Wetland is a high interaction SSH honeypot,designed to log brute force attacks.What’s more, wetland will log shell、scp、sftp、exec-command、direct-forward、reverse-forward interation performded by the attacker.
Wetland is based on python ssh module paramiko. And wetland runs as a multi-threading tcp server using SocketServer.
Features
- Use docker to provide a real linux environment.
- All the password auth will redirect to docker.
- All the command will execute on docker.
- Save a copy of file when hacker uploads some files with SFTP.
- Extract and Save files from exec-log when hacker uoloads some files with SCP.
- Providing a playlog script to replay the [shell | exec | direct-forward | reverse-forward] kind of log.
- Advanced networking feature to spoof attackers IP address between wetland and docker(thanks to honssh)
- Kinds of ways to report to you when wetland is touching by hacker, but now only email and bearychat.