Cowrie記錄包里攻擊者的 Shell 交互記錄

Cowrie是一種中等交互式SSH和Telnet蜜罐，用于記錄暴力攻擊和攻擊者執(zhí)行的shell交互。 Cowrie還充當(dāng)SSH和telnet代理，以觀察攻擊者對(duì)另一個(gè)系統(tǒng)的行為。

使用方法：

docker run -p 2222:2222 cowrie/cowrie
ssh -p 2222 root@localhost

文件列表：

• etc/cowrie.cfg - Cowrie's configuration file. Default values can be found in etc/cowrie.cfg.dist.
• share/cowrie/fs.pickle - fake filesystem
• etc/userdb.txt - credentials to access the honeypot
• honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here or use bin/fsctl
• honeyfs/etc/issue.net - pre-login banner
• honeyfs/etc/motd - post-login banner
• var/log/cowrie/cowrie.json - transaction output in JSON format
• var/log/cowrie/cowrie.log - log/debug output
• var/lib/cowrie/tty/ - session logs, replayable with the bin/playlog utility.
• var/lib/cowrie/downloads/ - files transferred from the attacker to the honeypot are stored here
• share/cowrie/txtcmds/ - file contents for simple fake commands
• bin/createfs - used to create the fake filesystem
• bin/playlog - utility to replay session logs