HoneyCreds network credential injection to detect responder and other network poisoners.
Requirements
Requires Python 3.6+ (tested on Python 3.9)
smbprotocol
cffi
splunk-sdk
Installation
git clone https://github.com/Ben0xA/HoneyCreds.git
cd HoneyCreds
pip3 install -r requirements.txt
Running
python3 honeycreds.py
Settings
It is advised that you change these settings to best suit your environment.
Note: You can use an existing account, just change the password.
Change these in honeycreds.conf
Choose a legit looking username
def_username = ‘honeycreds’
This can match your current Short Domain
def_domain = ‘XQQX’
Make this whatever you want. Note: HTTP requests will send this in plaintext
def_password = ‘This is a honey cred account.’
The FQDN. Leave .local at the end.
def_fqdn = ‘xqqx.local’
The hostname that DOES NOT EXIST but looks legit.
def_hostname = ‘HNECRD01’
The log file and location
def_logfile = ‘honeycreds.log’
Ability to turn SMB or HTTP on or off. Set to “OFF” to turn off.
SMB = ‘ON’
HTTP = ‘ON’
The time to pause in seconds between requests.
SMB_SLEEP = 5
HTTP_SLEEP = 12
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…