search
WebsiteGhoulsec-Vault

Cowrie Honeypot

hashtag
Installing Cowrie

nano /etc/ssh/sshd_config
## Replace port 22 with the highest port 22222 and restart ssh
systemctl restart ssh
systemctl status ssh

Now install cowrie honeypot on ubuntu

 apt update
 apt-get install git python-virtualenv libssl-dev build-essential libpython-dev python2.7-minimal authbind

Add a user Cowrie

adduser --disabled-password cowrie

Login in to the new user account Cowrie

su - cowrie

Download the code for cowrie.

git clone http://github.com/micheloosterhof/cowrie

Move into cowrie folder and create a new virtual environment for the tool by running the command below.

cd cowrie/
virtualenv cowrie-env
source cowrie-env/bin/activate

Install the packages of Python that Cowrie needs to run

Create a copy of cowrie.cfg.dist so that we can edit that config file.

Edit the config file by changing the hostname first and then enable telnet using any of the editors.

Redirect traffic of port 22 and 23 to the high ports 2222 and 2223 using iptables

Start/Stop cowrie.

To see the logs in realtime in honeypot use below command.

hashtag
Installing using Docker

hashtag
Configuring Cowrie in Docker

Cowrie in Docker can be configured using environment variables. The variable starts with COWRIE_ then has the section name in capitals, followed by the stanza in capitals. An example is below to enable telnet support:

Alternatively, Cowrie in Docker can use an etc volume to store configuration data. Create cowrie.cfg inside the etc volume with the following contents to enable telnet in your Cowrie Honeypot in Docker:

PreviousHoneypot & IDSNextSniffing & DDos

Last updated