GreedyBear icon indicating copy to clipboard operation
GreedyBear copied to clipboard
verified publisher icon intelowlproject

Extract login attempts from more Honeypots

Open regulartim opened this issue 10 months ago • 3 comments

Currently we only take into account the login attempts that were captured by Heralding and Cowrie: https://github.com/intelowlproject/GreedyBear/blob/8f267f08ae714df8274c61285c77b1307fb1278b/greedybear/cronjobs/attacks.py#L86 https://github.com/intelowlproject/GreedyBear/blob/8f267f08ae714df8274c61285c77b1307fb1278b/greedybear/cronjobs/cowrie.py#L117

However, other honeypots also have records of login attempts that we should consider.

regulartim avatar Feb 21 '25 11:02 regulartim

which ones?

mlodic avatar Feb 21 '25 14:02 mlodic

I don't know the answer to that question, to be honest. However, I am pretty sure that I have seen other honeypots than the ones I mentioned do this. Maybe I'm wrong.

regulartim avatar Feb 21 '25 14:02 regulartim

np It makes sense to investigate this further

mlodic avatar Feb 21 '25 14:02 mlodic