Metadata-Version: 2.4
Name: cowrie
Version: 2.7.0
Summary: Cowrie SSH/Telnet Honeypot.
Author-email: Michel Oosterhof <michel@oosterhof.net>
Maintainer-email: Michel Oosterhof <michel@oosterhof.net>
License-Expression: BSD-3-Clause
Project-URL: homepage, https://www.cowrie.org/
Project-URL: documentation, https://docs.cowrie.org/
Project-URL: repository, https://github.com/cowrie/cowrie
Keywords: ssh,telnet,honeypot
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: No Input/Output (Daemon)
Classifier: Framework :: Twisted
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: POSIX
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Topic :: Security
Requires-Python: !=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,!=3.7.*,!=3.8.*,!=3.9.*,<4,>=2.7
Description-Content-Type: text/x-rst
License-File: LICENSE.rst
Requires-Dist: attrs==25.3.0
Requires-Dist: bcrypt==4.3.0
Requires-Dist: cryptography==45.0.7
Requires-Dist: hyperlink==21.0.0
Requires-Dist: idna==3.10
Requires-Dist: packaging==25.0
Requires-Dist: pyasn1_modules==0.4.2
Requires-Dist: requests==2.32.5
Requires-Dist: service_identity==24.2.0
Requires-Dist: tftpy==0.8.6
Requires-Dist: treq==25.5.0
Requires-Dist: twisted[conch]==25.5.0
Provides-Extra: csirtg
Requires-Dist: csirtgsdk==1.1.5; extra == "csirtg"
Provides-Extra: dshield
Requires-Dist: requests; extra == "dshield"
Provides-Extra: elasticsearch
Requires-Dist: pyes; extra == "elasticsearch"
Provides-Extra: mysql
Requires-Dist: mysqlclient; extra == "mysql"
Provides-Extra: mongodb
Requires-Dist: pymongo; extra == "mongodb"
Provides-Extra: rethinkdblog
Requires-Dist: rethinkdb; extra == "rethinkdblog"
Provides-Extra: s3
Requires-Dist: botocore; extra == "s3"
Provides-Extra: slack
Requires-Dist: slackclient; extra == "slack"
Provides-Extra: influxdb
Requires-Dist: influxdb; extra == "influxdb"
Provides-Extra: dev
Requires-Dist: build==1.3.0; extra == "dev"
Requires-Dist: coverage==7.10.6; extra == "dev"
Requires-Dist: mypy-extensions==1.1.0; platform_python_implementation == "CPython" and extra == "dev"
Requires-Dist: mypy-zope==1.0.13; platform_python_implementation == "CPython" and extra == "dev"
Requires-Dist: mypy==1.17.1; platform_python_implementation == "CPython" and extra == "dev"
Requires-Dist: pathspec==0.12.1; extra == "dev"
Requires-Dist: pipdeptree==2.28.0; extra == "dev"
Requires-Dist: pre-commit==4.3.0; extra == "dev"
Requires-Dist: pylint==3.3.8; extra == "dev"
Requires-Dist: pyre-check==0.9.25; extra == "dev"
Requires-Dist: pyright==1.1.404; extra == "dev"
Requires-Dist: pytype==2024.1.24; (platform_python_implementation == "CPython" and python_version <= "3.9") and extra == "dev"
Requires-Dist: pytype==2024.10.11; (platform_python_implementation == "CPython" and python_version >= "3.10") and extra == "dev"
Requires-Dist: pyupgrade==3.20.0; extra == "dev"
Requires-Dist: pyyaml==6.0.2; extra == "dev"
Requires-Dist: readthedocs-sphinx-search==0.3.2; extra == "dev"
Requires-Dist: ruff==0.12.12; extra == "dev"
Requires-Dist: setuptools==80.9.0; extra == "dev"
Requires-Dist: sphinx-copybutton==0.5.2; extra == "dev"
Requires-Dist: sphinx_rtd_theme==3.0.2; extra == "dev"
Requires-Dist: tox==4.30.2; extra == "dev"
Requires-Dist: types-python-dateutil==2.9.0.20250822; extra == "dev"
Requires-Dist: types-redis==4.6.0.20241004; extra == "dev"
Requires-Dist: types-requests==2.32.4.20250809; extra == "dev"
Requires-Dist: yamllint==1.37.1; extra == "dev"
Dynamic: license-file

Cowrie
######

Welcome to the Cowrie GitHub repository
*****************************************

This is the official repository for the Cowrie SSH and Telnet
Honeypot effort.

What is Cowrie
*****************************************

Cowrie is a medium to high interaction SSH and Telnet honeypot
designed to log brute force attacks and the shell interaction
performed by the attacker. In medium interaction mode (shell) it
emulates a UNIX system in Python, in high interaction mode (proxy)
it functions as an SSH and telnet proxy to observe attacker behavior
to another system.

`Cowrie <http://github.com/cowrie/cowrie/>`_ is maintained by Michel Oosterhof.

Documentation
****************************************

The Documentation can be found `here <https://docs.cowrie.org/en/latest/index.html>`_.

Slack
*****************************************

You can join the Cowrie community at the following `Slack workspace <https://www.cowrie.org/slack/>`_.

Features
*****************************************

* Choose to run as an emulated shell (default):
   * Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
   * Possibility of adding fake file contents so the attacker can `cat` files such as `/etc/passwd`. Only minimal file contents are included
   * Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection

* Or proxy SSH and telnet to another system
   * Run as a pure telnet and ssh proxy with monitoring
   * Or let Cowrie manage a pool of QEMU emulated servers to provide the systems to login to

For both settings:

* Session logs are stored in an `UML Compatible <http://user-mode-linux.sourceforge.net/>`_  format for easy replay with the `bin/playlog` utility.
* SFTP and SCP support for file upload
* Support for SSH exec commands
* Logging of direct-tcp connection attempts (ssh proxying)
* Forward SMTP connections to SMTP Honeypot (e.g. `mailoney <https://github.com/awhitehatter/mailoney>`_)
* JSON logging for easy processing in log management solutions

Docker
*****************************************

Docker images are available on Docker Hub.

* To get started quickly and give Cowrie a try, run::

    $ docker run -p 2222:2222 cowrie/cowrie:latest
    $ ssh -p 2222 root@localhost

* To just make it locally, run::

    $ make docker-build

Requirements
*****************************************

Software required to run locally:

* Python 3.10+
* python-virtualenv

For Python dependencies, see `requirements.txt <https://github.com/cowrie/cowrie/blob/main/requirements.txt>`_.

Files of interest:
*****************************************

* `etc/cowrie.cfg` - Cowrie's configuration file.
* `etc/cowrie.cfg.dist <https://github.com/cowrie/cowrie/blob/main/etc/cowrie.cfg.dist>`_ - default settings, don't change this file
* `etc/userdb.txt` - credentials to access the honeypot
* `src/cowrie/data/fs.pickle` - fake filesystem, this only contains metadata (path, uid, gid, size)
* `honeyfs/ <https://github.com/cowrie/cowrie/tree/main/honeyfs>`_ - contents for the fake filesystem
* `honeyfs/etc/issue.net` - pre-login banner
* `honeyfs/etc/motd <https://github.com/cowrie/cowrie/blob/main/honeyfs/etc/issue>`_ - post-login banner
* `src/cowrie/data/txtcmds/` - output for simple fake commands
* `var/log/cowrie/cowrie.json` - audit output in JSON format
* `var/log/cowrie/cowrie.log` - log/debug output
* `var/lib/cowrie/tty/` - session logs, replayable with the `bin/playlog` utility.
* `var/lib/cowrie/downloads/` - files transferred from the attacker to the honeypot are stored here
* `bin/createfs` - create your own fake filesystem
* `bin/playlog` - utility to replay session logs

Contributors
***************

Many people have contributed to Cowrie over the years. Special thanks to:

* Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
* Dave Germiquet (davegermiquet) for TFTP support, unit tests, new process handling
* Olivier Bilodeau (obilodeau) for Telnet support
* Ivan Korolev (fe7ch) for many improvements over the years.
* Florian Pelgrim (craneworks) for his work on code cleanup and Docker.
* Guilherme Borges (sgtpepperpt) for SSH and telnet proxy (GSoC 2019)
* And many many others.
