Sunday, May 1, 2016

Honeyport

Honeyport is a PowerShell script designed to create a honeypot on a Windows-based system.  The script is available at:

https://github.com/Pwdrkeg/honeyport/

An elevated PowerShell session must be used.  Once the Execution Policy for a PowerShell script has been configured, the script has several different command line parameters.  The switch –ports will listen on a single or multiple ports; the example shows port 23.  The local Windows Firewall may display a prompt when the script is initially executed.

honeyport_powershell_script_1

To review log information, use the command Get-EventLog honeyport.

honeyport_powershell_script_2

Once completed, use the command Stop-Job -Name HoneyPort and Remove-Job –Name HoneyPort to kill the background process.

honeyport_powershell_script_3

The data from the Event Log could be exported to a text file using a command such as the example below.

Get-EventLog honeyport | Select Time, Message | Format-List | Out-File report.txt

honeyport_powershell_script_4

No comments:

Post a Comment