thinkst/canarytokens thinkst/canarytokens

  • Stars
    star
    1,740
  • Rank 26,760 (Top 0.6 %)
  • Language
    HTML
  • License
    Other
  • Created over 9 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
thinkst/canarytokens
github

thinkst

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Canarytokens helps track activity and actions on your network.

Canarytokens

by Thinkst Applied Research

Overview

Canarytokens helps track activity and actions on your network.

If you have any issues please check out our FAQ over here, or create an issue and we'll try to get back to you as soon as possible.

Deprecations

  • The Slack API Token is deprecated and it's no longer possible to create new ones. Old tokens will still work.

Installation

We recommend the Docker image installation process.

Configuration

The Canarytokens server can use many different settings configurations. You can find them in settings.py. There are two main settings files: frontend.env and switchboard.env.

The frontend.env contains the frontend process settings such as:

  • CANARY_DOMAINS=mytesttokensdomain.com
  • CANARY_NXDOMAINS=pdf.demo.canarytokens.net
  • CANARY_AWSID_URL=
  • CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads
  • CANARY_GOOGLE_API_KEY=
  • LOG_FILE=frontend.log

The switchboard.env contains the switchboard process settings such as:

  • CANARY_MAILGUN_DOMAIN_NAME=
  • CANARY_MAILGUN_API_KEY=
  • CANARY_MANDRILL_API_KEY=
  • CANARY_SENDGRID_API_KEY=
  • CANARY_PUBLIC_IP=
  • CANARY_PUBLIC_DOMAIN=
  • CANARY_ALERT_EMAIL_FROM_ADDRESS=[email protected]
  • CANARY_ALERT_EMAIL_FROM_DISPLAY="Canarytoken Mailer"
  • CANARY_ALERT_EMAIL_SUBJECT="Alert"
  • CANARY_MAX_ALERTS_PER_MINUTE=1000
  • CANARY_SMTP_USERNAME=
  • CANARY_SMTP_PASSWORD=
  • CANARY_SMTP_SERVER=smtp.gmail.com
  • CANARY_SMTP_PORT=587
  • CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads
  • LOG_FILE=switchboard.log
  • ERROR_LOG_WEBHOOK=

Please note that when choosing which email provider you would like to use, you MUST only provide information related to that provider. E.g. if you have CANARY_MAILGUN_API_KEY then you must remove the others such as CANARY_SENDGRID_API_KEY and CANARY_MANDRILL_API_KEY.

If you are using Mailgun's European infrastructure for your Canarytokens Server, you will need to add CANARY_MAILGUN_BASE_URL=https://api.eu.mailgun.net to your switchboard.env. If you do not specify that, we will use the regular url as 'https://api.mailgun.net' as the default.

Lastly, we have added the ability to specify your own AWSID lambda so that you may host your own. The setting is placed in frontend.env under CANARY_AWSID_URL. If this value is not specified, it will use our default hosted lambda.

Configuration of Outgoing SMTP

When configuring outgoing SMTP please consider the following:

Restrictions:

  • no other provider like Mailgun or Sendgrid must be configured for this to work
  • only supports StartTLS right now (you have to use the corresponding port)
  • no anonymous SMTP is supported right now (you have to use a username/password to authenticate)

The following settings have to be configured in switchboard.env for SMTP to work:

  • CANARY_SMTP_SERVER: the SMTP server
  • CANARY_SMTP_PORT: the port number of the SMTP server (must be a StartTLS enabled port!)
  • CANARY_SMTP_USERNAME: Username for the SMTP server (no anonymous SMTP supported right now)
  • CANARY_SMTP_PASSWORD: the password that corresponds to the username

A complete example config in switchboard.env then looks like this:

CANARY_SMTP_SERVER=smtp.yourserver.com
CANARY_SMTP_PORT=587
CANARY_SMTP_USERNAME=<your smtp username>
CANARY_SMTP_PASSWORD=<your smtp password>
[email protected]
CANARY_ALERT_EMAIL_SUBJECT="Canary Alert via SMTP"

Alert throttling

By default, unless running in DEBUG mode, no more than 1 alert per unique calling IP per minute is permitted. Activity will still be recorded in the database, and visible in the token management console, but alerts will not be generated (email and/or webhook).

This is tunable with the switchboard ENV variable CANARY_MAX_ALERTS_PER_MINUTE.

More Repositories

1

opencanary

Modular and decentralised honeypot
Python
2,302
star
2

canarytokens-docker

Docker configuration to quickly setup your own Canarytokens.
Dockerfile
602
star
3

zippy

Detect AI-generated text [relatively] quickly via compression ratios
Python
198
star
4

canaryfy

Linux file read monitor
C
89
star
5

canary-utils

Collection of useful Canary tools
PowerShell
68
star
6

canarytools-python

Python client for the Thinkst Canary API
Python
18
star
7

opencanary-correlator

Central correlator for opencanary instances
Python
18
star
8

canarytools-docs

Documentation for the Canary Console API
Python
7
star
9

secretkeeper

A quick example iOS app to demo the use of Canary Tokens with a mobile application
Swift
6
star
10

drivewatch

Python
5
star
11

canarytokend

Example daemon for tailing log files and firing alerts based on regexes
Python
4
star
12

api-whoami

A small script to determine API key permissions
Python
3
star
13

nginx_flaskapp_whitelister

Python
2
star
14

password-reset-iso

Dockerfile
2
star
15

canarytokens-docs

Official Documentation for Canarytokens
2
star
16

opencanary-FreeBSD

FreeBSD port for OpenCanary
Makefile
2
star