2015-07-21 18:10:52 +02:00
|
|
|
cowrie
|
|
|
|
======
|
|
|
|
|
2015-11-25 03:42:37 +02:00
|
|
|
![](https://badge.imagelayers.io/vimagick/cowrie:latest.svg)
|
|
|
|
|
2017-11-05 15:12:30 +02:00
|
|
|
[Cowrie][1] is a medium interaction SSH honeypot designed to log brute force attacks
|
2015-07-21 18:10:52 +02:00
|
|
|
and, most importantly, the entire shell interaction performed by the attacker.
|
|
|
|
|
2017-11-05 15:12:30 +02:00
|
|
|
Cowrie is directly based on [Kippo][2] by Upi Tamminen (desaster).
|
2015-07-21 18:10:52 +02:00
|
|
|
|
|
|
|
## docker-compose.yml
|
|
|
|
|
2017-11-05 15:06:52 +02:00
|
|
|
```yaml
|
2015-07-21 18:10:52 +02:00
|
|
|
cowrie:
|
|
|
|
image: vimagick/cowrie
|
|
|
|
ports:
|
|
|
|
- "2222:2222"
|
2017-11-05 15:06:52 +02:00
|
|
|
- "2223:2223"
|
2015-07-21 18:10:52 +02:00
|
|
|
volumes:
|
2017-11-05 15:12:30 +02:00
|
|
|
- ./data/dl:/home/cowrie/dl
|
|
|
|
- ./data/log:/home/cowrie/log
|
2015-07-21 18:10:52 +02:00
|
|
|
restart: always
|
|
|
|
```
|
|
|
|
|
|
|
|
## server
|
|
|
|
|
2017-11-05 15:06:52 +02:00
|
|
|
```bash
|
2015-07-21 18:10:52 +02:00
|
|
|
$ cd ~/fig/cowrie
|
2017-11-05 15:12:30 +02:00
|
|
|
$ mkdir -p data/dl data/log/tty
|
|
|
|
$ chmod -R 777 data
|
2015-07-21 18:10:52 +02:00
|
|
|
$ tree -F
|
|
|
|
.
|
|
|
|
├── docker-compose.yml
|
2015-07-21 19:00:29 +02:00
|
|
|
├── dl/
|
2015-07-21 18:10:52 +02:00
|
|
|
└── log/
|
|
|
|
└── tty/
|
|
|
|
$ docker-compose up -d
|
|
|
|
$ tail -f log/cowrie.log
|
|
|
|
```
|
|
|
|
|
|
|
|
## client
|
|
|
|
|
2017-11-05 15:06:52 +02:00
|
|
|
```bash
|
2015-07-21 18:10:52 +02:00
|
|
|
$ ssh -p 2222 root@server
|
2017-11-05 15:06:52 +02:00
|
|
|
$ telnet server 2223
|
2015-07-21 18:10:52 +02:00
|
|
|
```
|
|
|
|
|
2015-07-21 19:00:29 +02:00
|
|
|
> You can login as `root` with any password except `root` or `123456`.
|
2015-07-21 18:10:52 +02:00
|
|
|
|
|
|
|
[1]: https://github.com/micheloosterhof/cowrie
|
|
|
|
[2]: http://github.com/desaster/kippo/
|