-
-
Notifications
You must be signed in to change notification settings - Fork 139
Setup and Installation
This framework has three sections, the first one is the ElasticSearch server, ElasticSearch will store all information and activities in the network, the second is the API server that provides a WebUI + API on https://localhost:5000 by reading/analyzing information from ElasticSearch server. The third section is modules that setups the actual honeypots and send data to ElasticSearch Server. You can setup All three on one server by installing all requirements + ElasticSearch, but it's recommended to divide API+ElasticSearch in one server, and honeypots in another (it could be one or several module bases on your preferences).
You can install a ElasticSearch service on your OS, if it's a remote server, set a password on your service or limit the IPs that are allowed to connect to your server with port 9200. Don't expose your service to the whole internet.
If your ElasticSearch is in the same machine as your API server, you don't need to do anything, otherwise, you need to address your ElasticSearch server in the default configuration. The default address is localhost
. To run the API server you will need to install requirements/dependencies by pip install -r requirements.txt
, then run python ohp.py --start-api-server
to start the API server without any authentication. If you want to set authentication on your API server, you have to modify config.py and set "api_access_without_key": False,
and send key
as GET/POST/Cookie arg with every request. You can limit the API by IP whitelisting by modifying api_client_white_list
in the same config.py. If you don't want to install dependencies on your machine, you can use docker-compose up
on your machine to create a ElasticSearch server and also the API server via Docker. If you want to separate the ElasticSearch server and also use docker, you can modify the config.py and use docker-compose -f docker-compose-host.yml up
to address your ElasticSearch server.
In this section you also need to install requirements/dependencies pip install -r requirements.txt
, Docker
, libpcap-dev
, libnet-dev
, tshark
(or wireshark
, it includes tshark), and if you want to develop this project you may also install the libs inside of requirements-dev.txt
. Before running any module you must modify the config.py and check your ElasticSearch server address + maybe take a look at ignored IP addresses.
- This framework only supports Python 3.x
- Known issue: Blocking virtual machines internet is not working on Windows
- We do not test this framework on Windows anymore. recommended OS is Linux (Debian/Ubuntu).
- Found new issue? Let us know https://github.com/zdresearch/OWASP-Honeypot/issues
- Emulator (DOCKER/LXC)
- Multi OS Support
- Multi Python Version Support
- Secure Virtual Machine
- Automated Setup Process
- CLI/WebUI/API Available + Live Reporting
- Support Multiple Language for CLI/WebUI
- Supporting Web/Network based Attacks
- Network Packet Analyzer (Basic/
Advance) - Hacker Activity Monitor/Log Explorer