honeypot之opencanary(轻量化蜜罐)

一个在高校打杂的2026-05-22 12:26

|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---|---|
| ## 前言之honeypot(蜜罐) 来自 <https://github.com/thinkst/opencanary#directly-on-linux-or-macos> Honeypot ​ 的中文意思是 "蜜罐"。 在计算机网络安全领域,它是一个故意暴露、看似有漏洞,但实际上被严密监控的系统,用来引诱黑客攻击,从而保护真正的资产。 ### 1、核心比喻 想象一个养蜂人: * 真蜂蜜 = 你的真实服务器和重要数据 * 假蜂蜜(蜜罐) = 故意放出来的诱饵 黑客会优先去吃"假蜂蜜",而养蜂人(你)就在旁边观察黑客是怎么吃的、用了什么工具。 ### 2、在 OpenCanary 场景中的具体含义 你正在部署的 OpenCanary ​ 就是一个典型的 低交互蜜罐(Low-interaction Honeypot)。 |---------|-----------------------------------------| | 特性 | 解释 | | 伪装​ | 假装是一台有漏洞的 Linux 服务器(开着 SSH、FTP、HTTP 端口) | | 目的​ | 不是为了提供服务,而是为了记录谁来了、试了什么密码 | | 价值​ | 只要有人碰它,你就知道有人在扫描你的网络了 | ### 3、常见相关词汇 * Honeypot (蜜罐):单个诱饵系统。 * Honeynet (蜜网):一组蜜罐组成的网络。 * Honeyfile (蜜标/蜜文件):放在服务器里的假文件(比如"公司工资表.xlsx"),谁打开谁就被标记。 * Honeytoken (蜜令牌):假的数据库记录或API密钥。 ### 4、一句话总结 Honeypot = 网络世界的陷阱 + 摄像头 + 录音机 你现在做的事情,就是在一台机器上布置陷阱,等着坏人踩上去,然后记录他们的指纹。🔍 | | |
| https://github.com/thinkst/opencanary#directly-on-linux-or-macos ## 一、关于OpenCanary OpenCanary 是一个多协议网络蜜罐。主要的使用方式是在黑客入侵非公开网络后将其抓获。资源需求极低,可进行调整、修改和扩展。 openCanary 以守护进程的形式运行,并实现多种常见的网络协议。当攻击者入侵网络并与蜜罐互动时,OpenCanary 会通过多种机制向您发送警报。 OpenCanary 采用 Python 实现,因此核心蜜罐是跨平台的;然而,某些功能需要特定的操作系统。在Linux上运行将为您提供最多的选择。其资源需求极低;例如,只要资源极少,就可以在树莓派或虚拟机上愉快地部署。 此README介绍了如何在Ubuntu Linux和MacOS上安装和配置OpenCanary。 与OpenCanary对应的商业版本是 Thinkst Canary。 | | |
| | | |
| 这里我们通过"反向学习模型"来应用研究这里的知识点。 反向学习模型,不知道此词条是否算专业术语,这里笔者用来定义:当下知识暴涨的时代,很多ITLearner烦于理论优先的模式理念来学习,缺乏动力,于是提出了优先动手实现(coder,bulid&run),然后基于实现的产物针对性的补充相应的理论知识点。 | | |
| ## 二、部署安装 ### 1、下面就部署使用 (本次通过docker的方式部署运行) ps,先说下环境: 宿主机:Windows10 ltsc enterprise 22H2 安装了wsl2,linux 为ubuntu 24.04 LTS,如下图, 屏幕剪辑的捕获时间: 5/20/2026 3:19 PM 网络环境如下: Wsl ip:172.17.48.1 225.255.240.0 Ubuntu ip:172.17.62.39/20 Windows10的ip详细如下文本: <<ip4peggy-20260520.txt>> | | |
| ### 2、配置操作: S1:先安装DockerDocker Compose(注意二者的区别)然后再clone到本机上。 |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | root@peggy-win10:/opt/honeypot/opencanary20260520# docker version Client: Version: 29.1.3 API version: 1.52 Go version: go1.24.4 Git commit: 29.1.3-0ubuntu3~24.04.2 Built: Wed Apr 29 16:41:06 2026 OS/Arch: linux/amd64 Context: default Server: Engine: Version: 29.1.3 API version: 1.52 (minimum version 1.44) Go version: go1.24.4 Git commit: 29.1.3-0ubuntu3~24.04.2 Built: Wed Apr 29 16:41:06 2026 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.28 GitCommit: runc: Version: 1.3.3-0ubuntu1~24.04.3 GitCommit: docker-init: Version: 0.19.0 GitCommit: | | root@peggy-win10:/opt/honeypot/opencanary20260520# docker-compose version docker-compose version 1.29.2, build unknown docker-py version: 5.0.3 CPython version: 3.12.3 OpenSSL version: OpenSSL 3.0.13 30 Jan 2024 | 接着执行命令:git clone https://github.com/thinkst/opencanary S2:编辑配置文件: Edit the data/.opencanary.conf file to enable, disable or customize the services that will run. (要开启的服务把对应的false改成true即可) S3:编辑yaml文件 Edit the ports section of the docker-compose.yml file to enable/disable the desired ports based on the services 这里因为使用WSL的原因,不支持host模式,所以注释掉了这行#network_mode: "host"----前面加了#。注释掉了缺省的模式就是bridge的模式,即桥接了WSL上容器运行时的一个网卡(容器运行时会生成一个网卡,一般是docker0,或者是br-xx开头的我网卡信息)。 (注意yaml文件的格式和用法) S4: Run docker opencanary: Docker-compose up latest结果如下: 这时候服务已经处于监听状态了。 ### 3、如何使用(模仿攻击看是否会记录) 先打开一个终端,同样进入wsl, 进入对应的目录执行docker-compose ps 屏幕剪辑的捕获时间: 5/20/2026 4:45 PM 可见已经运行了,container_name: opencanary_latest容器已经运行了,作为latest service运行了,其中映射的端口如上图。 再去查看容器的ip,去验证。 屏幕剪辑的捕获时间: 5/20/2026 4:37 PM 很可能就是 172.20.0.1就是容器的ip了。 验证一下,通过命令进入opencanary_latest容器查看, |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 查看所有运行中容器的 IP 地址 如果你想一次性列出当前所有正在运行的容器及其对应的 IP,可以使用: |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq) | | 或者使用docker-compose exec <服务名> hostname -I命令查看。 代码如下: |---------------------------------------------------------------------------------------------------------------------------------------------------------| | root@peggy-win10:/opt/honeypot/opencanary20260520# docker-compose exec latest hostname -I 172.20.0.2 root@peggy-win10:/opt/honeypot/opencanary20260520# | | | | | | | ## 三、验证测试 知道容器的ip我们就进行对应的攻击测试了。 这里我们可以通过两种方式来测试,一种是本地模式WSL去测试;另外一种就是通过宿主机windows 再看下现在的网络架构: |-------------------------------------------------------------------------------------------------------------------------------------------------------------| | 梳理下网络架构,如下 Windows 10 │ 172.17.48.1/20 │ └── WSL2 (Ubuntu 24.04) │ 172.17.62.39/20 │ └── docker bridge (172.20.0.1) │ └── 容器 opencanary_latest (172.20.0.2) | ### 1、telnet Telnet 是一个 明文 TCP 客户端工具,主要用来: * 测试某个 IP + 端口是否能连通 * 模拟老式远程登录(OpenCanary 就是用它来"骗人登录") ⚠️ 它不是加密协议,也不安全,只适合测试 / 蜜罐。 1)从宿主机访问 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | telnet效果如下,最后的截图就是蜜罐捕获的记录信息。 | | telnet 172.17.62.39 telnet 172.17.62.39 2211 telnet 172.17.62.39 2211 |----------------------------------------------------------------------------| | | | | | 2)从WSL访问 |---------------------------------------------------------------------------------------------------------| | 屏幕剪辑的捕获时间: 5/20/2026 4:58 PM | | 屏幕剪辑的捕获时间: 5/20/2026 4:58 PM | ### 2、http/https |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1)从wsl(172.20.0.1上访问) 屏幕剪辑的捕获时间: 5/21/2026 9:09 AM 2)从windows(172.17.48.1)访问 | | 对应的蜜罐记录如下: | | |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 3)从windows10的web网页登录 这里登录成功:模拟群晖 (Synology) NAS 的登录界面。 OpenCanary 的 HTTP 模块是一个低交互蜜罐, 主要用于模拟 Web 服务器(如 Synology NAS 登录页)的存在。它的核心功能是记录访问者的 IP、尝试登录时提交的用户名/密码(无论对错),并触发告警。 后端的记录: | | | | ### 3、ssh |---------------------------------------------------------------------------------------------------------| | | | 屏幕剪辑的捕获时间: 5/20/2026 4:55 PM | ### 4、git、httpproxy、mysql、tftp、mssql服务 这些服务因为没有客户端工具,我就没有一一测试了。 不过都可以使用telnet服务来测试 |-------------------------------------------------------------------------------------------------------------------------------| | Telnet mysql的3306如下: 屏幕剪辑的捕获时间: 5/21/2026 10:56 AM | | telnet | | | | | | | | | |

四、知识总结

|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 最后解读下这两个文件: <<opencanary.conf>> <<docker-compose.yml.bak>> |----------------------------------------------------------------------------------------------------------| | 屏幕剪辑的捕获时间: 5/21/2026 11:00 AM | | | 其中端口映射的只有: |-------------------------------------------------------------------------------------------------------------------------------------------------------------| | 结果如下: | | 扫描过程中也有对应的记录: 可见opencanary的强大之处。 | | 总结:一句话,opencanary应验了轻量化蜜罐的本质特点,非常适合小型项目且灵活使用! | |

|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|---|---|---|
| https://github.com/thinkst/opencanary/wiki/Using-Dockerised-OpenCanary#building-and-running-your-own-docker-opencanary-image-with-docker-compose | 参考资料1 | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |

相关推荐
一个脚本boy1 小时前
攻防世界misc简单难度1-20题详细解法
网络安全
s_w.h1 小时前
【 linux 】认识make和makefile
linux·运维·bash
不怕犯错,就怕不做1 小时前
ARM设备异常断电容易造成数据损坏,硬件如何设计
linux·驱动开发·嵌入式硬件
Harm灬小海1 小时前
【云计算学习之路】学习Centos7系统-Linux软件包管理
linux·运维·服务器·学习·云计算·yum·rpm
caicai_xiaobai1 小时前
Ubuntu上Git安装步骤
linux·git·ubuntu
平行云1 小时前
实时云渲染平台数据通道,支持3D应用文件上传下载分享无缝交互
linux·unity·云原生·ue5·gpu算力·实时云渲染·像素流送
谪星·阿凯2 小时前
Linux提权全攻略博客
linux·运维·服务器·网络安全
风度前端2 小时前
阿里云宝塔面板部署https证书
linux·后端·https
Yeats_Liao2 小时前
物联网接入层技术剖析(二):epoll到底是怎么工作的
java·linux·网络·物联网·信息与通信
热门推荐
01GitHub 镜像站点02Codex 接入 DeepSeek API 完整配置文档03CC-Switch & Claude 基于 Linux 服务器安装使用指南04【踩坑记录 | 第一篇】微软商店无法使用时,如何手动安装 OpenAI Codex?附`.msix`文件系统错误解决方法05【AI】2026 年具身智能模型和世界模型总结06几个好用的ip纯净度检测网站07装上就回不去了:CodeGraph 让 AI 编程效率飙升 92%,它到底做了什么?08裂开!ChatGPT 居然开始要手机号验证,附详细解决方法09用了半年 OpenRouter,我换到了 Ofox.ai — 两个 AI API 聚合平台的真实对比10codex app每次打开重连5次Reconnecting问题解决