This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.

Summary

DS-1356
cowrie
External Tool
External Data Source
GitHub
Unknown
Unknown
56 (lowest rank is 56)

Category & Restrictions

Other
cyber defense, honeypots
Unrestricted
Unknown

Description


Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie also functions as an SSH and telnet proxy to observe attacker behavior to another system.

Features
Choose to run as an emulated shell (default):
Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
Possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included
Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection
Or proxy SSH and telnet to another system
For both settings:

Session logs are stored in an UML Compatible format for easy replay with the bin/playlog utility.
SFTP and SCP support for file upload
Support for SSH exec commands
Logging of direct-tcp connection attempts (ssh proxying)
Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
JSON logging for easy processing in log management solutions

Additional Details

8.0MB
false
Unknown
cowrie, 1356, external data source, source, inferlink corporation, corporation, external, inferlink, ssh, attacker, telnet, interaction, log, shell, system, proxy, honeypot, functions, performed, observe, brute, behavior, force, designed, medium, attacks, fake, file, files, smtp, filesystem, included, sftp, support, logging, scp, contents, easy, ability, possibility, cat, saves, resembling, uploaded, adding, connection, json, tcp, mailoney, curl, stored, management, emulated, proxying, playlog, features, upload, bin, compatible, installation, debian, other, exec, attempts, add, processing, passwd, settings, solutions, format, replay, inspection, session, wget, uml, logs, commands, minimal, default, remove, connections, choose, utility, direct, downloaded