The Simple HTTP Honeypot Server is a cybersecurity tool designed to emulate a web server for monitoring and analyzing HTTP-based interactions. It's particularly useful for understanding HTTP vulnerabilities and potential intrusion tactics. The server is built with Python and the Twisted framework, offering a robust platform for logging unauthorized access attempts and analyzing web traffic.
- Web Server Emulation: Simulates an HTTP server to capture and log HTTP requests.
- Configurable Settings: Allows customization of host, port, and target URL settings via command-line arguments.
- Resource Inlining: Downloads and modifies external resources like CSS, JS, and images for a more realistic emulation.
- Extensive Logging: Logs all incoming HTTP requests including headers, client IP, and requested paths.
- Real-Time Monitoring: Provides immediate insights into HTTP traffic for timely detection of suspicious activities.
- Educational Tool: Excellent for learning about web security and network reconnaissance techniques.
- Beta Version: Please note that this script is currently in beta. It may not be fully compatible with all websites or web services. If you encounter issues or have suggestions for improvement, feel free to push a pull request. Contributions are greatly appreciated!
- Python 3.x
- Twisted Python library
- BeautifulSoup4 Python library
- Requests Python library
To set up the HTTP honeypot server, execute the following commands:
git clone https://github.com/0xNslabs/http-honeypot.git
cd http-honeypot
pip install twisted beautifulsoup4 requests
Run the server with the necessary arguments for host, port, and the target URL to clone. By default, it binds to all interfaces (0.0.0.0) at port 80.
python3 http_honeypot.py --host 0.0.0.0 --port 80 --url https://example.com
Interaction logs are stored in http_honeypot.log, providing detailed records of all HTTP requests, including source IP, requested URLs, and headers.
This image illustrates the Simple HTTP Honeypot Server capturing real-time HTTP requests.
Check out the other honeypot services for monitoring various network protocols:
- DNS Honeypot - Monitors DNS interactions.
- FTP Honeypot - Simulates an FTP server.
- LDAP Honeypot - Mimics an LDAP server.
- HTTP Honeypot - Monitors HTTP interactions.
- HTTPS Honeypot - Monitors HTTPS interactions.
- NTP Honeypot - Monitors Network Time Protocol interactions.
- PostgreSQL Honeypot - Simulates a PostgreSQL database server.
- SIP Honeypot - Monitors SIP (Session Initiation Protocol) interactions.
- SSH Honeypot - Emulates an SSH server.
- TELNET Honeypot - Simulates a TELNET server.
- Caution: Operate this honeypot within secure, controlled settings for research and learning purposes.
- Compliance: Deploy this honeypot in accordance with local and international legal and ethical standards.
This project is available under the MIT License. See the LICENSE file for more information.