HoneyHTTPD is a Python-based web server honeypot framework. It makes it easy to set up fake web servers and record the requests given to it.
This information can be logged to different places, the currently supported outputs are:
- Files
- ElasticSearch
HoneyPoke supports both Python2 and Python 3.
- Clone or download this repo
- Install dependencies:
- Python 2:
sudo pip -r requirements2.txt - Python 3:
sudo pip3 -r requirements3.txt
- Python 2:
- Be sure the
largeandlogsdirectories are writeable by the user and group you plan to have HoneyHTTPD running under.
- Copy
config.json.defaulttoconfig.jsonModify the config file.loggersenables and disables loggers. This done with theactivekey under the respective loggers. Some may need extra configuation, which is in theconfigkey.serverscontains a list of servers you want to run. Each entry has the following keys: *handlerindicates the server module in theserversdirectory to use for that port *modeis eitherhttporhttpswhich indicates if the server should return normal HTTP or HTTPS *portis the port to run on *domainindicates the "domain" this server is running *timeoutis the timeout for requests *cert_pathis only required when inhttpsmode. This is the path to the server certificate in the PEM format.useris the user you want the script to drop privileges togroupis the group you want the script to drop privileges to
- Run HoneyHTTPD with:
- Python 2
sudo python2 start.py --config config.json - Python 3
sudo python3 start.py --config config.json
- Python 2
Server modules live in the servers directory. They are classes that handle the HTTP requests. These modules must inherit from the Server class in lib.server. The class name and the name of the server module file must be the same. Modules can inherit from other server modules to build on their functionality.
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
From here.
Go at it! Open an issue, make a pull request, fork it, etc.
This project is licensed under the GNU General Public License (GPL) v3.0