Honeygrove is a modular honeypot based on Python that builds upon Broker and the Twisted Framework.
Honeygrove currently requires Python 3.5+ and was tested on Ubuntu 16.4, Debian 9.1 and ArchLinux. However it should work on other distributions that provide a compatible Python distribution.
If the broker communication library is not available, the honeypot itself can be used without it. Currently there is no possibility to communicate with the management-console or the monitoring stack without Broker.
If Honeygrove is configured to use the Siemens S7 protocol, the Snap7 library needs to be installed on the system.
- Clone the repository or download and unzip it
- Optional: Setup a virtualenv to contain the required dependencies
$ python3 -m venv .venv $ source .venv/bin/activate - Install the required python dependencies
$ pip3 install --upgrade -r requirements.txt
- Optional: Install
brokerand the python bindings to communicate with a CIM - Optional: Install
Snap7to make use of the Siemens S7 protocol - Create the honeygrove main directory and some required subdirectories
$ mkdir -p /var/honeygrove/{logs,resources/{quarantine,honeytoken_files}} - Copy the provided example resources to the main directory
$ cp -a resources /var/honeygrove
- Edit the configuration file to fit your needs
$ $EDITOR honeygrove/config.py - Start honeygrove and verify everything works as expected
$ sudo python3 -m honeygrove
For further information see our wiki (currently only the user guide for honeygrove is available in english).
Honeygrove is intended to be used with a Cyber Incident Monitor (CIM) (honeygrove-cim) and can additionally be controlled through a management console (honeygrove-console) that communicates with honeygrove via broker.
Honeygrove is licensed under the MIT license. See LICENSE for more details.