DemonHunter Honeypot

DemonHunter is a framework to create a distributed Honeypot network easily in few minutes. DemonHunter is written in python(+3.5) and with help of asyncio library. it is currently in version 1 which supports basic concepts of distributed honeypot including:

Nodes
- Manager
  - AgentManager Protocol(to recieve data from agents)
  - ~~WebApplication~~(Under Developement)
- Honeypots
  - AgentProtocol(to send data to manager)
  - BaseProtocol(to write your own honeypot protocol)
  - Telnet Honeypot
    - Debian GNU/Linux 7
    - Microsoft Telnet Service
  - VNC Honeypot
  - HTTP Honeypot
    - Apache 2.4.18
    - Nginx 1.10.0
    - ~~IIS~~
  - ~~SSH Honeypot~~
  - ~~FTP Honeypot~~
  - ~~MySQL Honeypot~~
  - ~~Postgresql Honeypot~~
  - ~~RDP Honeypot~~

Core
- FileLoggin(in syslog format)
- ~~Sqlite~~(Under Developement)

Its under rapid developement and more features will come.

To install DemonHunter you need python +3.5 envirement if you have python +3.5 on your machine you can simply run:


							virtualenv -p python3.5 [envirement_name] # or -p python3 if your default python3 is +3.5

To create your envirement with default python version 3.5.

After activating your virtualenv, to install DemonHunter on your virtual envirement you can simply run:


							pip install demonhunter

If DemonHunter Installed Without issue you can import it in your python shell.

To Make a Machine Honeypot you need to create an instance of demonhunter.DemonHunter, the only argument the constructor takes is and event loop object, which we use asyncio's event loop for now.

Then We need to add some protocols for our honeypot, for now we only support VNC and Telnet and soon HTTP honeypots.

To Create Honeypot Protocols you need to import them from demonhunter.nodes.honeypots.telnet or demonhunter.nodes.honeypots.vnc. Create an instance and with DemonHunter.add_honeypot function add the instance to our honeypot servers.

The Constructor for honeypot instances takes these key arguments:

logfile=False ( to log the attacks in syslog format in the machine, NOT WORKING YET )
sqlite=False ( to log the attacks in sqlite format in the machine, NOT WORKING YET)
interfaces=['0.0.0.0'] ( interfaces you want your honeypot to accept connection from )
handler=(each honeypot protocol has its default handler but you can change it)
- TelnetHandler(Default for telnet Honeypots)
- MicrosoftTelnet
- DebianTelnet
- VNCHandler(Default for VNC Honeypots)
port=(each honeypot protocol has its default port but you can change it)

You Can Create an Agent for your honeypot to send the honeypot data's to a manager server which holds data if you dont want to log data in the honeypot server.

Import agent from from demonhunter.nodes.honeypots.Agent, the constructor takes these arguments:

list of manager's ip or domain, example : ['z.z.z.z']
list of honeypot server's objects, example : [telnet, vnc]
the event loop


							import asyncio



							from demonhunter import DemonHunter

							from demonhunter.nodes.honeypots.telnet import TelnetHoneypot, MicrosoftTelnet

							from demonhunter.nodes.honeypots.vnc import VNCHoneypot

							from demonhunter.nodes.honeypots import Agent



							loop = asyncio.get_event_loop()



							hp = DemonHunter(loop)



							vnc = VNCHoneypot()

							hp.add_honeypot(vnc)



							telnet = TelnetHoneypot(port=8023, handler=MicrosoftTelnet, interfaces=["x.x.x.x", "y.y.y.y"])

							hp.add_honeypot(telnet)





							agent = Agent(["z.z.z.z"], [telnet, vnc], loop)

							hp.add_agent(agent)



							hp.start()



							try:

				    loop.run_forever()

							except KeyboardInterrupt:

				    hp.stop()

				    print("\nServer Closed")



							loop.close()

Manager server is where honeypot data's will be sent, so we need to catch all data's from them, default port for manager server is 16742, and it will listen on this port and waiting for data's from honeypots we included.

To make a Manager server simply run this code:


import asyncio



from demonhunter import Manager



loop = asyncio.get_event_loop()



manager = Manager(loop, logfile='test.log')

manager.add_agent_address('127.0.0.1')



try:

    loop.run_forever()

except KeyboardInterrupt:

    print("\nServer Closed")



loop.close()

Create a demonhunter.Manager object and add honeypot address so it can accept data from the address and run it.

Introduction

Installation

Run A Simple Honeypot

Create Manager