IMPORTANT: This honeypot software is developed for educational and research purposes only. The primary aim is to study and improve security measures, not to engage in or encourage illegal activities. Any misuse of this software for purposes other than those stated, including unauthorized access to computer systems, is strictly prohibited and may be illegal under local, state, federal, or international law. By using this software, you agree to use it responsibly, ethically, and within the bounds of legality. The developers and distributors of this software bear no responsibility for any illicit or unauthorized use.
FortiHoney simulates the login portal of a FortiGate firewall to act as a honeypot, attracting malicious actors attempting unauthorized access. When an attacker tries to log in, the honeypot captures and logs their IP address, username, and password. This project aims to provide security researchers and IT professionals with a tool to identify potential threats and analyze attack patterns without exposing real network assets.
- Simulates a FortiGate login portal to attract potential attackers
- Logs IP addresses, usernames, and passwords of attempted logins
- Geo-locates IP addresses to identify the attacker's possible location
- Records browser user-agent strings to analyze the tools used in the attacks
- Offers a debug mode for detailed request logging in development environments
- GoLang (1.15 or newer)
- Buffalo framework
- A PostgreSQL database
- GeoLite2-City database file for IP geolocation
-
Clone the Repository
git clone https://github.com/yourusername/fortihoney.git cd fortiHoney
-
Setup Database Ensure SQLite/PostgreSQL is installed and running. Create a new database for the honeypot logs.
-
Environment Configuration Configure the necessary environment variables, including the database connection string in a
.env
file or equivalent. -
GeoLite2-City Database Download the GeoLite2-City database file from MaxMind and place it in the
files
directory. -
Install Dependencies
go mod tidy
-
Run Migrations
buffalo pop migrate
-
Start the Server in develop mode
buffalo serve
This will start the honeypot server, listening for incoming connections that simulate login attempts.
-
Deploy
Oficial documentation:
Deploy FortiHoney within your network in a controlled and isolated environment, where it can safely attract and log unauthorized access attempts. Ensure it does not have access to real or sensitive systems and networks.
Review the captured data regularly to analyze attack patterns and potential security threats. This information can be vital for enhancing your security posture.
sqlite3 fortihoney_fortihoney_development.sqlite
SELECT * FROM LOGS ORDER BY created_at desc;
Contributions to the FortiHoney project are welcome. Please ensure that any pull requests or issues are clearly described and are in line with the project's goals of security research and education.
This project is licensed under MIT, which allows for modification and redistribution for non-commercial purposes.
- GeoLite2 data created by MaxMind, available from https://www.maxmind.com
- Buffalo framework for Go web applications
For more comprehensive and personalized assistance in setting up honeypots and other security measures, consider consulting professional services.