Dystopia : Low To Medium Multithreaded Ubuntu Core Honeypot Coded In Python

Dystopiais a low to medium Ubuntu Core honeypot coded in Python.

Features

  • Optional login prompt
  • Logs who connects and what they do
  • Capture session to pcap file
  • Automatically download links used by attackers
  • Customize MOTD, Port, Hostname and how many clients can connect at once (default is unlimited)
  • Geolocation (with ipstack)
  • Save and load config
  • Add support to a plethora of commands

To Do

  • Better Logging
  • Service
  • Email Alerts
  • Insights such as charts & graphs
  • Add Default Configurations
  • Optimize / Fix Code

Installation

chmod 755 setup.sh
sudo ./setup.sh
[+] Tcpdump is used to capture dystopia sessions!
[+] Would you like to install ‘Tcpdump’? [Y/n] y
[+] 1 –> Install for Arch Linux
[+] 2 –> Install for Debian Users
1
[sudo] password for drew:
resolving dependencies…
looking for conflicting packages…
Packages (1) tcpdump-4.99.0-1
Total Installed Size: 1.35 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [######################] 100%
…..
[+] Creating needed directorys!
python3 dystopy.py

Arguments

usage: dystopia.py [-h] [–host HOST] [–port PORT] [–motd MOTD] [–max MAX]
[–login] [–username USERNAME] [–password PASSWORD]
[–hostname HOSTNAME] [–localhost] [–capture]
[–interface INTERFACE] [–save SAVE] [–load LOAD]
[–download] [–version]
Dystopia | A python Honeypot.
optional arguments:
-h, –help show this help message and exit
–host HOST IP Address to host the Honeypot. Default:
192.168.0.xxx
–port PORT, -P PORT specify a port to bind to
–motd MOTD, -m MOTD specify the message of the day
–max MAX, -M MAX max number of clients allowed to be connected at once
default is unlimited
–login, -f create a fake login prompt (no encryption)
–username USERNAME, -u USERNAME
username for fake login prompt and the user for the
Honeypot session default: ‘ubuntu’
–password PASSWORD, -p PASSWORD
password for fake login prompt. Default: ‘P@$$W0RD’
–hostname HOSTNAME, -H HOSTNAME
Hostname of the Honeypot default: ‘localhost’
–localhost, -L start Honeypot on localhost
–capture, -c enable packet capturing using the tool Tcpdump
–interface INTERFACE, -i INTERFACE
interface to capture traffic on if –capture / -c is
used and no interface is configured, the default is:
‘eth0’
–save SAVE, -s SAVE save config to a json file E.g: ‘–save settings.json’
–load LOAD, -l LOAD load config from a json file E.g ‘–load
settings.json’
–download, -a Automatically download links used by attackers
–version print version and exit

How To Add Support For More Commands

You can add support to new commands by editing the file “commands.json”. The format is command:output
for eg

{
“dog”:”Dog command activated!”
}

dstat

How To Run

cd tools/
chmod 755 dstat.py
./dstat.py –report -f report.html
+—————+—————–+—————+—————-+
| IP Address | Times Connected | Failed Logins | Correct Logins |
+—————+—————–+—————+—————-+
| 192.168.0.239 | 22345 | 1231 | 2 |
| 192.168.0.223 | 546646 | 27531 | 53 |
+—————+—————–+—————+—————-+

Arguments

usage: dstat.py [-h] [–address ADDRESS] [–report] [–sort SORT] [–update]
[–filename FILENAME]
dstat | Statistics tool for Dystopia
optional arguments:
-h, –help show this help message and exit
–address ADDRESS, -a ADDRESS
ip address to investigate
–report, -r show a general report
–sort SORT, -s SORT sort the report table by row name
–update, -U update geolocation entries
–filename FILENAME, -f FILENAME
Filename of report file

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

13 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

13 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago