ShadowLure is a simple yet powerful honeypot framework written in Python. It is designed to be easy to configure and extend, allowing you to simulate real-world services to detect and log unauthorized access attempts on your network.
- Multi-Service Honeypots: Out-of-the-box support for FTP, HTTP, and SSH services.
- Credential Logging: Captures and logs usernames and passwords from login attempts.
- Extensible Framework: Built with a modular, class-based architecture that makes it easy to add new honeypot services.
- Configurable: Easily enable, disable, and configure services through a simple
decoynet.conffile. - Cross-Platform: Written in pure Python, allowing it to run on Windows, Linux, and macOS.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
- Python 3.6+
pipfor installing dependencies
-
Clone the repository:
git clone https://github.com/YOUR_USERNAME/ShadowLure.git cd ShadowLure -
Install the required dependencies:
pip install -r requirements.txt
-
Generate the default configuration: This will create
decoynet.confand a defaultlogin.htmlpage.python shadowlure/shadowlure/entry.py --copyconfig
-
Customize
decoynet.conf(Optional): Opendecoynet.confin a text editor to enable or disable services and change banners or ports.
To start all enabled services, simply run:
python shadowlure/shadowlure/entry.pyThe honeypot is now active. All connection attempts and captured credentials will be saved to shadowlure.log.
For more detailed information, please see the docs directory:
- Attack Simulation Guide: Step-by-step instructions for testing the honeypot.
- Deployment Guide: A guide on how to expose the honeypot to the internet (with security warnings).
Contributions are welcome! If you'd like to add a new service or improve an existing one.
This project is licensed under the MIT License - see the LICENSE file for details.