Well with the help of honeypot, you can easily monitor your own OS and can track every activity of the hacker or you can say that, its the best way to hack the hacker. Every big company is already using smart honeypots in their backend like Google, Facebook and Microsoft because they don’t want to compromise. They actually want to trace all the activities of all the users and if they found any illegal or malicious activity found then honeypot has the capability to block that IP address immediately.
Types of Honeypots –
Honeypots can be categorized by two ways i.e. on the basis of deployment and on the basis of design criteria.
a) Basis of Deployment
- Production Honeypot
- Research Honeypot
b) Basis of Design Criteria
- Pure Honeypot
- High-Interaction Honeypot
- Low-Interaction Honeypot
How to set a honeypot in Kali Linux
As you all knows Kali Linux is one the most popular pentesting operating used having more than 600+ inbuilt hacking/attacking tools preinstalled in it.
Command: git clone https://github.com/whitehatpanda/pentbox-1.8.git
After downloading, you can simply run the pentbox by typing “./pentbox.rb” from pentbox-1.8 folder.
As you can see, it will shows 7-8 options, which you can easily perform with PentBox as follows:
- Cryptography Tools
- Network Tools
- IP Grabber
- Geolocation IP
- Mass Attack
To use Cryptography Tools, just type “1” and it will shows another 4 options such as “Base64 Encoder/Decoder“, “Multi-Digest“, “Hash Password Cracker” and “Secure Password Generator“.
You can use any of the option depending upon your need.
Now we have Network Tools in option no. 2 through which you can perform “Net Dos Tester“, “TCP port scanner“, “Honeypot“, “Fuzzer“, “DNS and Host gathering” and “Mac address geolocation“.
To use honeypot, just type “3” in your terminal.
Now you can see there are two options, through which you can configure your honeypot.
- a) Fast Auto Configuration
- b) Manual Configuration (For Advanced Users)
You can choose any of the option but for easy and for newbies users, you can choose Fast Auto Configuration. As you can see, the honeypot is started in above screenshot.
As you can see, your honeypot will monitor all activities on PORT 80 only, but if you want to monitor some activities on some other port, you can choose second Manual Configuration option.
Port 80 means, when someone opens your IP/Host in his/her web browser, then it will immediately record that request and will display all possible information of that request as shown below:
The information you can see:
- IP Address
- Details of his/her OS
- Web browser
Under same Network tools, there are also some interesting options like “Net Dos Tester” through which you can easily DOS someone with SYN and TCP flood attacks.