OffensiveCountermeasures

Hacking back in degrees

I created a powershell version of the Windows honeyport that John presented on PaulDotCom episode 203.  

This version is nice because it doesn't require netcat.  Any feedback is appreciated.  

https://github.com/Pwdrkeg/honeyport

Thanks,

John

Views: 308

Comment by Xy Log on January 9, 2013 at 3:46am

A nice facility for this might be a whitelist of addresses or address ranges that will not be blacklisted under any circumstances.

Comment by John Hoyt on January 9, 2013 at 9:48pm

Good point, I'd like to add a few other features as well.  

Comment by Wayne Dawson on January 28, 2013 at 10:28am

let's say, in my environment, I have scheduled Nessus scans covering my infrastructure, and I want to deploy this -- and not always on the same port -- it seems to me that I may be in for trouble.  I suppose I could schedule it to be down...or maybe modify the code to add a white list of hosts it might ignore. 

Being lazy, maybe I could suggest that as a feature request?

Comment by Wayne Dawson on January 28, 2013 at 10:29am

Oops, should've read XyLog's comment first, and your response.  Doh!

Comment by John Hoyt on February 4, 2013 at 11:10pm

I've added some additional updates to Honeyport.  Thanks to some help from Carlos a.k.a. "Darkoperator", it now uses Powershell jobs to open more than one port, it has whitelisting, and I've added event logging.  

https://github.com/Pwdrkeg/honeyport/blob/master/honeyport.ps1

-John

Comment

You need to be a member of OffensiveCountermeasures to add comments!

Join OffensiveCountermeasures

© 2014   Created by strandjs.   Powered by

Badges  |  Report an Issue  |  Terms of Service