creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-network-deception-with-honeypots/references/api-reference.md
T

129 lines
2.8 KiB
Markdown
Raw Blame History

# Network Deception with Honeypots Reference
## OpenCanary Installation
```bash
# Ubuntu/Debian
sudo apt-get install python3-dev python3-pip python3-virtualenv libssl-dev libpcap-dev
virtualenv canary-env && source canary-env/bin/activate
pip install opencanary
# Docker
docker pull thinkst/opencanary
docker run -d --network host -v /path/to/config:/etc/opencanaryd thinkst/opencanary
```
## OpenCanary CLI
```bash
# Generate default config
opencanaryd --copyconfig
# Start daemon
opencanaryd --start
# Stop daemon
opencanaryd --stop
# Check status
opencanaryd --status
# Run in foreground (debug)
opencanaryd --dev
```
## Configuration File (`/etc/opencanaryd/opencanary.conf`)
```json
{
"device.node_id": "honeypot-dmz-01",
"ssh.enabled": true,
"ssh.port": 22,
"ssh.version": "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3",
"http.enabled": true,
"http.port": 80,
"http.banner": "Apache/2.4.41 (Ubuntu)",
"http.skin": "nasLogin",
"smb.enabled": true,
"smb.filelist": [{"name": "passwords.xlsx", "type": "xlsx"}],
"ftp.enabled": true,
"ftp.port": 21,
"ftp.banner": "FTP server ready",
"mysql.enabled": true,
"mysql.port": 3306,
"rdp.enabled": true,
"rdp.port": 3389
}
```
## Available Service Modules
| Service | Config Key | Default Port | Interaction Level |
|---------|-----------|-------------|-------------------|
| SSH | ssh.enabled | 22 | Medium |
| HTTP | http.enabled | 80 | Low-Medium |
| FTP | ftp.enabled | 21 | Low |
| SMB | smb.enabled | 445 | Low |
| MySQL | mysql.enabled | 3306 | Low |
| RDP | rdp.enabled | 3389 | Low |
| Telnet | telnet.enabled | 23 | Low |
| SNMP | snmp.enabled | 161 | Low |
| Git | git.enabled | 9418 | Low |
| Redis | redis.enabled | 6379 | Low |
| VNC | vnc.enabled | 5000 | Low |
## Log Format (JSON, one per line)
```json
{
"dst_host": "10.0.0.50",
"dst_port": 22,
"src_host": "10.0.0.100",
"src_port": 45321,
"logtype": 3001,
"node_id": "honeypot-dmz-01",
"utc_time": "2025-03-01 14:30:00.123456",
"logdata": {"USERNAME": "admin", "PASSWORD": "password123"}
}
```
## Log Type Codes
| Code | Service | Event |
|------|---------|-------|
| 1001 | FTP | Login attempt |
| 2001 | HTTP | Login attempt |
| 3001 | SSH | Login attempt |
| 5001 | SMB | File open |
| 6001 | Telnet | Login attempt |
| 7001 | MySQL | Login attempt |
| 8001 | RDP | Login attempt |
## Cowrie SSH Honeypot
```bash
# Docker deployment
docker run -d -p 22:2222 cowrie/cowrie
# Session replay
bin/playlog log/tty/20250301-143000-abc123.log
```
## Syslog Forwarding
```json
{
"logger": {
"class": "PyLogger",
"kwargs": {
"handlers": {
"syslog": {
"class": "logging.handlers.SysLogHandler",
"address": ["siem.example.com", 514]
}
}
}
}
}
```
Reference in New Issue View Git Blame Copy Permalink