Dystopia : Low To Medium Multithreaded Ubuntu Core Honeypot Coded In Python

Dystopiais a low to medium Ubuntu Core honeypot coded in Python.

Features

  • Optional login prompt
  • Logs who connects and what they do
  • Capture session to pcap file
  • Automatically download links used by attackers
  • Customize MOTD, Port, Hostname and how many clients can connect at once (default is unlimited)
  • Geolocation (with ipstack)
  • Save and load config
  • Add support to a plethora of commands

To Do

  • Better Logging
  • Service
  • Email Alerts
  • Insights such as charts & graphs
  • Add Default Configurations
  • Optimize / Fix Code

Installation

chmod 755 setup.sh
sudo ./setup.sh
[+] Tcpdump is used to capture dystopia sessions!
[+] Would you like to install ‘Tcpdump’? [Y/n] y
[+] 1 –> Install for Arch Linux
[+] 2 –> Install for Debian Users
1
[sudo] password for drew:
resolving dependencies…
looking for conflicting packages…
Packages (1) tcpdump-4.99.0-1
Total Installed Size: 1.35 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [######################] 100%
…..
[+] Creating needed directorys!
python3 dystopy.py

Arguments

usage: dystopia.py [-h] [–host HOST] [–port PORT] [–motd MOTD] [–max MAX]
[–login] [–username USERNAME] [–password PASSWORD]
[–hostname HOSTNAME] [–localhost] [–capture]
[–interface INTERFACE] [–save SAVE] [–load LOAD]
[–download] [–version]
Dystopia | A python Honeypot.
optional arguments:
-h, –help show this help message and exit
–host HOST IP Address to host the Honeypot. Default:
192.168.0.xxx
–port PORT, -P PORT specify a port to bind to
–motd MOTD, -m MOTD specify the message of the day
–max MAX, -M MAX max number of clients allowed to be connected at once
default is unlimited
–login, -f create a fake login prompt (no encryption)
–username USERNAME, -u USERNAME
username for fake login prompt and the user for the
Honeypot session default: ‘ubuntu’
–password PASSWORD, -p PASSWORD
password for fake login prompt. Default: ‘P@$$W0RD’
–hostname HOSTNAME, -H HOSTNAME
Hostname of the Honeypot default: ‘localhost’
–localhost, -L start Honeypot on localhost
–capture, -c enable packet capturing using the tool Tcpdump
–interface INTERFACE, -i INTERFACE
interface to capture traffic on if –capture / -c is
used and no interface is configured, the default is:
‘eth0’
–save SAVE, -s SAVE save config to a json file E.g: ‘–save settings.json’
–load LOAD, -l LOAD load config from a json file E.g ‘–load
settings.json’
–download, -a Automatically download links used by attackers
–version print version and exit

How To Add Support For More Commands

You can add support to new commands by editing the file “commands.json”. The format is command:output
for eg

{
“dog”:”Dog command activated!”
}

dstat

How To Run

cd tools/
chmod 755 dstat.py
./dstat.py –report -f report.html
+—————+—————–+—————+—————-+
| IP Address | Times Connected | Failed Logins | Correct Logins |
+—————+—————–+—————+—————-+
| 192.168.0.239 | 22345 | 1231 | 2 |
| 192.168.0.223 | 546646 | 27531 | 53 |
+—————+—————–+—————+—————-+

Arguments

usage: dstat.py [-h] [–address ADDRESS] [–report] [–sort SORT] [–update]
[–filename FILENAME]
dstat | Statistics tool for Dystopia
optional arguments:
-h, –help show this help message and exit
–address ADDRESS, -a ADDRESS
ip address to investigate
–report, -r show a general report
–sort SORT, -s SORT sort the report table by row name
–update, -U update geolocation entries
–filename FILENAME, -f FILENAME
Filename of report file

R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

1 day ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

1 day ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

1 day ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

1 day ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

1 day ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

1 day ago