HonTel
HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu/Debian environment, though it could be easily adapted to run inside any Linux environment.
Documentation:
Setting the environment and running the application requires intermediate Linux administration knowledge. The whole deployment process can be found "step-by-step" inside the deploy.txt file. Configuration settings can be found and modified inside the hontel.py itself. For example, authentication credentials can be changed from default root:123456
to some arbitrary values (options AUTH_USERNAME
and AUTH_PASSWORD
), custom Welcome message can be changed from default (option WELCOME
), custom hostname (option FAKE_HOSTNAME
), architecture (option FAKE_ARCHITECTURE
), location of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH
), location of downloaded binary files dropped by connected users (option SAMPLES_DIR
), etc.
Note: Some botnets tend to delete the files from compromised hosts (e.g. /bin/bash
) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurrent) botnets. In such cases either the whole chroot environment has to be reinstalled or host directory where the chroot directory resides (e.g. /srv/chroot/
) should be recovered from the previously stored backup (recommended).
License
This software is provided under under a MIT License. See the accompanying LICENSE file for more information.