mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-11-21 17:56:53 +02:00
| .. | ||
| data/etc | ||
| docker-compose.yml | ||
| README.md | ||
cowrie
Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Cowrie is directly based on Kippo by Upi Tamminen (desaster).
docker-compose.yml
version: "3.8"
services:
cowrie:
image: cowrie/cowrie
ports:
- "2222:2222"
- "2223:2223"
volumes:
- cowrie-etc:/cowrie/cowrie-git/etc
- cowrie-var:/cowrie/cowrie-git/var
restart: unless-stopped
volumes:
cowrie-etc:
cowrie-var:
server
$ docker-compose up -d
$ docker volume ls
$ docker volume inspect cowrie_cowrie-var
$ cd /var/lib/docker/volumes/cowrie_cowrie-etc/_data
$ cp cowrie.cfg.dist cowrie.cfg
$ cp userdb.example userdb.txt
$ cd /var/lib/docker/volumes/cowrie_cowrie-var/_data
$ tail -f log/cowrie/cowrie.json
$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/asciinema
$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/playlog
$ chmod +x /usr/local/bin/{asciinema,playlog}
$ playlog -c lib/cowrie/tty/xxxxxx
client
$ ssh -p 2222 root@server
$ telnet server 2223
You can login as
rootwith any password exceptrootor123456.