Cowrie - SSH/Telnet Honeypot

is a medium interaction SSH and Telnet designed to log brute force attacks and the shell interaction performed by the attacker.


  • Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
  • python-virtualenv


  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included.
  • The possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included.
  • Session logs stored in a UML Compatible format for easy replay with original timings.
  • Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection.

Additional functionality over standard kippo:

  • SFTP and SCP support for file upload
  • Support for SSH exec commands
  • Logging of direct-tcp connection attempts (ssh proxying)
  • Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
  • Logging in JSON format for easy processing in log management solutions
  • Many, many additional commands

Source link


Please enter your comment!
Please enter your name here