Thursday, September 21, 2017
Try pentbox like honeypot tool with Fedora 25
Try pentbox like honeypot tool with Fedora 25
PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works. It is free, licensed under GNU/GPLv3.
First you need to install the ruby
[root@localhost pentbox]# dnf install ruby
Last metadata expiration check: 1:55:17 ago on Tue Mar 7 20:16:17 2017.
Dependencies resolved.
Package Arch Version Repository Size
ruby x86_64 2.3.3-61.1.fc25 updates 76 k
ruby-irb noarch 2.3.3-61.1.fc25 updates 94 k
rubygem-bigdecimal x86_64 1.2.8-61.1.fc25 updates 87 k
rubygem-did_you_mean x86_64 1.0.0-61.1.fc25 updates 219 k
rubygem-io-console x86_64 0.4.5-61.1.fc25 updates 57 k
rubygems.noarch 2.5.2-61.1.fc25
rubypick.noarch 1.1.1-5.fc24
You need also the svn. The subversion is a free/open source version control system. [root@localhost pentbox]# dnf install svn
Last metadata expiration check: 1:59:41 ago on Tue Mar 7 20:16:17 2017.
Package subversion-1.9.5-1.fc25.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Let get the pentbox. svn co pentbox
cd pentbox
svn update
[root@localhost pentbox]# ./pentbox.rb
PenTBox 1.5
|| ||
--------- Menu ruby2.3.3 @ x86_64-linux
1- Cryptography tools
2- Network tools
3- Web
4- License and contact
5- Exit
-> 2
1- Net DoS Tester
2- TCP port scanner
3- Honeypot
4- Fuzzer
5- DNS and host gathering
6- MAC address geolocation (
0- Back
-> 3
// Honeypot //
You must run PenTBox with root privileges.
Select option.
1- Fast Auto Configuration
2- Manual Configuration [Advanced Users, more options]
-> 1
HONEYPOT ACTIVATED ON PORT 80 (2017-03-07 22:20:30 +0200)
Now, lets simulate one attack and see the result. Open your browser and put your_ip into address bar with port 80 and press enter key or go button: your_ip:90
Take a look to your terminal and see the result. You can see something like that:
INTRUSION ATTEMPT DETECTED! from your_ip:40482 (2017-03-07 22:22:07 +0200)
GET / HTTP/1.1
Host: your_ip
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
The your_ip will fill with your ip workstation. You can also make more settings with the pentbox file now