Shulou(Shulou.com)05/31 Report--

Editor to share with you what is the use of Manuka, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Tool introduction

Manuka is an Open Resource Intelligence (OSINT) honeypot that can help researchers monitor cyber reconnaissance activities that threaten attackers and generate practical operational intelligence information for blue team researchers. The tool can create a simulation environment that includes phased OSINT sources, such as social media profiles and leaked credentials, and tracks signs of interest from opponents, as well as information closely related to MITRE's PRE-ATT&CK framework. Manuka can provide visual information of pre-attack network reconnaissance phase for blue team personnel, and provide early warning signals for security defense personnel.

Although they vary in size and complexity, most traditional honeypots focus on online behavior. These honeypot systems can detect the activities of attackers in the second to seventh stages of the network attack chain:

Manuka is able to perform OSINT threat detection during the first phase of the network attack chain, and Manuka supports custom extensions. This means that researchers can easily add new listener modules and insert them into a Dockerized environment. They can also interact with multiple honeypots to expand the scope of application of honeypots. In addition, users can quickly customize and deploy Manuka to match different use cases. It is worth mentioning that Manuka's data format can be easily ported to third-party visual analysis tools in other organizational workflows.

Because of the complexity and universality of OSINT technology, it is a new challenge to design a good OSINT honeypot. Therefore, Manuka arises at the historic moment.

Tool architecture

Manuka is built on the following key elements and execution processes:

Sources: possible OSINT vectors, such as social media materials, leaked credential information, and leaked source code.

Listeners: a server used to monitor the interaction of attackers.

Hits: some interesting metrics, such as login attempts and social media connections using disclosed credentials.

Honeypots: used to monitor a single activity and analyze and track the activity over a period of time.

Tool system design

The tool framework itself consists of multiple Docker containers and supports deployment on a single host:

Manuka-server: central Golang server, responsible for performing CURD operations and obtaining information from listeners

Manuka-listener: modular Golang server that can perform different listener roles

Manuka-client: provide dashboards for blue team personnel to manage Manuka resources

These containers can be managed by a Docker-Compose command.

Tool requirements docker > = 19.03.8docker-compose > = 1.25.4ngok > = 2.3.35 tool download

Researchers can use the following commands to clone the source code of the project locally:

Git clone https://github.com/spaceraccoon/manuka.git

During the development process, the corresponding components run on the following ports:

Manuka-client: 3000manuka-server: 8080manuka-listener: 8080 tool runs COMPANY_NAME='Next Clarity Financial' NGINX_USERNAME=username NGINX_PASSWORD=password docker-compose- f docker-compose.yml-f docker-compose-prod.yml up-- build-- remove-orphans-d

Among them, NGINX_USERNAME and NGINX_PASSWORD are the basic authentication credentials for dashboard login, and COMPANY_NAME is the forged enterprise name of the landing page.

Currently supported listeners Social Media listeners

Monitors social activity on Facebook and LinkedIn, and currently supports notification of network connection attempts. Note that email notifications should be enabled for monitored social media accounts. The appropriate email accounts that receive email notifications from the social media platform should be configured to forward these emails to a centralized Gmail account.

Log in to the listener

Support to monitor login attempts using leaked credentials on honeypot sites.

Tool dashboard

The above is all the content of this article "what's the use of Manuka?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.