Skip to content

stamparm/hontel

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Mar 5, 2019
2bedc3b · Mar 5, 2019

History

37 Commits
Jun 8, 2017
Nov 12, 2015
Nov 11, 2015
Nov 11, 2015
Nov 11, 2015
Mar 5, 2019
Mar 5, 2019
Nov 30, 2017
Nov 11, 2015

Repository files navigation

HonTel Python 2.6|2.7 License

HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu/Debian environment, though it could be easily adapted to run inside any Linux environment.

Documentation:

Setting the environment and running the application requires intermediate Linux administration knowledge. The whole deployment process can be found "step-by-step" inside the deploy.txt file. Configuration settings can be found and modified inside the hontel.py itself. For example, authentication credentials can be changed from default root:123456 to some arbitrary values (options AUTH_USERNAME and AUTH_PASSWORD), custom Welcome message can be changed from default (option WELCOME), custom hostname (option FAKE_HOSTNAME), architecture (option FAKE_ARCHITECTURE), location of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH), location of downloaded binary files dropped by connected users (option SAMPLES_DIR), etc.

hontel

Note: Some botnets tend to delete the files from compromised hosts (e.g. /bin/bash) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurrent) botnets. In such cases either the whole chroot environment has to be reinstalled or host directory where the chroot directory resides (e.g. /srv/chroot/) should be recovered from the previously stored backup (recommended).

License

This software is provided under under a MIT License. See the accompanying LICENSE file for more information.