Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.
- Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
- Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included.
- The possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included.
- Session logs stored in a UML Compatible format for easy replay with original timings.
- Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection.
Additional functionality over standard kippo:
- SFTP and SCP support for file upload
- Support for SSH exec commands
- Logging of direct-tcp connection attempts (ssh proxying)
- Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
- Logging in JSON format for easy processing in log management solutions
- Many, many additional commands