SSH Honeypot

The script is designed to capture login attempts for exact credentaisl used + reporting the IP addresses to AbuseIPDB.

I am currently using this myself, AbuseipDB Results .

Getting Started

Prerequisites

• Python 3.x

• Paramiko library

• Requests library

• Curl

• iptables ==> Linux Only, Will need to find a Windows Alternative

  Example of the log file in action

Installation

1. Clone the repository:

   git clone https://github.com/Birdo1221/SSH-HoneyPot.git
   cd ssh-honeypot

2. Install the required Python packages:

   pip install paramiko requests

3. Replace the placeholder in the script with your Abuse-IPDB API key:

   ABUSE_IPDB_API_KEY = 'Replace with Abuse-IPDB API Token'

4. You don’t need to manually remove any ports from the list; the script will simply skip any that are already in use. However, to run the server on the ports below 1024, you will need to have sudo / administrative privileges.

    PORTS = [2222, 2200, 22222, 50000, 3389, 1337, 10001, 222, 2022, 2181, 23, 2000, 830, 2002, 5353, 8081, 6000, 5900]

   Im currently using these ports due to them being the most commonly used port for ssh on shodan / zoomeye.

Usage

1. Just need to run the file

Run: Python3 ssh-honeypot-All.py

2. Running the logging varients will create the log file

File: ssh_login_attempts.log

You can change the name of the log file to whatever.