How to quickly deploy a honeypot with Kali Linux

How to quickly deploy a honeypot with Kali Linux

Lure possible attackers into a trap with a Kali Linux honeypot.

One thing many security experts depend on is the honeypot. What is a honeypot? Simply put, they are systems put in place to mimic particular targets of cyberattacks. With a honeypot in place, admins can detect and log attacks to certain services as well as the originating IP address of said attack.

Believe it or not, setting up a honeypot is quite simple--especially if you have a running instance of Kali Linux on hand. And that's exactly what I'm going to show you. With a combination of Kali Linux and pentbox, you can have a honeypot up and running in minutes.

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

What you'll need

The only things you'll need are a running instance of Kali Linux and a user account with admin privileges. 

How to download pentbox

Log in to your Kali Linux machine as an admin user. Open a terminal window and download pentbox with the command:

wget http://downloads.sourceforge.net/project/pentbox18realised/pentbox-1.8.tar.gz

Once that file has finished downloading, extract the archive with the command:

tar xvfz pentbox-1.8.tar.gz

This will create a new directory named pentbox-1-8. Change into that new directory with cd pentbox-1.8.

How to run pentbox

The next step is to run the pentbox Ruby script with the command:

./pentbox.rb

When you issue the command, you'll be greeted by a menu. From that menu select 2 (for Networking tools) and then 3 for Honeypot (Figure A).

Figure A

Launching the Honeypot script.

In the next menu (Figure B), select 1 (for Fast Auto Configuration). This will launch a honeypot listening on port 80. 

Figure B

Launching a simple port 80 honeypot.

Next, open a web browser on another machine (connect to the same network as the honeypot) and point it to http://SERVER_IP (where SERVER_IP is the IP address of your Kali machine). You should see an Access Denied error (Figure C) in the browser.

Figure C

Go back to the terminal window on the Kali Linux machine and you should see the honeypot picked up the attempted connection (Figure D).

Figure D

How to launch a specific instance

Now we want to launch a honeypot to listen on a specific port. Say you've had trouble with attacks on SSH. To deploy pentbox such that it's listening in on port 22, you'd run the script and select 2 and then 3, followed by 2. When prompted for a port to open, type 22 (Figure E).

Figure E

You can then opt to save a log and then have a beep announce an intrusion. Once the honeypot is running, attempt to SSH into the Kali Linux machine (from another machine) and you'll see pentbox logs the instance (Figure F).

Figure F

As you can see, pentbox logs the attempt, as well as the originating IP address. 

Congratulations, you've just deployed your first honeypot.