Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Cowrie is directly based on Kippo by Upi Tamminen (desaster).
version: "3.8"
services:
cowrie:
image: cowrie/cowrie
ports:
- "2222:2222"
- "2223:2223"
volumes:
- cowrie-etc:/cowrie/cowrie-git/etc
- cowrie-var:/cowrie/cowrie-git/var
restart: unless-stopped
volumes:
cowrie-etc:
cowrie-var:$ docker-compose up -d
$ docker volume ls
$ docker volume inspect cowrie_cowrie-var
$ cd /var/lib/docker/volumes/cowrie_cowrie-etc/_data
$ cp cowrie.cfg.dist cowrie.cfg
$ cp userdb.example userdb.txt
$ cd /var/lib/docker/volumes/cowrie_cowrie-var/_data
$ tail -f log/cowrie/cowrie.json$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/asciinema
$ wget -P /usr/local/bin/ https://github.com/cowrie/cowrie/raw/master/bin/playlog
$ chmod +x /usr/local/bin/{asciinema,playlog}
$ playlog -c lib/cowrie/tty/xxxxxx$ ssh -p 2222 root@server
$ telnet server 2223You can login as
rootwith any password exceptrootor123456.