DefroxPot is a honeypot project designed to detect, monitor, and analyze malicious activity in a controlled environment. This project aims to provide cybersecurity enthusiasts and professionals with a powerful tool to study attack patterns, improve defensive strategies, and enhance security awareness.
Variants
Install
Dependencies
Usage
Screenshots
Contributors
The Web Honeypot simulates a vulnerable website to attract and analyze web-based attacks.
Web Logging
- Records all HTTP requests and responses
- Logs IP addresses, session details, user agents, user IDs, and paths visited
- Captures keystrokes through the website
File Analysis
- Analyzes files uploaded by attackers to check for malicious content
- Extracts metadata from the uploaded files
Dashboard
- Provides a dashboard for real-time monitoring
The Network Honeypot mimics a network environment to detect, log and analyze network-based attacks.
Network Logging
- Captures and logs all network traffic
- Records IP addresses and authentication attempts via FTP or SSH services (whichever you run)
Deceptive Environment
- Creates a deceptive environment to trap attackers
- Simulates various network services to attract malicious activity
-
Clone the repository:
git clone https://github.com/TeamDefronix/DefroxPot cd honeypot
-
Install dependencies:
pip install -r requirements.txt
-
Configure the honeypot:
python manage.py migrate python manage.py createsuperuser
Note:
python manage.py createsuperuser
is required to create for managing the DefroxPot tool -
Start the honeypot:
python manage.py runserver
You will receive a URL with port 8000. Open this URL in your browser to access the admin panel.
-
Apart from what is in
requirements.txt
ExifTool is also required to extract metadata from images. You can visit the official website [https://exiftool.org] -
Virus total has been used to check malicious content if uploaded by an attacker [https://www.virustotal.com]
You can visit the following URLs to check software authenticity.
exiftool.exe
(Windows): https://www.virustotal.com/gui/file/e9bfbb1ae99f3b5587f926393c3e9ccd86ad7e03a779a06f5e68601a6a85a714
exiftool
(Linux): https://www.virustotal.com/gui/file/4827ade560b85f0877c635fd7e32144e9196f4fa256cc504c42f8593cc79a32b
Django
: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Flask
: A lightweight WSGI web application framework in Python.
paramiko
: A library for making SSH2 connections.
pyftpdlib
: A library for creating FTP servers.
bcrypt
: Library for hashing passwords in a secure manner.
blinker
: Provides support for creating signals and listening to them, often used in Flask applications.
certifi
: Provides Mozilla’s CA Bundle, useful for SSL verification.
cryptography
: Provides cryptographic recipes and primitives.
itsdangerous
: Provides various helpers to pass trusted data to untrusted environments.
pycparser
: A C parser and AST generator written in Python.
PyNaCl
: Python binding to the Networking and Cryptography (NaCl) library.
- Navigate to the
Setup
tab and launch the web setup. You will receive a URL with port 5000 that is intended to be accessed by an attacker. File Analysis
,Photo
,Keylogger
andWebsite
tabs belong to Web honeypot. You can navigate to check logs.
- Navigate to the
Setup
tab and launch the network setup. Thessh
andftp
will be started that is intended to be accessed by an attacker. Network
tabs belong to network honeypot. You can navigate to check logs.
This tool is currently a prototype and can be further improved. If you have more context or specific improvements in mind, We can tailor the further requirements to fit your needs