It is astonishingly easy as an attacker to move around on most networks undetected. Let’s face it, unless your organization is big enough to have full packet capture with some expensive IDS, you will likely have no idea if there is an attacker on your network.
What are the options for home users and small businesses? What if there were a cheap Raspberry Pi device you could plug into your network that masquerades as a juicy target to hackers?
HoneyPi attempts to offer a reliable indicator of compromise with little to no setup or maintenance costs. There are tons of honeypot options out there, but we leveraged our experience in penetration testing to answer the question “What sorts of activities could be flagged that we generally do when attacking a network?”
That is why HoneyPi tries to keep it simple compared to other honeypots. HoneyPi only flags the three surefire triggers that would catch most attackers:
- Port Scanning Activities
- RDP Connection Attempts
- SMB Connection Attempts
Wrap up this simplicity in a way that is designed to be deployed on a RaspberryPi and you’ve got a simple honeypot that you can add to your network to get insight when you are under attack.
How to Run
This is a bash script to install/run Honeypot projects on a Raspberry Pi (Raspbian OS).You can either run git clone this repository or use wget:
git clone https://github.com/binkybear/HoneyPi
wget https://raw.githubusercontent.com/binkybear/HoneyPi/master/honeypotpi.sh –no-check-certificate
sudo chmod +x honeypotpi.sh
./honeypotpi.sh
