Home

Awesome

Wetland

Wetland is a high interaction SSH honeypot,designed to log brute force attacks.What's more, wetland will log shell、scp、sftp、exec-command、direct-forward、reverse-forward interation performded by the attacker.

Wetland is based on python ssh module paramiko. And wetland runs as a multi-threading tcp server using SocketServer.

Features

Requirements

Setup and Configuration

  1. Copy wetland.cfg.default to wetland.cfg
  2. Generate keys used by ssh server
  1. Install python requirements
  1. Configure the banner of ssh server
  1. Or you can run python util/initwetland.py ./,this script will do all the work above
  2. Configure the output plugins in wetland.cfg
  1. Install p0f if you want
  1. Install docker

Running

  1. Run
  1. Stop
  1. Clean
  1. View logs
  1. file system changes

Dockerized wetland

TODO