dockerfiles/cowrie/README.md

cowrie
======

![](https://badge.imagelayers.io/vimagick/cowrie:latest.svg)

[Cowrie][1] is a medium interaction SSH honeypot designed to log brute force attacks
and, most importantly, the entire shell interaction performed by the attacker.

Cowrie is directly based on [Kippo][2] by Upi Tamminen (desaster).

## docker-compose.yml

```yaml
version: "3.8"

services:
  cowrie:
    image: cowrie/cowrie
    ports:
      - "2222:2222"
      - "2223:2223"
    volumes:
      - cowrie-etc:/cowrie/cowrie-git/etc
      - cowrie-var:/cowrie/cowrie-git/var
    restart: unless-stopped

volumes:
  cowrie-etc:
  cowrie-var:
```

## server

```bash
$ docker-compose up -d
$ docker volume ls
$ docker volume inspect cowrie_cowrie-var
$ cd /var/lib/docker/volumes/cowrie_cowrie-etc/_data
$ cp cowrie.cfg.dist cowrie.cfg
$ cp userdb.example userdb.txt
$ cd /var/lib/docker/volumes/cowrie_cowrie-var/_data
$ tail -f log/cowrie/cowrie.json
```

```bash
$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/asciinema
$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/playlog
$ chmod +x /usr/local/bin/{asciinema,playlog}
$ playlog -c lib/cowrie/tty/xxxxxx
```

## client

```bash
$ ssh -p 2222 root@server
$ telnet server 2223
```

> You can login as `root` with any password except `root` or `123456`.

[1]: https://github.com/micheloosterhof/cowrie
[2]: http://github.com/desaster/kippo/
add cowrie 2015-07-21 18:10:52 +02:00			`cowrie`
			`======`

update cowrie 2015-11-25 03:42:37 +02:00			`![](https://badge.imagelayers.io/vimagick/cowrie:latest.svg)`

update cowrie 2017-11-05 15:12:30 +02:00			`[Cowrie][1] is a medium interaction SSH honeypot designed to log brute force attacks`
add cowrie 2015-07-21 18:10:52 +02:00			`and, most importantly, the entire shell interaction performed by the attacker.`

update cowrie 2017-11-05 15:12:30 +02:00			`Cowrie is directly based on [Kippo][2] by Upi Tamminen (desaster).`
add cowrie 2015-07-21 18:10:52 +02:00
			`## docker-compose.yml`

update cowrie 2017-11-05 15:06:52 +02:00			```yaml
update cowrie 2020-11-05 13:22:21 +02:00			`version: "3.8"`

			`services:`
			`cowrie:`
			`image: cowrie/cowrie`
			`ports:`
			`- "2222:2222"`
			`- "2223:2223"`
			`volumes:`
			`- cowrie-etc:/cowrie/cowrie-git/etc`
			`- cowrie-var:/cowrie/cowrie-git/var`
			`restart: unless-stopped`

			`volumes:`
			`cowrie-etc:`
			`cowrie-var:`
add cowrie 2015-07-21 18:10:52 +02:00			```

			`## server`

update cowrie 2017-11-05 15:06:52 +02:00			```bash
add cowrie 2015-07-21 18:10:52 +02:00			`$ docker-compose up -d`
update cowrie 2020-11-05 13:22:21 +02:00			`$ docker volume ls`
			`$ docker volume inspect cowrie_cowrie-var`
			`$ cd /var/lib/docker/volumes/cowrie_cowrie-etc/_data`
			`$ cp cowrie.cfg.dist cowrie.cfg`
			`$ cp userdb.example userdb.txt`
			`$ cd /var/lib/docker/volumes/cowrie_cowrie-var/_data`
			`$ tail -f log/cowrie/cowrie.json`
add cowrie 2015-07-21 18:10:52 +02:00			```

update cowrie 2023-07-18 13:29:17 +02:00			```bash
			`$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/asciinema`
			`$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/playlog`
			`$ chmod +x /usr/local/bin/{asciinema,playlog}`
			`$ playlog -c lib/cowrie/tty/xxxxxx`
			```

add cowrie 2015-07-21 18:10:52 +02:00			`## client`

update cowrie 2017-11-05 15:06:52 +02:00			```bash
add cowrie 2015-07-21 18:10:52 +02:00			`$ ssh -p 2222 root@server`
update cowrie 2017-11-05 15:06:52 +02:00			`$ telnet server 2223`
add cowrie 2015-07-21 18:10:52 +02:00			```

update 2015-07-21 19:00:29 +02:00			> You can login as `root` with any password except `root` or `123456`.
add cowrie 2015-07-21 18:10:52 +02:00
			`[1]: https://github.com/micheloosterhof/cowrie`
			`[2]: http://github.com/desaster/kippo/`