blob: d5a453c4999eb156f38618ace8bac9b883773031 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
#!/bin/bash
# Honeypot Self-Test Script for FailZero from Krang
# Performs bait interaction + pulls Cowrie logs from FailZero for analysis
TARGET="$1"
SSH_USER="doc" # The remote user on FailZero (must be able to sudo or access Cowrie logs)
REMOTE_LOG="/home/cowrie/cowrie/var/log/cowrie/cowrie.log"
LOCAL_DIR="root/honeypot_logs"
LOCAL_LOG="$LOCAL_DIR/$(date +%Y-%m-%d_%H-%M-%S)_cowrie.log"
PORT=22
USERNAME="root"
TESTFILE="/opt/genesis/krang_config.yaml"
if [[ -z "$TARGET" ]]; then
echo "Usage: $0 <failzero_ip_or_hostname>"
exit 1
fi
mkdir -p "$LOCAL_DIR"
echo "šµļø Starting honeypot self-test against $TARGET"
echo -e "\n[1/6] Scanning TCP port 22..."
nmap -p $PORT "$TARGET" | grep "$PORT"
echo -e "\n[2/6] Attempting SSH login to Cowrie..."
timeout 5s ssh -o StrictHostKeyChecking=no -p $PORT "$USERNAME@$TARGET" "echo test" || echo "(expected fake shell or timeout)"
echo -e "\n[3/6] Running fake commands to trigger logs..."
timeout 5s ssh -o StrictHostKeyChecking=no -p $PORT "$USERNAME@$TARGET" "ls /; cat $TESTFILE; exit" || echo "(command simulation complete)"
echo -e "\n[4/6] Pulling Cowrie logs back to Krang..."
scp "$SSH_USER@$TARGET:$REMOTE_LOG" "$LOCAL_LOG" >/dev/null 2>&1
if [[ $? -eq 0 ]]; then
echo "ā
Pulled Cowrie log to $LOCAL_LOG"
else
echo "ā Failed to retrieve Cowrie log. Check SSH user or path."
fi
echo -e "\n[5/6] Preview of last 5 log entries:"
tail -n 5 "$LOCAL_LOG" 2>/dev/null || echo "(log file not found or unreadable)"
echo -e "\n[6/6] Final port check:"
nmap -p $PORT "$TARGET" | grep "$PORT"
echo -e "\nš Honeypot self-test complete."
|
