Honeypy – Cómo atrapar hackers usando honeypots

Hoy en día las redes internas y externas no son seguras, es por eso que se implementan varias políticas de seguridad a nivel de red. Estas políticas todavía necesitan muchas adaptaciones nuevas para obtener buenas medidas de seguridad. Varias compañías utilizan firewalls de red, IDS, IPS como medidas de seguridad, aunque la mayoría de las empresas están recurriendo al uso de honeypots. Un honeypot es una configuración de defensa de red para atrapar hackers maliciosos. Los honeypots están diseñados para mantener a raya a los hackers y además identificar actividades maliciosas en la red.

Actualmente hay muchos honeypots populares que son utilizados por muchas empresas. Hoy le mostraremos un honeypot de baja interacción que se utiliza para verificar las actividades que se ejecutan en las redes.

Según el investigador de seguridad en redes del Instituto Internacional de Seguridad Cibernética, los honeypots son excelentes herramientas para monitorear ataques y realizar análisis de malware.

Honeypy está diseñado en python2 y se utiliza para registrar actividades que se realizan en la red. Es un proyecto de baja intención utilizado principalmente para pruebas en redes locales. Honeypy crea registros si hay alguna actividad maliciosa en la red.

Honeypy

HoneyPy fue desarrollado para extender nuevas emulaciones de servicio. Honeypy funciona para TCP y UDP. Honeypy ofrece integraciones de manejadores largos con HoneyDB, slack, Logstash, Twitter y ElasticSearch. HoneyPy registra cada movimiento en la red.

  • Honeypy ha sido probado en Kali Linux 2018.4 amd64.
  • Para clonar, escriba git clone https://github.com/foospidy/HoneyPy.git
root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/foospidy/HoneyPy.git
Cloning into 'HoneyPy'…
remote: Enumerating objects: 2, done.
remote: Counting objects: 100% (2/2), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 2632 (delta 1), reused 0 (delta 0), pack-reused 2630
Receiving objects: 100% (2632/2632), 2.81 MiB | 1.37 MiB/s, done.
Resolving deltas: 100% (1564/1564), done.
  • Escriba cd HoneyPy & ls
root@kali:/home/iicybersecurity/Downloads# cd HoneyPy/
root@kali:/home/iicybersecurity/Downloads/HoneyPy# ls
docs etc Honey.py lib LICENSE loggers Makefile mkdocs.yml Pipfile plugins README.md requirements.txt VERSION
  • Escriba pip install -r Requirements.txt
root@kali:/home/iicybersecurity/Downloads/HoneyPy# pip install -r requirements.txt
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Requirement already satisfied: dnslib==0.9.7 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1)) (0.9.7)
Collecting requests==2.20.0 (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/f1/ca/10332a30cb25b627192b4ea272c351bce3ca1091e541245cccbace6051d8/requests-2.20.0-py2.py3-none-any.whl (60kB)
100% |████████████████████████████████| 61kB 141kB/s
Collecting Twisted==14.0.2 (from -r requirements.txt (line 3))
Downloading https://files.pythonhosted.org/packages/0f/88/18bb0eddb483033e35b1b84bdf9de4cedb8906ece178e2d921451282b3c8/Twisted-14.0.2.tar.bz2 (4.3MB)
100% |████████████████████████████████| 4.4MB 159kB/s
Collecting python_twitter==3.1 (from -r requirements.txt (line 4))
Downloading https://files.pythonhosted.org/packages/96/69/53b87d2b717a669eb8f46d6e1d180d0a691f3d303631ca6be80f9d036a2a/python-twitter-3.1.tar.gz (80kB)
100% |████████████████████████████████| 81kB 630kB/s
Requirement already satisfied: certifi in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 5)) (2018.8.24)
Requirement already satisfied: urllib3 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 6)) (1.22)
Collecting pika==0.10.0 (from -r requirements.txt (line 7))
Downloading https://files.pythonhosted.org/packages/26/12/400cf0aca6b1ecf1f00dcd89b246e7a4c8558677304ba067167b8167e714/pika-0.10.0-py2.py3-none-any.whl (92kB)
100% |████████████████████████████████| 102kB 3.0MB/s
Collecting pylint (from -r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/59/65/adcffa71fe942313c4d9e9284565d9a9e67798f4771f464e1d5dd58fea88/pylint-1.9.4-py2.py3-none-any.whl (689kB)
100% |████████████████████████████████| 696kB 727kB/s
Collecting autopep8 (from -r requirements.txt (line 9))
Downloading https://files.pythonhosted.org/packages/5b/ba/37d30e4263c51ee5a655118ac8c331e96a4e45fd4cea876a74b87af9ffc1/autopep8-1.4.3.tar.gz (113kB)
100% |████████████████████████████████| 122kB 22.6MB/s
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python2.7/dist-packages (from requests==2.20.0->-r requirements.txt (line 2)) (2.6)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests==2.20.0->-r requirements.txt (line 2)) (3.0.4)
Requirement already satisfied: zope.interface>=3.6.0 in /usr/lib/python2.7/dist-packages (from Twisted==14.0.2->-r requirements.txt (line 3)) (4.3.2)
Requirement already satisfied: future in /usr/lib/python2.7/dist-packages (from python_twitter==3.1->-r requirements.txt (line 4)) (0.15.2)
Collecting requests-oauthlib (from python_twitter==3.1->-r requirements.txt (line 4))
Downloading https://files.pythonhosted.org/packages/c2/e2/9fd03d55ffb70fe51f587f20bcf407a6927eb121de86928b34d162f0b1ac/requests_oauthlib-1.2.0-py2.py3-none-any.whl
Collecting isort>=4.2.5 (from pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/41/d8/a945da414f2adc1d9e2f7d6e7445b27f2be42766879062a2e63616ad4199/isort-4.3.4-py2-none-any.whl (45kB)
100% |████████████████████████████████| 51kB 3.6MB/s
Collecting mccabe (from pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/87/89/479dc97e18549e21354893e4ee4ef36db1d237534982482c3681ee6e7b57/mccabe-0.6.1-py2.py3-none-any.whl
Requirement already satisfied: singledispatch; python_version < "3.4" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (3.4.0.3)
Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (1.11.0)
Requirement already satisfied: configparser; python_version == "2.7" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (3.5.0b2)
Requirement already satisfied: backports.functools-lru-cache; python_version == "2.7" in /usr/lib/python2.7/dist-packages (from pylint->-r requirements.txt (line 8)) (1.5)
Collecting astroid<2.0,>=1.6 (from pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/0e/9b/18b08991c8c6aaa827faf394f4468b8fee41db1f73aa5157f9f5fb2e69c3/astroid-1.6.5-py2.py3-none-any.whl (293kB)
100% |████████████████████████████████| 296kB 8.0MB/s
Collecting pycodestyle>=2.4.0 (from autopep8->-r requirements.txt (line 9))
Downloading https://files.pythonhosted.org/packages/0e/0c/04a353e104d2f324f8ee5f4b32012618c1c86dd79e52a433b64fceed511b/pycodestyle-2.5.0-py2.py3-none-any.whl (51kB)
100% |████████████████████████████████| 51kB 2.8MB/s
Collecting oauthlib>=3.0.0 (from requests-oauthlib->python_twitter==3.1->-r requirements.txt (line 4))
Downloading https://files.pythonhosted.org/packages/16/95/699466b05b72b94a41f662dc9edf87fda4289e3602ecd42d27fcaddf7b56/oauthlib-3.0.1-py2.py3-none-any.whl (142kB)
100% |████████████████████████████████| 143kB 5.8MB/s
Requirement already satisfied: futures in /usr/lib/python2.7/dist-packages (from isort>=4.2.5->pylint->-r requirements.txt (line 8)) (3.2.0)
Requirement already satisfied: enum34>=1.1.3; python_version < "3.4" in /usr/lib/python2.7/dist-packages (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8)) (1.1.6)
Collecting wrapt (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/67/b2/0f71ca90b0ade7fad27e3d20327c996c6252a2ffe88f50a95bba7434eda9/wrapt-1.11.1.tar.gz
Collecting lazy-object-proxy (from astroid<2.0,>=1.6->pylint->-r requirements.txt (line 8))
Downloading https://files.pythonhosted.org/packages/52/7e/f0f570ba363e15251bb9fd452257ec2aff91be0187a08a893afbd8ae225f/lazy_object_proxy-1.3.1-cp27-cp27mu-manylinux1_x86_64.whl (56kB)
100% |████████████████████████████████| 61kB 5.0MB/s
Building wheels for collected packages: Twisted, python-twitter, autopep8, wrapt
Building wheel for Twisted (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/05/17/5a/924573fd00805c6339713d6f96af6af763f959f199d7a31341
Building wheel for python-twitter (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/8a/17/09/f9948b2483ac9eeb7961db60cd5f87f03c1ca75667815043ba
Building wheel for autopep8 (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/91/07/fd/99884826d575c769102ddec2f9b96c7ad57cc6b5ca3a5e02b4
Building wheel for wrapt (setup.py) … done
Stored in directory: /root/.cache/pip/wheels/89/67/41/63cbf0f6ac0a6156588b9587be4db5565f8c6d8ccef98202fc
Successfully built Twisted python-twitter autopep8 wrapt
Installing collected packages: requests, Twisted, oauthlib, requests-oauthlib, python-twitter, pika, isort, mccabe, wrapt, lazy-object-proxy, astroid, pylint, pycodestyle, autopep8
Found existing installation: requests 2.9.1
Uninstalling requests-2.9.1:
Successfully uninstalled requests-2.9.1
Found existing installation: Twisted 18.7.0
Uninstalling Twisted-18.7.0:
Successfully uninstalled Twisted-18.7.0
Successfully installed Twisted-14.0.2 astroid-1.6.5 autopep8-1.4.3 isort-4.3.4 lazy-object-proxy-1.3.1 mccabe-0.6.1 oauthlib-3.0.1 pika-0.10.0 pycodestyle-2.5.0 pylint-1.9.4 python-twitter-3.1 requests-2.20.0 requests-oauthlib-1.2.0 wrapt-1.11.1
  • Después de la instalación, configure las claves de la API en honeypy.cfg
  • Ingrese la api id & api key. Para obtener la clave de la API, vaya a: https://riskdiscovery.com/honeydb/loginUsers
  • Escriba cd /honeypy/etc/ & ls
  • Escriba nano honeypy.cfg
  • Copie las claves de la API e ingrese esas API en honeypy.cfg
Post your events to HoneyDB. Your HoneyPy honepots can contribute threat information to HoneyDB.
You will need to create API credentails for this to work. See https://riskdiscovery.com/honeydb/#threats
[honeydb]
enabled = Yes
api_id = 029b9f7eccfb783dc84418946c517dd7314adaec2ce2803a3098f3c56acc3e4f
api_key = 9e951e35cada41ce60df63a5627bfc9e44c876529348e3ca1ea0399a7e687e4f
  • Después de configurar honeypy.cfg, ejecute honeypy

HoneyDB

Honeydb es un sitio web creado para capturar sesiones en vivo de honeypot que se ejecutan a través de la red. Honeydb muestra las estadísticas de los principales países con sus direcciones IP. Honeydb ofrece API que se puede utilizar en diferentes honeypots. Estos están diseñados para comenzar con honeypots.

  • Teclee pip instal honeydb
root@kali:/home/iicybersecurity/Downloads/HoneyPy# pip install honeydb
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting honeydb
Downloading https://files.pythonhosted.org/packages/49/9f/5347b81d61cad79c7377a0d83ed2ed7faeb0df4275a94084cc7cbf76bf9f/honeydb-0.0.7-py2.py3-none-any.whl
Requirement already satisfied: requests in /usr/local/lib/python2.7/dist-packages (from honeydb) (2.20.0)
Requirement already satisfied: pyopenssl in /usr/local/lib/python2.7/dist-packages (from honeydb) (17.2.0)
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (2.6)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (3.0.4)
Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (1.22)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/dist-packages (from requests->honeydb) (2018.8.24)
Requirement already satisfied: cryptography>=1.9 in /usr/lib/python2.7/dist-packages (from pyopenssl->honeydb) (2.3)
Requirement already satisfied: six>=1.5.2 in /usr/lib/python2.7/dist-packages (from pyopenssl->honeydb) (1.11.0)
Installing collected packages: honeydb
Successfully installed honeydb-0.0.7
  • Una vez instalado, Honeydb también se usa para buscar muestras de malware