History

kev 272e0758f0 update cowrie		2020-11-19 15:43:20 +08:00
..
arm	update cowrie	2020-11-19 15:43:20 +08:00
data/etc	update cowrie	2020-11-05 19:22:21 +08:00
README.md	update cowrie	2020-11-05 19:22:21 +08:00
docker-compose.yml	update cowrie	2020-11-05 19:22:21 +08:00

README.md

cowrie

Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Cowrie is directly based on Kippo by Upi Tamminen (desaster).

docker-compose.yml

version: "3.8"

services:
  cowrie:
    image: cowrie/cowrie
    ports:
      - "2222:2222"
      - "2223:2223"
    volumes:
      - cowrie-etc:/cowrie/cowrie-git/etc
      - cowrie-var:/cowrie/cowrie-git/var
    restart: unless-stopped

volumes:
  cowrie-etc:
  cowrie-var:

server

$ docker-compose up -d
$ docker volume ls
$ docker volume inspect cowrie_cowrie-var
$ cd /var/lib/docker/volumes/cowrie_cowrie-etc/_data
$ cp cowrie.cfg.dist cowrie.cfg
$ cp userdb.example userdb.txt
$ cd /var/lib/docker/volumes/cowrie_cowrie-var/_data
$ tail -f log/cowrie/cowrie.json

client

$ ssh -p 2222 root@server
$ telnet server 2223

You can login as root with any password except root or 123456.