Heralding – Credentials catching honeypot

Honeypots can be a good addition to your network detection to alert about any type of attack targeting your assets. some project will be installed to detect external facing service intrusion and other can be implemented internally to see what type of suspicious behavior you have on your network. the advantage behind honeypots is low false positive alerts and it allow to catch real attack. If you are looking to install a low interaction honeypot you can check Heralding.

Heralding is low interaction honeypot that will allow user to emulate several protocols with a credentials user interface. once the attacker will attempt to login to the system all credentials will be captured in log file. Currently the following protocols are supported: ftp, telnet, ssh, http, https, pop3, pop3s, imap, imaps, smtp, vnc, postgresql and socks5.

Heralding - Credentials catching honeypot

Heralding – Credentials catching honeypot

Log file will have useful information including the timestamp of the attack , auth_id,session_id,source_ip,source_port,destination_ip,destination_port,protocol,username and password. Technically when it comes to honeypots some user would prefer to have a low interaction honeypot for faster service emulation and running several services without an OS installation requirement. the project is for credential capturing which is good but it will be recommended to have more service emulation such as DNS or VoIP beside logging all attacker activity not just credentials.

You can read more and download the latest release over here: https://github.com/johnnykv/