🙄
p1k4chu@p1k4chu-host
  • About Me
  • Tools
    • Defensive Tools
      • H0neyTr4p
    • Offensive Tools
      • Ransomware Simulator - PyRan
  • Security Research
    • AI Security Research
      • Attacking using (and defending against) Input manipulation attacks against AI
      • (Ab)using AI to attack M365 and other services to conduct plethora of attacks
    • Cloud Security Research
      • Azure Storage Account Security - Attack & Defend: Part 1
      • Attack and Defend Azure Serial Console - Part 1
      • Azure Serial Console Attack and Defense - Part 2
    • Adversarial Tradecraft Research & Detection
      • RDP Exfil - The technique that works almost every time
      • Smishing Traid targets India with large scale "India Post" themed iMessage phish texts
      • Quick Assist: Friend or Foe? How adversaries can exploit this tool and how can you defend?
      • EDR Silencer - Embracing the Silence
      • Dissecting & Detecting Lsass Shtinkering
      • Detecting malicious OOB: Part -1: Hunting for OOB server - Interact.sh
      • Abusing Windows VPN for EXFIL
      • Analyzing Nobelium's HTML Dropper - EnvyScout
    • Web & Mobile App Sec
      • [CVE-2015-2300] ENL-Newsletter CSRF Full Disclosure
      • Yandex Mobile App vulnerable to Insecure Data storage
      • Bug on paypal worth 1000$
      • Session fixation bug on coinbase.
      • CyanogenMod (In)Secure Folder Lock !
  • Security Talk
    • Review of CRTP - Pentester Academy
    • Review of Hacking and Securing Kubernetes
Powered by GitBook
On this page
  • What is h0neytr4p?
  • How does it work?
  • What does it protect against?
  • How to deploy it?
  • How can I create a trap?
  • Frequently asked questions:
  • TO-DO:

Was this helpful?

  1. Tools
  2. Defensive Tools

H0neyTr4p

PreviousDefensive ToolsNextOffensive Tools

Last updated 1 year ago

Was this helpful?

GitHub:

Presented in BlackHat Arsenal Europe '22

Built by Red teamers with for our Blue Team friends. Authors:

Rule Contributors:

What is h0neytr4p?

Honeytrap (a.k.a h0neytr4p) is an easy to configure, deploy honeypot for protecting against web recon and exploiting.

TLDR; This is how h0neytr4p traps a hypothetical attacker running nuclei!

How does it work?

Blue teams can create trap for each vulnerability or exploit or recon technique and place it in the /traps folder and restart h0neytr4p. This will automatically reload the configuration and start the h0neytr4p.

What does it protect against?

h0neytr4p was primarly built to remove the pain of creating a vulnerable application for publicly facing honeypots. While there's no denying the fact that creating an end to end vulnerable application might have it's own advantages, we need something flexible, agile framework for trapping the notorious bad guys. Some of the common use-cases are:

  • Let's say you received an advisory that some XXX group is targetting a web RCE 1day and you want to detect the exploitation or recon attempts, you are at the right place.

  • You want to know who's scanning your external attack surface using the new cutting edge tools like nuclei or nmap? this tool got it covered.

How to deploy it?

The tool was build on top of Golang which means it can be easily compiled to your server/machine platform and architecture.

To Build from source (if you don't trust us):

git clone https://github.com/pbssubhash/h0neytr4p
cd h0neytr4p
go build main.go
./main -h

 /$$        /$$$$$$                                  /$$               /$$   /$$
| $$       /$$$_  $$                                | $$              | $$  | $$
| $$$$$$$ | $$$$\ $$ /$$$$$$$   /$$$$$$  /$$   /$$ /$$$$$$    /$$$$$$ | $$  | $$  /$$$$$$
| $$__  $$| $$ $$ $$| $$__  $$ /$$__  $$| $$  | $$|_  $$_/   /$$__  $$| $$$$$$$$ /$$__  $$
| $$  \ $$| $$\ $$$$| $$  \ $$| $$$$$$$$| $$  | $$  | $$    | $$  \__/|_____  $$| $$  \ $$
| $$  | $$| $$ \ $$$| $$  | $$| $$_____/| $$  | $$  | $$ /$$| $$            | $$| $$  | $$
| $$  | $$|  $$$$$$/| $$  | $$|  $$$$$$$|  $$$$$$$  |  $$$$/| $$            | $$| $$$$$$$/
|__/  |__/ \______/ |__/  |__/ \_______/ \____  $$   \___/  |__/            |__/| $$____/
                                         /$$  | $$                              | $$
       Built by a Red team, with <3     |  $$$$$$/                              | $$
             h0neytr4p v0.1             \______/                               |__/
        Built by zer0p1k4chu & g0dsky
    https://github.com/pbssubhash/h0neyt4p

Wrong Arguments.. Exiting Now
  -help string
        Print Help (default "Print Help")
  -log string
        Log file - It's a string. (default "Default")
  -output string
        Output file - It's a string. (default "Default")
  -traps string
        Traps folder - It's a string. (default "Default")
  -verbose string
        Use -verbose=false for disabling streaming output; by default it's true (default "true")

Run Binaries directly (for my lazy homies):

Coming soon.

How can I create a trap?

Frequently asked questions:

I have an issue. Something's not working.

I found a security issue or a potential vulnerability that could impact it's users?

Please report on GitHub.

I want a new feature that's not there. What to do?

TO-DO:

  1. Enable HTTPS

  2. Push more traps to prod

  3. Nice wiki

Subhash; |

Aakash; |

How does it work?

Head to . We attempted to simplify the process.

Please open an issue at . We'll try to respond as soon as possible.

Please open an issue at . Consider opening a pull request :-)

Twitter
LinkedIn
Twitter
LinkedIn
Creating Traps
Issues
Issues
😻
https://github.com/pbssubhash/h0neytr4p