will lead to telnet shell)
- All users trying to connect via SSH to port 2222 will login into a fake shell (Password is: password.. it's possible to also remove pass auth &/or use key auth)
- All the actions executed by malicious users will be saved into yafh-telnet.log / yafh-ssh.log, (same dir where you started the binary file)
If you want it to run 24/7, you can setup a systemd unit/supervisord running in background keeping the script up or just lunch the command with screen
- Inside repo's directory:
docker build -t fnzv/yafh-sshd -f Dockerfile.ssh .
- Run the container and Expose the SSH Honeypot on port 22:
docker run -p 22:2222 -d fnzv/yafh-sshd
- Inside repo's directory:
docker build -t fnzv/yafh-telnetd -f Dockerfile.telnet .
- Run the container and Expose the TELNET Honeypot on port 23:
docker run -p 23:23 -d fnzv/yafh-telnetd
Tested on Ubuntu 16.04