Tool and Usage
The sshesame tool provides an SSH honeypot. It accepts connections and then logs any commands that are tried to be executed on the host system.
Why this tool?
A honeypot can provide valuable insights on commands that automated scripts perform or attackers. By running a honeypot like sshesame, connection details and commands are stored for later analysis. The system itself won't execute the actual commands, to prevent any damage to it.
Usage and audience
sshesame is commonly used for learning or threat discovery. Target users for this tool are security professionals and system administrators.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
- - No releases on GitHub available
Supported operating systems
Sshesame is known to work on Linux.
Similar tools to sshesame:
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
Dockpot uses Docker containers and HonSSH to create on-demand SSH honeypots. It forwards traffic for analysis and learning about attack patterns.
HonSSH is a high-interaction SSH honeypot to collect information about attackers that target the SSH service.