creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-network-deception-with-honeypots/references/api-reference.md
T

2.8 KiB
Raw Blame History

Network Deception with Honeypots Reference

OpenCanary Installation

# Ubuntu/Debian
sudo apt-get install python3-dev python3-pip python3-virtualenv libssl-dev libpcap-dev
virtualenv canary-env && source canary-env/bin/activate
pip install opencanary

# Docker
docker pull thinkst/opencanary
docker run -d --network host -v /path/to/config:/etc/opencanaryd thinkst/opencanary

OpenCanary CLI

# Generate default config
opencanaryd --copyconfig

# Start daemon
opencanaryd --start

# Stop daemon
opencanaryd --stop

# Check status
opencanaryd --status

# Run in foreground (debug)
opencanaryd --dev

Configuration File (/etc/opencanaryd/opencanary.conf)

{
    "device.node_id": "honeypot-dmz-01",
    "ssh.enabled": true,
    "ssh.port": 22,
    "ssh.version": "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3",
    "http.enabled": true,
    "http.port": 80,
    "http.banner": "Apache/2.4.41 (Ubuntu)",
    "http.skin": "nasLogin",
    "smb.enabled": true,
    "smb.filelist": [{"name": "passwords.xlsx", "type": "xlsx"}],
    "ftp.enabled": true,
    "ftp.port": 21,
    "ftp.banner": "FTP server ready",
    "mysql.enabled": true,
    "mysql.port": 3306,
    "rdp.enabled": true,
    "rdp.port": 3389
}

Available Service Modules

Service Config Key Default Port Interaction Level
SSH ssh.enabled 22 Medium
HTTP http.enabled 80 Low-Medium
FTP ftp.enabled 21 Low
SMB smb.enabled 445 Low
MySQL mysql.enabled 3306 Low
RDP rdp.enabled 3389 Low
Telnet telnet.enabled 23 Low
SNMP snmp.enabled 161 Low
Git git.enabled 9418 Low
Redis redis.enabled 6379 Low
VNC vnc.enabled 5000 Low

Log Format (JSON, one per line)

{
    "dst_host": "10.0.0.50",
    "dst_port": 22,
    "src_host": "10.0.0.100",
    "src_port": 45321,
    "logtype": 3001,
    "node_id": "honeypot-dmz-01",
    "utc_time": "2025-03-01 14:30:00.123456",
    "logdata": {"USERNAME": "admin", "PASSWORD": "password123"}
}

Log Type Codes

Code Service Event
1001 FTP Login attempt
2001 HTTP Login attempt
3001 SSH Login attempt
5001 SMB File open
6001 Telnet Login attempt
7001 MySQL Login attempt
8001 RDP Login attempt

Cowrie SSH Honeypot

# Docker deployment
docker run -d -p 22:2222 cowrie/cowrie

# Session replay
bin/playlog log/tty/20250301-143000-abc123.log

Syslog Forwarding

{
    "logger": {
        "class": "PyLogger",
        "kwargs": {
            "handlers": {
                "syslog": {
                    "class": "logging.handlers.SysLogHandler",
                    "address": ["siem.example.com", 514]
                }
            }
        }
    }
}
Reference in New Issue View Git Blame Copy Permalink