With the help of honeypot, you can easily monitor your operating system and monitor any hacker activity or you can say that it is the best way to hack the hacker himself.
Every large company already uses smart honeypots in its backend such as Google, Facebook and Microsoft.
In fact they want to track all the activities of all the users and if they find illegal or malicious activity then honeypot has the ability to immediately block the dangerous IP address.
Types of Honeypots
Honeypots can be categorized in two ways, based on development and design criteria.
a) Basis of development
- Production Honeypot
- Research Honeypot
b) Basis of design criteria
- Pure Honeypot
- High-Interaction Honeypot
- Low-Interaction Honeypot
How to set up a honeypot on Kali Linux
As you all know, Kali Linux is one of the most popular pentesting features with over 600+ built-in hacking / attacking tools pre-installed.
Mandate: git clone https://github.com/whitehatpanda/pentbox-1.8.git
Once downloaded, you can simply run pentbox by typing ” ./pentbox.rb ”Inside the pentbox-1.8 folder.
As you can see, it will display 7-8 options, which you can easily perform as follows:
- Cryptography tools
- Network tools
- IP Grabber
- IP geographical location
- Mass attack
To use the Cryptography Tools, just enter " 1 "And will display 4 other options such as" Base64 Encoder / Decoder "," Multi-Digest "," Hash Password Cracker " and " Secure Password Generator ".
You can use any of the options according to your needs.
We now have Network Tools in option no. 2 through which you can perform ” Net Dos Tester "," TCP port scanner "," Honeypot "," Fuzzer "," DNS and Host gathering" and " Mac address geolocation ".
To use the honeypot, just type " 3 At your terminal.
Now you can see that there are two options through which you can configure your honeypot.
- a) Fast automatic configuration
- b) Manual configuration (for advanced users)
You can set any of the options, but for novice users, the Quick Auto Configuration option is recommended. As you can see, the honeypot starts at the screenshot above.
Your honeypot will only monitor all activity on the PORT 80, but if you want to monitor some activity on another port, you can select the second Manual configuration option.
Port 80 means, when someone opens your IP / Host in their browser, then they will immediately record this request and display all possible information of this request as shown below:
The information you can see:
- IP address
- Details of its operating system
- various other information
Under the same network tools, there are also some interesting options such as " Net Dos Tester Through which you can easily DOS someone with SYN and TCP flood attacks.