DefroxPot

Description

DefroxPot is a honeypot project designed to detect, monitor, and analyze malicious activity in a controlled environment. This project aims to provide cybersecurity enthusiasts and professionals with a powerful tool to study attack patterns, improve defensive strategies, and enhance security awareness.

---

 
 Variants 
    
 Install 
   
 Dependencies 
    
 Usage 
    
 Screenshots 
    
 Contributors 
 

---

Variants

Web Honeypot

The Web Honeypot simulates a vulnerable website to attract and analyze web-based attacks.

Features

Web Logging

• Records all HTTP requests and responses
• Logs IP addresses, session details, user agents, user IDs, and paths visited
• Captures keystrokes through the website

File Analysis

• Analyzes files uploaded by attackers to check for malicious content
• Extracts metadata from the uploaded files

Dashboard

• Provides a dashboard for real-time monitoring

Network Honeypot

The Network Honeypot mimics a network environment to detect, log and analyze network-based attacks.

Features

Network Logging

• Captures and logs all network traffic
• Records IP addresses and authentication attempts via FTP or SSH services (whichever you run)

Deceptive Environment

• Creates a deceptive environment to trap attackers
• Simulates various network services to attract malicious activity

Installation

1. Clone the repository:

   git clone https://github.com/repo/HoneyGuard.git
   cd honeypot

2. Install dependencies:

   pip install -r requirements.txt

3. Configure the honeypot:

   python manage.py migrate
   python manage.py createsuperuser

   Note: python manage.py createsuperuser is required to create for managing the DefroxPot tool

4. Start the honeypot:

   python manage.py runserver

   You will receive a URL with port 8000. Open this URL in your browser to access the admin panel.

Dependencies

• Apart from what is in requirements.txt ExifTool is also required to extract metadata from images. You can visit the official website [https://exiftool.org]

• Virus total has been used to check malicious content if uploaded by an attacker [https://www.virustotal.com]

  You can visit the following URLs to check software authenticity.

  exiftool.exe (Windows): https://www.virustotal.com/gui/file/e9bfbb1ae99f3b5587f926393c3e9ccd86ad7e03a779a06f5e68601a6a85a714
  exiftool (Linux): https://www.virustotal.com/gui/file/4827ade560b85f0877c635fd7e32144e9196f4fa256cc504c42f8593cc79a32b

Technology Stack

Essential Python Libraries

Django: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Flask: A lightweight WSGI web application framework in Python.

paramiko: A library for making SSH2 connections.

pyftpdlib: A library for creating FTP servers.

bcrypt: Library for hashing passwords in a secure manner.

blinker: Provides support for creating signals and listening to them, often used in Flask applications.

certifi: Provides Mozilla’s CA Bundle, useful for SSL verification.

cryptography: Provides cryptographic recipes and primitives.

itsdangerous: Provides various helpers to pass trusted data to untrusted environments.

pycparser: A C parser and AST generator written in Python.

PyNaCl: Python binding to the Networking and Cryptography (NaCl) library.

Usage

Website

• Navigate to the Setup tab and launch the web setup. You will receive a URL with port 5000 that is intended to be accessed by an attacker.
• File Analysis, Photo, Keylogger and Website tabs belong to Web honeypot. You can navigate to check logs.

Network

• Navigate to the Setup tab and launch the network setup. The ssh and ftp will be started that is intended to be accessed by an attacker.
• Network tabs belong to network honeypot. You can navigate to check logs.

Screenshots

Contacts

Support

This tool is currently a prototype and can be further improved. If you have more context or specific improvements in mind, We can tailor the further requirements to fit your needs

Thanks To All Contributors