ELKFH (Elastic, Logstash, Kibana, Filebeat and Honeypot) system for monitoring security tools that interact with (HTTP, HTTPS, SSH, RDP, VNC, Redis, MySQL, MONGO, SMB, LDAP)
- Logs are accessible via Kibana
- All services running in one container using supervisord
- Ingress sniffer, layers and packet parser
git clone https://github.com/qeeqbox/seahorse.git
cd seahorse
chmod +x ./run.sh
./run.sh auto_configure
Wait ~2-10 mins until the web browser opens up (until seahorse_initializer_1 exit with 0) - username is elastic and password is changeme
- HTTP (Apache)
- HTTPS (Apache)
- SSH (Custom OpenSSH)
- FTP (vsftpd)
- SMB (samba)
- ldap (slapd)
- VNC (tightvncserver)
- RDP (xrdp)
- Redis (redis-server)
- Mysql (mysql-community-server)
- 2020.V.01.01
- Add more services
elastic, scapy
By using this framework, you are accepting the license terms of all these packages: elasticsearch, logstash, kibana, filebeat, openbsd, openbsd, Zlib, build-essential, libssl-dev, lsof, supervisord, rsyslog, openldap, mysql, redis, mongodb, Samba, Vsftpd, db-util, tvnserver, xrdp, apache, iptables, tcpdump, nmap, iputils-ping, python, Pip, psycopg, psmisc, dnsutils, python-ldap, FreeRDP, net-tools, sshpass, paramiko, connector-python, mongo-python-driver, pysmb, vncdotool, requests, cryptography
- Do not deploy without proper configuration
- Setup some security group rules and remove default credentials
- Please let me know if i missed a resource or dependency