Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Cowrie is directly based on Kippo by Upi Tamminen (desaster).
cowrie:
image: vimagick/cowrie
ports:
- "2222:2222"
- "2223:2223"
volumes:
- ./data/dl:/home/cowrie/dl
- ./data/log:/home/cowrie/log
restart: always$ cd ~/fig/cowrie
$ mkdir -p data/dl data/log/tty
$ chmod -R 777 data
$ tree -F
.
├── docker-compose.yml
├── dl/
└── log/
└── tty/
$ docker-compose up -d
$ tail -f log/cowrie.log$ ssh -p 2222 root@server
$ telnet server 2223You can login as
rootwith any password exceptrootor123456.