Skip to content

ImInTheICU/sticky-ports

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
images
images
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Sticky Ports

License: MIT

Sticky Ports is an all-in-one Layer 4 honeypot framework written in Python. It emulates commonly abused Ubuntu services and logs interactions for security analysis and threat intelligence.

Features

Honeypot Emulators (Layer 4 Services)

  • Redis
  • SMTP
  • Memcached
  • FTP
  • Telnet
  • MySQL
  • VNC
  • RDP

Logging & Reporting Integrations

  • SQLite (local storage)
  • AbuseIPDB (optional, for reputation-based reporting)

Prerequisites

Before you begin, ensure you have:

  • Python 3.12 or newer installed.
  • Git (to clone the repository).
  • pip (Python package installer).
  • systemd (on Ubuntu/Debian for the service unit example).

Installation

Follow these steps to get Sticky Ports up and running on your system:

  1. Clone the repository

    git clone https://github.com/ImInTheICU/sticky-ports.git
cd sticky-ports

  2. Change directory to the source

    cd src

  3. Create and activate a virtual environment (recommended)

    python3.12 -m venv venv
source venv/bin/activate

  4. Install dependencies

    pip install --upgrade pip
pip install -r requirements.txt

  5. Configure the honeypot

    • Copy the sample configuration:

      cp config.yaml.example config.yaml

    • Open config.yaml in your favorite editor and adjust settings (e.g., ports, logging options, AbuseIPDB API key).

  6. Run the engine

    python engine.py

  7. (Required) Firewall setup

    • To allow Sticky Ports to operate you should open the required ports on your system/network's firewall.

    • UFW Example:

    sudo ufw allow 3306
    • IPTables Example:
    sudo iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
    • FireWallD Example:
    sudo firewall-cmd --permanent --add-port=3306/tcp

  8. (Optional) Set up as a systemd service

    To have Sticky Ports start automatically at boot and restart on failure, create a systemd unit file:

    [Unit]
Description=Sticky Ports Honeypot
After=network.target

[Service]
Type=simple
User=YOUR_USER
WorkingDirectory=/path/to/sticky-ports/src
ExecStart=/path/to/sticky-ports/src/venv/bin/python engine.py
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target

    • Save this as /etc/systemd/system/sticky-ports.service.

    • Reload systemd and enable the service:

      sudo systemctl daemon-reload
sudo systemctl enable sticky-ports
sudo systemctl start sticky-ports

Demo

Demo Image

License

This project is licensed under the MIT License. See the LICENSE for details.

About

StickyPorts the all-in-one Layer 4 honeypot that emulates commonly used Ubuntu services.

Topics

emulator security honeypot abuseipdb abusive-ips layer4 abuseipdb-api abuseipdb-integration

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages