Skip to content

thetrueartist/HoneyNet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
honeynet.py
honeynet.py
 
 
requirements.txt
requirements.txt
 
 
traffic_generator.py
traffic_generator.py
 
 

Repository files navigation

HoneyNet

A Python-based network honeypot for malware analysis and security research.

Features

  • SSL/TLS Interception: Automatic certificate generation and HTTPS traffic analysis
  • Multi-Protocol Support: HTTP, HTTPS, FTP, SMTP, DNS servers
  • Zero Configuration: Works out-of-the-box with sensible defaults
  • Conflict Resolution: FTP runs on port 2121 to avoid system conflicts
  • Request Caching: Improves performance and provides consistent responses
  • Comprehensive Logging: JSON export with detailed request/response data
  • Traffic Generator: Included tool for realistic malware traffic simulation

Quick Start

  1. Install dependencies:
pip install -r requirements.txt
  1. Run HoneyNet (requires root for ports 53, 80, 443):
sudo python3 honeynet.py
  1. Generate test traffic:
python3 traffic_generator.py --duration 60

Protocol Support

Protocol Port Features
HTTP 80 Dynamic responses, API simulation
HTTPS 443 SSL/TLS interception, auto-generated certificates
FTP 2121 Anonymous login, basic commands
SMTP 25 Email simulation
DNS 53 Domain resolution to 127.0.0.1

SSL/TLS Interception

HoneyNet automatically generates self-signed certificates and terminates SSL connections, allowing analysis of encrypted malware traffic:

[HTTPS] ('127.0.0.1', 35546) - GET /stolen_data.zip (SSL: TLS_AES_256_GCM_SHA384)
[HTTPS] ('127.0.0.1', 59974) - POST /api/upload (SSL: TLS_AES_256_GCM_SHA384)

Logging

  • honeynet.log: Real-time activity log
  • honeynet_detailed_YYYY-MM-DD.json: Detailed JSON logs
  • Console output: Live monitoring

Traffic Generator

Simulates realistic malware communication patterns:

python3 traffic_generator.py --host 127.0.0.1 --duration 300 --threads 10

Includes simulation of:

  • C2 communications
  • Data exfiltration
  • Malware downloads
  • DNS queries
  • Email communications

Use Cases

  • Malware Analysis: Observe network behavior in controlled environments
  • Security Research: Study attack patterns and protocols
  • Training: Demonstrate malware networking concepts
  • Testing: Validate detection rules and monitoring systems

Requirements

  • Python 3.8+
  • Root privileges (for ports 53, 80, 443, 25)
  • Linux/macOS recommended

Security Notice

For defensive security research only. Use in isolated environments. Not intended for production networks or malicious purposes.

Troubleshooting

Permission Denied: Run with sudo for low-numbered ports FTP Conflicts: Uses port 2121 instead of standard port 21 SSL Warnings: Self-signed certificates will trigger warnings in browsers

Architecture

  • Modular Design: Independent protocol servers
  • Thread-Safe: Concurrent connection handling
  • Extensible: Easy to add new protocols or modify responses

About

WiP!!!!!! A Python network honeypot for malware analysis featuring automatic SSL/TLS interception, multi-protocol support (HTTP/HTTPS/FTP/SMTP/DNS), and zero-configuration setup. Includes traffic generator for realistic malware communication simulation.

Topics

honeypot traffic-analysis malware-analysis tls-termination network-simulation ssl-interception

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages