Shulou(Shulou.com)06/01 Report--

This article mainly explains "the method of building and using Hfish under Mac". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "the method of building and using Hfish under Mac".

HFish is a cross-platform multi-function active inducement open source honeypot framework system developed based on Golang, which is carefully built for corporate security protection, recording hacker attacks throughout the process, and realizing independent protection.

1. Multi-function supports not only HTTP (S) honeypot, but also SSH, SFTP, Redis, Mysql, FTP, Telnet, dark net, etc.

2. Extensibility provides API interface, and users can expand honeypot modules (WEB, PC, APP) at will.

3. Convenience using Golang SQLite development, users can quickly deploy a set of honeypot platform on Windows and Linux.

Honeypot technology is essentially a technology to deceive the attacker, by arranging some hosts, network services or information as bait to induce the attacker to attack them, so that the attack can be captured and analyzed. Understand the tools and methods used by the attackers, speculate the intention and motivation of the attack, and give the defenders a clear understanding of the security threats they face. And through technical and management means to enhance the security protection capability of the actual system.

A honeypot is like an intelligence gathering system. The honeypot seems to be a deliberate target to lure hackers to attack. So after the attacker invades, you can know how he succeeded and keep abreast of the latest attacks and vulnerabilities against the server. You can also eavesdrop on the connections between hackers, collect the tools used by hackers, and master their social networks.

There are many ways to install HFish. This time we will demonstrate how to build it with docker. Download the image first. Other platforms can be built after downloading from the official HFish website.

Set up

Docker pull imdevops/hfish

Deployment of the management side of the primary node

Docker images

Docker run-d-it-p 21:21-p 22:22-p 23:23-p 3306-p 63796379-p 808080808080808989-p 9000 82eb5b672835 9001-p 11211 82eb5b672835 11211-p 590069-p 590014 5900-p 8081lav 8081-p 9200

Port description

The following ports decide whether to open or not according to their actual needs, and pay attention to port conflicts.

21 is the FTP port

22 is the SSH port

23 is the Telnet port

3306 is the Mysql port

6379 is the Redis port

7879 is the RPC port for trunking communication

8080 is a dark network port

8989 is the plug-in port

9000 is the Web port

9001 manages the background port for the system

11211 is the Memcache port

Start

Enter localhost:9001 in Safari

The default password for the first login account is admin/admin

What comes into view is a map of the world political district, which is a bit interesting. You can switch the display status.

Monitoring and testing

Matters needing attention

1. The mailbox SMTP needs to be enabled before it can be used.

2. The info field of API API, & & is a newline character.

3. Start the WEB honeypot, please start the API module first

4. The WEB plug-in needs to be written in the WEB directory

5. There must be two directories under the WEB plug-in

6. The heartbeat of the cluster is 60 seconds, and the disconnection display will be delayed by 60 seconds.

Port customization

* pay attention to the key

To prevent data from being used.

The influence of nmap on HFish

Nmap-scrpit=brute ip causes the system to go offline directly, and FTP explodes 85% meme MYSQL 10% meme TELNET3% cov VNC 2%

Nmap-- scrpit=vuln ip versus MYSQL90%,VNC8%,FTP1%,TELNET1%.

Msfconsole is on his way.

Thank you for reading, the above is the content of "how to build and use Hfish under Mac". After the study of this article, I believe you have a deeper understanding of the method of building and using Hfish under Mac, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.