Raspberry Pi based Honeypots : pi-pot

Setting up honeypots like glastopf can be tedious and time taking. Pi-pots are pre-loaded raspberry pi images and contain various honeypot clients (like kippo, dionaea and glastopf) and other softwares needed to run a honeypot sensor. A user may simply download these raspbian distributions and write it to the memory card. They can then setup a sensor in no time.


Different versions of pi-pots bundle different software required by a sensor. Users are encouraged to go through the readme file for each version to best meet their requirements. However a generic tutorial is as follows :

Installation on Windows

1. Download zip file and extract the image file.

2. Insert the SD card into your SD card reader and check which drive letter was assigned. You can easily see the drive letter (for example G:) by looking in the left column of Windows Explorer.

3. Download the Win32DiskImager utility and extract the executable from the zip file and run the Win32DiskImager as administrator.

4. Select the image file you extracted above.

5. Select the drive letter of the SD card in the device box.

6. Click Write and wait for the write to complete. > Exit the imager and eject the SD card. > Now insert the SD into raspberry pi’s slot and switch it on.

7. Use an NMAP ping scan to find out the IP address of raspberry pi. > Use port 2222 to make an SSH connection. The default username:password are pi:raspberry

8. Run “sudo raspi-config” and select “Expand Filesystem”

9. Click on finish and reboot, once rebooted ssh into the pi again. You are now ready to run honeypots.

You may use the following commands to run different honeypots.

Kippo
=====

Use the following commands to run kippo :

> sudo su kippo
> cd
> cd kippo
> ./start.sh

Dionaea
=======

Run dionaea using the following commands :

> cd /opt/dionaea
> sudo ./dionaea -u nobody -g nogroup -r /opt/dionaea -w /opt/dionaea -p /opt/dionaea/var/dionaea.pid

Note: If you want to run it in the background then use :
nohup dionaea -u nobody -g nogroup -r /opt/dionaea -w /opt/dionaea -p /opt/dionaea/var/dionaea.pid &

Glastopf
=======

To run glastopf use the following commands :

> cd /opt/myhoneypot
> sudo glastopf-runner

Leave a Reply

Your email address will not be published. Required fields are marked *